[type/__dma] Implement config file updates
This commit is contained in:
parent
b87b67597e
commit
4dfa24723a
7 changed files with 302 additions and 118 deletions
30
type/__dma/explorer/conf
Executable file
30
type/__dma/explorer/conf
Executable file
|
@ -0,0 +1,30 @@
|
||||||
|
#!/bin/sh -e
|
||||||
|
#
|
||||||
|
# 2020 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
|
||||||
|
#
|
||||||
|
# This file is part of cdist.
|
||||||
|
#
|
||||||
|
# cdist is free software: you can redistribute it and/or modify
|
||||||
|
# it under the terms of the GNU General Public License as published by
|
||||||
|
# the Free Software Foundation, either version 3 of the License, or
|
||||||
|
# (at your option) any later version.
|
||||||
|
#
|
||||||
|
# cdist is distributed in the hope that it will be useful,
|
||||||
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
# GNU General Public License for more details.
|
||||||
|
#
|
||||||
|
# You should have received a copy of the GNU General Public License
|
||||||
|
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
|
||||||
|
#
|
||||||
|
# This explorer looks for lines matching the server parameter in dma's auth.conf
|
||||||
|
# and reports the login and server fields (password is cksummed)
|
||||||
|
|
||||||
|
CONF_PATH=/etc/dma # set in Makefile
|
||||||
|
dma_conf="${CONF_PATH:?}/dma.conf"
|
||||||
|
|
||||||
|
test -f "${dma_conf}" || exit 0
|
||||||
|
|
||||||
|
grep -v -e '^[ \t]*#\|^$' "${dma_conf}" \
|
||||||
|
| sed -e 's/[ \t]*#.*$//' \
|
||||||
|
| sort -s -k 1,1
|
|
@ -1,5 +1,200 @@
|
||||||
#!/bin/sh -e
|
#!/bin/sh -e
|
||||||
|
|
||||||
|
CONF_PATH=/etc/dma # set in Makefile
|
||||||
|
|
||||||
|
# Generate config
|
||||||
|
conf_should=$(
|
||||||
|
if test -s "${__object}/parameter/smart-host"
|
||||||
|
then
|
||||||
|
printf 'SMARTHOST %s\n' "$(cat "${__object}/parameter/smart-host")"
|
||||||
|
#printf 'AUTHPATH %s\n' "$(cat "${__type}/
|
||||||
|
fi
|
||||||
|
|
||||||
|
case $(cat "${__object}/parameter/security")
|
||||||
|
in
|
||||||
|
(ssl|tls)
|
||||||
|
default_smtp_port=465
|
||||||
|
echo 'SECURETRANSFER'
|
||||||
|
;;
|
||||||
|
(starttls)
|
||||||
|
default_smtp_port=587
|
||||||
|
echo 'SECURETRANSFER'
|
||||||
|
echo 'STARTTLS'
|
||||||
|
;;
|
||||||
|
(opportunistic)
|
||||||
|
default_smtp_port=25 # XXX: correct?
|
||||||
|
echo 'SECURETRANSFER'
|
||||||
|
echo 'STARTTLS'
|
||||||
|
echo 'OPPORTUNISTIC_TLS'
|
||||||
|
;;
|
||||||
|
(insecure)
|
||||||
|
default_smtp_port=25
|
||||||
|
echo 'INSECURE'
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
|
||||||
|
if test -s "${__object}/parameter/port"
|
||||||
|
then
|
||||||
|
printf 'PORT %u\n' "$(cat "${__object}/parameter/port")"
|
||||||
|
elif test "${default_smtp_port}" -ne 25
|
||||||
|
then
|
||||||
|
printf 'PORT %u\n' "${default_smtp_port}"
|
||||||
|
fi
|
||||||
|
|
||||||
|
if test -f "${__object}/parameter/masquerade"
|
||||||
|
then
|
||||||
|
while read -r line
|
||||||
|
do
|
||||||
|
printf 'MASQUERADE %s\n' "${line}"
|
||||||
|
done <"${__object}/parameter/masquerade"
|
||||||
|
fi
|
||||||
|
|
||||||
|
|
||||||
|
)
|
||||||
|
conf_should=$(echo "$conf_should" | sort -s -k 1,1)
|
||||||
|
|
||||||
|
config_updated=false
|
||||||
|
