--- drac-1.12.orig/drac-dev.files +++ drac-1.12/drac-dev.files @@ -0,0 +1,2 @@ +usr/include/drac.h +usr/lib/libdrac.a --- drac-1.12.orig/Makefile +++ drac-1.12/Makefile @@ -5,9 +5,11 @@ # Paths -INSTALL = /usr/ucb/install -EBIN = /usr/local/sbin -MAN = /usr/local/man/man +DESTDIR = +INSTALL = install +EBIN = /usr/sbin +COURIER_BIN = /usr/lib/courier/authlib +MAN = /usr/share/man/man # OS-Dependant settings @@ -33,26 +35,25 @@ # -DCIDR_KEY # keys in CIDR format # -DTERM_KD # keys and data nul-terminated -DEFS = -DTI_RPC -DFCNTL_LOCK -DSYSINFO +DEFS = -DSOCK_RPC -DFCNTL_LOCK -DGETHOST -DDASH_C # Compiler flags -CC = cc +CC = gcc RANLIB = : -CFLAGS = $(DEFS) -g -I/usr/local/src/db/db-4.1.25/build_unix -#CFLAGS = $(DEFS) -g -I/usr/local/src/db/db-3.1.17/build_unix +CFLAGS = $(DEFS) -g -O2 -fPIC #CFLAGS = $(DEFS) -g -I/usr/local/src/db/db-2.4.14/Unix #CFLAGS = $(DEFS) -g -I/usr/local/src/db/db.1.85/PORT/sunos.5.2/include -LDLIBS = -L/usr/local/src/db/db-4.1.25/build_unix -lnsl -ldb-4.1 -#LDLIBS = -L/usr/local/src/db/db-3.1.17/build_unix -lnsl -ldb +LDLIBS = -ldb #LDLIBS = -L/usr/local/src/db/db-2.4.14/Unix -lnsl -ldb #LDLIBS = -L/usr/local/src/db/db.1.85/PORT/sunos.5.2 -lnsl -ldb -TSTLIBS = -L. -ldrac -lnsl -RPCGENFLAGS = +TSTLIBS = -L. -ldrac +RPCGENFLAGS = -C -I #RPCGENFLAGS = -C +COURIERLIBS = -L. -ldrac # Man sections MANLIB = 3 -MANADM = 1m +MANADM = 8 ## Nothing to change after this point @@ -65,13 +66,17 @@ LIB_SRC = dracauth.c SVC_SRC = rpc.dracd.c TST_SRC = testing.c -PACKAGE = $(DOCFILES) $(MAKEFILE) $(RPC_SRC) $(LIB_SRC) $(SVC_SRC) $(TST_SRC) +TST6_SRC = testing6.c +COURIER_SRC = courier-authdrac.c +PACKAGE = $(DOCFILES) $(MAKEFILE) $(RPC_SRC) $(LIB_SRC) $(SVC_SRC) $(TST_SRC) $(COURIER_SRC) # Final targets CLIENT = testing +CLIENT6 = testing6 SERVER = rpc.dracd LIBRAR = libdrac.a +COURIER = authdrac # rpcgen output @@ -86,13 +91,15 @@ LIB_OBJ = dracauth.o SVC_OBJ = rpc.dracd.o TST_OBJ = testing.o +TST6_OBJ = testing6.o H_OBJS = drac_xdr.o drac_svc.o drac_clnt.o $(SVC_OBJ) $(LIB_OBJ) L_OBJS = $(LIB_OBJ) drac_xdr.o drac_clnt.o S_OBJS = $(SVC_OBJ) drac_xdr.o drac_svc.o +COURIER_OBJ = courier-authdrac.o # Rules -all: $(CLIENT) $(SERVER) +all: $(CLIENT) $(CLIENT6) $(SERVER) $(COURIER) $(RPC_ALL): $(RPC_SRC) rpcgen $(RPCGENFLAGS) $(RPC_SRC) @@ -109,18 +116,28 @@ $(CLIENT): $(TST_OBJ) $(LIBRAR) $(CC) -o $(CLIENT) $(TST_OBJ) $(TSTLIBS) +$(CLIENT6): $(TST6_OBJ) $(LIBRAR) + $(CC) -o $(CLIENT6) $(TST6_OBJ) $(TSTLIBS) + $(SERVER): $(S_OBJS) $(CC) -o $(SERVER) $(S_OBJS) $(LDLIBS) +$(COURIER): $(COURIER_OBJ) $(LIBRAR) + $(CC) -o $(COURIER) $(COURIER_OBJ) $(COURIERLIBS) + clean: - rm -f core $(RPC_ALL) $(H_OBJS) $(TST_OBJ) $(CLIENT) \ + rm -f core $(RPC_ALL) $(H_OBJS) \ + $(TST_OBJ) $(TST6_OBJ) \ + $(CLIENT) $(CLIENT6) \ + $(COURIER) $(COURIER_OBJ) \ $(SERVER) $(LIBRAR) tar: $(PACKAGE) tar cf drac.tar $(PACKAGE) install: $(SERVER) - $(INSTALL) -c -o bin -g bin -m 0755 $(SERVER) $(EBIN) + $(INSTALL) -c -o bin -g bin -m 0755 $(SERVER) $(DESTDIR)$(EBIN) + $(INSTALL) -c -o bin -g bin -m 0755 $(COURIER) $(DESTDIR)$(COURIER_BIN) install-man: $(SERVER).1m dracauth.3 $(INSTALL) -c -m 0444 $(SERVER).1m $(MAN)$(MANADM)/$(SERVER).$(MANADM) --- drac-1.12.orig/README +++ drac-1.12/README @@ -9,7 +9,7 @@ Description: o Uses Berkeley db package to maintain a relay authorization - map for sendmail, /etc/mail/dracd.db . + map for sendmail, /etc/drac/dracd.db . o POP and IMAP mail servers make an RPC call to add an entry to the authorization cache after they have authenticated each user. @@ -18,7 +18,7 @@ periodically expires old entries. o Only trusted mail servers are permitted to communicate with rpc.dracd, - as controlled by /etc/mail/dracd.allow . + as controlled by /etc/drac/dracd.allow . o The daemon can optionally re-create the database on startup. --- drac-1.12.orig/testing6.c +++ drac-1.12/testing6.c @@ -0,0 +1,27 @@ +/* + * Test client for dracauth + */ + +#include +#include +#include +#include + +main(argc, argv) + int argc; + char *argv[]; +{ + int rc; + char *host; + unsigned char ip6[16]; + char *err; + + if (argc < 3) { + printf("usage: %s server_host client_addr\n", argv[0]); + exit(1); + } + host = argv[1]; + inet_pton(AF_INET6, argv[2], ip6); + rc = dracauth6(host, ip6, &err); + if (rc != 0) printf("%s: %s\n", argv[0], err); +} --- drac-1.12.orig/dracauth.c +++ drac-1.12/dracauth.c @@ -135,4 +135,120 @@ return 0; } +int +dracauth6(server, userip6, errmsg) + char *server; unsigned char userip6[16]; char **errmsg; { + + CLIENT *clnt6; + addstat *result; + drac_add_parm6 dracproc_add_2_arg; + +#ifdef TI_RPC + clnt6 = clnt_create(server, DRACPROG, DRACVERS6, "datagram_v"); +#endif +#ifdef SOCK_RPC + clnt6 = clnt_create(server, DRACPROG, DRACVERS6, "udp"); +#endif + if (clnt6 == (CLIENT *) NULL) { + if ( errmsg ) *errmsg = clnt_spcreateerror(server); + return (-1); + } + memcpy(dracproc_add_2_arg.ip_addr6, userip6, + sizeof(dracproc_add_2_arg.ip_addr6)); + result = dracproc_add_2(&dracproc_add_2_arg, clnt6); + if (result == (addstat *) NULL) { + if ( errmsg ) *errmsg = clnt_sperror(clnt, "call failed"); + clnt_destroy(clnt6); + return (-2); + } + clnt_destroy(clnt6); + if ( errmsg ) { + switch (*result) { + case ADD_SUCCESS: + *errmsg = "Server reports add succeeded"; + break; + case ADD_PERM: + *errmsg = "Server reports permission denied"; + break; + case ADD_SYSERR: + *errmsg = "Server reports system error"; + break; + default: + *errmsg = "Server reports unknown error"; + } + } + return *result; +} + +static CLIENT *clnt6; + +int +dracconn6(server, errmsg) + char *server; char **errmsg; { + +#ifdef TI_RPC + clnt6 = clnt_create(server, DRACPROG, DRACVERS6, "datagram_v"); +#endif +#ifdef SOCK_RPC + clnt6 = clnt_create(server, DRACPROG, DRACVERS6, "udp"); +#endif + if (clnt6 == (CLIENT *) NULL) { + if ( errmsg ) *errmsg = clnt_spcreateerror(server); + return (-1); + } + if ( errmsg ) *errmsg = "Connect succeeded"; + return 0; +} + +int +dracsend6(userip6, errmsg) + unsigned char userip6[16]; char **errmsg; { + + addstat *result; + drac_add_parm6 dracproc_add_2_arg; + + if (clnt6 == (CLIENT *) NULL) { + if ( errmsg ) *errmsg = "Not connected"; + return (-1); + } + memcpy(dracproc_add_2_arg.ip_addr6, userip6, + sizeof(dracproc_add_2_arg.ip_addr6)); + result = dracproc_add_2(&dracproc_add_2_arg, clnt6); + if (result == (addstat *) NULL) { + if ( errmsg ) *errmsg = clnt_sperror(clnt6, "call failed"); + return (-2); + } + if ( errmsg ) { + switch (*result) { + case ADD_SUCCESS: + *errmsg = "Server reports add succeeded"; + break; + case ADD_PERM: + *errmsg = "Server reports permission denied"; + break; + case ADD_SYSERR: + *errmsg = "Server reports system error"; + break; + default: + *errmsg = "Server reports unknown error"; + } + } + return *result; +} + + +int +dracdisc6(errmsg) + char **errmsg; { + + if (clnt6 == (CLIENT *) NULL) { + if ( errmsg ) *errmsg = "Not connected"; + return (-1); + } + clnt_destroy(clnt6); + clnt6 = (CLIENT *) NULL; + if ( errmsg ) *errmsg = "Disconnect succeeded"; + return 0; +} + /**/ --- drac-1.12.orig/dracd.allow-sample +++ drac-1.12/dracd.allow-sample @@ -5,6 +5,6 @@ # netmask netaddr # Both netmask and netaddr must be dotted quads. # -255.255.255.255 192.168.16.8 +#255.255.255.255 192.168.16.8 255.255.255.255 127.0.0.1 #### --- drac-1.12.orig/rpc.dracd.c +++ drac-1.12/rpc.dracd.c @@ -36,8 +36,8 @@ #endif #include "drac.h" -#define DBFILE "/etc/mail/dracd.db" -#define ALFILE "/etc/mail/dracd.allow" +#define DBFILE "/etc/drac/dracd.db" +#define ALFILE "/etc/drac/dracd.allow" struct net_def { struct net_def *nd_next; @@ -151,18 +151,18 @@ #elif DB_VERSION_MAJOR >= 4 && DB_VERSION_MINOR >= 1 errno = db_create(&dbp, NULL, 0); if ( errno != 0 ) { - syslog(LOG_ERR, "drac_run db_create failed: %m"); - exit(3); + syslog(LOG_ERR, "drac_run db_create failed: %m"); + exit(3); } dbp->set_pagesize(dbp, 512); #ifdef REQ_HASH errno = dbp->open(dbp, NULL, dbfile, NULL, DB_HASH, - (initdb) ? DB_TRUNCATE|DB_CREATE : DB_CREATE, - 0644); + (initdb) ? DB_TRUNCATE|DB_CREATE : DB_CREATE, + 0644); #else errno = dbp->open(dbp, NULL, dbfile, NULL, DB_BTREE, - (initdb) ? DB_TRUNCATE|DB_CREATE : DB_CREATE, - 0644); + (initdb) ? DB_TRUNCATE|DB_CREATE : DB_CREATE, + 0644); #endif #else errno = db_create(&dbp, NULL, 0); @@ -356,6 +356,128 @@ return (&result); } +/* Add an entry to the database */ +addstat * +#ifdef DASH_C +dracproc_add_2_svc(argp, rqstp) +#else +dracproc_add_2(argp, rqstp) +#endif + drac_add_parm6 *argp; + struct svc_req *rqstp; { + + static addstat result; + char buf[INET6_ADDRSTRLEN]; +#ifdef TI_RPC + struct netbuf *nb; + struct netconfig *nc; + char *cad, *pt; +#endif +#ifdef SOCK_RPC + struct sockaddr_in *si; +#endif + struct in_addr client_ip; + struct in6_addr requ_ip; + DBT key, data; + char akey[INET6_ADDRSTRLEN+4], alimit[32]; + struct net_def *nd; + + result = ADD_SUCCESS; + + /* Get the IP address of the client */ +#ifdef TI_RPC + if ( (nc = getnetconfigent(rqstp->rq_xprt->xp_netid)) == NULL + || (nb = svc_getrpccaller(rqstp->rq_xprt)) == NULL + || (cad = taddr2uaddr(nc, nb)) == NULL ) { + if (nc) freenetconfigent(nc); + result = ADD_SYSERR; + return (&result); + } + if ( (pt = strrchr(cad, '.')) != NULL ) *pt = '\0'; + if ( (pt = strrchr(cad, '.')) != NULL ) *pt = '\0'; + client_ip.s_addr = inet_addr(cad); + freenetconfigent(nc); + free(cad); +#endif +#ifdef SOCK_RPC + if ( (si = svc_getcaller(rqstp->rq_xprt)) == NULL ) { + result = ADD_SYSERR; + return (&result); + } + client_ip.s_addr = si->sin_addr.s_addr; +#endif +#ifdef DEBUG + fprintf(debugf, "Client Address: %s\n", inet_ntoa(client_ip)); + fflush(debugf); +#endif + + /* Check agains the table of trusted clients */ + for ( nd = net_tbl; nd != NULL; nd = nd->nd_next ) { + if ( (client_ip.s_addr & nd->nd_mask.s_addr) + == nd->nd_addr.s_addr ) break; + } + if ( nd == NULL ) { + result = ADD_PERM; + return (&result); + } + + /* Set up for the add */ + memcpy(requ_ip.s6_addr, argp->ip_addr6, + sizeof(requ_ip.s6_addr)); +#ifdef DEBUG + fprintf(debugf, "Requested IP Address: %s\n", + inet_ntop(AF_INET6, requ_ip.s6_addr, buf, sizeof(buf))); + fflush(debugf); +#endif + memset(&key, 0, sizeof(DBT)); + memset(&data, 0, sizeof(DBT)); + inet_ntop(AF_INET6, requ_ip.s6_addr, akey, sizeof(akey)-4); +#ifdef CIDR_KEY + strcat(akey, "/128"); +#endif + key.data = akey; +#ifdef TERM_KD + key.size = strlen(akey) + 1; +#else + key.size = strlen(akey); +#endif + sprintf(alimit, "%lu", time((time_t *)NULL) + explimit); + data.data = alimit; +#ifdef TERM_KD + data.size = strlen(alimit) + 1; +#else + data.size = strlen(alimit); +#endif + + /* Do the add and sync, with locking */ + if ( lockdb() == (-1) ) { + syslog(LOG_ERR, "dracproc_add_1 lockdb failed: %m"); + } +#if DB_VERSION_MAJOR < 2 + errno = 0; + dbp->put(dbp, &key, &data, 0); +#else + errno = dbp->put(dbp, NULL, &key, &data, 0); +#endif + if ( errno != 0 ) { + syslog(LOG_ERR, "dracproc_add_1 put failed: %m"); + result = ADD_SYSERR; + } +#if DB_VERSION_MAJOR < 2 + errno = 0; + dbp->sync(dbp, 0); +#else + errno = dbp->sync(dbp, 0); +#endif + if ( errno != 0 ) { + syslog(LOG_ERR, "dracproc_add_1 sync failed: %m"); + } + (void)unlockdb(); + + /* Send result code back to client */ + return (&result); +} + /* Expire old entries from the database */ expire() { #if DB_VERSION_MAJOR < 2 --- drac-1.12.orig/courier-authdrac.c +++ drac-1.12/courier-authdrac.c @@ -0,0 +1,93 @@ +/* + * This little utility is based off of code found in a DRAC popper patch + * and a few lines of Bruce Guenter's relay-ctrl-allow utility. + * + * http://mail.cc.umanitoba.ca/drac/pop.html + * http://untroubled.org/relay-ctrl/ + * + * To configure: + * + * See main() for the list of DRAC servers to register with. Change + * accordingly. + * + * To compile: cc -o drac-add drac-add.c -L/path/to/drac -ldrac + * + * To use: + * + * Figure out where your Courier configuration and authlib directories are at. + * My sample values are for Courier as installed from the OpenBSD ports tree. + * + * Copy drac-add to /usr/local/libexec/authlib/ + * Edit /etc/courier-imap/pop3d and add drac-add to the end of AUTHMODULES + * Edit /etc/courier-imap/imapd and add drac-add to the end of AUTHMODULES + * Restart imapd and pop3d + * + * Chris Cappuccio - chris@nmedia.net + */ + +#include +#include +#include +#include +#include +#include +#include +#include + +void drac_update_host(char *drachost) { + char *err; + struct in6_addr ip6; + struct in_addr ip4; + +#ifdef DEBUG + syslog(LOG_INFO,"drac_update() called: drachost=%s user=%s",drachost,getenv("TCPREMOTEIP")); +#endif + + if (inet_pton(AF_INET, getenv("TCPREMOTEIP"), &ip4) == 1) { + if (dracauth(drachost, ip4.s_addr, &err) != 0) + syslog(LOG_ALERT,"dracauth() Error \"%s\" for" + " user %s",err,getenv("TCPREMOTEIP")); + } else if (inet_pton(AF_INET6, getenv("TCPREMOTEIP"), &ip6) == 1) { + if (IN6_IS_ADDR_V4MAPPED(&ip6)) { +#ifdef __OpenBSD__ + ip4.s_addr=ip6.__u6_addr.__u6_addr32[3]; +#else + ip4.s_addr=ip6.s6_addr32[3]; +#endif + if (dracauth(drachost, ip4.s_addr, &err) != 0) + syslog(LOG_ALERT,"dracauth() Error \"%s\" for" + " user %s",err,getenv("TCPREMOTEIP")); + } else { + syslog(LOG_NOTICE,"drac_update() doesn't support IPv6" + " yet."); + } + } else { + syslog(LOG_ALERT, "drac_update inet_pton failure! drachost=%s" + " user=%s errno=%i",drachost,getenv("TCPREMOTEIP"),errno); + } + + return; +} + +int main(int argc, char* argv[]) +{ + if (getenv("TCPREMOTEIP") == NULL) + err(111, "No TCPREMOTEIP found"); + + if (getenv("AUTHUSER") && getenv("AUTHARGV0") && getenv("AUTHENTICATED")) { + /* if success then courier is happy, so we update our DRAC hosts */ + if (getenv("DRACHOST")) { + drac_update_host(getenv("DRACHOST")); + } + } else + syslog(LOG_NOTICE, "drac-add called without AUTHUSER" + "/AUTHARGV0/AUTHENTICATED!"); + + /* Courier-IMAP Magic from relay-ctrl-allow */ + if (argc > 1) { + execvp(argv[1], argv+1); + return 111; + } + return 0; +} + --- drac-1.12.orig/rpc.dracd.1m +++ drac-1.12/rpc.dracd.1m @@ -2,7 +2,7 @@ '\"macro stdmacro .\" Copyright University of Manitoba 1998. .nr X -.TH rpc.dracd 1M "22 Jul 1998" +.TH rpc.dracd 8 "22 Jul 1998" .SH NAME rpc.dracd \- Dynamic Relay Authorization Control server .SH SYNOPSIS @@ -16,13 +16,13 @@ \f4rpc.dracd\f1 is the Dynamic Relay Authorization Control server. It uses the Berkeley db package to maintain a relay authorization -map for sendmail, by default \f4/etc/mail/dracd.db\f1. +map for sendmail, by default \f4/etc/drac/dracd.db\f1. POP and IMAP mail servers make an RPC call to add an entry to the authorization cache after they have authenticated each user. The daemon, rpc.dracd, adds or updates entries in the cache, and periodically expires old entries. Only trusted mail servers are permitted to communicate with rpc.dracd, -as controlled by \f4/etc/mail/dracd.allow\f1. +as controlled by \f4/etc/drac/dracd.allow\f1. If this file does not exist, all local IP addresses are permitted. .SS Allow File Format The Allow File file consists of entries of the form: @@ -58,10 +58,10 @@ .SH FILES .PD 0 .TP 30 -.B /etc/mail/dracd.db +.B /etc/drac/dracd.db default database file .TP -.B /etc/mail/dracd.allow +.B /etc/drac/dracd.allow default allow file. .PD .SH SEE ALSO --- drac-1.12.orig/debian/docs +++ drac-1.12/debian/docs @@ -0,0 +1 @@ +README --- drac-1.12.orig/debian/control +++ drac-1.12/debian/control @@ -0,0 +1,41 @@ +Source: drac +Section: net +Priority: optional +Maintainer: Ubuntu Core Developers +XSBC-Original-Maintainer: Noèl Köthe +Build-Depends: debhelper (>> 3.0.0), libdb-dev +Standards-Version: 3.7.2 + +Package: drac +Architecture: any +Depends: ${shlibs:Depends}, portmap, postfix | mail-transport-agent +Suggests: qpopper-drac +Description: Dynamic Relay Authorization Control (pop-before-smtp) + A daemon that dynamically updates a relay authorization map for some + MTA (postfix, sendmail). It provides a way to allow legitimate users + to relay mail through an SMTP server, while still preventing others + from using it as a spam relay. User's IP addresses are added to the + map immediately after they have authenticated to the POP or IMAP + server. By default, map entries expire after 30 minutes, but can be + renewed by additional authentication. Periodically checking mail on + a POP server is sufficient to do this. The POP and SMTP servers can + be on different hosts. + . + http://mail.cc.umanitoba.ca/drac/ + +Package: drac-dev +Section: devel +Architecture: any +Depends: ${shlibs:Depends} +Description: Dynamic Relay Authorization Control (development files) + A daemon that dynamically updates a relay authorization map for some + MTA (postfix, sendmail). It provides a way to allow legitimate users + to relay mail through an SMTP server, while still preventing others + from using it as a spam relay. User's IP addresses are added to the + map immediately after they have authenticated to the POP or IMAP + server. By default, map entries expire after 30 minutes, but can be + renewed by additional authentication. Periodically checking mail on + a POP server is sufficient to do this. The POP and SMTP servers can + be on different hosts. + . + This package contains the header file. --- drac-1.12.orig/debian/drac-dev.files +++ drac-1.12/debian/drac-dev.files @@ -0,0 +1,3 @@ +usr/include/* +usr/lib/lib*.a +usr/lib/lib*.so --- drac-1.12.orig/debian/rules +++ drac-1.12/debian/rules @@ -0,0 +1,95 @@ +#!/usr/bin/make -f +# Sample debian/rules that uses debhelper. +# GNU copyright 1997 by Joey Hess. +# +# This version is for a hypothetical package that builds an +# architecture-dependant package, as well as an architecture-independent +# package. + +# Uncomment this to turn on verbose mode. +#export DH_VERBOSE=1 + +configure: configure-stamp +configure-stamp: + dh_testdir + # Add here commands to configure the package. + + + touch configure-stamp + +build: configure-stamp build-stamp +build-stamp: + dh_testdir + + # Add here commands to compile the package. + $(MAKE) all + + touch build-stamp + +clean: + dh_testdir + dh_testroot + rm -f build-stamp configure-stamp + + # Add here commands to clean up after the build process. + -$(MAKE) clean + + dh_clean + +install: DH_OPTIONS= +install: build + dh_testdir + dh_testroot + dh_clean -k + dh_installdirs + + # Add here commands to install the package into debian/drac. + $(MAKE) install DESTDIR=$(CURDIR)/debian/drac + + cp $(CURDIR)/dracd.allow-sample $(CURDIR)/debian/drac/etc/drac/dracd.allow + touch $(CURDIR)/debian/drac/var/lib/drac/dracd.db + cp $(CURDIR)/rpc.dracd.1m $(CURDIR)/debian/drac/usr/share/man/man8/rpc.dracd.8 + + # drac-dev + cp $(CURDIR)/drac.h $(CURDIR)/debian/drac-dev/usr/include/ + cp $(CURDIR)/libdrac.a $(CURDIR)/debian/drac-dev/usr/lib/ + + #dh_movefiles + +# Build architecture-independent files here. +# Pass -i to all debhelper commands in this target to reduce clutter. +binary-indep: build install +# nothing + +# Build architecture-dependent files here. +binary-arch: build install + dh_testdir -a + dh_testroot -a +# dh_installdebconf -a + dh_installdocs -a +# dh_installexamples -a +# dh_installmenu -a +# dh_installlogrotate -a +# dh_installemacsen -a +# dh_installpam -a +# dh_installmime -a + dh_installinit -a +# dh_installcron -a +# dh_installman -a rpc.dracd.8 +# dh_installinfo -a +# dh_undocumented -a + dh_installchangelogs Changes -a + dh_strip -a + dh_link -a + dh_compress -a + dh_fixperms -a +# dh_makeshlibs -a + dh_installdeb -a +# dh_perl -a + dh_shlibdeps -a + dh_gencontrol -a + dh_md5sums -a + dh_builddeb -a + +binary: binary-indep binary-arch +.PHONY: build clean binary-indep binary-arch binary install configure --- drac-1.12.orig/debian/changelog +++ drac-1.12/debian/changelog @@ -0,0 +1,107 @@ +drac (1.12-5ubuntu1) hardy; urgency=low + + * debian/control: Build against db4.6. (Debian #442642) + * Modify Maintainer value to match the DebianMaintainerField + specification. + + -- Martin Pitt Thu, 03 Jan 2008 10:31:21 +0100 + +drac (1.12-5) unstable; urgency=low + + * added -fPIC to compiler options + (closes: Bug#353441) + * updated Standards-Version + * added portmap check to init script + (closes: Bug#273785) + + -- Noèl Köthe Mon, 18 Jun 2007 20:28:24 +0200 + +drac (1.12-4) unstable; urgency=low + + * switch from db4.2 to db4.3 + * updated Standards-Version + + -- Noèl Köthe Fri, 17 Mar 2006 18:18:56 +0100 + +drac (1.12-3) unstable; urgency=low + + * updated README.Debian for postfix + (closes: Bug#274082) + * updated README.Debian for exim + (closes: Bug#148313) + + -- Noèl Köthe Sun, 03 Oct 2004 22:25:24 +0200 + +drac (1.12-2) unstable; urgency=low + + * rebuild with libdb4.2 to get it correct communicate with + sendmail/postfix + (closes: Bug#257450) + * applied patch to get it working with courier without courier + changes. thx erich + (closes: Bug#234503) + + -- Noèl Köthe Sat, 03 Jul 2004 22:44:10 +0200 + +drac (1.12-1) unstable; urgency=low + + * new upstream from 2003-01-12 + + -- Noel Koethe Sun, 16 Mar 2003 00:13:00 +0100 + +drac (1.11-7) unstable; urgency=low + + * added IPv6 patch from the great IPv6 Team + Thanks, Fabio, for describing the IPv6 Debian work! + (closes: Bug#172133) + * updated Standards-Version + * added URL to description + + -- Noel Koethe Sun, 9 Feb 2003 19:33:00 +0100 + +drac (1.11-6) unstable; urgency=low + + * removed drac depends for drac-dev + (closes: Bug#147449) + * correct typo in manpage + (closes: Bug#147451) + * corrected path in README.Debian and README from /etc/mail/ + to /etc/drac/ + + -- Noel Koethe Thu, 11 Jul 2002 18:24:00 +0100 + +drac (1.11-5) unstable; urgency=low + + * added a link for using drac with exim to README.Debian + (closes: Bug#136952) + + -- Noel Koethe Wed, 6 Mar 2002 12:13:00 +0100 + +drac (1.11-4) unstable; urgency=medium + + * corrected evil error in init.d + + -- Noel Koethe Sat, 2 Mar 2002 23:31:00 +0100 + +drac (1.11-3) unstable; urgency=low + + * added homepage of upstream package to copyright + * rewrote the init.d script and send it to upstream + (closes: Bug#135706) + + -- Noel Koethe Tue, 26 Feb 2002 12:36:00 +0100 + +drac (1.11-2) unstable; urgency=low + + * added README.Debian with a short description howto use + drac with postfix and qpopper + * changed my Maintainer Email address. + + -- Noel Koethe Sun, 16 Dec 2001 15:20:00 +0100 + +drac (1.11-1) unstable; urgency=low + + * Initial Release (closes: Bug#114016) + + -- Noel Koethe Thu, 9 Nov 2001 23:22:09 +0100 + --- drac-1.12.orig/debian/compat +++ drac-1.12/debian/compat @@ -0,0 +1,2 @@ +4 + --- drac-1.12.orig/debian/drac.files +++ drac-1.12/debian/drac.files @@ -0,0 +1,6 @@ +etc/drac/dracd.allow +etc/init.d/drac +usr/sbin/rpc.dracd +usr/share/doc/drac/* +usr/share/man/man8/rpc.dracd.8.gz +var/lib/drac/dracd.db --- drac-1.12.orig/debian/init.d +++ drac-1.12/debian/init.d @@ -0,0 +1,56 @@ +#!