Procházet zdrojové kódy

Merge tag '1.2' into ppa

ppa
Timo Röhling před 10 roky
rodič
revize
cd8d445295

+ 38
- 12
CMakeLists.txt Zobrazit soubor

@@ -1,11 +1,14 @@
1 1
 cmake_minimum_required(VERSION 2.4)
2 2
 project(postsrsd C)
3
+include(CheckIncludeFile)
3 4
 
4 5
 option(GENERATE_SRS_SECRET "Generate a random SRS secret if none exists during install" ON)
5 6
 option(USE_APPARMOR "Enable AppArmor profile" OFF)
6 7
 
7 8
 set(CHROOT_DIR "${CMAKE_INSTALL_PREFIX}/lib/${PROJECT_NAME}" CACHE PATH "Chroot jail for daemon")
8
-set(CONFIG_DIR "/etc/default" CACHE PATH "Location of configuration file")
9
+set(SYSCONF_DIR "/etc" CACHE PATH "Global system configuration folder")
10
+set(CONFIG_DIR "${SYSCONF_DIR}/default" CACHE PATH "Location of startup configuration file")
11
+set(DOC_DIR "share/doc/${PROJECT_NAME}" CACHE PATH "Path for documentation files")
9 12
 
10 13
 find_program(HELP2MAN help2man DOC "path to help2man executable")
11 14
 find_program(DD dd DOC "path to dd executable")
@@ -13,16 +16,36 @@ find_program(BASE64 base64 DOC "path to base64 executable")
13 16
 find_program(INSSERV insserv DOC "path to insserv executable")
14 17
 find_program(CHKCONFIG chkconfig DOC "path to chkconfig executable")
15 18
 
19
+check_include_file(sys/wait.h HAVE_SYS_WAIT_H)
20
+if(HAVE_SYS_WAIT_H)
21
+    add_definitions(-DHAVE_SYS_WAIT_H)
22
+endif()
23
+check_include_file(wait.h HAVE_WAIT_H)
24
+if(HAVE_WAIT_H)
25
+    add_definitions(-DHAVE_WAIT_H)
26
+endif()
27
+check_include_file(sys/time.h HAVE_SYS_TIME_H)
28
+if(HAVE_SYS_TIME_H)
29
+    add_definitions(-DHAVE_SYS_TIME_H)
30
+endif()
31
+check_include_file(time.h HAVE_TIME_H)
32
+if(HAVE_TIME_H)
33
+    add_definitions(-DHAVE_TIME_H)
34
+endif()
35
+
16 36
 if(NOT DEFINED INIT_FLAVOR)
17
-    if(IS_DIRECTORY "/etc/init" AND EXISTS "/lib/init/upstart-job")
37
+	if(IS_DIRECTORY "${SYSCONF_DIR}/systemd" AND EXISTS "/usr/lib/systemd/systemd")
38
+        message(STATUS "Detected init flavor: systemd")
39
+        set(INIT_FLAVOR "systemd" CACHE STRING "Init daemon of this system")
40
+    elseif(IS_DIRECTORY "${SYSCONF_DIR}/init" AND EXISTS "/lib/init/upstart-job")
18 41
         message(STATUS "Detected init flavor: upstart")
19 42
         set(INIT_FLAVOR "upstart" CACHE STRING "Init daemon of this system")
20
-    elseif(IS_DIRECTORY "/etc/init.d" AND EXISTS "/lib/lsb/init-functions")
21
-        message(STATUS "Detected init flavor: sysv-lsb")
22
-        set(INIT_FLAVOR "sysv-lsb" CACHE STRING "Init daemon of this system")
23
-    elseif(IS_DIRECTORY "/etc/init.d" AND EXISTS "/etc/init.d/functions")
43
+    elseif(IS_DIRECTORY "${SYSCONF_DIR}/init.d" AND EXISTS "${SYSCONF_DIR}/init.d/functions")
24 44
         message(STATUS "Detected init flavor: sysv-redhat")
25 45
         set(INIT_FLAVOR "sysv-redhat" CACHE STRING "Init daemon of this system")
46
+    elseif(IS_DIRECTORY "${SYSCONF_DIR}/init.d" AND EXISTS "/lib/lsb/init-functions")
47
+        message(STATUS "Detected init flavor: sysv-lsb")
48
+        set(INIT_FLAVOR "sysv-lsb" CACHE STRING "Init daemon of this system")
26 49
     else()
27 50
         message(STATUS "Detected init flavor: none")
28 51
         message(STATUS "System startup files will not be installed")
@@ -38,10 +61,13 @@ set(APPARMOR_PROFILE "${CMAKE_INSTALL_PREFIX}/sbin/${POSTSRSD}")
38 61
 string(REGEX REPLACE "^/+" "" APPARMOR_PROFILE "${APPARMOR_PROFILE}")
39 62
 string(REPLACE "/" "." APPARMOR_PROFILE "${APPARMOR_PROFILE}")
40 63
 
