ports//mail/meta1/work/meta1-1.0.PreAlpha22.0/chkmts/t-tls-reqr-1.sh

#!/bin/sh
# $Id: t-tls-reqr-1.sh,v 1.5 2007/06/13 04:43:08 ca Exp $
#
# ----------------------------------------
# test TLS requirements in smtpc; check cert issuer/subject via access map
# creates two MTA (one in chkmts, one in qmgr) to use STARTTLS
# run smtpcnf.sh with different parameters
# ----------------------------------------
# need tests for:
# deferred mail (stored in defedb and tried again)
#
# tests need to be enhanced to properly check the results, i.e.,
# did really happen what was supposed to happen?
#
# test some more rcpt_conf_lookup_flags!
#
test -s stop && exit 1
#

SD=`dirname $0`
THISDIR=`pwd`
if test "${SD}" = "."
then
   SD=../chkmts
fi
. ${SD}/common.sh

I=""
ERRS=0
PID2=pids2
SKIP=""
TMP=t-tls-reqr-0.out

if test X"`uname`" != "XOSF1"
then
while getopts s:V FLAG
do
  case "${FLAG}" in
    s) SKIP="${SKIP} ${OPTARG}";;
    V) VERBOSE=true;;
  esac
done
shift `expr ${OPTIND} - 1`
# linux: killall kills qmgr/smar from first MTA, hence subsequent tests fail
if test X"`uname`" = "XLinux" -a X"${SKIP}" = "X"
then
    SKIP=" 2 3 4 5 6 7 8 9 "
fi
fi

if ../smtps/smtps -VVV | ${GREP} MTA_USE_TLS >/dev/null
then
  :
else
  echo "SKIPPED: $0: smtps not compiled with STARTTLS"
  exit 0
fi
if ../smtpc/smtpc -VVV | ${GREP} MTA_USE_TLS >/dev/null
then
  :
else
  echo "SKIPPED: $0: smtpc not compiled with STARTTLS"
  exit 0
fi

EM=emailAddress
if ../smtps/smtps -VV | ${GREP} 'compiled against.*=0x009060' >/dev/null
then
  EM=Email
fi

killit()
{
cd ${THISDIR}
if test -s ${PID2}
then
  # stop MTA components
  for i in `${CAT} ${PID2}`
  do
    kill ${i}
  done
fi
# ----------------
# thanks kids for not following the POSIX standard...
if test X"`uname`" = "XLinux"
then
  killall qmgr smar
fi
exit ${ERRS}
}

# cd to working directory for alias file!
cd ../qmgr || exit 1

# create aliases (sink)
${CAT} > ${ALI} <<EOF
abuse:	local:
postmaster:	local:
user:	local:
user1:	local:
user2:	local:
EOF
# create map (sink)
rm -f ${ALIMAP}
${MM} < ${ALI}

# create mailertable (save old version?) (sink)
${CAT} > ${MT} <<EOF
local.dom	lmtp:
other.dom	[127.1.2.3]
host.local	[127.0.0.1]
EOF

# get certs
for i in smcert.pem smkey.pem CAcert.pem
do
  cp ${SD}/${i} .
done

# ----------------------------------------
# need two SMTP servers:
# server1: chkmts, uses smx2.conf, started here "by hand"
# server2: qmgr, uses smx.conf, started by smtpcnf.sh
#
# test client [smtpcnf.sh] -> SMTP server 1 (SRVPORT)
# -> QMGR 1 -> SMTP client 1 (SNKPORT)
# -> SMTP server 2 [smtpcnf.sh] (SRVPORT2=SNKPORT)
# -> QMGR 2 [smtpcnf.sh] -> SMTP client 2 [smtpcnf.sh]
# -> lmtp sink [smtpcnf.sh]
# problem: test client in smtpcnf.sh will use SNKPORT (=SRVPORT2)
# hence the port must be passed explicitly via -F ${SRVPORT}
#
# relaying restrictions are imposed in smx.conf

cd ${THISDIR} || exit 1
# get certs
for i in smcert.pem smkey.pem CAcert.pem
do
  cp ${SD}/${i} .
done
# create mailertable (save old version?)
${CAT} > ${MT} <<EOF
source.dom	lmtp:
local.dom	[127.0.0.1]
other.dom	[${MTA_LMTPIPV4D}]
EOF
# create aliases (source)
${CAT} > ${ALI} <<EOF
abuse:	local:
postmaster:	local:
sender1:	local:
sender2:	local:
sender3:	local:
sender4:	local:
sender5:	local:
sender6:	local:
sender7:	local:
sender8:	local:
sender9:	local:
a2:	<user1@local.dom> <user2@local.dom>
EOF
# create map (source)
rm -f ${ALIMAP}
${MM} < ${ALI}

