Configuration files

CMakeLists.txt

@@ -52,4 +52,6 @@ target_link_libraries (
         ${Boost_LIBRARIES}
 )
 
+install(FILES etc/sigh-example.cfg etc/mapfile-example.txt
+        DESTINATION etc/sigh COMPONENT config)
 install(PROGRAMS sigh ${CMAKE_CURRENT_BINARY_DIR}/sigh DESTINATION sbin)

etc/mapfile-example.txt

@@ -0,0 +1,31 @@
+# This is an example map file for the sigh milter
+#
+# The file may contain comments starting at the beginning of a line. Also
+# blank lines are allowed. The format of this file is a two column syntax.
+# The first column is a key and the second a value. Key and value are devided
+# by one or more whitespace characters. It is important to NOT put whitspaces
+# in the value column!
+#
+# The key is simply an email address without angle braces. The value has the
+# following form:
+#
+# <cert> ':' /path/to/cert.pem ',' <key> ':' /path/to/key.pem
+#
+# <cert> and <key> are keywords. It doesn't matter, if you define the key
+# first and the cert second. The certificate file may not only contain the
+# pure certificate. You may also concatenate furthe intermediate certificates.
+# For both, the certificate and the key, the files must be in PEM format. See
+# the OpenSSL documentation how to convert it, if you got them in a different
+# format. Furthermore, the key must be in unencrypted. Make sure, you adopt
+# the privileges to restrict access only to the milter.
+#
+# Path names must be absolute and not relative paths!
+#
+# If you make changes to this file, you must send a SIGHUP signal to the milter
+# in order to reload this table.
+
+# Example:
+c@roessner.co		cert:/some/path/cert.pem,key:/some/path/key.pem
+
+# Another example
+test@example.com    key:/another/path/key.pem,cert:/another/path/cert.pem

etc/sigh-example.cfg

@@ -0,0 +1,42 @@
+[Milter]
+
+# The milter will run as the given user
+#
+# Default: milter
+;user = milter
+
+# The milter will be run with this group
+#
+# Default: milter
+;group = milter
+
+# A PID file for the process
+#
+# Default:
+pidfile = /run/sigh.pid
+
+# This is the map file which maps email addresses to S/MIME certificates. You
+# must specify a valid file here in order to have a working setup.
+#
+# Default:
+mapfile = /etc/sigh/mapfile.txt
+
+# The milter socket. Three definitions are possible.
+#
+# For IPv4:
+# inet:portnumber@address, example: inet:5678@127.0.0.1
+#
+# For IPv6:
+# inet6:portnumber@[address], example: inet6:5678@[::1]
+#
+# For a unix socket:
+# unix:/pat/to/unix/listener
+#
+# Default: inet:4000@127.0.0.1
+;socket = inet6:4000@[::1]
+
+# The milter creates temporary files for each mail. You should create a
+# directory with proper permissions and set the path here.
+#
+# Default: /tmp
+;tmpdir = /var/lib/sigh

src/mapfile.cpp

@@ -68,6 +68,12 @@ namespace mapfile {
         }
     }
 
+    void Map::resetCertStore(void) {
+        confLock.lock();
+        certStore.clear();
+        confLock.unlock();
+    }
+
     // Private
 
     certstore_t Map::certStore = {};

src/mapfile.h

@@ -57,6 +57,11 @@ namespace mapfile {
          */
         static void readMap(const std::string&);
 
+        /*!
+         * \brief Reset the certificate table
+         */
+        static void resetCertStore(void);
+
         /*!
          * \brief A certificate or key
          */

src/milter.cpp

@@ -46,7 +46,7 @@ bool debug = false;
 static std::string miltername("sigh");
 
 //! \brief Version number
-static const std::string version("1606.1.0");
+static const std::string version("1607.1.0");
 
 //! \brief  Configuration options for the milter
 static std::unique_ptr<conf::MilterCfg> config(nullptr);
@@ -489,9 +489,10 @@ static void signalHandler(int sig) {
             exit(EX_SOFTWARE);
         case SIGHUP:
             std::cout << "Caught signal " << sig
-                      << ". Reloading mapfile" << std::endl;
+                      << ". Reloading map file" << std::endl;
+            mapfile::Map::resetCertStore();
             mapfile::Map::readMap(::config->getValue("mapfile"));
-            syslog(LOG_NOTICE, "%s", "Mapfile reloaded");
+            syslog(LOG_NOTICE, "%s", "Map file reloaded");
             break;
         default:
         { /* empty */ }