41
-configure_file(${PROJECT_NAME}.lsb_init.in ${PROJECT_NAME}.lsb_init @ONLY)
42
-configure_file(${PROJECT_NAME}.rh_init.in ${PROJECT_NAME}.rh_init @ONLY)
43
-configure_file(${PROJECT_NAME}.upstart.in ${PROJECT_NAME}.upstart @ONLY)
44
-configure_file(${PROJECT_NAME}.apparmor.in ${PROJECT_NAME}.apparmor @ONLY)
64
+configure_file(init/${PROJECT_NAME}.sysv-lsb.in ${PROJECT_NAME}.sysv-lsb @ONLY)
65
+configure_file(init/${PROJECT_NAME}.sysv-redhat.in ${PROJECT_NAME}.sysv-redhat @ONLY)
66
+configure_file(init/${PROJECT_NAME}.upstart.in ${PROJECT_NAME}.upstart @ONLY)
67
+configure_file(init/${PROJECT_NAME}.apparmor.in ${PROJECT_NAME}.apparmor @ONLY)
68
+configure_file(init/${PROJECT_NAME}.systemd.in ${PROJECT_NAME}.systemd @ONLY)
69
+configure_file(init/${PROJECT_NAME}.default.in ${PROJECT_NAME}.default @ONLY)
70
+
45 71
 configure_file(postinstall.cmake.in postinstall.cmake @ONLY)
46 72
 
47 73
 if(HELP2MAN)
@@ -53,10 +79,10 @@ install(FILES ${CMAKE_CURRENT_BINARY_DIR}/${PROJECT_NAME}.8 DESTINATION "share/m
53 79
 endif()
54 80
 
55 81
 if(USE_APPARMOR)
56
-	install(FILES ${CMAKE_CURRENT_BINARY_DIR}/${PROJECT_NAME}.apparmor DESTINATION "/etc/apparmor.d" RENAME "${APPARMOR_PROFILE}")
82
+	install(FILES ${CMAKE_CURRENT_BINARY_DIR}/${PROJECT_NAME}.apparmor DESTINATION "${SYSCONF_DIR}/apparmor.d" RENAME "${APPARMOR_PROFILE}")
57 83
 endif()
58 84
 
59 85
 install(TARGETS ${PROJECT_NAME} DESTINATION "sbin")
60
-install(FILES README.md main.cf.ex DESTINATION "share/doc/${PROJECT_NAME}")
86
+install(FILES README.md main.cf.ex DESTINATION "${DOC_DIR}")
61 87
 install(SCRIPT "${CMAKE_CURRENT_BINARY_DIR}/postinstall.cmake")
62 88
 

+ 39
- 6
README.md Zobrazit soubor

@@ -1,9 +1,16 @@
1
+PostSRSd
2
+========
3
+
1 4
 About
2
-=====
5
+-----
6
+
3 7
 PostSRSd provides the Sender Rewriting Scheme (SRS) via TCP-based 
4 8
 lookup tables for Postfix. SRS is needed if your mail server acts
5 9
 as forwarder. 
6 10
 
11
+
12
+Sender Rewriting Scheme Crash Course
13
+------------------------------------
7 14
 Imagine your server receives a mail from alice@example.com
8 15
 that is to be forwarded. If example.com uses the Sender Policy Framework 
9 16
 to indicate that all legit mails originate from their server, your 
@@ -12,28 +19,54 @@ on behalf of example.com. The solution is that you map the address to
12 19
 your own domain, e.g. 
13 20
 SRS0+xxxx=yy=example.com=alice@yourdomain.org (forward SRS). If the
14 21
 mail is bounced later and a notification arrives, you can extract the
15
-original address from the rewritten one (revere SRS) and return the
22
+original address from the rewritten one (reverse SRS) and return the
16 23
 notification to the sender. You might notice that the reverse SRS can
17 24
 be abused to turn your server into an open relay. For this reason, xxxx
18 25
 and yy are a cryptographic signature and a time stamp. If the signature
19 26
 does not match, the address is forged and the mail can be discarded.
20 27
 
21 28
 Building
22
-========
29
+--------
30
+
23 31
 PostSRSd requires a POSIX compatible system and CMake to build. 
24 32
 Optionally, help2man is used to create a manual page.
25 33
 
26 34
 For convenience, a Makefile fragment is provided which calls CMake with
27 35
 the recommended command line options. Just run `make`.
28 36
 
37
+Alternatively, you can control many aspects of the build manually:
38
+
39
+    mkdir build
40
+    cd build
41
+    cmake .. <options>
42
+    make
43
+    make install
44
+
45
+The CMake script defines a number of options in addition to the
46
+standard CMake flags. Use `-D<option>=<value>` to override the defaults.
47
+
48
+*   `GENERATE_SRS_SECRET` (default: `ON`). Generate a random secret on install.
49
+*   `USE_APPARMOR` (default: `OFF`): Install an AppArmor profile for the daemon.
50
+*   `INIT_FLAVOR` (default: auto-detect). Select the appriopriate startup 
51
+    script type. Must be one of (`upstart`,`sysv-lsb`,`sysv-redhat`) or `none`.
52
+*   `CHROOT_DIR` (default: `${CMAKE_INSTALL_PREFIX}/lib/postsrsd`). Chroot jail
53
+    for the daemon.
54
+*   `SYSCONF_DIR` (default: `/etc`). Location of system configuration files.
55
+*   `CONFIG_DIR` (default: `${SYSCONF_DIR}/default`). Install destination for
56
+    the postsrsd settings.
57
+*   `DOC_DIR` (default: `${CMAKE_INSTALL_PREFIX}/share/doc/postsrsd`). Install
58
+    destination for documentation files.
59
+
29 60
 Installing
30
-==========
61
+----------
62
+
31 63
 Run `make install` as root to install the daemon and the configuration
32 64
 files.
33 65
 
34 66
 Configuration
35
-=============
36
-The configuration is located in `/etc/default/postsrsd`. You must store
67
+-------------
68
+
69
+The configuration is located in `/etc/default/postsrsd` by default. You must store
37 70
 at least one secret key in `/etc/postsrsd.secret`. The installer tries to generate
38 71
 one from `/dev/urandom`. Be careful that no one can guess your secret,
39 72
 because anyone who knows it can use your mail server as open relay!