if ! echo "$conf_should" | cmp -s "${__object}/explorer/conf" -
|
||||||
|
then
|
||||||
|
# config needs to be updated
|
||||||
|
echo "dma_conf='${CONF_PATH:?}/dma.conf'"
|
||||||
|
cat <<'EOF'
|
||||||
|
awk -F '\n' '
|
||||||
|
function comment_line(line) { return match(line, /^[ \t]*#+[ \t]*/) }
|
||||||
|
function empty_line(line) { return match(line, /^[ \t]*$/) }
|
||||||
|
function is_word(s) { return s ~ /^[A-Z_]+$/ }
|
||||||
|
|
||||||
|
function first(line, sep) {
|
||||||
|
if (!sep) sep = SUBSEP
|
||||||
|
return index(line, sep) ? substr(line, 0, index(line, sep)) : line
|
||||||
|
}
|
||||||
|
|
||||||
|
function rest(line, sep) {
|
||||||
|
if (!sep) sep = SUBSEP
|
||||||
|
if (index(line, sep))
|
||||||
|
return substr(line, index(line, sep) + 1)
|
||||||
|
}
|
||||||
|
|
||||||
|
function conf_pop(word, value) {
|
||||||
|
if (!(word in conf)) return 0
|
||||||
|
if (!value) {
|
||||||
|
if (index(conf[word], SUBSEP)) # more than one element?
|
||||||
|
value = substr(conf[word], 0, index(conf[word], SUBSEP))
|
||||||
|
else
|
||||||
|
value = conf[word]
|
||||||
|
}
|
||||||
|
|
||||||
|
if (index(conf[word], SUBSEP)) {
|
||||||
|
if (index(conf[word], value SUBSEP) != 1) return 0
|
||||||
|
conf[word] = substr(conf[word], length(value) + 2)
|
||||||
|
} else {
|
||||||
|
if (conf[word] != value) return 0
|
||||||
|
delete conf[word]
|
||||||
|
}
|
||||||
|
return value
|
||||||
|
}
|
||||||
|
|
||||||
|
function print_conf(word, value) {
|
||||||
|
printf "%s", word
|
||||||
|
if (value) printf " %s", value
|
||||||
|
printf "\n"
|
||||||
|
}
|
||||||
|
|
||||||
|
function print_confs(word, value) {
|
||||||
|
if (!(word in conf)) return
|
||||||
|
if (conf[word]) {
|
||||||
|
while (value = conf_pop(word))
|
||||||
|
print_conf(word, value)
|
||||||
|
} else {
|
||||||
|
print_conf(word)
|
||||||
|
delete conf[word]
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
BEGIN {
|
||||||
|
while (getline < "/dev/stdin") {
|
||||||
|
word = first($0, " ")
|
||||||
|
if ((word in conf))
|
||||||
|
conf[word] = conf[word] SUBSEP rest($0, " ")
|
||||||
|
else
|
||||||
|
conf[word] = rest($0, " ")
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
# first pass, gather information
|
||||||
|
NR == FNR {
|
||||||
|
if (comment_line($0)) {
|
||||||
|
# comment line
|
||||||
|
word = first(substr($0, RLENGTH + 1), " ")
|
||||||
|
if (is_word(word)) last_occ["#" word] = FNR
|
||||||
|
} else {
|
||||||
|
word = first($0, " ")
|
||||||
|
if (is_word(word)) last_occ[word] = FNR
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
NR > FNR && FNR == 1 {
|
||||||
|
# before second pass prepare hashes
|
||||||
|
|
||||||
|
for (k in last_occ)
|
||||||
|
if (k ~ /^\#/ && (substr(k, 2) in last_occ))
|
||||||
|
delete last_occ[k]
|
||||||
|
|
||||||
|
for (k in last_occ) {
|
||||||
|
line_map[last_occ[k]] = k
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
# second pass, output new config
|
||||||
|
NR > FNR {
|
||||||
|
if (comment_line($0) || empty_line($0)) {
|
||||||
|
# comment or empty line
|
||||||
|
print
|
||||||
|
|
||||||
|
if ((FNR in line_map)) {
|
||||||
|
if (line_map[FNR] ~ /^\#/) {
|
||||||
|
# the "matching" comment line is here
|
||||||
|
k = substr(line_map[FNR], 2)
|
||||||
|
