Date: Thu, 7 Apr 2005 14:40:12 -0600 (MDT) From: Jie Gao <gaoj@cpsc.ucalgary.ca> To: FreeBSD-gnats-submit@FreeBSD.org Subject: ports/79651: [patch] mail/ssmtp: add per-user smtp authentication config Message-ID: <200504072040.j37KeCqw033833@localhost.cpsc.ucalgary.ca> Resent-Message-ID: <200504072050.j37Ko4vZ038398@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 79651
>Category: ports
>Synopsis: [patch] mail/ssmtp: add per-user smtp authentication config
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: change-request
>Submitter-Id: current-users
>Arrival-Date: Thu Apr 07 20:50:03 GMT 2005
>Closed-Date:
>Last-Modified:
>Originator: Jie Gao
>Release: FreeBSD 5.4-STABLE i386
>Organization:
>Environment:
System: FreeBSD aibsd 5.4-STABLE FreeBSD 5.4-STABLE #4: Sun Apr 3 20:50:55 MDT 2005 gaoj@aibsd:/usr/obj/usr/src/sys/AIBSD i386
>Description:
The original sSMTP only support smtp authentication from command line options
(or undocumented global configration). While more and more ISP mail servers
require smtp authentication, it is rather inconvenient not to have per-user
smtp authentication config. Actually, the global option of AuthUser and
AuthPass should NEVER be used because sSMTP's global config file should be
global readable.
>How-To-Repeat:
N/A
>Fix:
Apply the following patch to the port directory mail/ssmtp
--- patch-ssmtp begins here ---
diff -ruN ssmtp.orig/Makefile ssmtp/Makefile
--- ssmtp.orig/Makefile Tue Apr 5 09:09:54 2005
+++ ssmtp/Makefile Thu Apr 7 13:33:07 2005
@@ -46,7 +46,8 @@
CFLAGS+= -DUSERPREFS
pre-everything::
@${ECHO_CMD} "If you don't want to let your users set their own revalias address"
- @${ECHO_CMD} "(in ~/.ssmtprc), please define WITHOUT_USERPREFS."
+ @${ECHO_CMD} "(in ~/.ssmtprc), or their own SMTP authentication information"
+ @${ECHO_CMD} "(in ~/.ssmtpauth), please define WITHOUT_USERPREFS."
.endif
post-configure:
diff -ruN ssmtp.orig/files/patch-ssmtp.8 ssmtp/files/patch-ssmtp.8
--- ssmtp.orig/files/patch-ssmtp.8 Wed Dec 31 17:00:00 1969
+++ ssmtp/files/patch-ssmtp.8 Thu Apr 7 14:13:47 2005
@@ -0,0 +1,47 @@
+--- ssmtp.8.orig Fri Sep 27 06:48:59 2002
++++ ssmtp.8 Thu Apr 7 14:13:23 2005
+@@ -1,4 +1,4 @@
+-.TH SSMTP 8 "Last change: 5 February 2000"
++.TH SSMTP 8 "Last change: 7 April 2005"
+ .SH NAME
+ ssmtp, sendmail \- send a message using smtp
+ .SH SYNOPSIS
+@@ -267,10 +267,36 @@
+ Messages root sends will be identified as from jdoe@isp.com and sent
+ through mail.isp.com.
+
++By default, sSMTP will look for individual user reverse alias overrides in
++~/.ssmtprc. This can be disabled by defining WITHOUT_USERPREFS at build time
++of this port.
++
++.SH SMTP AUTHENTICATION SETUP
++
++sSMTP allows individual users to setup their own SMTP authentication
++information in ~/.ssmtpauth with the following format:
++.sp
++.RS +.3i
++.ta 1.0i
++.nf
++AuthUser=username
++AuthPass=password
++AuthMethod=authenticate_method
++.fi
++.RE
++.sp
++Users should set their ~/.ssmtpauth permission to 0600 to avoid others reading
++their passwords.
++
++This can also be disabled by defining WITHOUT_USERPREFS at the build time of
++this port.
++
+ .SH FILES
+- /etc/ssmtp/ssmtp.conf - configuration file
++ /usr/local/etc/ssmtp/ssmtp.conf - configuration file
+ .br
+- /etc/ssmtp/revaliases - reverse aliases file
++ /usr/local/etc/ssmtp/revaliases - reverse aliases file
++ ~/.ssmtprc - user reverse aliase file
++ ~/.ssmtpauth - user authentication file
+
+ .SH SEE ALSO
+ RFC821, RFC822.