postsrsd.apparmor.in → init/postsrsd.apparmor.in Zobrazit soubor


postsrsd.default → init/postsrsd.default.in Zobrazit soubor

@@ -1,7 +1,7 @@
1 1
 # Default settings for postsrsd
2 2
 
3
-# Local domain name. 
4
-# Addresses are rewritten to originate from this domain. The default value 
3
+# Local domain name.
4
+# Addresses are rewritten to originate from this domain. The default value
5 5
 # is taken from `postconf -h mydomain` and probably okay.
6 6
 #
7 7
 #SRS_DOMAIN=example.com
@@ -17,7 +17,7 @@
17 17
 # When postsrsd is installed for the first time, a random secret is generated
18 18
 # and stored in /etc/postsrsd.secret. For most installations, that's just fine.
19 19
 #
20
-#SRS_SECRET=/etc/postsrsd.secret
20
+SRS_SECRET=@SYSCONF_DIR@/@PROJECT_NAME@.secret
21 21
 
22 22
 # Local ports for TCP list.
23 23
 # These ports are used to bind the TCP list for postfix. If you change
@@ -25,11 +25,14 @@
25 25
 # are bound to the loopback interface, and should never be exposed on
26 26
 # the internet.
27 27
 #
28
-#SRS_FORWARD_PORT=10001
29
-#SRS_REVERSE_PORT=10002
28
+SRS_FORWARD_PORT=10001
29
+SRS_REVERSE_PORT=10002
30 30
 
31
-# Drop root privileges and run as another user after initialization. 
31
+# Drop root privileges and run as another user after initialization.
32 32
 # This is highly recommended as postsrsd handles untrusted input.
33 33
 #
34 34
 RUN_AS=nobody
35 35
 
36
+# Jail daemon in chroot environment
37
+CHROOT=@CHROOT_DIR@
38
+

+ 15
- 0
init/postsrsd.systemd.in Zobrazit soubor

@@ -0,0 +1,15 @@
1
+[Unit]
2
+Description=PostSRSd Daemon
3
+After=network.target
4
+
5
+[Service]
6
+Type=simple
7
+Environment SRS_DOMAIN=localhost.localdomain
8
+Environment SRS_EXCLUDE_DOMAINS=
9
+EnvironmentFile=@CONFIG_DIR@/@PROJECT_NAME@
10
+ExecStart=@CMAKE_INSTALL_PREFIX@/sbin/@POSTSRSD@ -f${SRS_FORWARD_PORT} -r${SRS_REVERSE_PORT} -d${SRS_DOMAIN} -s${SRS_SECRET} -u${RUN_AS} -c${CHROOT} -X${SRS_EXCLUDE_DOMAINS}
11
+Restart=always
12
+
13
+[Install]
14
+WantedBy=multi-user.target
15
+

postsrsd.lsb_init.in → init/postsrsd.sysv-lsb.in Zobrazit soubor

@@ -20,7 +20,7 @@ NAME=@PROJECT_NAME@
20 20
 DESC="Postfix Sender Rewriting Scheme daemon"
21 21
 
22 22
 PIDFILE=/var/run/$NAME.pid
23
-SCRIPTNAME=/etc/init.d/$NAME
23
+SCRIPTNAME=@SYSCONF_DIR@/init.d/$NAME
24 24
 
25 25
 # Gracefully exit if the package has been removed.
26 26
 test -x $DAEMON || exit 0
@@ -29,17 +29,10 @@ test -x $DAEMON || exit 0
29 29
 
30 30
 # Default configuration
31 31
 SRS_DOMAIN=`postconf -h mydomain || true`
32
-SRS_FORWARD_PORT=10001
33
-SRS_REVERSE_PORT=10002
34
-SRS_SECRET=/etc/@PROJECT_NAME@.secret
35
-RUN_AS=nobody
36
-CHROOT=@CHROOT_DIR@
32
+SRS_EXCLUDE_DOMAINS=
37 33
 
38
-# Read config file if it is present.
39
-if [ -r @CONFIG_DIR@/$NAME ]
40
-then
41
-    . @CONFIG_DIR@/$NAME
42
-fi
34
+# Read config file
35
+. @CONFIG_DIR@/$NAME
43 36
 
44 37
 test -r "$SRS_SECRET" -a -n "$SRS_DOMAIN" || exit 0
45 38
 
@@ -51,7 +44,7 @@ case "$1" in
51 44
 		--pidfile $PIDFILE \
52 45
 		--name $NAME \
53 46
 		--startas $DAEMON \
54
-		-- -4 -f"$SRS_FORWARD_PORT" -r"$SRS_REVERSE_PORT" -d"$SRS_DOMAIN" -s"$SRS_SECRET" -u"$RUN_AS" -p"$PIDFILE" -c"$CHROOT" -X"$SRS_EXCLUDE_DOMAINS" -D
47
+		-- -f"$SRS_FORWARD_PORT" -r"$SRS_REVERSE_PORT" -d"$SRS_DOMAIN" -s"$SRS_SECRET" -u"$RUN_AS" -p"$PIDFILE" -c"$CHROOT" -X"$SRS_EXCLUDE_DOMAINS" -D
55 48
 	then
56 49
 	    log_end_msg 0
57 50
 	else
@@ -76,8 +69,21 @@ case "$1" in
76 69
 	$0 start
77 70
 	ret=$?
78 71
 	;;
72
+  status)
73
+        log_daemon_msg "postsrsd is running"
74
+        if [ -s $PIDFILE ]; then
75
+            PID=`cat $PIDFILE`
76
+            if kill -0 "$PID" 2>/dev/null; then
77
+                log_end_msg 0
78
+            else
79
+                log_end_msg 1
80
+            fi
81
+        else
82
+            log_end_msg 1
83
+        fi
84
+        ;;
79 85
   *)
80
-	echo "Usage: $SCRIPTNAME {start|stop|restart|reload|force-reload}" >&2
86
+	echo "Usage: $SCRIPTNAME {start|stop|restart|reload|force-reload|status}" >&2
81 87
 	exit 1
82 88
 	;;
83 89
 esac

