summaryrefslogtreecommitdiff
path: root/debian/local/update_auth.in
diff options
context:
space:
mode:
Diffstat (limited to 'debian/local/update_auth.in')
-rw-r--r--debian/local/update_auth.in250
1 files changed, 250 insertions, 0 deletions
diff --git a/debian/local/update_auth.in b/debian/local/update_auth.in
new file mode 100644
index 0000000..558c8b1
--- /dev/null
+++ b/debian/local/update_auth.in
@@ -0,0 +1,250 @@
+#!/bin/sh -e
+#-----------------------------------------------------------------------------
+#
+# $Sendmail: update_auth,v @sm_version@ @sm_date@ @sm_time@ cowboy Exp $
+#
+# Sendmail support for SMTP AUTH (SASL)
+#
+# Copyright (c) 2000-@SM_CPYRT@ Richard Nelson. All Rights Reserved.
+#
+# Notes:
+#
+#-----------------------------------------------------------------------------
+set -e;
+
+NEW=0;
+DEFAULT=0;
+HOSTNAME=`hostname -s`;
+HOSTFQDN=`hostname -f`;
+DOMAINNAME=`hostname -d`;
+SMUID=sendmail;
+SMAID=sendmail;
+SMPWD=sendmailpwd;
+SMRLM=$HOSTNAME.$DOMAINNAME;
+
+# Check if SASL is installed
+if [ -d /usr/lib/sasl2 -a @sm_version_math@ -ge 527364 ]; then
+ SASLDBLISTUSERS='/usr/sbin/sasldblistusers2';
+ SASLPASSWD='/usr/sbin/saslpasswd2';
+ SASLLIB='/usr/lib/sasl2';
+ SASLSO='2';
+ SASLDB='/etc/sasldb2';
+ SASL_BIN='sasl2-bin';
+ echo " SASL V2 not supported for the nonce, checking for SASL V1";
+ fi;
+if [ -d /usr/lib/sasl ]; then
+ SASLDBLISTUSERS='/usr/sbin/sasldblistusers';
+ SASLPASSWD='/usr/sbin/saslpasswd';
+ SASLLIB='/usr/lib/sasl';
+ SASLSO='1';
+ SASLDB='/etc/sasldb';
+ SASL_BIN='sasl-bin';
+else
+ cat <<-EOT
+
+ SASL not installed, not configuring sendmail support.
+
+ To install sasl, get sasl-bin, libsasl-modules-plain,
+ libsasl-digestmd5-plain or libsasl-digestmd5-des.
+
+ To enable sendmail SASL support at a later date, invoke "$0"
+
+ EOT
+ exit 0;
+ fi;
+
+# Check for sasl-bin (wherein resides saslpasswd)
+if [ ! -x ${SASLPASSWD} ]; then
+ cat <<-EOT
+ ${SASL_BIN} not installed, not configuring sendmail support.
