Merge tag '1.3' into ppa

CMakeLists.txt

@@ -7,14 +7,27 @@ option(USE_APPARMOR "Enable AppArmor profile" OFF)
 
 set(CHROOT_DIR "${CMAKE_INSTALL_PREFIX}/lib/${PROJECT_NAME}" CACHE PATH "Chroot jail for daemon")
 set(SYSCONF_DIR "/etc" CACHE PATH "Global system configuration folder")
+set(SYSD_UNIT_DIR "${SYSCONF_DIR}/systemd/system" CACHE PATH "Systemd unit file folder")
 set(CONFIG_DIR "${SYSCONF_DIR}/default" CACHE PATH "Location of startup configuration file")
 set(DOC_DIR "share/doc/${PROJECT_NAME}" CACHE PATH "Path for documentation files")
+mark_as_advanced(CHROOT_DIR SYSCONF_DIR SYSD_UNIT_DIR CONFIG_DIR DOC_DIR)
 
 find_program(HELP2MAN help2man DOC "path to help2man executable")
 find_program(DD dd DOC "path to dd executable")
 find_program(BASE64 base64 DOC "path to base64 executable")
+find_program(OPENSSL openssl DOC "path to OpenSSL executable")
 find_program(INSSERV insserv DOC "path to insserv executable")
 find_program(CHKCONFIG chkconfig DOC "path to chkconfig executable")
+find_library(LIBSOCKET socket)
+find_library(LIBNSL nsl)
+
+if(BASE64)
+    set(BASE64_ENCODE "${BASE64}")
+elseif(OPENSSL)
+    set(BASE64_ENCODE "${OPENSSL} base64 -e")
+else()
+    set(BASE64_ENCODE "")
+endif()
 
 check_include_file(sys/wait.h HAVE_SYS_WAIT_H)
 if(HAVE_SYS_WAIT_H)
@@ -34,7 +47,7 @@ if(HAVE_TIME_H)
 endif()
 
 if(NOT DEFINED INIT_FLAVOR)
-	if(IS_DIRECTORY "${SYSCONF_DIR}/systemd" AND EXISTS "/usr/lib/systemd/systemd")
+	if(IS_DIRECTORY "${SYSD_UNIT_DIR}" AND EXISTS "/usr/lib/systemd/systemd")
         message(STATUS "Detected init flavor: systemd")
         set(INIT_FLAVOR "systemd" CACHE STRING "Init daemon of this system")
     elseif(IS_DIRECTORY "${SYSCONF_DIR}/init" AND EXISTS "/lib/init/upstart-job")
@@ -55,6 +68,10 @@ endif()
 
 add_executable(${PROJECT_NAME} postsrsd.c sha1.c srs2.c)
 
+if(${CMAKE_SYSTEM_NAME} MATCHES "SunOS")
+    target_link_libraries(${PROJECT_NAME} ${LIBSOCKET} ${LIBNSL})
+endif()
+
 get_target_property(POSTSRSD ${PROJECT_NAME} LOCATION)
 get_filename_component(POSTSRSD ${POSTSRSD} NAME_WE)
 set(APPARMOR_PROFILE "${CMAKE_INSTALL_PREFIX}/sbin/${POSTSRSD}")
@@ -83,6 +100,6 @@ if(USE_APPARMOR)
 endif()
 
 install(TARGETS ${PROJECT_NAME} DESTINATION "sbin")
-install(FILES README.md main.cf.ex DESTINATION "${DOC_DIR}")
+install(FILES README.md README_UPGRADE.md main.cf.ex DESTINATION "${DOC_DIR}")
 install(SCRIPT "${CMAKE_CURRENT_BINARY_DIR}/postinstall.cmake")
 

README.md

@@ -80,8 +80,22 @@ your main.cf:
     sender_canonical_maps = tcp:127.0.0.1:10001
     sender_canonical_classes = envelope_sender
     recipient_canonical_maps = tcp:127.0.0.1:10002
-    recipient_canonical_classes= envelope_recipient
+    recipient_canonical_classes= envelope_recipient,header_recipient
+
+This will transparently rewrite incoming and outgoing envelope addresses,
+and additionally undo SRS rewrites in the To: header of bounce notifications
+and vacation autoreplies.
 