postsrsd.rh_init.in → init/postsrsd.sysv-redhat.in Zobrazit soubor

@@ -16,33 +16,26 @@ prog=@POSTSRSD@
16 16
 DESC="Postfix Sender Rewriting Scheme daemon"
17 17
 
18 18
 PIDFILE=/var/run/$NAME.pid
19
-SCRIPTNAME=/etc/init.d/$NAME
19
+SCRIPTNAME=@SYSCONF_DIR@/init.d/$NAME
20 20
 
21 21
 # Gracefully exit if the package has been removed.
22 22
 test -x $DAEMON || exit 0
23 23
 
24
-. /etc/init.d/functions
24
+. @SYSCONF_DIR@/init.d/functions
25 25
 
26 26
 # Default configuration
27 27
 SRS_DOMAIN=`postconf -h mydomain || true`
28
-SRS_FORWARD_PORT=10001
29
-SRS_REVERSE_PORT=10002
30
-SRS_SECRET=/etc/@PROJECT_NAME@.secret
31
-RUN_AS=nobody
32
-CHROOT=@CHROOT_DIR@
28
+SRS_EXCLUDE_DOMAINS=
33 29
 
34
-# Read config file if it is present.
35
-if [ -r @CONFIG_DIR@/$NAME ]
36
-then
37
-    . @CONFIG_DIR@/$NAME
38
-fi
30
+# Read config file
31
+. @CONFIG_DIR@/$NAME
39 32
 
40 33
 test -r "$SRS_SECRET" -a -n "$SRS_DOMAIN" || exit 0
41 34
 
42 35
 do_start()
43 36
 {
44 37
 	echo -n "Starting $DESC: "
45
-	daemon $DAEMON -4 -f"$SRS_FORWARD_PORT" -r"$SRS_REVERSE_PORT" -d"$SRS_DOMAIN" -s"$SRS_SECRET" \
38
+	daemon $DAEMON -f"$SRS_FORWARD_PORT" -r"$SRS_REVERSE_PORT" -d"$SRS_DOMAIN" -s"$SRS_SECRET" \
46 39
 	               -u"$RUN_AS" -p"$PIDFILE" -c"$CHROOT" -X"$SRS_EXCLUDE_DOMAINS" -D
47 40
 	RETVAL=$?
48 41
 	echo

+ 14
- 0
init/postsrsd.upstart.in Zobrazit soubor

@@ -0,0 +1,14 @@
1
+description "Postfix Sender Rewriting Scheme daemon"
2
+author "Timo Röhling <timo.roehling@gmx.de>"
3
+
4
+start on (filesystem and net-device-up)
5
+stop on runlevel [!2345]
6
+respawn
7
+
8
+script
9
+	SRS_DOMAIN=`postconf -h mydomain || true`
10
+	SRS_EXCLUDE_DOMAINS=
11
+	. "@CONFIG_DIR@/@PROJECT_NAME@"
12
+	exec @CMAKE_INSTALL_PREFIX@/sbin/@POSTSRSD@ -f"$SRS_FORWARD_PORT" -r"$SRS_REVERSE_PORT" -d"$SRS_DOMAIN" -s"$SRS_SECRET" -u"$RUN_AS" -c"$CHROOT" -X"$SRS_EXCLUDE_DOMAINS"
13
+end script
14
+

+ 1
- 2
makefile Zobrazit soubor

@@ -6,6 +6,5 @@ clean distclean:
6 6
 
7 7
 build/Makefile: CMakeLists.txt
8 8
 	mkdir -p build
9
-	cd build && cmake .. -DCMAKE_BUILD_TYPE=Release
9
+	cd build && cmake .. -DCMAKE_BUILD_TYPE=Release $(addprefix -DINIT_FLAVOR=,$(INIT_FLAVOR)) -DCMAKE_C_FLAGS="$(CFLAGS)" $(addprefix -DCMAKE_C_COMPILER=,$(CC))
10 10
 
11
-	

+ 11
- 7
postinstall.cmake.in Zobrazit soubor

@@ -1,4 +1,5 @@
1 1
 set(GENERATE_SRS_SECRET "@GENERATE_SRS_SECRET@")
2
+set(SYSCONF_DIR "@SYSCONF_DIR@")
2 3
 set(CHROOT_DIR "@CHROOT_DIR@")
3 4
 set(CONFIG_DIR "@CONFIG_DIR@")
4 5
 set(INIT_FLAVOR "@INIT_FLAVOR@")
@@ -14,28 +15,30 @@ if(CHROOT_DIR AND NOT EXISTS "$ENV{DESTDIR}${CHROOT_DIR}")
14 15
 endif()
15 16
 
