File: //usr/share/sendmail/update_tlsm4
#!/usr/bin/perl -w
#------------------------------------------------------------------------
#
# $Sendmail: update_tls,v 8.15.2 2021-03-16 16:04:16 cowboy Exp $
#
# Create /etc/mail/tls/starttls.m4 for Debian Sendmail
#
# Copyright 1998-2010 Richard Nelson. All Rights Reserved.
#
# Notes (to all):
# *
#
# Notes (to self):
# *
#
#------------------------------------------------------------------------
#
# Initialization of the perl environment
use strict; # be kosher
use Cwd; # provide cwd()
use Env; # A few environmental references
use integer; # Peformance
use Sys::Hostname; # make sure we have a valid hostname
use Getopt::Long; # parameter handling
# Local libraries - for Debian Sendmail Perl helper functions
# BEGIN { $main::my_path = substr($0,$[,rindex($0,'/')) };
use lib ('.', substr($0,$[,rindex($0,'/')), "/usr/share/sendmail");
require Parse_mc;
# Version of this program
#($main::MYNAME = $main::0) =~ s|.*/||;
#$main::Author = "Richard Nelson";
#$main::AuthorMail = "cowboy\@debian.org";
#$main::Version = '$Revision: 2.00 $ ';
$main::program_name = $0;
$main::program_version = '8.15.2';
$main::program_date = '2021-03-16 16:04:16 cowboy';
$main::debug = 0;
my $interp_pgm = "$^X";
my $interp_vrm = $];
$interp_vrm = ("$^V" | '000') if (defined $^V);
my $current_time = scalar localtime;
my $user = getlogin || (getpwuid($<))[0] || "Unknown!!";
my $hostname = hostname();
my $directory = getcwd();
my $Starttls_def = "/etc/mail/tls/starttls.m4";
# Hash of define names to filename
my %Def_Map;
#�
#------------------------------------------------------------------------------
# Finally, some code (almost)
#------------------------------------------------------------------------------
#
# Argument handling...
$main::opt_help='';
$main::opt_output_file='';
$main::opt_input_file='';
$main::opt_debug='';
my @options = qw(
help|h
output-file|output_file|o:s
input-file|input_file|i:s
debug!
);
my $result = GetOptions(@options);
if ( ! $result ) {
die "Terminating due to parameter error";
};
if ( $main::opt_help ) {
warn "$main::program_name $main::program_version $main::program_date\n";
warn "$0 \n";
warn " -help\n" if $main::opt_help;
warn " -debug\n" if $main::opt_debug;
warn " -o $main::opt_output_file\n" if $main::opt_output_file;
warn " -i $main::opt_input_file\n" if $main::opt_input_file;
exit 0;
};
my $Starttls = $main::opt_output_file || $Starttls_def;
${Parse_mc::database_file} = $main::opt_input_file
if $main::opt_input_file;
# $main::debug is used in Parse_mc !
$main::debug = $main::opt_debug || $main::debug;
# Let them know wtf is going on...
print STDOUT "Creating ${Starttls}...\n";
# Read the mc/m4 files
&Parse_mc::read_dbs($Parse_mc::database_file, '');
# Obtain Starttls information from database
&get_data;
# Write out the textual representation
&write_starttls;
#�
#------------------------------------------------------------------------------
# Obtain information from database
#------------------------------------------------------------------------------
sub get_data {
my @names = (
'confTO_STARTTLS'
,'confCACERT'
,'confCACERT_PATH'
,'confCRL'
,'confCLIENT_CERT'
,'confCLIENT_KEY'
,'confSERVER_CERT'
,'confSERVER_KEY'
,'confDH_PARAMETERS'
,'confTLS_SRV_OPTIONS'
);
foreach my $entry (@names) {
my ($class, $flags, $files, $options) =
&Parse_mc::entry_dbs($entry);
my $file = @{$files}[0];
$Def_Map{$entry} = '';
$Def_Map{$entry} = $file if ($file ne '-');
#$Def_Map{$entry} = &Parse_mc::format_dbs($entry);
};
};
#�
#------------------------------------------------------------------------------
# Create /etc/mail/tls/starttls.m4
#------------------------------------------------------------------------------
sub write_starttls {
my $ofh = new FileHandle;
$Starttls = '&STDOUT' if ($Starttls eq '-');
unless ( open($ofh, ">$Starttls") ) {
warn("Could not open $Starttls($!), using STDOUT.\n");
open($ofh, ">&STDOUT");
};
$Starttls = '-' if ($Starttls eq '&STDOUT');
&write_m4($ofh);
close $ofh;
if ($Starttls eq $Starttls_def) {
chown '0', '0', $Starttls;
chmod 0744, $Starttls;
};
};
#�
#------------------------------------------------------------------------------
# Write Starttls m4 file
#------------------------------------------------------------------------------
sub write_m4 {
my ($ofh) = @_;
print $ofh <<"EOT";