if ((k in conf)) print_confs(k)
|
||||||
|
}
|
||||||
|
|
||||||
|
if (("INSECURE" in conf) && line_map[FNR] ~ /^\#?SECURE$/) {
|
||||||
|
# INSECURE goes where SECURE comment is
|
||||||
|
print_confs("INSECURE")
|
||||||
|
}
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
sub(/[ \t]*\#.*$/, "", $0) # ignore comments
|
||||||
|
word = first($0, " ")
|
||||||
|
|
||||||
|
if ((word in conf) && rest($0, " ") == first(conf[word])) {
|
||||||
|
# keep config options we want
|
||||||
|
conf_pop(word)
|
||||||
|
print
|
||||||
|
}
|
||||||
|
|
||||||
|
if ((FNR in line_map) && line_map[FNR] == word) {
|
||||||
|
# rest of config options should be here
|
||||||
|
print_confs(word)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
END {
|
||||||
|
# print rest of config options
|
||||||
|
for (word in conf) print_confs(word)
|
||||||
|
}
|
||||||
|
' "${dma_conf}" "${dma_conf}" <<'EOF' >"${dma_conf}.tmp" \
|
||||||
|
&& mv "${dma_conf}.tmp" "${dma_conf}"
|
||||||
|
EOF
|
||||||
|
echo "${conf_should}"
|
||||||
|
echo 'EOF'
|
||||||
|
|
||||||
|
config_updated=true
|
||||||
|
echo 'config updated' >>"${__messages_out}"
|
||||||
|
fi
|
||||||
|
|
||||||
|
|
||||||
if test -f "${__object}/parameter/send-test-email"
|
if test -f "${__object}/parameter/send-test-email"
|
||||||
then
|
then
|
||||||
modified=false
|
modified=false
|
||||||
|
@ -10,7 +205,7 @@ then
|
||||||
elif grep -q '^__dma_auth/' "${__messages_in}"
|
elif grep -q '^__dma_auth/' "${__messages_in}"
|
||||||
then
|
then
|
||||||
modified=true
|
modified=true
|
||||||
elif grep -q '^__dma/' "${__messages_in}"
|
elif $config_updated
|
||||||
then
|
then
|
||||||
modified=true
|
modified=true
|
||||||
fi
|
fi
|
||||||
|
|
|
@ -39,7 +39,31 @@ mailname
|
||||||
If not defined, it defaults to `/etc/mailname` on Debian-derived Operating
|
If not defined, it defaults to `/etc/mailname` on Debian-derived Operating
|
||||||
Systems and to `__target_host` otherwise.
|
Systems and to `__target_host` otherwise.
|
||||||
See `dma(8)` for more information.
|
See `dma(8)` for more information.
|
||||||
|
masquerade
|
||||||
|
Masquerade the envelope-from addresses with this address/hostname.
|
||||||
|
Use this setting if mails are not accepted by destination mail servers
|
||||||
|
because your sender domain is invalid.
|
||||||
|
This option can be used multiple times.
|
||||||
|
For more information see the `dma(8)` man page.
|
||||||
|
port
|
||||||
|
The port on which to deliver email.
|
||||||
|
If not provided, a sensible default port will be used based on the
|
||||||
|
`--security` argument.
|
||||||
|
security
|
||||||
|
Configures whether and how DMA should use secure connections.
|
||||||
|
|
||||||
|
ssl/tls
|
||||||
|
Enable TLS/SSL secured transfer.
|
||||||
|
starttls
|
||||||
|
Use STARTTLS to establish a secure connection.
|
||||||
|
opportunistic (default)
|
||||||
|
Will try to establish a secure connection using STARTTLS, but allow
|
||||||
|
unencrypted transfer if STARTTLS fails.
|
||||||
|
Most useful when dma is used without a smarthost, delivering remote
|
||||||
|
messages directly to the outside mail exchangers.
|
||||||
|
insecure
|
||||||
|
allow plain text SMTP login over an insecure connection.
|
||||||
|
Should really not be used anymore!