16 17
 if(INIT_FLAVOR AND NOT EXISTS "$ENV{DESTDIR}${CONFIG_DIR}/@PROJECT_NAME@")
17
-	file(INSTALL FILES "@CMAKE_CURRENT_SOURCE_DIR@/@PROJECT_NAME@.default" DESTINATION "${CONFIG_DIR}" RENAME "@PROJECT_NAME@")
18
+	file(INSTALL FILES "@CMAKE_CURRENT_BINARY_DIR@/@PROJECT_NAME@.default" DESTINATION "${CONFIG_DIR}" RENAME "@PROJECT_NAME@")
18 19
 endif()
19 20
 
20 21
 if(INIT_FLAVOR STREQUAL "sysv-lsb")
21
-	file(INSTALL FILES "@CMAKE_CURRENT_BINARY_DIR@/@PROJECT_NAME@.lsb_init" TYPE PROGRAM DESTINATION "/etc/init.d" RENAME "@PROJECT_NAME@")
22
+	file(INSTALL FILES "@CMAKE_CURRENT_BINARY_DIR@/@PROJECT_NAME@.sysv-lsb" TYPE PROGRAM DESTINATION "${SYSCONF_DIR}/init.d" RENAME "@PROJECT_NAME@")
22 23
 	if(INSSERV)
23 24
 		execute_process(
24
-			COMMAND ${INSSERV} -p "$ENV{DESTDIR}/etc/init.d" @PROJECT_NAME@
25
+			COMMAND ${INSSERV} -p "$ENV{DESTDIR}${SYSCONF_DIR}/init.d" @PROJECT_NAME@
25 26
 		)
26 27
 	endif()
27 28
 elseif(INIT_FLAVOR STREQUAL "sysv-redhat")
28
-	file(INSTALL FILES "@CMAKE_CURRENT_BINARY_DIR@/@PROJECT_NAME@.rh_init" TYPE PROGRAM DESTINATION "/etc/init.d" RENAME "@PROJECT_NAME@")
29
+	file(INSTALL FILES "@CMAKE_CURRENT_BINARY_DIR@/@PROJECT_NAME@.sysv-redhat" TYPE PROGRAM DESTINATION "${SYSCONF_DIR}/init.d" RENAME "@PROJECT_NAME@")
29 30
 	if(CHKCONFIG AND NOT "$ENV{DESTDIR}")
30 31
 		execute_process(
31 32
 			COMMAND ${CHKCONFIG} --add @PROJECT_NAME@
32 33
 		)
33 34
 	endif()
34 35
 elseif(INIT_FLAVOR STREQUAL "upstart")
35
-	file(INSTALL FILES "@CMAKE_CURRENT_BINARY_DIR@/@PROJECT_NAME@.upstart" DESTINATION "/etc/init" RENAME "@PROJECT_NAME@.conf")
36
+	file(INSTALL FILES "@CMAKE_CURRENT_BINARY_DIR@/@PROJECT_NAME@.upstart" DESTINATION "${SYSCONF_DIR}/init" RENAME "@PROJECT_NAME@.conf")
37
+elseif(INIT_FLAVOR STREQUAL "systemd")
38
+	file(INSTALL FILES "@CMAKE_CURRENT_BINARY_DIR@/@PROJECT_NAME@.systemd" DESTINATION "${SYSCONF_DIR}/systemd/system" RENAME "@PROJECT_NAME@.service")
36 39
 endif()
37 40
 
38
-if(GENERATE_SRS_SECRET AND DD AND BASE64 AND EXISTS "/dev/urandom" AND NOT EXISTS "$ENV{DESTDIR}/etc/${SECRET_FILE}")
41
+if(GENERATE_SRS_SECRET AND DD AND BASE64 AND EXISTS "/dev/urandom" AND NOT EXISTS "$ENV{DESTDIR}${SYSCONF_DIR}/${SECRET_FILE}")
39 42
 	message(STATUS "Generating secret key")
40 43
 	execute_process(
41 44
 		COMMAND ${DD} if=/dev/urandom bs=18 count=1
@@ -44,6 +47,7 @@ if(GENERATE_SRS_SECRET AND DD AND BASE64 AND EXISTS "/dev/urandom" AND NOT EXIST
44 47
 		ERROR_QUIET
45 48
 		OUTPUT_STRIP_TRAILING_WHITESPACE
46 49
 	)
47
-file(INSTALL FILES "@CMAKE_CURRENT_BINARY_DIR@/${SECRET_FILE}" DESTINATION "/etc" RENAME "${SECRET_FILE}" FILE_PERMISSIONS OWNER_READ OWNER_WRITE)
50
+file(INSTALL FILES "@CMAKE_CURRENT_BINARY_DIR@/${SECRET_FILE}" DESTINATION "${SYSCONF_DIR}" RENAME "${SECRET_FILE}" PERMISSIONS OWNER_READ OWNER_WRITE)
48 51
 file(REMOVE "@CMAKE_CURRENT_BINARY_DIR@/${SECRET_FILE}")
49 52
 endif()
53
+

+ 29
- 5
postsrsd.c Zobrazit soubor

@@ -28,11 +28,22 @@
28 28
 #include <pwd.h>
29 29
 #include <string.h>
30 30
 #include <poll.h>
31
+#ifdef HAVE_SYS_TIME_H
32
+#include <sys/time.h>
33
+#endif
34
+#ifdef HAVE_TIME_H
35
+#include <time.h>
36
+#endif
37
+#ifdef HAVE_SYS_WAIT_H
38
+#include <sys/wait.h>
39
+#endif
40
+#ifdef HAVE_WAIT_H
31 41
 #include <wait.h>
42
+#endif
32 43
 #include <syslog.h>
33 44
 