divert(-1)dnl
####################################################################
##### This file is automagically generated -- edit at your own risk
#####
##### Copyright (c) 2002-2010 Richard Nelson. All Rights Reserved.
#####
##### file: ${Starttls}
##### STARTTLS Configuration for Debian Sendmail
##### generated via: (${interp_pgm} ${interp_vrm})
##### ${main::program_name}
##### version: ${main::program_version} ${main::program_date}
##### by: ${user}\@${hostname}
##### on: ${current_time}
##### in: ${directory}
##### input files: ${Parse_mc::database_file}
#####
##### Usage:
##### 1) To get *ANY* STARTTLS support for sendmail you
##### A) *MUST* Add this line to /etc/mail/sendmail.mc
##### \`include(\`/etc/mail/tls/starttls.m4\')dnl\'
##### B) *MAY* Add the same line to /etc/mail/submit.mc
##### to get MSP<->MTA authentication/encryption
##### 2) You may modify the marked portions of this file, those
##### deal with the cert/key filenames and TLS options.
##### If you need finer control of TLS options, use the access
##### database.
#####
####################################################################
divert(0)dnl
VERSIONID(\`\$Id: starttls.m4,v 8.15.2-22 2021-03-16 16:04:16 cowboy Exp \$\')
dnl #
dnl #---------------------------------------------------------------------
dnl # Bring in Autoconf results
dnl #---------------------------------------------------------------------
ifdef(\`sm_version\', \`dnl\',
\`include(\`/usr/share/sendmail/cf/debian/autoconf.m4\')dnl\')
dnl #
dnl # Check to see if inclusion is valid (version >= 8.11.0, tls enabled)
ifelse(eval(sm_version_math >= 527104), \`1\', \`dnl
ifelse(sm_enable_tls, \`yes\', \`dnl
dnl #
dnl # To support shared keyfiles, we need them to be group readable
dnl #
define(\`confDONT_BLAME_SENDMAIL\',dnl
defn(\`confDONT_BLAME_SENDMAIL\')\`,GroupReadableKeyFile\')dnl
dnl #
dnl # ...Do not touch anything above this line...
dnl #
dnl # Set a more reasonable timeout on negotiation
dnl #
define(\`confTO_STARTTLS\', \`$Def_Map{'confTO_STARTTLS'}\')dnl # <= EDIT
dnl #
dnl # CA directory - CA certs should be herein
define(\`confCACERT_PATH\', \`$Def_Map{'confCACERT_PATH'}\')dnl # <= EDIT
dnl #
dnl # CA file (may be the same as client/server certificate)
define(\`confCACERT\', \`$Def_Map{'confCACERT'}\')dnl # <= EDIT
dnl #
dnl # Certificate Revocation List
define(\`confCRL\', \`$Def_Map{'confCRL'}\')dnl # <= EDIT
EOT
if (! -f $Def_Map{'confCRL'}) {
print $ofh <<"EOT";
dnl # CRL not found... do not issue warnings on it!
undefine(\`confCRL\')dnl
EOT
};
print $ofh <<"EOT";
dnl #
dnl # Server certificate/key (can be in the same file, and shared w/client)
dnl # NOTE: The key must *NOT* be encrypted !!!
define(\`confSERVER_CERT\', \`$Def_Map{'confSERVER_CERT'}\')dnl # <= EDIT
define(\`confSERVER_KEY\', \`$Def_Map{'confSERVER_KEY'}\')dnl # <= EDIT
dnl #
dnl # Client certificate/key (can be in the same file, and shared w/server)
dnl # NOTE: The key must *NOT* be encrypted !!!
define(\`confCLIENT_CERT\', \`$Def_Map{'confCLIENT_CERT'}\')dnl # <= EDIT
define(\`confCLIENT_KEY\', \`$Def_Map{'confCLIENT_KEY'}\')dnl # <= EDIT
dnl #
dnl # DH parameters
define(\`confDH_PARAMETERS\', \`$Def_Map{'confDH_PARAMETERS'}\')dnl # <= EDIT
dnl #
dnl # Optional settings
define(\`confTLS_SRV_OPTIONS\', \`$Def_Map{'confTLS_SRV_OPTIONS'}\')dnl # <= EDIT
dnl #
\')\')dnl
EOT
};