|
||||||
|
|
||||||
EXAMPLES
|
EXAMPLES
|
||||||
--------
|
--------
|
||||||
|
|
|
@ -2,45 +2,48 @@
|
||||||
|
|
||||||
os=$(cat "${__global}/explorer/os")
|
os=$(cat "${__global}/explorer/os")
|
||||||
|
|
||||||
smart_host="$(cat "${__object}/parameter/smart-host")"
|
# mailname: default behaviour is different on certain systems
|
||||||
|
if test -f "${__object}/parameter/mailname"
|
||||||
if [ -f "${__object}/parameter/mailname" ]; then
|
then
|
||||||
mailname="$(cat "${__object}/parameter/mailname")"
|
mailname=$(cat "${__object}/parameter/mailname")
|
||||||
else
|
else
|
||||||
# default mailname behaviour is different in certain systems
|
# Otherwise use the hostname
|
||||||
case ${os} in
|
mailname=$(cat "${__global}/explorer/hostname")
|
||||||
debian|devuan|ubuntu)
|
|
||||||
# Debian-like default to /etc/mailname
|
|
||||||
mailname="/etc/mailname"
|
|
||||||
;;
|
|
||||||
*)
|
|
||||||
# Otherwise let's use the hostname
|
|
||||||
mailname="${__target_host}"
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
case ${os} in
|
case $os
|
||||||
debian|devuan|ubuntu)
|
in
|
||||||
# Debian-like requires installing DMA
|
(debian|devuan|ubuntu)
|
||||||
__package dma
|
# On Debian-like systems use /etc/mailname
|
||||||
# Moving forward without DMA doesn't make much sense
|
if test -f "${__object}/parameter/mailname"
|
||||||
export require="__package/dma"
|
then
|
||||||
|
echo "$mailname" | __file '/etc/mailname' --state present \
|
||||||
|
--mode 0644 --owner root --group root --source -
|
||||||
|
fi
|
||||||
|
|
||||||
|
mailname='/etc/mailname'
|
||||||
;;
|
;;
|
||||||
freebsd)
|
esac
|
||||||
# Disable sendmail + stop if necessary
|
|
||||||
__key_value \
|
# Install DMA
|
||||||
--file "/etc/rc.conf" \
|
case $os
|
||||||
--comment "# Disable sendmail " \
|
in
|
||||||
--key "sendmail_enable" \
|
(debian|devuan|ubuntu)
|
||||||
--delimiter "=" \
|
__package dma --state present
|
||||||
--value "NONE" \
|
export require='__package/dma'
|
||||||
--onchange "service sendmail onestop || true" \
|
;;
|
||||||
"sendmail_enable"
|
(freebsd)
|
||||||
|
# Stop sendmail if necessary
|
||||||
|
__process 'sendmail' --name 'sendmail.*' --state absent \
|
||||||
|
--stop '/etc/rc.d/sendmail onestop'
|
||||||
|
|
||||||
|
# ... and disable it
|
||||||
|
__key_value 'rcconf-sendmail-enable' --file '/etc/rc.conf' \
|
||||||
|
--key 'sendmail_enable' --delimiter '=' --value '"NONE"' \
|
||||||
|
--exact_delimiter
|
||||||
|
|
||||||
# Setup mailwrapper accordingly
|
# Setup mailwrapper accordingly
|
||||||
__file /etc/mail/mailer.conf \
|
__file '/etc/mail/mailer.conf' --mode 0644 --source - <<-'EOF'
|
||||||
--mode 0644 \
|
|
||||||
--source '-' <<EOF
|
|
||||||
sendmail /usr/libexec/dma
|
sendmail /usr/libexec/dma
|
||||||
send-mail /usr/libexec/dma
|
send-mail /usr/libexec/dma
|
||||||
mailq /usr/libexec/dma
|
mailq /usr/libexec/dma
|
||||||
|
@ -48,8 +51,8 @@ newaliases /usr/libexec/dma
|
||||||
rmail /usr/libexec/dma
|
rmail /usr/libexec/dma
|
||||||
EOF
|
EOF
|
||||||
;;
|
;;
|
||||||
*)
|
(*)
|
||||||
cat > /dev/stderr <<EOF
|
cat <<EOF >&2
|
||||||
Your OS (${os}) is not supported yet.
|
Your OS (${os}) is not supported yet.
