config-rewrite: Lots of fixes

data/settings.js

@@ -3500,12 +3500,31 @@ How long to wait for a query to finish.`
 
 	cassandra_ssl: {
 		tags: [ 'sql-cassandra' ],
-		values: setting_types.BOOLEAN,
+		values: setting_types.ENUM,
 		default: 'no',
-		seealso: [ '[[link,ssl_configuration]]' ],
+		values_enum: [ 'no', 'cert-only', 'cert-ip' ],
+		seealso: [ '[[link,ssl_configuration]]', 'ssl_client_require_valid_cert' ],
 		text: `
-Whether to use SSL when connecting to Cassandra. Configure it using the
-\`ssl_client_*\` settings. See [[link,ssl_configuration]].`
+Whether to use SSL when connecting to Cassandra, and how to verify the
+certificate:
+
+
+\`no\`
+:   Don't use SSL
+
+\`cert-only\`
+:   Verify the certificate, but not the IP address or host name.
+
+\`cert-ip\`
+:   Verify the certificate, and require IP address to match the certificate's
+    common name or one of its subject alternative names.
+
+You can also skip certificate validation by setting
+[[setting,ssl_client_require_valid_cert,yes]]. The \`cassandra_ssl\` setting
+value must something else than \`no\`.
+
+Configure SSL certificates using the \`ssl_client_*\` settings. See
+[[link,ssl_configuration]].`
 	},
 
 	cassandra_user: {
@@ -8720,7 +8739,7 @@ entry (typically by prefixing with \`{SCHEME}\`).`
 		text: `
 Skip the passdb if non-empty and the current auth mechanism is not listed here.
 If the value contains \`none\`, it matches for non-authenticating passdb
-lookups.
+lookups (e.g. lmtp/doveadm lookups).
 
 Example:
 

docs/core/config/auth/caching.md

@@ -39,33 +39,6 @@ catch those cases (see the rules above).
 
 <SettingsComponent tag="auth_cache" />
 
-## Cache Keys
-
-Usually only the username uniquely identifies a user, but in some setups
-you may need something more, for example the remote IP address.
-
-For SQL and LDAP lookups Dovecot figures this out automatically by using
-all the used [[variable]] as the cache key. For example,
-if your SQL query contains `%{protocol}`, `%{user}`, and `%{remote_ip}` the
-cache entry is used only if all of them (service name, username and remote IP)
-match for the new lookup.
-
-With other databases Dovecot doesn't know what could affect caching, so
-you have to tell Dovecot manually. The following databases require
-specifying the cache key (via `cache_key`):
-
-- [[link,auth_pam]]
-- [[link,auth_bsd]]
-
-For example if the \`bsdauth\` lookup depends on username and service, you can
-use:
-
-```[dovecot.conf]
-passdb bsdauth {
-  args = cache_key=%{protocol}%{user} *
-}
-```
-
 ## Password Changing Scenarios
 
 ## Normal

docs/core/config/dict.md

@@ -169,7 +169,7 @@ For example when using dict for a per-user quota value the map looks like:
 dict_map priv/quota/storage {
   sql_table = quota
   username_field = username
-  value quota_bytes {
+  value_field quota_bytes {
   }
 }
 ```
@@ -192,13 +192,13 @@ You can also access multiple SQL fields. For example
 ```[dovecot.conf]
 dict_map shared/shared-boxes/user/$to/$from {
   sql_table = user_shares
-  value dummy {
+  value_field dummy {
   }
 
-  field from_user {
+  key_field from_user {
     pattern = $from
   }
-  field to_user {
+  key_field to_user {
     pattern = $to
   }
 }
@@ -240,13 +240,13 @@ identifier.
 dict_map priv/$mailbox_guid/$key {
   sql_table = mailbox_private_attributes
   username_field = user
-  value attr_value {
+  value_field attr_value {
   }
 
-  field attr_key {
+  key_field attr_key {
     pattern = $key
   }
-  field mailbox_guid {
+  key_field mailbox_guid {
     pattern = $mailbox_guid
   }
 }
@@ -259,13 +259,13 @@ dict_map priv/$mailbox_guid/$key {
 # );
 dict_map shared/$mailbox_guid/$key {
   sql_table = mailbox_shared_attributes
-  value attr_value {
+  value_field attr_value {
   }
 
-  field attr_key {
+  key_field attr_key {
     pattern = $key
   }
-  field mailbox_guid {
+  key_field mailbox_guid {
     pattern = $mailbox_guid
   }
 }

docs/core/config/imap.md

@@ -63,23 +63,23 @@ CREATE TABLE metadata (
 );
 ```
 
-```[/etc/dovecot/dict.config]
-## driver specific config excluded
-
-map {
-  pattern = $key
-  table = attr_priv
-  fields {
-    attr_name = $key
-  }
-  username_field = username
-  value_field = attr_value
-}
-```
-
 ```[/etc/dovecot/dovecot.conf]
-dict_legacy {
-  metadata = driver:/etc/dovecot/dict.config
+dict_server {
+  dict metadata {
+    driver = sql
+    sql_driver = mysql
+
+    dict_map $key {
+      sql_table = attr_priv
+      username_field = username
+
+      key_field attr_name {
+	value = $key
+      }
+      value_field attr_value {
+      }
+    }
+  }
 }
 