+
+ To enable sendmail SASL support at a later date, invoke "$0"
+
+ EOT
+ exit 0;
+ fi;
+#echo " ";
+#echo "Creating/Updating SASL information";
+
+# See if we need to rename an existing SASL info file
+if [ -f @sysconfdir@/mail/auth-info -a \
+ ! -f @sysconfdir@/mail/default-auth-info ]; then
+ mv @sysconfdir@/mail/auth-info \
+ @sysconfdir@/mail/default-auth-info;
+ fi;
+
+# Create Default SASL auth information
+if [ ! -f @sysconfdir@/mail/default-auth-info ]; then
+ cat <<-EOT > @sysconfdir@/mail/default-auth-info
+ $SMUID
+ $SMAID
+ $SMPWD
+ $SMRLM
+ EOT
+
+# Use exisisting SASL auth information
+else
+ SMUID=$(head -n1 @sysconfdir@/mail/default-auth-info);
+ SMAID=$(head -n2 @sysconfdir@/mail/default-auth-info | tail -n1 -);
+ SMPWD=$(head -n3 @sysconfdir@/mail/default-auth-info | tail -n1 -);
+ SMRLM=$(head -n4 @sysconfdir@/mail/default-auth-info | tail -n1 -);
+ fi;
+
+# Check for default settings, used in later test
+if [ "$SMUID" = 'sendmail' ] \
+&& [ "$SMAID" = 'sendmail' ] \
+&& [ "$SMPWD" = 'sendmailpwd' ]; then
+ DEFAULT=1;
+ fi;
+
+# Create any missing SASL configuration files
+if [ -d ${SASLLIB} ]; then
+ # SASL password configuration
+ if [ ! -f ${SASLLIB}/saslpasswd.conf ]; then
+ NEW=1;
+ cp @datadir@/sendmail/examples/sasl/saslpasswd.conf \
+ ${SASLLIB}/saslpasswd.conf;
+ fi;
+ chown root:root ${SASLLIB}/saslpasswd.conf;
+ chmod 0640 ${SASLLIB}/saslpasswd.conf;
+
+ # Sendmail SASL configuration
+ if [ ! -L ${SASLLIB}/Sendmail.conf ]; then
+ if [ -f ${SASLLIB}/Sendmail.conf ]; then
+ mv ${SASLLIB}/Sendmail.conf @sysconfdir@/mail/sasl/Sendmail.conf;
+ fi;
+ ln -sf @sysconfdir@/mail/sasl/Sendmail.conf \
+ ${SASLLIB}/Sendmail.conf;
+ fi;
+
+ # Make sure libraries are properly installed...
+ ( cd ${SASLLIB} && \
+ if [ -L libanonymous.so.${SASLSO} -a ! -L libanonymous.so ]; then \
+ ln -s libanonymous.so.${SASLSO} libanonymous.so; \
+ fi; \
+ if [ -L libcrammd5.so.${SASLSO} -a ! -L libcrammd5.so ]; then \
+ ln -s libcrammd5.so.${SASLSO} libcrammd5.so; \
+ fi; \
+ if [ -L libdigestmd5.so.${SASLSO} -a ! -L libdigestmd5.so ]; then \
+ ln -s libdigestmd5.so.${SASLSO} libdigestmd5.so; \
+ fi; \
+ if [ -L libdigestmd5.so.0 -a ! -L libdigestmd5.so ]; then \
+ ln -s libdigestmd5.so.0 libdigestmd5.so; \
+ fi; \
+ if [ -L libgssapiv2.so.${SASLSO} -a ! -L libgssapiv2.so ]; then \
+ ln -s libgssapiv2.so.${SASLSO} libgssapiv2.so; \
+ fi; \
+ if [ -L liblogin.so.${SASLSO} -a ! -L liblogin.so ]; then \
+ ln -s liblogin.so.${SASLSO} liblogin.so; \
+ fi; \
+ if [ -L liblogin.so.0 -a ! -L liblogin.so ]; then \
+ ln -s liblogin.so.0 liblogin.so; \
+ fi; \
+ if [ -L libplain.so.${SASLSO} -a ! -L libplain.so ]; then \
+ ln -s libplain.so.${SASLSO} libplain.so; \
+ fi; )
+ fi;
+
+# Create/update sendmail SASL files
+if [ ! -f @sysconfdir@/mail/sasl/Sendmail.conf ]; then
+ NEW=1;
+ cp @datadir@/sendmail/examples/sasl/Sendmail.conf \
+ @sysconfdir@/mail/sasl/Sendmail.conf;
+ fi;
+chown root:smmsp @sysconfdir@/mail/sasl/Sendmail.conf;
+chmod 0640 @sysconfdir@/mail/sasl/Sendmail.conf;
+
+# Recommend PAM for sendmail authorization
+if ! grep -qEe "^[[:space:]]*pwcheck_method:[[:space:]]*PAM" \
+ ${SASLLIB}/Sendmail.conf; then
+ cat <<-EOT
+
+ It is *strongly* recommended that you use PAM as the authentication
+ method for sendmail via SASL. Doing so will allow *all* your shell
+ users (those with an /etc/passwd entry) to automagically authenticate
+ themselves when using a MUA with SASL support turned on.
+
+ Do you wish to use PAM (Y|n)?