34 45
 #ifndef VERSION
35
-#define VERSION "1.1"
46
+#define VERSION "1.2"
36 47
 #endif
37 48
 
38 49
 static char *self = NULL;
@@ -171,7 +182,7 @@ static void handle_forward (srs_t *srs, FILE *fp, const char *address, const cha
171 182
   fflush (fp);
172 183
 }
173 184
 
174
-static void handle_reverse (srs_t *srs, FILE *fp, const char *address, const char *domain, const char **excludes)
185
+static void handle_reverse (srs_t *srs, FILE *fp, const char *address, const char *domain __attribute__((unused)), const char **excludes __attribute__((unused)) )
175 186
 {
176 187
   int result;
177 188
   char value[1024];
@@ -180,7 +191,7 @@ static void handle_reverse (srs_t *srs, FILE *fp, const char *address, const cha
180 191
   if (result == SRS_SUCCESS) {
181 192
     output = url_encode(outputbuf, sizeof(outputbuf), value);
182 193
     fprintf (fp, "200 %s\n", output);
183
-    syslog (LOG_MAIL | LOG_INFO, "srs_reverse: <%s> rewritten as <%s>", address, value); 
194
+    syslog (LOG_MAIL | LOG_INFO, "srs_reverse: <%s> rewritten as <%s>", address, value);
184 195
   } else {
185 196
     fprintf (fp, "500 %s\n", srs_strerror(result));
186 197
     if (result != SRS_ENOTREWRITTEN && result != SRS_ENOTSRSADDRESS)
@@ -224,7 +235,7 @@ typedef void(*handle_t)(srs_t*, FILE*, const char*, const char*, const char**);
224 235
 
225 236
 int main (int argc, char **argv)
226 237
 {
227
-  int opt, timeout = 1800, family = AF_UNSPEC;
238
+  int opt, timeout = 1800, family = AF_INET;
228 239
   int daemonize = FALSE;
229 240
   char *forward_service = NULL, *reverse_service = NULL,
230 241
        *user = NULL, *domain = NULL, *chroot_dir = NULL;
@@ -234,6 +245,7 @@ int main (int argc, char **argv)
234 245
   struct passwd *pwd = NULL;
235 246
   char secretbuf[1024], *secret = NULL;
236 247
   char *tmp;
248
+  time_t now;
237 249
   srs_t *srs;
238 250
   struct pollfd fds[3];
239 251
   const char **excludes;
@@ -328,7 +340,6 @@ int main (int argc, char **argv)
328 340
   }
329 341
   /* Read secret. The default installation makes this root accessible only. */
330 342
   if (secret_file != NULL) {
331
-    size_t len;
332 343
     sf = fopen(secret_file, "rb");
333 344
     if (sf == NULL) {
334 345
       fprintf (stderr, "%s: Cannot open file with secret: %s\n", self, secret_file);
@@ -356,6 +367,9 @@ int main (int argc, char **argv)
356 367
 
357 368
   /* Open syslog now (NDELAY), because it may no longer reachable from chroot */
358 369
   openlog (self, LOG_PID | LOG_NDELAY, LOG_MAIL);
370
+  /* Force loading of timezone info (suggested by patrickdk77) */
371
+  now = time(NULL);
372
+  localtime (&now);
359 373
   /* We also have to lookup the uid of the unprivileged user for the same reason. */
360 374
   if (user) {
361 375
     errno = 0;
@@ -420,6 +434,8 @@ int main (int argc, char **argv)
420 434
     char keybuf[1024], *key;
421 435
 
422 436
     if (poll(fds, 2, 1000) < 0) {
437
+      if (errno == EINTR)
438
+        continue;
423 439
       if (daemonize)
424 440
         syslog (LOG_MAIL | LOG_ERR, "Poll failure: %s", strerror(errno));
425 441
       else
@@ -431,6 +447,10 @@ int main (int argc, char **argv)
431 447
         conn = accept(fds[i].fd, NULL, NULL);
432 448
         if (conn < 0) continue;
433 449
         if (fork() == 0) {
450
+          // close listen sockets so that we don't stop the main daemon process from restarting
451
+          close(forward_sock);
452
+          close(reverse_sock);
453
+
434 454
           fp = fdopen(conn, "r+");
435 455
           if (fp == NULL) exit(EXIT_FAILURE);
436 456
           fds[2].fd = conn;
@@ -438,20 +458,24 @@ int main (int argc, char **argv)
438 458
           if (poll(&fds[2], 1, timeout * 1000) <= 0) return EXIT_FAILURE;
439 459
           line = fgets(linebuf, sizeof(linebuf), fp);
440 460
           while (line) {
461
+            fseek (fp, 0, SEEK_CUR); /* Workaround for Solaris */
441 462
             char* token;
442 463
             token = strtok(line, " \r\n");
443 464
             if (token == NULL || strcmp(token, "get") != 0) {
444 465
               fprintf (fp, "500 Invalid request\n");
466
+              fflush (fp);
445 467
               return EXIT_FAILURE;
446 468
             }
447 469
             token = strtok(NULL, "\r\n");
448 470
             if (!token) {
449 471
               fprintf (fp, "500 Invalid request\n");
472
+              fflush (fp);
450 473
               return EXIT_FAILURE;
451 474
             }
452 475
             key = url_decode(keybuf, sizeof(keybuf), token);
453 476
             if (!key) break;
454 477
             handler[i](srs, fp, key, domain, excludes);
478
+            fflush (fp);
455 479
             if (poll(&fds[2], 1, timeout * 1000) <= 0) break;
456 480
             line = fgets(linebuf, sizeof(linebuf), fp);
457 481
           }