diff -ruN ssmtp.orig/files/patch-ssmtp.c ssmtp/files/patch-ssmtp.c
--- ssmtp.orig/files/patch-ssmtp.c Sat Nov 8 15:14:38 2003
+++ ssmtp/files/patch-ssmtp.c Thu Apr 7 13:30:27 2005
@@ -1,5 +1,5 @@
---- ssmtp.c.orig Sat Nov 8 18:51:19 2003
-+++ ssmtp.c Sat Nov 8 19:01:07 2003
+--- ssmtp.c.orig Thu Jul 22 23:58:48 2004
++++ ssmtp.c Wed Apr 6 16:26:21 2005
@@ -14,6 +14,7 @@
*/
#define VERSION "2.60.4"
@@ -8,18 +8,26 @@
#include <sys/socket.h>
#include <netinet/in.h>
#include <sys/param.h>
-@@ -366,9 +367,36 @@
+@@ -66,7 +67,7 @@
+ char *gecos;
+ char *prog = (char)NULL;
+ char *root = NULL;
+-char *tls_cert = "/etc/ssl/certs/ssmtp.pem"; /* Default Certificate */
++char *tls_cert = "/usr/local/etc/ssmtp/ssmtp.pem"; /* Default Certificate */
+ char *uad = (char)NULL;
+
+ headers_t headers, *ht;
+@@ -374,9 +375,36 @@
{
char buf[(BUF_SZ + 1)], *p;
FILE *fp;
--
+#ifdef USERPREFS
+ char *file=NULL;
+ if (pw->pw_dir != NULL) {
+ file = (char *)malloc (strlen (pw->pw_dir) + 1 + strlen (".ssmtprc") + 1);
+ sprintf (file, "%s/.ssmtprc", pw->pw_dir);
+ }
-+
+
+ if ((file != NULL) && (fp = fopen(file, "r")) ) {
+ while(fgets(buf, sizeof(buf), fp)) {
+ /* Make comments invisible */
@@ -47,3 +55,91 @@
/* Search if a reverse alias is defined for the sender */
while(fgets(buf, sizeof(buf), fp)) {
/* Make comments invisible */
+@@ -781,6 +809,75 @@
+ (void)free(p);
+ }
+
++#ifdef USERPREFS
++/*
++read_user_config() -- Open and parse user config file and extract values of overridable variables
++*/
++bool_t read_user_config(struct passwd* pw)
++{
++ char buf[(BUF_SZ + 1)], *p, *q, *r;
++ FILE *fp;
++ char *file=NULL;
++ if (pw->pw_dir != NULL) {
++ file = (char *)malloc (strlen (pw->pw_dir) + 1 + strlen (".ssmtpauth") + 1);
++ sprintf (file, "%s/.ssmtpauth", pw->pw_dir);
++ }
++
++ if((fp = fopen(file, "r")) == NULL) {
++ return(False);
++ }
++
++ while(fgets(buf, sizeof(buf), fp)) {
++ /* Make comments invisible */
++ if((p = strchr(buf, '#'))) {
++ *p = (char)NULL;
++ }
++
++ /* Ignore malformed lines and comments */
++ if(strchr(buf, '=') == (char *)NULL) continue;
++
++ /* Parse out keywords */
++ if(((p = strtok(buf, "= \t\n")) != (char *)NULL)
++ && ((q = strtok(NULL, "= \t\n:")) != (char *)NULL)) {
++ /* Authenticate overrides these */
++ if(strcasecmp(p, "AuthUser") == 0 && !auth_user) {
++ if((auth_user = strdup(q)) == (char *)NULL) {
++ die("parse_config() -- strdup() failed");
++ }
++
++ if(log_level > 0) {
++ log_event(LOG_INFO, "Set AuthUser=\"%s\"\n", auth_user);
++ }
++ }
++ else if(strcasecmp(p, "AuthPass") == 0 && !auth_pass) {
++ if((auth_pass = strdup(q)) == (char *)NULL) {
++ die("parse_config() -- strdup() failed");
++ }
++
++ if(log_level > 0) {
++ log_event(LOG_INFO, "Set AuthPass=\"%s\"\n", "******** (password hidden)");
++ }
++ }
++ else if(strcasecmp(p, "AuthMethod") == 0 && !auth_method) {
++ if((auth_method = strdup(q)) == (char *)NULL) {
++ die("parse_config() -- strdup() failed");
++ }
++
++ if(log_level > 0) {
++ log_event(LOG_INFO, "Set AuthMethod=\"%s\"\n", auth_method);
++ }
++ }
++ else {
++ log_event(LOG_INFO, "Unable to set %s=\"%s\"\n", p, q);
++ }
++ }
++ }
++ (void)fclose(fp);
++
++ return(True);
++}
++#endif
++
+ /*
+ read_config() -- Open and parse config file and extract values of variables
+ */
+@@ -1287,7 +1384,10 @@
+ die("Could not find password entry for UID %d", uid);
+ }
+ get_arpadate(arpadate);
+-
++
++#ifdef USERPREFS
++ read_user_config(pw);
++#endif
+ if(read_config() == False) {
+ log_event(LOG_INFO, "%s/ssmtp.conf not found", SSMTPCONFDIR);
+ }
diff -ruN ssmtp.orig/files/patch-ssmtp.conf ssmtp/files/patch-ssmtp.conf
--- ssmtp.orig/files/patch-ssmtp.conf Wed Dec 31 17:00:00 1969
+++ ssmtp/files/patch-ssmtp.conf Thu Apr 7 13:29:53 2005
@@ -0,0 +1,13 @@
+--- ssmtp.conf.orig Thu Apr 7 13:28:28 2005
++++ ssmtp.conf Thu Apr 7 13:29:30 2005
+@@ -31,6 +31,10 @@
+ # Use SSL/TLS to send secure messages to server.
+ #UseTLS=YES
+
++# Use STARTTLS to send secure messages.
++# Implies UseTLS=YES
++#UseSTARTTLS=yes
++
+ # Use SSL/TLS certificate to authenticate against smtp host.
+ #UseTLSCert=YES
+
--- patch-ssmtp ends here ---
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200504072040.j37KeCqw033833>