ports/79651: [patch] mail/ssmtp: add per-user smtp authentication config

Jie Gao gaoj at cpsc.ucalgary.ca
Thu Apr 7 20:50:05 UTC 2005 

>Number:         79651
>Category:       ports
>Synopsis:       [patch] mail/ssmtp: add per-user smtp authentication config
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Thu Apr 07 20:50:03 GMT 2005
>Closed-Date:
>Last-Modified:
>Originator:     Jie Gao
>Release:        FreeBSD 5.4-STABLE i386
>Organization:
>Environment:
System: FreeBSD aibsd 5.4-STABLE FreeBSD 5.4-STABLE #4: Sun Apr 3 20:50:55 MDT 2005 gaoj at aibsd:/usr/obj/usr/src/sys/AIBSD i386


	
>Description:
	
The original sSMTP only support smtp authentication from command line options
(or undocumented global configration). While more and more ISP mail servers
require smtp authentication, it is rather inconvenient not to have per-user
smtp authentication config. Actually, the global option of AuthUser and
AuthPass should NEVER be used because sSMTP's global config file should be
global readable.

>How-To-Repeat:
	
N/A
>Fix:
Apply the following patch to the port directory mail/ssmtp
	

--- patch-ssmtp begins here ---
diff -ruN ssmtp.orig/Makefile ssmtp/Makefile
--- ssmtp.orig/Makefile	Tue Apr  5 09:09:54 2005
+++ ssmtp/Makefile	Thu Apr  7 13:33:07 2005
@@ -46,7 +46,8 @@
 CFLAGS+=	-DUSERPREFS
 pre-everything::
 	@${ECHO_CMD} "If you don't want to let your users set their own revalias address"
-	@${ECHO_CMD} "(in ~/.ssmtprc), please define WITHOUT_USERPREFS."
+	@${ECHO_CMD} "(in ~/.ssmtprc), or their own SMTP authentication information"
+	@${ECHO_CMD} "(in ~/.ssmtpauth), please define WITHOUT_USERPREFS."
 .endif
 
