[type/__dma] Implement config file updates

2020-06-01 17:07:35 +02:00 · 2020-06-01 17:07:35 +02:00 · 4dfa24723a
commit 4dfa24723a
parent b87b67597e
7 changed files with 302 additions and 118 deletions
--- a/type/__dma/explorer/conf
+++ b/type/__dma/explorer/conf
@ -0,0 +1,30 @@
 #!/bin/sh -e
 #
 # 2020 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
 #
 # This file is part of cdist.
 #
 # cdist is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
 # the Free Software Foundation, either version 3 of the License, or
 # (at your option) any later version.
 #
 # cdist is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
 #
 # You should have received a copy of the GNU General Public License
 # along with cdist. If not, see <http://www.gnu.org/licenses/>.
 #
 # This explorer looks for lines matching the server parameter in dma's auth.conf
 # and reports the login and server fields (password is cksummed)
 CONF_PATH=/etc/dma  # set in Makefile
 dma_conf="${CONF_PATH:?}/dma.conf"
 test -f "${dma_conf}" || exit 0
 grep -v -e '^[ \t]*#\|^$' "${dma_conf}" \
 | sed -e 's/[ \t]*#.*$//' \
 | sort -s -k 1,1
--- a/type/__dma/gencode-remote
+++ b/type/__dma/gencode-remote
@ -1,5 +1,200 @@
 #!/bin/sh -e
 CONF_PATH=/etc/dma  # set in Makefile
 # Generate config
 conf_should=$(
 	if test -s "${__object}/parameter/smart-host"
 	then
 		printf 'SMARTHOST %s\n' "$(cat "${__object}/parameter/smart-host")"
 		#printf 'AUTHPATH %s\n' "$(cat "${__type}/
 	fi
 	case $(cat "${__object}/parameter/security")
 	in
 		(ssl|tls)
 			default_smtp_port=465
 			echo 'SECURETRANSFER'
 			;;
 		(starttls)
 			default_smtp_port=587
 			echo 'SECURETRANSFER'
 			echo 'STARTTLS'
 			;;
 		(opportunistic)
 			default_smtp_port=25  # XXX: correct?
 			echo 'SECURETRANSFER'
 			echo 'STARTTLS'
 			echo 'OPPORTUNISTIC_TLS'
 			;;
 		(insecure)
 			default_smtp_port=25
 			echo 'INSECURE'
 			;;
 	esac
 	if test -s "${__object}/parameter/port"
 	then
 		printf 'PORT %u\n' "$(cat "${__object}/parameter/port")"
 	elif test "${default_smtp_port}" -ne 25
 	then
 		printf 'PORT %u\n' "${default_smtp_port}"
 	fi
 	if test -f "${__object}/parameter/masquerade"
 	then
 		while read -r line
 		do
 			printf 'MASQUERADE %s\n' "${line}"
 		done <"${__object}/parameter/masquerade"
 	fi
 )
 conf_should=$(echo "$conf_should" | sort -s -k 1,1)
 config_updated=false
 if ! echo "$conf_should" | cmp -s "${__object}/explorer/conf" -
 then
 	# config needs to be updated
 	echo "dma_conf='${CONF_PATH:?}/dma.conf'"
 	cat <<'EOF'
 awk -F '\n' '
 function comment_line(line) { return match(line, /^[ \t]*#+[ \t]*/) }
 function empty_line(line) { return match(line, /^[ \t]*$/) }
 function is_word(s) { return s ~ /^[A-Z_]+$/ }
 function first(line, sep) {
 	if (!sep) sep = SUBSEP
 	return index(line, sep) ? substr(line, 0, index(line, sep)) : line
 }
 function rest(line, sep) {
 	if (!sep) sep = SUBSEP
 	if (index(line, sep))
 		return substr(line, index(line, sep) + 1)
 }
 function conf_pop(word, value) {
 	if (!(word in conf)) return 0
 	if (!value) {
 		if (index(conf[word], SUBSEP))  # more than one element?