-This will transparently rewrite incoming and outgoing envelope addresses.
 Run `service postsrsd start` and `postfix reload` as root, or reboot.
 
+Known Issues
+------------
+
+- Due to the way PostSRSd is integrated with Postfix, sender addresses
+  will always be rewritten even if the mail is not forwarded at all. This
+  is because the canonical maps are read by the cleanup daemon, which
+  processes mails at the very beginning before any routing decision is made.
+
+- The Postfix package in CentOS 6 lacks the required support for TCP
+  dictionaries. Please upgrade your distribution or build Postfix yourself.
+

README_UPGRADE.md

@@ -0,0 +1,15 @@
+PostSRSd Upgrade Note
+=====================
+
+/etc/default/postsrsd
+---------------------
+
+The shipped configuration file has changed from previous versions.
+However, the installer will not automatically overwrite existing
+configuration files to prevent data loss.
+
+Please review the changes after the installation and update your
+configuration file accordingly. Note in particular, that most options
+may no longer remain commented out, since it was cumbersome to maintain 
+all the default values in the various startup scripts.
+

init/postsrsd.default.in

@@ -13,6 +13,10 @@
 #
 #SRS_EXCLUDE_DOMAINS=.example.com,example.org
 
+# First separator character after SRS0 or SRS1.
+# Can be one of: -+=
+SRS_SEPARATOR==
+
 # Secret key to sign rewritten addresses.
 # When postsrsd is installed for the first time, a random secret is generated
 # and stored in /etc/postsrsd.secret. For most installations, that's just fine.

init/postsrsd.systemd.in

@@ -1,15 +1,13 @@
 [Unit]
 Description=PostSRSd Daemon
-After=network.target
 
 [Service]
 Type=simple
-Environment SRS_DOMAIN=localhost.localdomain
-Environment SRS_EXCLUDE_DOMAINS=
+Environment=SRS_DOMAIN=localhost.localdomain
+Environment=SRS_EXCLUDE_DOMAINS=
 EnvironmentFile=@CONFIG_DIR@/@PROJECT_NAME@
-ExecStart=@CMAKE_INSTALL_PREFIX@/sbin/@POSTSRSD@ -f${SRS_FORWARD_PORT} -r${SRS_REVERSE_PORT} -d${SRS_DOMAIN} -s${SRS_SECRET} -u${RUN_AS} -c${CHROOT} -X${SRS_EXCLUDE_DOMAINS}
+ExecStart=@CMAKE_INSTALL_PREFIX@/sbin/@POSTSRSD@ -f"${SRS_FORWARD_PORT}" -r"${SRS_REVERSE_PORT}" -d"${SRS_DOMAIN}" -s"${SRS_SECRET}" -a"${SRS_SEPARATOR}" -u"${RUN_AS}" -c"${CHROOT}" -X"${SRS_EXCLUDE_DOMAINS}"
 Restart=always
 
 [Install]
 WantedBy=multi-user.target
-

init/postsrsd.sysv-lsb.in

@@ -44,7 +44,7 @@ case "$1" in
 		--pidfile $PIDFILE \
 		--name $NAME \
 		--startas $DAEMON \
-		-- -f"$SRS_FORWARD_PORT" -r"$SRS_REVERSE_PORT" -d"$SRS_DOMAIN" -s"$SRS_SECRET" -u"$RUN_AS" -p"$PIDFILE" -c"$CHROOT" -X"$SRS_EXCLUDE_DOMAINS" -D
+		-- -f"$SRS_FORWARD_PORT" -r"$SRS_REVERSE_PORT" -d"$SRS_DOMAIN" -s"$SRS_SECRET" -a "$SRS_SEPARATOR" -u"$RUN_AS" -p"$PIDFILE" -c"$CHROOT" -X"$SRS_EXCLUDE_DOMAINS" -D
 	then
 	    log_end_msg 0
 	else