 post-configure:
diff -ruN ssmtp.orig/files/patch-ssmtp.8 ssmtp/files/patch-ssmtp.8
--- ssmtp.orig/files/patch-ssmtp.8	Wed Dec 31 17:00:00 1969
+++ ssmtp/files/patch-ssmtp.8	Thu Apr  7 14:13:47 2005
@@ -0,0 +1,47 @@
+--- ssmtp.8.orig	Fri Sep 27 06:48:59 2002
++++ ssmtp.8	Thu Apr  7 14:13:23 2005
+@@ -1,4 +1,4 @@
+-.TH SSMTP 8 "Last change: 5 February 2000"
++.TH SSMTP 8 "Last change: 7 April 2005"
+ .SH NAME
+ ssmtp, sendmail \- send a message using smtp
+ .SH SYNOPSIS
+@@ -267,10 +267,36 @@
+ Messages root sends will be identified as from jdoe at isp.com and sent
+ through mail.isp.com.
+ 
++By default, sSMTP will look for individual user reverse alias overrides in
++~/.ssmtprc. This can be disabled by defining WITHOUT_USERPREFS at build time
++of this port.
++
++.SH SMTP AUTHENTICATION SETUP
++
++sSMTP allows individual users to setup their own SMTP authentication 
++information in ~/.ssmtpauth with the following format:
++.sp
++.RS +.3i
++.ta 1.0i
++.nf
++AuthUser=username
++AuthPass=password
++AuthMethod=authenticate_method
++.fi
++.RE
++.sp
++Users should set their ~/.ssmtpauth permission to 0600 to avoid others reading
++their passwords.
++
++This can also be disabled by defining WITHOUT_USERPREFS at the build time of 
++this port.
++
+ .SH FILES
+- /etc/ssmtp/ssmtp.conf - configuration file
++ /usr/local/etc/ssmtp/ssmtp.conf - configuration file
+ .br
+- /etc/ssmtp/revaliases - reverse aliases file
++ /usr/local/etc/ssmtp/revaliases - reverse aliases file
++ ~/.ssmtprc - user reverse aliase file
++ ~/.ssmtpauth - user authentication file
+ 
+ .SH SEE ALSO
+ RFC821, RFC822.
diff -ruN ssmtp.orig/files/patch-ssmtp.c ssmtp/files/patch-ssmtp.c
--- ssmtp.orig/files/patch-ssmtp.c	Sat Nov  8 15:14:38 2003
+++ ssmtp/files/patch-ssmtp.c	Thu Apr  7 13:30:27 2005
@@ -1,5 +1,5 @@
---- ssmtp.c.orig	Sat Nov  8 18:51:19 2003
-+++ ssmtp.c	Sat Nov  8 19:01:07 2003
+--- ssmtp.c.orig	Thu Jul 22 23:58:48 2004
++++ ssmtp.c	Wed Apr  6 16:26:21 2005
 @@ -14,6 +14,7 @@
  */
  #define VERSION "2.60.4"
@@ -8,18 +8,26 @@
  #include <sys/socket.h>
  #include <netinet/in.h>
  #include <sys/param.h>
-@@ -366,9 +367,36 @@
+@@ -66,7 +67,7 @@
+ char *gecos;
+ char *prog = (char)NULL;
+ char *root = NULL;
+-char *tls_cert = "/etc/ssl/certs/ssmtp.pem";	/* Default Certificate */
++char *tls_cert = "/usr/local/etc/ssmtp/ssmtp.pem";	/* Default Certificate */
+ char *uad = (char)NULL;
+ 
+ headers_t headers, *ht;
+@@ -374,9 +375,36 @@
  {
  	char buf[(BUF_SZ + 1)], *p;
  	FILE *fp;
--
 +#ifdef USERPREFS
 +	char *file=NULL;
 +	if (pw->pw_dir != NULL) {
 +		file = (char *)malloc (strlen (pw->pw_dir) + 1 + strlen (".ssmtprc") + 1);
 +		sprintf (file, "%s/.ssmtprc", pw->pw_dir);
 +	}
-+
+ 
 +	if ((file != NULL) && (fp = fopen(file, "r")) ) {
 +		while(fgets(buf, sizeof(buf), fp)) {
 +				/* Make comments invisible */
@@ -47,3 +55,91 @@
  		/* Search if a reverse alias is defined for the sender */
  		while(fgets(buf, sizeof(buf), fp)) {
  			/* Make comments invisible */
+@@ -781,6 +809,75 @@
+ 	(void)free(p);
+ }
+ 
++#ifdef USERPREFS
++/*
++read_user_config() -- Open and parse user config file and extract values of overridable variables
++*/
++bool_t read_user_config(struct passwd* pw)
++{
++	char buf[(BUF_SZ + 1)], *p, *q, *r;
++	FILE *fp;
++	char *file=NULL;
++	if (pw->pw_dir != NULL) {
++		file = (char *)malloc (strlen (pw->pw_dir) + 1 + strlen (".ssmtpauth") + 1);
++		sprintf (file, "%s/.ssmtpauth", pw->pw_dir);
++	}
++
++	if((fp = fopen(file, "r")) == NULL) {
++		return(False);
++	}
++
++	while(fgets(buf, sizeof(buf), fp)) {
++		/* Make comments invisible */
++		if((p = strchr(buf, '#'))) {
++			*p = (char)NULL;
++		}
++
++		/* Ignore malformed lines and comments */
++		if(strchr(buf, '=') == (char *)NULL) continue;
++
++		/* Parse out keywords */
++		if(((p = strtok(buf, "= \t\n")) != (char *)NULL)
++				   && ((q = strtok(NULL, "= \t\n:")) != (char *)NULL)) {
++			/* Authenticate overrides these */
++			if(strcasecmp(p, "AuthUser") == 0 && !auth_user) {
++				if((auth_user = strdup(q)) == (char *)NULL) {
++					die("parse_config() -- strdup() failed");
++				}
++
++				if(log_level > 0) {
++					log_event(LOG_INFO, "Set AuthUser=\"%s\"\n", auth_user);
++				}
++			}
++			else if(strcasecmp(p, "AuthPass") == 0 && !auth_pass) {
++				if((auth_pass = strdup(q)) == (char *)NULL) {
++					die("parse_config() -- strdup() failed");
++				}
++
++				if(log_level > 0) {
++					log_event(LOG_INFO, "Set AuthPass=\"%s\"\n", "******** (password hidden)");
++				}
++			}
++			else if(strcasecmp(p, "AuthMethod") == 0 && !auth_method) {
++				if((auth_method = strdup(q)) == (char *)NULL) {
++					die("parse_config() -- strdup() failed");
++				}
++
++				if(log_level > 0) {
++					log_event(LOG_INFO, "Set AuthMethod=\"%s\"\n", auth_method);
++				}
++			}
++			else {
++				log_event(LOG_INFO, "Unable to set %s=\"%s\"\n", p, q);
++			}
++		}
++	}
++	(void)fclose(fp);
++
++	return(True);
++}
++#endif
++
+ /*
+ read_config() -- Open and parse config file and extract values of variables
+ */
+@@ -1287,7 +1384,10 @@
+ 		die("Could not find password entry for UID %d", uid);
+ 	}
+ 	get_arpadate(arpadate);
+-
++	
++#ifdef USERPREFS
++	read_user_config(pw);
++#endif
+ 	if(read_config() == False) {
+ 		log_event(LOG_INFO, "%s/ssmtp.conf not found", SSMTPCONFDIR);
+ 	}
diff -ruN ssmtp.orig/files/patch-ssmtp.conf ssmtp/files/patch-ssmtp.conf
--- ssmtp.orig/files/patch-ssmtp.conf	Wed Dec 31 17:00:00 1969
+++ ssmtp/files/patch-ssmtp.conf	Thu Apr  7 13:29:53 2005
@@ -0,0 +1,13 @@
+--- ssmtp.conf.orig	Thu Apr  7 13:28:28 2005
++++ ssmtp.conf	Thu Apr  7 13:29:30 2005
+@@ -31,6 +31,10 @@
+ # Use SSL/TLS to send secure messages to server.
+ #UseTLS=YES
+ 
++# Use STARTTLS to send secure messages.
++# Implies UseTLS=YES
++#UseSTARTTLS=yes
++
+ # Use SSL/TLS certificate to authenticate against smtp host.
+ #UseTLSCert=YES
+ 
--- patch-ssmtp ends here ---


>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-ports-bugs mailing list