 mail_attribute {

docs/core/config/shared_mailboxes.md

@@ -403,23 +403,23 @@ COMMENT ON TABLE anyone_shares IS 'User from_user shares folders to anyone.';
 ```[/etc/dovecot/dovecot-dict-sql.conf.inc]
 dict_map shared/shared-boxes/user/$to/$from {
   sql_table = user_shares
-  value dummy {
+  value_field dummy {
   }
 
-  field from_user {
+  key_field from_user {
     pattern = $from
   }
-  field to_user {
+  key_field to_user {
     pattern = $to
   }
 }
 
 dict_map shared/shared-boxes/anyone/$from {
   sql_table = anyone_shares
-  value dummy {
+  value_field dummy {
   }
 
-  field from_user {
+  key_field from_user {
     pattern = $from
   }
 }

docs/core/man/doveadm-altmove.1.md

@@ -75,9 +75,6 @@ moved to the alternative storage.
 */etc/dovecot/conf.d/10-mail.conf*
 :   Mailbox locations and namespaces.
 
-*/etc/dovecot/conf.d/auth-\*.conf.ext*
-:   Authentication processes, including userdb settings.
-
 ## EXAMPLE
 
 This example moves seen mails older than one week to alternative

docs/core/man/doveadm-quota.1.md

@@ -78,9 +78,6 @@ usage.
 */etc/dovecot/dovecot.conf*
 :   Dovecot's main configuration file, including the *dict* section.
 
-*/etc/dovecot/dovecot-dict-sql.conf.ext*
-:   SQL dictionary proxy settings.
-
 */etc/dovecot/conf.d/10-mail.conf*
 :   Mailbox locations and namespaces.
 

docs/core/man/dovecot.1.md

@@ -104,12 +104,6 @@ The *signals* **ALARM** and **PIPE** are ignored.
 */etc/dovecot/dovecot.conf*
 :   Dovecot's main configuration file.
 
-*/etc/dovecot/dovecot-dict-sql.conf.ext*
-:   Dovecot's dict configuration with SQL-backend.
-
-*/etc/dovecot/conf.d/auth-*-conf.ext*
-:   Configuration files of different authentication modules.
-
 */etc/dovecot/conf.d/*.conf*
 :   Configuration files of different services and settings.
 

docs/core/plugins/last_login.md

@@ -79,17 +79,17 @@ dict_server {
 
     dict_map shared/last-login/$service/$user/$remote_ip {
       sql_table = last_login
-      value last_access {
+      value_field last_access {
         type = uint
       }
 
-      field userid {
+      key_field userid {
         pattern = $user
       }
-      field service {
+      key_field service {
         pattern = $service
       }
-      field last_ip {
+      key_field last_ip {
         pattern = $remote_ip
       }
     }
@@ -134,17 +134,17 @@ dict_server {
 
     dict_map shared/last-login/$service/$user/$remote_ip {
       sql_table = last_login
-      value last_access {
+      value_field last_access {
         type = uint
       }
 
-      field userid {
+      key_field userid {
         pattern = $user
       }
-      field service {
+      key_field service {
         pattern = $service
       }
-      field last_ip {
+      key_field last_ip {
         pattern = $remote_ip
       }
     }
@@ -190,42 +190,42 @@ dict_server {
 
     dict_map shared/last-login/imap/$user/$remote_ip {
       sql_table = users
-      value last_imap_access {
+      value_field last_imap_access {
         type = uint
       }
 
-      field userid {
+      key_field userid {
         pattern = $user
       }
-      field last_imap_ip {
+      key_field last_imap_ip {
         pattern = $remote_ip
       }
     }
 
     dict_map shared/last-login/pop3/$user/$remote_ip {
       sql_table = users
-      value last_pop3_access {
+      value_field last_pop3_access {
         type = uint
       }
 
-      field userid {
+      key_field userid {
         pattern = $user
       }
-      field last_pop3_ip {
+      key_field last_pop3_ip {
         pattern = $remote_ip
       }
     }
 
     dict_map shared/last-login/lmtp/$user/$remote_ip {
       sql_table = users
-      value last_lmtp_access {
+      value_field last_lmtp_access {
         type = uint
       }
 
-      field userid {
+      key_field userid {
         pattern = $user
       }
-      field last_lmtp_ip {
+      key_field last_lmtp_ip {
         pattern = $remote_ip
       }
     }

docs/core/plugins/lazy_expunge.md

@@ -56,30 +56,29 @@ namespace inbox {
   mailbox .EXPUNGED {
     autoexpunge = 7days
     autoexpunge_max_mails = 100000
+
+    # Define ACL so that user cannot list the .EXPUNGED mailbox
+    acl owner {
+      rights = rwstipekxa
+    }
   }
 }
 
 mail_plugins {
   lazy_expunge = yes
   acl = yes
 }
+acl_driver = vfile
 
 # Move messages to an .EXPUNGED mailbox
 lazy_expunge_mailbox = .EXPUNGED
 
 plugin {
-  # Define ACL so that user cannot list the .EXPUNGED mailbox
-  acl = vfile:/etc/dovecot/dovecot.acl
-
   # Expunged messages most likely don't want to be included in quota:
   quota_rule = .EXPUNGED:ignore
 }
 ```
 
-```[/etc/dovecot/dovecot.acl]
-.EXPUNGED owner rwstipekxa
-```
-
 :::
 
 You could also leave the permissions empty if you don't want to allow clients

docs/core/plugins/notify_status.md

@@ -57,14 +57,14 @@ mailbox TestBox {
 ::: code-group
 
 ```[Dictionary Map]
-map {
-  pattern = priv/status/$box
-  table = mailbox_status
-  value_field = status
+dict_map priv/status/$box {
+  sql_table = mailbox_status
   username_field = username
 
-  fields {
-    mailbox = $box
+  key_field mailbox {
+    value = $box
+  }
+  value_field status {
   }
 }
 ```