+ 0
- 23
postsrsd.upstart.in Zobrazit soubor

@@ -1,23 +0,0 @@
1
-description "Postfix Sender Rewriting Scheme daemon"
2
-author "Timo Röhling <timo.roehling@gmx.de>"
3
-
4
-start on (filesystem and net-device-up)
5
-stop on runlevel [!2345]
6
-respawn
7
-
8
-env DEFAULTFILE=@CONFIG_DIR@/@PROJECT_NAME@
9
-
10
-script
11
-	SRS_DOMAIN=`postconf -h mydomain || true`
12
-	SRS_FORWARD_PORT=10001
13
-	SRS_REVERSE_PORT=10002
14
-	SRS_SECRET=/etc/@PROJECT_NAME@.secret
15
-	SRS_EXCLUDE_DOMAINS=
16
-	RUN_AS=nobody
17
-	CHROOT=@CHROOT_DIR@
18
-	if [ -r "$DEFAULTFILE" ]; then
19
-		. "$DEFAULTFILE"
20
-	fi
21
-	exec @CMAKE_INSTALL_PREFIX@/sbin/@POSTSRSD@ -4 -f"$SRS_FORWARD_PORT" -r"$SRS_REVERSE_PORT" -d"$SRS_DOMAIN" -s"$SRS_SECRET" -u"$RUN_AS" -c"$CHROOT" -X"$SRS_EXCLUDE_DOMAINS"
22
-end script
23
-

+ 11
- 11
sha1.c Zobrazit soubor

@@ -334,19 +334,19 @@ sha_final(unsigned char digest[20], SHA_INFO *sha_info)
334 334
 */
335 335
 
336 336
 static void
337
-sha_digest(char *out, char *data, int len)
337
+sha_digest(char *out, char *data, unsigned len)
338 338
 {
339 339
 	SHA_INFO ctx;
340 340
 	sha_init(&ctx);
341
-	sha_update(&ctx, data, len);
342
-	sha_final(out, &ctx);
341
+	sha_update(&ctx, (sha_byte*)data, len);
342
+	sha_final((sha_byte*)out, &ctx);
343 343
 }
344 344
 
345 345
 void
346
-srs_hmac_init(srs_hmac_ctx_t *ctx, char *secret, int len)
346
+srs_hmac_init(srs_hmac_ctx_t *ctx, char *secret, unsigned len)
347 347
 {
348 348
 	char	 sbuf[SHA_BLOCKSIZE];
349
-	int		 i;
349
+	unsigned		 i;
350 350
 
351 351
 	if (len > SHA_BLOCKSIZE) {
352 352
 		sha_digest(sbuf, secret, len);
@@ -364,23 +364,23 @@ srs_hmac_init(srs_hmac_ctx_t *ctx, char *secret, int len)
364 364
 	memset(sbuf, 0, SHA_BLOCKSIZE);
365 365
 
366 366
 	sha_init(&ctx->sctx);
367
-	sha_update(&ctx->sctx, ctx->ipad, SHA_BLOCKSIZE);
367
+	sha_update(&ctx->sctx, (sha_byte*)ctx->ipad, SHA_BLOCKSIZE);
368 368
 }
369 369
 
370 370
 void
371
-srs_hmac_update(srs_hmac_ctx_t *ctx, char *data, int len)
371
+srs_hmac_update(srs_hmac_ctx_t *ctx, char *data, unsigned len)
372 372
 {
373
-	sha_update(&ctx->sctx, data, len);
373
+	sha_update(&ctx->sctx, (sha_byte*)data, len);
374 374
 }
375 375
 
376 376
 void
377 377
 srs_hmac_fini(srs_hmac_ctx_t *ctx, char *out)
378 378
 {
379
-	char	 buf[SHA_DIGESTSIZE + 1];
379
+	sha_byte buf[SHA_DIGESTSIZE + 1];
380 380
 
381 381
 	sha_final(buf, &ctx->sctx);
382 382
 	sha_init(&ctx->sctx);
383
-	sha_update(&ctx->sctx, ctx->opad, SHA_BLOCKSIZE);
383
+	sha_update(&ctx->sctx, (sha_byte*)ctx->opad, SHA_BLOCKSIZE);
384 384
 	sha_update(&ctx->sctx, buf, SHA_DIGESTSIZE);
385
-	sha_final(out, &ctx->sctx);
385
+	sha_final((sha_byte*)out, &ctx->sctx);
386 386
 }

+ 10
- 10
srs2.c Zobrazit soubor

@@ -55,7 +55,7 @@ static srs_malloc_t		srs_f_malloc	= malloc;
55 55
 static srs_realloc_t	srs_f_realloc	= realloc;
56 56
 static srs_free_t		srs_f_free		= free;
57 57
 
58
-int		
58
+int
59 59
 srs_set_malloc(srs_malloc_t m, srs_realloc_t r, srs_free_t f)
60 60
 {
61 61
 	srs_f_malloc = m;
@@ -145,7 +145,7 @@ srs_free(srs_t *srs)
145 145
 	for (i = 0; i < srs->numsecrets; i++) {
146 146
 		memset(srs->secrets[i], 0, strlen(srs->secrets[i]));
147 147
 		srs_f_free(srs->secrets[i]);
148
-		srs->secrets[i] = '\0';
148
+		srs->secrets[i] = 0;
149 149
 	}
150 150
 	srs_f_free(srs);
151 151
 }
@@ -212,7 +212,7 @@ const char *SRS_TIME_BASECHARS = "ABCDEFGHIJKLMNOPQRSTUVWXYZ234567";
212 212
 #define SRS_TIME_SLOTS		(1<<(SRS_TIME_BASEBITS<<(SRS_TIME_SIZE-1)))
213 213
 