+ EOT
+ read yn;
+ yn=$(echo -n "$yn" | sed -e "s/^\ *//" -e "s/^\t*//");
+ test -n "$yn" || yn="Y";
+ case "$yn" in
+ [Yy]*)
+ if grep -qEe '^[[:space:]]*pwcheck_method:' \
+ @sysconfdir@/mail/sasl/Sendmail.conf; then
+ sed -e \
+ 's?^[[:space:]]*pwcheck_method:.*$?pwcheck_method: PAM?' \
+ @sysconfdir@/mail/sasl/Sendmail.conf \
+ > @sysconfdir@/mail/sasl/Sendmail.conf.new;
+ else
+ echo 'pwcheck_method: PAM' \
+ | cat @sysconfdir@/mail/sasl/Sendmail.conf - \
+ > @sysconfdir@/mail/sasl/Sendmail.conf.new;
+ fi;
+ if [ -f @sysconfdir@/mail/sasl/Sendmail.conf.new ]; then
+ chown root:smmsp @sysconfdir@/mail/sasl/Sendmail.conf.new;
+ chmod 0644 @sysconfdir@/mail/sasl/Sendmail.conf.new;
+ mv @sysconfdir@/mail/sasl/Sendmail.conf.new \
+ @sysconfdir@/mail/sasl/Sendmail.conf;
+ fi;
+ ;;
+ esac;
+ fi;
+
+# Make sure default-auth-info is secure
+if [ -f @sysconfdir@/mail/default-auth-info ]; then
+ chown root:smmsp @sysconfdir@/mail/default-auth-info;
+ chmod 0640 @sysconfdir@/mail/default-auth-info;
+ fi;
+
+# Create skeleton file, the saslpasswd command will get a failure ;-{
+if [ ! -f ${SASLDB} ]; then
+ NEW=1;
+ if [ -x ${SASLPASSWD} ]; then
+ ${SASLDBLISTUSERS} 1>/dev/null 2>&1 || true;
+ echo "$SMPWD" | ${SASLPASSWD} -p -c -u $SMRLM $SMAID \
+ 1>/dev/null 2>&1 || true;
+ chown root:smmsp ${SASLDB};
+ chmod 0660 ${SASLDB};
+ else
+ echo "*** You do not have the sasl-bin package installed!";
+ echo "*** Please install it and rerun $0";
+ echo "*** Sendmail can't use SASL until this is done...";
+ fi;
+ fi;
+
+# Set SMTP auth password
+if [ -x ${SASLPASSWD} ]; then
+ if [ $DEFAULT = 0 ]; then
+ echo "$SMPWD" | ${SASLPASSWD} -p -c -u $SMRLM $SMAID || true;
+ else
+ ${SASLPASSWD} -d -u $SMRLM $SMAID 1>/dev/null 2>&1 || true;
+ fi;
+ fi;
+
+# For sendmail, /etc/sasldb must be 0600 or (0640/0660 w/dontblamesendmail)
+if [ -f ${SASLDB} ]; then
+ find ${SASLDB} -gid 0 -print | xargs -r chown root:smmsp;
+ find ${SASLDB} -gid 8 -print | xargs -r chown root:smmsp;
+ find ${SASLDB} -group smmsp -print | xargs -r chmod g+rw;
+ chmod g-x,o-rwx ${SASLDB};
+ fi;
+
+# Tell them about the new wizbang features...
+if [ $NEW -eq 1 ]; then
+ cat <<-EOT
+
+ SASL is now minimally setup, there are a few ways to handle users:
+ *) Allow only shell users (default)
+ You're all set, nothing else to do !
+ *) Allow users other than shell
+ Add users via /usr/sbin/saslpasswd and make sure that the
+ realm you used matches what your users specify in their
+ netscape/outlook/mutt/etc profiles.
+
+ If you need to authorize sendmail as a sender, also update
+ @sysconfdir@/mail/default-auth-info and rerun $0.
+
+ EOT
+ fi;
generated by cgit v1.2.3 (git 2.39.1) at 2025-07-26 19:04:54 +0000