/bin/sh -e +# 2002-02-26, v0.0.1, Noèl Köthe, noel@debian.org +### BEGIN INIT INFO +# Provides: drac +# Required-Start: $local_fs $remote_fs portmap +# Required-Stop: $local_fs $remote_fs +# Should-Start: $syslog +# Should-Stop: $syslog +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: Start or stop the drac daemon. +### END INIT INFO + +DAEMON=/usr/sbin/rpc.dracd +OPTIONS="-i -e 30 /var/lib/drac/dracd.db" +NAME=rpc.dracd +DESC="drac - dynamic relay authorization control" + +[ -x $DAEMON ] || exit 0 + +. /lib/lsb/init-functions + +set -e + +checkportmap () { + if ! /usr/bin/rpcinfo -u localhost portmapper >/dev/null 2>&1; then + log_action_msg "WARNING: portmapper inactive - RPC services unavailable!" + fi +} + +case "$1" in + start) + checkportmap + echo -n "Starting $DESC: " + start-stop-daemon --start --quiet --background --exec ${DAEMON} -- ${OPTIONS} + echo "$NAME." + ;; + stop) + echo -n "Stopping $DESC: " + start-stop-daemon --stop --oknodo --quiet --exec ${DAEMON} + echo "$NAME." + ;; + restart|force-reload) + $0 stop + sleep 1 + $0 start + ;; + *) + N=/etc/init.d/$NAME + # echo "Usage: $N {start|stop|restart|reload|force-reload}" >&2 + echo "Usage: $N {start|stop|restart|force-reload}" >&2 + exit 1 + ;; +esac + +exit 0 --- drac-1.12.orig/debian/drac-dev.dirs +++ drac-1.12/debian/drac-dev.dirs @@ -0,0 +1,2 @@ +usr/lib +usr/include --- drac-1.12.orig/debian/README.Debian +++ drac-1.12/debian/README.Debian @@ -0,0 +1,121 @@ +HOWTO use drac with your MTA: + +For postfix: +------------ +The Debian postfix package can use drac out-of-the box, with only a simple +change to the default configuration file; simply add 'btree:/var/lib/drac/dracd' +to your mynetworks variable in /etc/postfix/main.cf thusly: + +mynetworks = 127.0.0.0/8 + btree:/var/lib/drac/dracd + +If your configuration differs significantly from the Debian default, other +methods are discussed at length at: +http://www.stahl.bau.tu-bs.de/~hildeb/postfix/postfix_drac.shtml + + +For Exim: +--------- +The hostlist "relay_from_hosts" should include: + + net-dbmnz;/var/lib/drac/dracd.db + +To change this setting, run: + + dpkg-reconfigure exim4-config + +and include the above when asked about "Machines to relay mail for:". + + +For sendmail: +------------- +(from http://mail.cc.umanitoba.ca/drac/mta.html) +For sendmail 8.9.x, add the following to your .mc file under LOCAL_CONFIG... + +# dynamic relay authorization control map +Kdrac btree /etc/drac/dracd + +and the following under LOCAL_RULESETS... + +SLocal_check_rcpt +# allow recent POP/IMAP mail clients to relay +R$* $: $&{client_addr} +R$+ $: $(drac $1 $: ? $) +R? $@ ? +R$+ $@ $#OK + +If you are using the DUL to block connections from dial-up IP addresses, you will need to add the same four rules to the SLocal_check_relay ruleset in your .mc file to allow DRAC-authenticated users to connect. + +Tabs are required between the two sides of these rules! + +Then, you can re-make the .cf file, install it, and restart the sendmail SMTP daemon. + +Mike McHenry contributes the following information for a complex sendmail configuration... + +I have some updated sendmail rules for sendmail 8.11.0 that may or may not help people out. These rules are tuned for a full email server running all of the relay checks and spam filtering features of the new sendmail. First I will include an example sendmail.mc file and then I will show where the drac configs need to be manually patched in to the resulting sendmail.cf file. + +EXAMPLE MC FILE: +OSTYPE(`linux')dnl +define(`confAUTO_REBUILD')dnl +define(`confCONNECTION_RATE_THROTTLE',40)dnl +define(`confMAX_HOP',30)dnl +define(`confMAX_MESSAGE_SIZE',10000000)dnl +define(`confPRIVACY_FLAGS',`authwarnings,needmailhelo')dnl +define(`confQUEUE_LA',5)dnl +define(`confREFUSE_LA',10)dnl +define(`confTO_CONNECT', `1m')dnl +define(`confTO_IDENT',0s)dnl +define(`confTO_QUEUEWARN', `12h')dnl +define(`confTRY_NULL_MX_LIST',true)dnl +define(`STATUS_FILE',`/etc/mail/sendmail.st')dnl +define(`ALIAS_FILE',`/etc/mail/aliases')dnl +FEATURE(`smrsh',`/usr/sbin/smrsh')dnl +MAILER(`smtp')dnl +FEATURE(`local_procmail', `/usr/bin/procmail')dnl +FEATURE(`always_add_domain')dnl +define(`MASQUERADE_NAME',`domain.com.')dnl +FEATURE(`limited_masquerade')dnl +define(`confCW_FILE',` /etc/mail/sendmail.cw')dnl +FEATURE(`use_cw_file')dnl +FEATURE(`accept_unresolvable_domains')dnl +FEATURE(`redirect')dnl +FEATURE(`virtusertable',` hash -o /etc/mail/virtusertable')dnl +FEATURE(`access_db')dnl +FEATURE(`blacklist_recipients')dnl +FEATURE(dnsbl, `rbl.maps.vix.com', `Rejected - see +http://www.mail-abuse.org/rbl/')dnl +FEATURE(dnsbl, `dul.maps.vix.com', `Dialup - see +http://www.mail-abuse.org/dul/')dnl +FEATURE(dnsbl, `relays.mail-abuse.org', `Open spam relay - see +http://www.mail-abuse.org/rss/')dnl + +LOCAL_CONFIG +# dynamic relay authorization control map +Kdrac btree -o /etc/drac/dracd + +Manually patch into the resulting sendmail.cf the following chunks of code: + +At the END of SLocal_check_rcpt right before the last "catch-all" reject insert the following chunk of code (ignore the final reject code that follows the DRAC code chunk)... + +# allow recent POP/IMAP mail clients to relay +R$* $: $&{client_addr} +R$+ $: $(drac $1 $: ? $) +R? $: +R$+ $@ RELAYFROM + +# anything else is bogus +R$* $#error $@ 5.7.1 $: "550 Relaying denied" + +Also, if you are making use of the MAPS DUL lists you will need to add a check for DRAC in SBasic_check_relay to allow your customers to relay mail even if they are coming from a dialup outside of your control. Add the following before the first MAPS checks in the sendmail.cf (ignore the MAPS lines following the DRAC code chunk)... + +# allow recent POP/IMAP mail clients to relay +R$* $: $&{client_addr} +R$+ $: $(drac $1 $: ? $) +R? $: +R$+ $@ RELAYFROM + +# DNS based IP address spam list rbl.maps.vix.com +R$* $: $&{client_addr} + +That's it! Fine-tune to suit your needs and restart sendmail. + --- drac-1.12.orig/debian/drac.dirs +++ drac-1.12/debian/drac.dirs @@ -0,0 +1,7 @@ +etc/drac +etc/init.d +usr/sbin +usr/share/doc/drac +usr/share/man/man8 +usr/lib/courier/authlib +var/lib/drac --- drac-1.12.orig/debian/copyright +++ drac-1.12/debian/copyright @@ -0,0 +1,34 @@ +This package was debianized by +Noèl Köthe on Fri, 9 Nov 2001 23:22:09 +0100. + +It was downloaded from ftp://ftp.cc.umanitoba.ca/src/ + http://mail.cc.umanitoba.ca/drac/ + +Upstream Author: Gary Mills + +Copyright: + + +/* + * Copyright University of Manitoba 1998. + * Written by J. Gary mills + * + * Permission is granted to anyone to use this software for any purpose on + * any computer system, and to alter it and redistribute it freely, subject + * to the following restrictions: + * + * 1. The author and the University of Manitoba are not responsible + * for the consequences of use of this software, no matter how awful, + * even if they arise from flaws in it. + * + * 2. The origin of this software must not be misrepresented, either by + * explicit claim or by omission. Since few users ever read sources, + * credits must appear in the documentation. + * + * 3. Altered versions must be plainly marked as such, and must not be + * misrepresented as being the original software. Since few users + * ever read sources, credits must appear in the documentation. + * + * 4. This notice may not be removed or altered. + */ + --- drac-1.12.orig/drac.x +++ drac-1.12/drac.x @@ -17,6 +17,10 @@ unsigned long ip_addr; /* In network order */ }; +struct drac_add_parm6 { + char ip_addr6[16]; /* In network order */ +}; + enum addstat { ADD_SUCCESS, /* Succeeded */ ADD_PERM, /* Permission denied */ @@ -32,4 +36,11 @@ addstat DRACPROC_ADD(drac_add_parm) = 1; } = 1; + version DRACVERS6 { + /* + * Update my passwd entry + */ + addstat + DRACPROC_ADD(drac_add_parm6) = 1; + } = 2; } = 900101; --- drac-1.12.orig/drac-dev.dirs +++ drac-1.12/drac-dev.dirs @@ -0,0 +1,2 @@ +usr/lib +usr/include --- drac-1.12.orig/version.h +++ drac-1.12/version.h @@ -1 +1 @@ -#define VERSION "1.12" +#define VERSION "1.11"