|
||||||
|
|
||||||
Maybe adding support is as simple as adapting the packages or allowing it,
|
Maybe adding support is as simple as adapting the packages or allowing it,
|
||||||
|
@ -59,75 +62,3 @@ EOF
|
||||||
exit 1
|
exit 1
|
||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
|
|
||||||
DMA_CONF="$(cat <<EOF
|
|
||||||
# Managed remotely, changes will be lost
|
|
||||||
#
|
|
||||||
# Your smarthost (also called relayhost). Leave blank if you don't want
|
|
||||||
# smarthost support.
|
|
||||||
SMARTHOST ${smart_host}
|
|
||||||
|
|
||||||
# Use this SMTP port. Most users will be fine with the default (25)
|
|
||||||
#PORT 25
|
|
||||||
|
|
||||||
# Path to your alias file. Just stay with the default.
|
|
||||||
#ALIASES /etc/aliases
|
|
||||||
|
|
||||||
# Path to your spooldir. Just stay with the default.
|
|
||||||
#SPOOLDIR /var/spool/dma
|
|
||||||
|
|
||||||
# SMTP authentication
|
|
||||||
#AUTHPATH /etc/dma/auth.conf
|
|
||||||
|
|
||||||
# Uncomment if yout want TLS/SSL support
|
|
||||||
SECURETRANSFER
|
|
||||||
|
|
||||||
# Uncomment if you want STARTTLS support (only used in combination with
|
|
||||||
# SECURETRANSFER)
|
|
||||||
STARTTLS
|
|
||||||
|
|
||||||
# Uncomment if you have specified STARTTLS above and it should be allowed
|
|
||||||
# to fail ("opportunistic TLS", use an encrypted connection when available
|
|
||||||
# but allow an unencrypted one to servers that do not support it)
|
|
||||||
#OPPORTUNISTIC_TLS
|
|
||||||
|
|
||||||
# Path to your local SSL certificate
|
|
||||||
#CERTFILE
|
|
||||||
|
|
||||||
# If you want to use plain text SMTP login without using encryption, change
|
|
||||||
# the SECURE entry below to INSECURE. Otherwise plain login will only work
|
|
||||||
# over a secure connection. Use this option with caution.
|
|
||||||
#SECURE
|
|
||||||
|
|
||||||
# Uncomment if you want to defer your mails. This is useful if you are
|
|
||||||
# behind a dialup line. You have to submit your mails manually with dma -q
|
|
||||||
#DEFER
|
|
||||||
|
|
||||||
# Uncomment if you want the bounce message to include the complete original
|
|
||||||
# message, not just the headers.
|
|
||||||
#FULLBOUNCE
|
|
||||||
|
|
||||||
# The internet hostname dma uses to identify the host.
|
|
||||||
# If not set or empty, the result of gethostname(2) is used.
|
|
||||||
# If MAILNAME is an absolute path to a file, the first line of this file
|
|
||||||
# will be used as the hostname.
|
|
||||||
MAILNAME ${mailname}
|
|
||||||
|
|
||||||
# Masquerade envelope from addresses with this address/hostname.
|
|
||||||
# Use this if mails are not accepted by destination mail servers because
|
|
||||||
# your sender domain is invalid.
|
|
||||||
# By default, MASQUERADE is not set.
|
|
||||||
# Format: MASQUERADE [user@][host]
|
|
||||||
# Examples:
|
|
||||||
# MASQUERADE john@ on host "hamlet" will send all mails as john@hamlet
|
|
||||||
# MASQUERADE percolator will send mails as \$username@percolator, e.g. fish@percolator
|
|
||||||
# MASQUERADE herb@ert will send all mails as herb@ert
|
|
||||||
|
|
||||||
# Directly forward the mail to the SMARTHOST bypassing aliases and local delivery
|
|
||||||
#NULLCLIENT
|
|
||||||
EOF
|
|
||||||
)"
|
|
||||||
|
|
||||||
__file /etc/dma/dma.conf --mode 0644 --source '-' <<EOF
|
|
||||||
${DMA_CONF}
|
|
||||||
EOF
|
|
||||||
|
|
1
type/__dma/parameter/default/security
Normal file
1
type/__dma/parameter/default/security
Normal file
|
@ -0,0 +1 @@
|
||||||
|
opportunistic
|
|
@ -1 +1,3 @@
|
||||||
mailname
|
mailname
|
||||||
|
port
|
||||||
|
security
|
||||||
|
|
1
type/__dma/parameter/optional_multiple
Normal file
1
type/__dma/parameter/optional_multiple
Normal file
|
@ -0,0 +1 @@
|
||||||
|
masquerade
|
Loading…
Reference in a new issue