 			value = substr(conf[word], 0, index(conf[word], SUBSEP))
 		else
 			value = conf[word]
 	}
 	if (index(conf[word], SUBSEP)) {
 		if (index(conf[word], value SUBSEP) != 1) return 0
 		conf[word] = substr(conf[word], length(value) + 2)
 	} else {
 		if (conf[word] != value) return 0
 		delete conf[word]
 	}
 	return value
 }
 function print_conf(word, value) {
 	printf "%s", word
 	if (value) printf " %s", value
 	printf "\n"
 }
 function print_confs(word,    value) {
 	if (!(word in conf)) return
 	if (conf[word]) {
 		while (value = conf_pop(word))
 			print_conf(word, value)
 	} else {
 		print_conf(word)
 		delete conf[word]
 	}
 }
 BEGIN {
 	while (getline < "/dev/stdin") {
 		word = first($0, " ")
 		if ((word in conf))
 			conf[word] = conf[word] SUBSEP rest($0, " ")
 		else
 			conf[word] = rest($0, " ")
 	}
 }
 # first pass, gather information
 NR == FNR {
 	if (comment_line($0)) {
 		# comment line
 		word = first(substr($0, RLENGTH + 1), " ")
 		if (is_word(word)) last_occ["#" word] = FNR
 	} else {
 		word = first($0, " ")
 		if (is_word(word)) last_occ[word] = FNR
 	}
 }
 NR > FNR && FNR == 1 {
 	# before second pass prepare hashes
 	for (k in last_occ)
 		if (k ~ /^\#/ && (substr(k, 2) in last_occ))
 			delete last_occ[k]
 	for (k in last_occ) {
 		line_map[last_occ[k]] = k
 	}
 }
 # second pass, output new config
 NR > FNR {
 	if (comment_line($0) || empty_line($0)) {
 		# comment or empty line
 		print
 		if ((FNR in line_map)) {
 			if (line_map[FNR] ~ /^\#/) {
 				# the "matching" comment line is here
 				k = substr(line_map[FNR], 2)
 				if ((k in conf)) print_confs(k)
 			}
 			if (("INSECURE" in conf) && line_map[FNR] ~ /^\#?SECURE$/) {
 				# INSECURE goes where SECURE comment is
 				print_confs("INSECURE")
 			}
 		}
 	} else {
 		sub(/[ \t]*\#.*$/, "", $0)  # ignore comments
 		word = first($0, " ")
 		if ((word in conf) && rest($0, " ") == first(conf[word])) {
 			# keep config options we want
 			conf_pop(word)
 			print
 		}
 		if ((FNR in line_map) && line_map[FNR] == word) {
 			# rest of config options should be here
 			print_confs(word)
 		}
 	}
 }
 END {
 	# print rest of config options
 	for (word in conf) print_confs(word)
 }
 ' "${dma_conf}" "${dma_conf}" <<'EOF' >"${dma_conf}.tmp" \
 && mv "${dma_conf}.tmp" "${dma_conf}"
 EOF
 	echo "${conf_should}"
 	echo 'EOF'
 	config_updated=true
 	echo 'config updated' >>"${__messages_out}"
 fi
 if test -f "${__object}/parameter/send-test-email"
 then
 	modified=false
@ -10,7 +205,7 @@ then
 	elif grep -q '^__dma_auth/' "${__messages_in}"
 	then
 		modified=true
-	elif grep -q '^__dma/' "${__messages_in}"
+	elif $config_updated
 	then
 		modified=true
 	fi
--- a/type/__dma/man.rst
+++ b/type/__dma/man.rst
@ -39,7 +39,31 @@ mailname
    If not defined, it defaults to `/etc/mailname` on Debian-derived Operating
    Systems and to `__target_host` otherwise.
    See `dma(8)` for more information.
 masquerade
    Masquerade the envelope-from addresses with this address/hostname.
    Use this setting if mails are not accepted by destination mail servers
    because your sender domain is invalid.
    This option can be used multiple times.
    For more information see the `dma(8)` man page.
 port
    The port on which to deliver email.
    If not provided, a sensible default port will be used based on the
    `--security` argument.
 security
    Configures whether and how DMA should use secure connections.
    ssl/tls
        Enable TLS/SSL secured transfer.
    starttls
        Use STARTTLS to establish a secure connection.
    opportunistic (default)
        Will try to establish a secure connection using STARTTLS, but allow
        unencrypted transfer if STARTTLS fails.
        Most useful when dma is used without a smarthost, delivering remote
        messages directly to the outside mail exchangers.
    insecure
        allow plain text SMTP login over an insecure connection.
        Should really not be used anymore!
 EXAMPLES
 --------
--- a/type/__dma/manifest
+++ b/type/__dma/manifest
@ -2,54 +2,57 @@
 os=$(cat "${__global}/explorer/os")
-smart_host="$(cat "${__object}/parameter/smart-host")"
+# mailname: default behaviour is different on certain systems
-
+if test -f "${__object}/parameter/mailname"
-if [ -f "${__object}/parameter/mailname" ]; then
+then
-	mailname="$(cat "${__object}/parameter/mailname")"
+	mailname=$(cat "${__object}/parameter/mailname")
 else
-	# default mailname behaviour is different in certain systems
+	# Otherwise use the hostname
-	case ${os} in
+	mailname=$(cat "${__global}/explorer/hostname")
 		debian|devuan|ubuntu)
 			# Debian-like default to /etc/mailname
 			mailname="/etc/mailname"
 		;;
 		*)
 			# Otherwise let's use the hostname
 			mailname="${__target_host}"