init/postsrsd.sysv-redhat.in

@@ -36,7 +36,7 @@ do_start()
 {
 	echo -n "Starting $DESC: "
 	daemon $DAEMON -f"$SRS_FORWARD_PORT" -r"$SRS_REVERSE_PORT" -d"$SRS_DOMAIN" -s"$SRS_SECRET" \
-	               -u"$RUN_AS" -p"$PIDFILE" -c"$CHROOT" -X"$SRS_EXCLUDE_DOMAINS" -D
+	               -u"$RUN_AS" -p"$PIDFILE" -a "$SRS_SEPARATOR" -c"$CHROOT" -X"$SRS_EXCLUDE_DOMAINS" -D
 	RETVAL=$?
 	echo
     	[ $RETVAL -eq 0 ] && touch /var/lock/subsys/$NAME

init/postsrsd.upstart.in

@@ -9,6 +9,6 @@ script
 	SRS_DOMAIN=`postconf -h mydomain || true`
 	SRS_EXCLUDE_DOMAINS=
 	. "@CONFIG_DIR@/@PROJECT_NAME@"
-	exec @CMAKE_INSTALL_PREFIX@/sbin/@POSTSRSD@ -f"$SRS_FORWARD_PORT" -r"$SRS_REVERSE_PORT" -d"$SRS_DOMAIN" -s"$SRS_SECRET" -u"$RUN_AS" -c"$CHROOT" -X"$SRS_EXCLUDE_DOMAINS"
+	exec @CMAKE_INSTALL_PREFIX@/sbin/@POSTSRSD@ -f"$SRS_FORWARD_PORT" -r"$SRS_REVERSE_PORT" -d"$SRS_DOMAIN" -s"$SRS_SECRET" -a "$SRS_SEPARATOR" -u"$RUN_AS" -c"$CHROOT" -X"$SRS_EXCLUDE_DOMAINS"
 end script
 

main.cf.ex

@@ -3,6 +3,6 @@
 sender_canonical_maps = tcp:127.0.0.1:10001
 sender_canonical_classes = envelope_sender
 recipient_canonical_maps = tcp:127.0.0.1:10002
-recipient_canonical_classes = envelope_recipient
+recipient_canonical_classes = envelope_recipient,header_recipient
 
 

postinstall.cmake.in

@@ -1,11 +1,12 @@
 set(GENERATE_SRS_SECRET "@GENERATE_SRS_SECRET@")
 set(SYSCONF_DIR "@SYSCONF_DIR@")
+set(SYSD_UNIT_DIR "@SYSD_UNIT_DIR@")
 set(CHROOT_DIR "@CHROOT_DIR@")
 set(CONFIG_DIR "@CONFIG_DIR@")
 set(INIT_FLAVOR "@INIT_FLAVOR@")
 set(SECRET_FILE "@PROJECT_NAME@.secret")
 set(DD "@DD@")
-set(BASE64 "@BASE64@")
+set(BASE64_ENCODE "@BASE64_ENCODE@")
 set(INSSERV "@INSSERV@")
 set(CHKCONFIG "@CHKCONFIG@")
 
@@ -14,8 +15,20 @@ if(CHROOT_DIR AND NOT EXISTS "$ENV{DESTDIR}${CHROOT_DIR}")
 	file(MAKE_DIRECTORY "$ENV{DESTDIR}${CHROOT_DIR}")
 endif()
 
-if(INIT_FLAVOR AND NOT EXISTS "$ENV{DESTDIR}${CONFIG_DIR}/@PROJECT_NAME@")
-	file(INSTALL FILES "@CMAKE_CURRENT_BINARY_DIR@/@PROJECT_NAME@.default" DESTINATION "${CONFIG_DIR}" RENAME "@PROJECT_NAME@")
+if(INIT_FLAVOR)
+	if (NOT EXISTS "$ENV{DESTDIR}${CONFIG_DIR}/@PROJECT_NAME@")
+		file(INSTALL FILES "@CMAKE_CURRENT_BINARY_DIR@/@PROJECT_NAME@.default" DESTINATION "${CONFIG_DIR}" RENAME "@PROJECT_NAME@")
+	else()
+		file(INSTALL FILES "@CMAKE_CURRENT_BINARY_DIR@/@PROJECT_NAME@.default" DESTINATION "${CONFIG_DIR}" RENAME "@PROJECT_NAME@.new")
+		message(STATUS "")
+		message(STATUS "*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*")
+		message(STATUS "*!* ${CONFIG_DIR}/@PROJECT_NAME@ will NOT be overwritten!")
+		message(STATUS "*!* Please note the changes from @PROJECT_NAME@.new in the same folder and")
+		message(STATUS "*!* update your configuration accordinly.")
+		message(STATUS "*!* See also README_UPGRADE.md for details")
+		message(STATUS "*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*")
+		message(STATUS "")
+	endif()
 endif()
 