214 214
 int
215
-srs_timestamp_create(srs_t *srs, char *buf, time_t now)
215
+srs_timestamp_create(srs_t *srs __attribute__((unused)), char *buf, time_t now)
216 216
 {
217 217
 	now = now / SRS_TIME_PRECISION;
218 218
 	buf[1] = SRS_TIME_BASECHARS[now & ((1 << SRS_TIME_BASEBITS) - 1)];
@@ -507,7 +507,7 @@ srs_compile_guarded(srs_t *srs,
507 507
 }
508 508
 
509 509
 int
510
-srs_parse_shortcut(srs_t *srs, char *buf, int buflen, char *senduser)
510
+srs_parse_shortcut(srs_t *srs, char *buf, unsigned buflen, char *senduser)
511 511
 {
512 512
 	char	*srshash;
513 513
 	char	*srsstamp;
@@ -538,7 +538,7 @@ srs_parse_shortcut(srs_t *srs, char *buf, int buflen, char *senduser)
538 538
 						srshost, srsuser);
539 539
 		if (ret != SRS_SUCCESS)
540 540
 			return ret;
541
-		sprintf(buf, "%s@%s", srsuser, srshost);
541
+		snprintf(buf, buflen, "%s@%s", srsuser, srshost);
542 542
 		return SRS_SUCCESS;
543 543
 	}
544 544
 
@@ -577,13 +577,13 @@ srs_parse_guarded(srs_t *srs, char *buf, int buflen, char *senduser)
577 577
 }
578 578
 
579 579
 int
580
-srs_forward(srs_t *srs, char *buf, int buflen,
580
+srs_forward(srs_t *srs, char *buf, unsigned buflen,
581 581
 				const char *sender, const char *alias)
582 582
 {
583 583
 	char	*senduser;
584 584
 	char	*sendhost;
585 585
 	char	*tmp;
586
-	int		 len;
586
+	unsigned		 len;
587 587
 
588 588
 	if (srs->noforward)
589 589
 		return SRS_ENOTREWRITTEN;
@@ -619,7 +619,7 @@ srs_forward(srs_t *srs, char *buf, int buflen,
619 619
 					sendhost, senduser, alias);
620 620
 }
621 621
 
622
-int		
622
+int
623 623
 srs_forward_alloc(srs_t *srs, char **sptr,
624 624
 				const char *sender, const char *alias)
625 625
 {
@@ -650,11 +650,11 @@ srs_forward_alloc(srs_t *srs, char **sptr,
650 650
 }
651 651
 
652 652
 int
653
-srs_reverse(srs_t *srs, char *buf, int buflen, const char *sender)
653
+srs_reverse(srs_t *srs, char *buf, unsigned buflen, const char *sender)
654 654
 {
655 655
 	char	*senduser;
656 656
 	char	*tmp;
657
-	int		 len;
657
+	unsigned		 len;
658 658
 
659 659
 	if (!SRS_IS_SRS_ADDRESS(sender))
660 660
 		return SRS_ENOTSRSADDRESS;

+ 8
- 4
srs2.h Zobrazit soubor

@@ -20,6 +20,10 @@
20 20
 #include <stdio.h>
21 21
 #include <stdlib.h>
22 22
 #include <ctype.h>
23
+#ifdef __APPLE__
24
+    #include <sys/types.h>
25
+#endif
26
+
23 27
 
24 28
 #ifndef __BEGIN_DECLS
25 29
 #define __BEGIN_DECLS
@@ -118,11 +122,11 @@ int		 srs_set_malloc(srs_malloc_t m, srs_realloc_t r, srs_free_t f);
118 122
 srs_t	*srs_new();
119 123
 void	 srs_init(srs_t *srs);
120 124
 void	 srs_free(srs_t *srs);
121
-int		 srs_forward(srs_t *srs, char *buf, int buflen,
125
+int		 srs_forward(srs_t *srs, char *buf, unsigned buflen,
122 126
 				const char *sender, const char *alias);
123 127
 int		 srs_forward_alloc(srs_t *srs, char **sptr,
124 128
 				const char *sender, const char *alias);
125
-int		 srs_reverse(srs_t *srs, char *buf, int buflen,
129
+int		 srs_reverse(srs_t *srs, char *buf, unsigned buflen,
126 130
 				const char *sender);
127 131
 int		 srs_reverse_alloc(srs_t *srs, char **sptr, const char *sender);
128 132
 const char *
@@ -168,8 +172,8 @@ struct _srs_hmac_ctx_t {
168 172
 	char		opad[SHA_BLOCKSIZE + 1];
169 173
 } srs_hmac_ctx_t;
170 174
 
171
-void	 srs_hmac_init(srs_hmac_ctx_t *ctx, char *secret, int len);
172
-void	 srs_hmac_update(srs_hmac_ctx_t *ctx, char *data, int len);
175
+void	 srs_hmac_init(srs_hmac_ctx_t *ctx, char *secret, unsigned len);
176
+void	 srs_hmac_update(srs_hmac_ctx_t *ctx, char *data, unsigned len);
173 177
 void	 srs_hmac_fini(srs_hmac_ctx_t *ctx, char *out);
174 178
 
175 179
 

Načítá se…
Zrušit
Uložit