MTA_CDQMGRDIR=false
export MTA_CDQMGRDIR
MYV=${VERBOSE}
. ${SD}/mta-setup.sh
VERBOSE=${MYV}
MTA_CDQMGRDIR=true
rm -f ${QMGRCONFMAP}

SNKPORT=8753
SRVPORT=1579
MTA_SNKPORT=8752
MTA_SRVPORT=${SNKPORT}
SNKPORT2=${MTA_SNKPORT}
SRVPORT2=${MTA_SRVPORT}

# ----------------------------------------
# start first MTA (chkmts)
#
CONF2=smx2.conf
${CAT} > ${CONF2} <<EOF
qmgr { Log_Level = 12; wait_for_server=4; wait_for_client=4;
  smtpc { flags = lookup_rcpt_conf;
        rcpt_conf_lookup_flags = { full_address }
  }
}
smar { Log_Level = 12;
}
smtpc { Log_Level = 12; remote_port=${SNKPORT}; wait_for_server=4;
  flags = talk_to_myself; # don't check "talking to myself"
}
smtps {
Log_Level = 12;
daemon_address = localhost:${SRVPORT};
wait_for_server=4;
}
EOF

${CAT} > ${ACC} <<EOF
smtpc_rcpt_conf:user@local.dom	tls_requirements {cert_issuer="/C=US/ST=California/L=Emeryville/O=Example+20Org/OU=MTA/CN=CA/$EM=MISMATCH@example.org";}
EOF
rm -f ${ACCMAP}
${MM} -t'	' -F ${ACCMAP} < ${ACC}

# version of output files
V=1
# path to programs
P=..
rm -f ${PID2}
trap killit EXIT 2 15
# go for it
${P}/smar/smar -f ${CONF2} -d9 > a${V}.log 2>&1 &
SMARPID=$!
echo $! >> ${PID2}
${P}/qmgr/qmgr -f ${CONF2} -d9 > q${V}.log 2>&1 &
echo $! >> ${PID2}
${P}/smtpc/smtpc -f ${CONF2} -d9 > c${V}.log 2>&1 &
echo $! >> ${PID2}
${P}/smtps/smtps -f ${CONF2} > s${V}.log 2>&1 &
echo $! >> ${PID2}

# check that the MTA is running
export P
${CHKD}/mta-running.sh ${SRVPORT} || killit

export MTA_SNKPORT MTA_SRVPORT

cd ../qmgr
${CAT} > ${SMXCNF} <<EOF
qmgr { Log_Level = 12; wait_for_server=4; wait_for_client=4; }
smar { Log_Level = 12; nameserver = ${NS}; }
smtpc { Log_Level = 12; remote_port=${SNKPORT}; wait_for_server=4; }
smtps {
Log_Level = 12;
daemon_address = localhost:${SRVPORT2};
flags = {access};
wait_for_server=4;
}
EOF

${CAT} > ${ACC} <<EOF
EOF
rm -f ${ACCMAP}
${MM} -t'	' -F ${ACCMAP} < ${ACC}

# ----------------------------------------
# test: send mail to sink, requirements not fulfilled

TEST=1
if echo " ${SKIP} X" | ${GREP} -v " ${TEST} " > /dev/null
then
ERR=false

if ${SHELL} ${SD}/smtpcnf.sh -F ${SRVPORT} -3 lmtpsock -Ssender${TEST}@other.dom -Ruser@local.dom -E 0 -X 0 -A 1
then
  if test -s ${B1}
  then
    ${VERBOSE} && echo "$0: test ${TEST}: found ${B1}"
    ERR=true
  else
    # check that mail is in queue, check error message...
    # how?
    cd ${THISDIR} || ERR=true
    ls ?/S* >/dev/null || ERR=true
# cannot use edbr as qmgr is still running
#     ${EDBR} -V > ${TMP}
#     if ${GREP} 'text=421 4.7.0 smtpc security requirements not met' ${TMP} >/dev/null
#     then
#       :
#     else
#       ${VERBOSE} && echo "$0: test ${TEST}: missing 421 text"
#       ERR=true
#     fi
    cd ../qmgr
  fi
else
  ERR=true
fi
if ${ERR}
then
   echo "$0: test ${TEST} failed"
   ERRS=`expr ${ERRS} + 1 `
   test X"${MTA_STOPONERROR}" != X && exit 1
fi
rm -f ${B1}
else
  ${VERBOSE} && echo "$0: test ${TEST} SKIPPED"
fi