 if(INIT_FLAVOR STREQUAL "sysv-lsb")
@@ -35,14 +48,14 @@ elseif(INIT_FLAVOR STREQUAL "sysv-redhat")
 elseif(INIT_FLAVOR STREQUAL "upstart")
 	file(INSTALL FILES "@CMAKE_CURRENT_BINARY_DIR@/@PROJECT_NAME@.upstart" DESTINATION "${SYSCONF_DIR}/init" RENAME "@PROJECT_NAME@.conf")
 elseif(INIT_FLAVOR STREQUAL "systemd")
-	file(INSTALL FILES "@CMAKE_CURRENT_BINARY_DIR@/@PROJECT_NAME@.systemd" DESTINATION "${SYSCONF_DIR}/systemd/system" RENAME "@PROJECT_NAME@.service")
+	file(INSTALL FILES "@CMAKE_CURRENT_BINARY_DIR@/@PROJECT_NAME@.systemd" DESTINATION "${SYSD_UNIT_DIR}" RENAME "@PROJECT_NAME@.service")
 endif()
 
-if(GENERATE_SRS_SECRET AND DD AND BASE64 AND EXISTS "/dev/urandom" AND NOT EXISTS "$ENV{DESTDIR}${SYSCONF_DIR}/${SECRET_FILE}")
+if(GENERATE_SRS_SECRET AND DD AND BASE64_ENCODE AND EXISTS "/dev/urandom" AND NOT EXISTS "$ENV{DESTDIR}${SYSCONF_DIR}/${SECRET_FILE}")
 	message(STATUS "Generating secret key")
 	execute_process(
 		COMMAND ${DD} if=/dev/urandom bs=18 count=1
-		COMMAND ${BASE64}
+                COMMAND ${BASE64_ENCODE}
 		OUTPUT_FILE "@CMAKE_CURRENT_BINARY_DIR@/${SECRET_FILE}"
 		ERROR_QUIET
 		OUTPUT_STRIP_TRAILING_WHITESPACE

postsrsd.c

@@ -43,7 +43,7 @@
 #include <syslog.h>
 
 #ifndef VERSION
-#define VERSION "1.2"
+#define VERSION "1.3"
 #endif
 
 static char *self = NULL;
@@ -58,7 +58,7 @@ static int bind_service (const char *service, int family)
   memset (&hints, 0, sizeof(hints));
   hints.ai_family = family;
   hints.ai_socktype = SOCK_STREAM;
-  hints.ai_flags = AI_ADDRCONFIG | AI_V4MAPPED;
+
   err = getaddrinfo(NULL, service, &hints, &addr);
   if (err != 0) {
     fprintf(stderr, "%s: bind_service(%s): %s\n", self, service, gai_strerror(err));
@@ -214,6 +214,7 @@ static void show_help ()
     "Options:\n"
     "   -s<file>       read secrets from file (required)\n"
     "   -d<domain>     set domain name for rewrite (required)\n"
+    "   -a<char>       set first separator character which can be one of: -=+ (default: =)\n"
     "   -f<port>       set port for the forward SRS lookup (default: 10001)\n"
     "   -r<port>       set port for the reverse SRS lookup (default: 10002)\n"
     "   -p<pidfile>    write process ID to pidfile (default: none)\n"
@@ -221,6 +222,7 @@ static void show_help ()
     "   -u<user>       switch user id after port bind (default: none)\n"
     "   -t<seconds>    timeout for idle client connections (default: 1800)\n"
     "   -X<domain>     exclude additional domain from address rewriting\n"
+    "   -e             attempt to read above parameters from environment\n"
     "   -D             fork into background\n"
     "   -4             force IPv4 socket (default: any)\n"
     "   -6             force IPv6 socket (default: any)\n"
@@ -239,6 +241,7 @@ int main (int argc, char **argv)
   int daemonize = FALSE;
   char *forward_service = NULL, *reverse_service = NULL,
        *user = NULL, *domain = NULL, *chroot_dir = NULL;
+  char separator = '=';
   int forward_sock, reverse_sock;
   char *secret_file = NULL, *pid_file = NULL;
   FILE *pf = NULL, *sf = NULL;
@@ -256,7 +259,7 @@ int main (int argc, char **argv)
   tmp = strrchr(argv[0], '/');
   if (tmp) self = strdup(tmp + 1); else self = strdup(argv[0]);
 