 		;;
 	esac
 fi
-case ${os} in
+case $os
-	debian|devuan|ubuntu)
+in
-		# Debian-like requires installing DMA
+	(debian|devuan|ubuntu)
-		__package dma
+		# On Debian-like systems use /etc/mailname
-		# Moving forward without DMA doesn't make much sense
+		if test -f "${__object}/parameter/mailname"
-		export require="__package/dma"
+		then
-	;;
+			echo "$mailname" | __file '/etc/mailname' --state present \
-	freebsd)
+				--mode 0644 --owner root --group root --source -
-		# Disable sendmail + stop if necessary
+		fi
-		__key_value \
+
-			--file      "/etc/rc.conf" \
+		mailname='/etc/mailname'
-			--comment   "# Disable sendmail " \
+		;;
-			--key       "sendmail_enable" \
+esac
-			--delimiter "=" \
+
-			--value     "NONE" \
+# Install DMA
-			--onchange  "service sendmail onestop || true" \
+case $os
-			"sendmail_enable"
+in
 	(debian|devuan|ubuntu)
 		__package dma --state present
 		export require='__package/dma'
 		;;
 	(freebsd)
 		# Stop sendmail if necessary
 		__process 'sendmail' --name 'sendmail.*' --state absent \
 			--stop '/etc/rc.d/sendmail onestop'
 		# ... and disable it
 		__key_value 'rcconf-sendmail-enable' --file '/etc/rc.conf' \
 			--key 'sendmail_enable' --delimiter '=' --value '"NONE"' \
 			--exact_delimiter
 		# Setup mailwrapper accordingly
-		__file /etc/mail/mailer.conf \
+		__file '/etc/mail/mailer.conf' --mode 0644 --source - <<-'EOF'
-			--mode 0644 \
+			sendmail	/usr/libexec/dma
-			--source '-' <<EOF
+			send-mail	/usr/libexec/dma
-sendmail	/usr/libexec/dma
+			mailq		/usr/libexec/dma
-send-mail	/usr/libexec/dma
+			newaliases	/usr/libexec/dma
-mailq		/usr/libexec/dma
+			rmail		/usr/libexec/dma
-newaliases	/usr/libexec/dma
+		EOF
-rmail		/usr/libexec/dma
+		;;
-EOF
+	(*)
-	;;
+		cat <<EOF >&2
 	*)
 		cat > /dev/stderr <<EOF
 Your OS (${os}) is not supported yet.
 Maybe adding support is as simple as adapting the packages or allowing it,
@ -57,77 +60,5 @@ we highly encourage you to open a PR with the necessary changes.
 See: https://code.ungleich.ch/ungleich-public/cdist-contrib/
 EOF
 		exit 1
-	;;
+		;;
 esac
 DMA_CONF="$(cat <<EOF
 # Managed remotely, changes will be lost
 #
 # Your smarthost (also called relayhost).  Leave blank if you don't want
 # smarthost support.
 SMARTHOST ${smart_host}
 # Use this SMTP port.  Most users will be fine with the default (25)
 #PORT 25
 # Path to your alias file.  Just stay with the default.
 #ALIASES /etc/aliases
 # Path to your spooldir.  Just stay with the default.
 #SPOOLDIR /var/spool/dma
 # SMTP authentication
 #AUTHPATH /etc/dma/auth.conf
 # Uncomment if yout want TLS/SSL support
 SECURETRANSFER
 # Uncomment if you want STARTTLS support (only used in combination with
 # SECURETRANSFER)
 STARTTLS
 # Uncomment if you have specified STARTTLS above and it should be allowed
 # to fail ("opportunistic TLS", use an encrypted connection when available
 # but allow an unencrypted one to servers that do not support it)
 #OPPORTUNISTIC_TLS
 # Path to your local SSL certificate
 #CERTFILE
 # If you want to use plain text SMTP login without using encryption, change
 # the SECURE entry below to INSECURE.  Otherwise plain login will only work
 # over a secure connection.  Use this option with caution.
 #SECURE
 # Uncomment if you want to defer your mails.  This is useful if you are
 # behind a dialup line.  You have to submit your mails manually with dma -q
 #DEFER
 # Uncomment if you want the bounce message to include the complete original
 # message, not just the headers.
 #FULLBOUNCE
 # The internet hostname dma uses to identify the host.
 # If not set or empty, the result of gethostname(2) is used.
 # If MAILNAME is an absolute path to a file, the first line of this file
 # will be used as the hostname.
 MAILNAME ${mailname}
 # Masquerade envelope from addresses with this address/hostname.
 # Use this if mails are not accepted by destination mail servers because
 # your sender domain is invalid.
 # By default, MASQUERADE is not set.
 # Format: MASQUERADE [user@][host]
 # Examples:
 # MASQUERADE john@  on host "hamlet" will send all mails as john@hamlet
 # MASQUERADE percolator  will send mails as \$username@percolator, e.g. fish@percolator
 # MASQUERADE herb@ert  will send all mails as herb@ert
 # Directly forward the mail to the SMARTHOST bypassing aliases and local delivery
 #NULLCLIENT
 EOF
 )"
 __file /etc/dma/dma.conf --mode 0644 --source '-' <<EOF
 ${DMA_CONF}
 EOF
--- a/type/__dma/parameter/default/security
+++ b/type/__dma/parameter/default/security
@ -0,0 +1 @@
 opportunistic
--- a/type/__dma/parameter/optional
+++ b/type/__dma/parameter/optional
@ -1 +1,3 @@
 mailname
 port
 security
--- a/type/__dma/parameter/optional_multiple
+++ b/type/__dma/parameter/optional_multiple
@ -0,0 +1 @@
 masquerade