# ----------------------------------------
# test: send mail to sink, requirements fulfilled

TEST=2
if echo " ${SKIP} X" | ${GREP} -v " ${TEST} " > /dev/null
then
ERR=false

cd ${THISDIR}
${CAT} > ${ACC} <<EOF
smtpc_rcpt_conf:user@local.dom	tls_requirements {cert_issuer="/C=US/ST=California/L=Emeryville/O=Example+20Org/OU=MTA/CN=CA/$EM=CA@example.org";}
EOF
rm -f ${ACCMAP}
${MM} -t'	' -F ${ACCMAP} < ${ACC}
# notify smar
kill -USR1 ${SMARPID}
cd ../qmgr

if ${SHELL} ${SD}/smtpcnf.sh -F ${SRVPORT} -3 lmtpsock -Ssender${TEST}@other.dom -Ruser@local.dom -E 0 -X 0 -A 1
then
  if test -s ${B1}
  then
    if ${GREP} 'TLS' ${B1} >/dev/null
    then
      :
    else
      ${VERBOSE} && echo "$0: test ${TEST}: missing TLS in ${B1}"
      ERR=true
    fi
  else
    ${VERBOSE} && echo "$0: test ${TEST}: missing ${B1}"
    ERR=true
  fi
else
  ERR=true
fi
if ${ERR}
then
   echo "$0: test ${TEST} failed"
   ERRS=`expr ${ERRS} + 1 `
   test X"${MTA_STOPONERROR}" != X && exit 1
fi
rm -f ${B1}
else
  ${VERBOSE} && echo "$0: test ${TEST} SKIPPED"
fi


# ----------------------------------------
# test: send mail to sink, requirements not fullfilled,
# but the lookup doesn't match because of the flags.

TEST=3
if echo " ${SKIP} X" | ${GREP} -v " ${TEST} " > /dev/null
then
ERR=false

cd ${THISDIR}
${CAT} > ${ACC} <<EOF
smtpc_rcpt_conf:@local.dom	tls_requirements {min_cipher_bits=512;cert_issuer="/C=US/ST=California/L=Emeryville/O=Example+20Org/OU=MTA/CN=CA/$EM=CA@example.org";}
EOF
rm -f ${ACCMAP}
${MM} -t'	' -F ${ACCMAP} < ${ACC}
# notify smar
kill -USR1 ${SMARPID}
cd ../qmgr

if ${SHELL} ${SD}/smtpcnf.sh -F ${SRVPORT} -3 lmtpsock -Ssender${TEST}@other.dom -Ruser1@local.dom -E 0 -X 0 -A 1
then
  if test -s ${B1}
  then
    if ${GREP} 'TLS' ${B1} >/dev/null
    then
      :
    else
      ${VERBOSE} && echo "$0: test ${TEST}: missing TLS in ${B1}"
      ERR=true
    fi
  else
    ${VERBOSE} && echo "$0: test ${TEST}: missing ${B1}"
    ERR=true
  fi
else
  ${VERBOSE} && echo "$0: test ${TEST}: smtpcnf.sh failed"
  ERR=true
fi
if ${ERR}
then
   echo "$0: test ${TEST} failed"
   ERRS=`expr ${ERRS} + 1 `
   test X"${MTA_STOPONERROR}" != X && exit 1
fi
#rm -f ${B1}
else
  ${VERBOSE} && echo "$0: test ${TEST} SKIPPED"
fi


# ----------------------------------------
cd ${THISDIR}
rm -f ${MTMAP} ${ALIMAP} ${ACCMAP}
cd ../qmgr
rm -f ${MTMAP} ${ALIMAP} ${ACCMAP}

# ----------------------------------------
# end
if test "${ERRS}" = "0"
then
  exit 0
else
  echo "${ERRS} error(s)"
  exit 1
fi
syntax highlighted by Code2HTML, v. 0.9.1