-  while ((opt = getopt(argc, argv, "46d:f:r:s:u:t:p:c:X::Dhv")) != -1) {
+  while ((opt = getopt(argc, argv, "46d:a:f:r:s:u:t:p:c:X::Dhev")) != -1) {
     switch (opt) {
       case '?':
         return EXIT_FAILURE;
@@ -269,6 +272,9 @@ int main (int argc, char **argv)
       case 'd':
         domain = strdup(optarg);
         break;
+      case 'a':
+        separator = *optarg;
+        break;
       case 'f':
         forward_service = strdup(optarg);
         break;
@@ -314,6 +320,42 @@ int main (int argc, char **argv)
           excludes[s1] = NULL;
         }
         break;
+      case 'e':
+        if ( getenv("SRS_DOMAIN") != NULL )
+          domain = strdup(getenv("SRS_DOMAIN"));
+        if ( getenv("SRS_SEPARATOR") != NULL )
+          separator = *getenv("SRS_SEPARATOR");
+        if ( getenv("SRS_FORWARD_PORT") != NULL )
+          forward_service = strdup(getenv("SRS_FORWARD_PORT"));
+        if ( getenv("SRS_REVERSE_PORT") != NULL )
+          reverse_service = strdup(getenv("SRS_REVERSE_PORT"));
+        if ( getenv("SRS_TIMEOUT") != NULL )
+          timeout = atoi(getenv("SRS_TIMEOUT"));
+        if ( getenv("SRS_SECRET") != NULL )
+          secret_file = strdup(getenv("SRS_SECRET"));
+        if ( getenv("SRS_PID_FILE") != NULL )
+          pid_file = strdup(getenv("SRS_PID_FILE"));
+        if ( getenv("RUN_AS") != NULL )
+          user = strdup(getenv("RUN_AS"));
+        if ( getenv("CHROOT") != NULL )
+          chroot_dir = strdup(getenv("CHROOT"));
+        if (getenv("SRS_EXCLUDE_DOMAINS") != NULL) {
+          tmp = strtok(getenv("SRS_EXCLUDE_DOMAINS"), ",; \t\r\n");
+          while (tmp) {
+            if (s1 + 1 >= s2) {
+              s2 *= 2;
+              excludes = (const char **)realloc(excludes, s2 * sizeof(char*));
+              if (excludes == NULL) {
+                fprintf (stderr, "%s: Out of memory\n\n", self);
+                return EXIT_FAILURE;
+              }
+            }
+            excludes[s1++] = strdup(tmp);
+            tmp = strtok(NULL, ",; \t\r\n");
+          }
+          excludes[s1] = NULL;
+        }
+        break;
       case 'v':
         fprintf (stdout, "%s\n", VERSION);
         return EXIT_SUCCESS;
@@ -328,6 +370,11 @@ int main (int argc, char **argv)
     return EXIT_FAILURE;
   }
 
+  if (separator != '=' && separator != '+' && separator != '-') {
+    fprintf (stderr, "%s: SRS separator character must be one of '=+-'\n", self);
+    return EXIT_FAILURE;
+  }
+
   /* The stuff we do first may not be possible from within chroot or without privileges */
 
   /* Open pid file for writing (the actual process ID is filled in later) */
@@ -420,7 +467,8 @@ int main (int argc, char **argv)
       srs_add_secret (srs, secret);
   }
   fclose (sf);
-  srs_set_separator (srs, '+');
+
+  srs_set_separator (srs, separator);
 
   fds[0].fd = forward_sock;
   fds[0].events = POLLIN;