1#!/usr/local/bin/perl
2# Save SMTP authentication options
3
4require './postfix-lib.pl';
5
6&ReadParse();
7
8$access{'sasl'} || &error($text{'opts_ecannot'});
9
10&error_setup($text{'sasl_err'});
11
12# Validate SASL options
13if ($in{'smtpd_tls_key_file_def'} eq "__USE_FREE_FIELD__") {
14	-r $in{'smtpd_tls_key_file'} || &error($text{'sasl_ekey'});
15	}
16if ($in{'smtpd_tls_cert_file_def'} eq "__USE_FREE_FIELD__") {
17	-r $in{'smtpd_tls_cert_file'} || &error($text{'sasl_ecert'});
18	}
19if ($in{'smtpd_tls_CAfile_def'} eq "__USE_FREE_FIELD__") {
20	-r $in{'smtpd_tls_CAfile'} || &error($text{'sasl_eca'});
21	}
22
23# Validate remote mail server login
24if (!$in{'login_none'}) {
25	$in{'login_user'} =~ /^[^: ]+$/ || &error($text{'sasl_elogin'});
26	$in{'login_pass'} =~ /^[^ ]*$/ || &error($text{'sasl_epass'});
27	}
28
29&lock_postfix_files();
30&save_options(\%in);
31
32# Save security options
33@opts = split(/\0/, $in{'sasl_opts'});
34&set_current_value("smtpd_sasl_security_options", join(" ", @opts));
35
36# Save recipient options that we care about
37@recip = split(/[\s,]+/, &get_current_value("smtpd_recipient_restrictions"));
38%newrecip = map { $_, 1 } split(/\0/, $in{'sasl_recip'});
39foreach $o (&list_smtpd_restrictions()) {
40	if ($newrecip{$o}) {
41		push(@recip, $o) if (&indexof($o, @recip) < 0);
42		}
43	else {
44		@recip = grep { $_ ne $o } @recip;
45		}
46	}
47&set_current_value("smtpd_recipient_restrictions", join(" ", @recip));
48
49# Save relay options that we care about
50@relay = split(/[\s,]+/, &get_current_value("smtpd_relay_restrictions"));
51%newrelay = map { $_, 1 } split(/\0/, $in{'sasl_relay'});
52foreach $o (&list_smtpd_restrictions()) {
53	if ($newrelay{$o}) {
54		push(@relay, $o) if (&indexof($o, @relay) < 0);
55		}
56	else {
57		@relay = grep { $_ ne $o } @relay;
58		}
59	}
60&set_current_value("smtpd_relay_restrictions", join(" ", @relay));
61
62# Save SSL options
63if (&compare_version_numbers($postfix_version, 2.3) >= 0) {
64	&set_current_value("smtpd_tls_security_level",
65			   $in{'smtpd_tls_security_level'});
66	}
67
68# Save SMTP relay options
69$rh = &get_current_value("relayhost");
70$rh =~ s/^\[(.*)\]$/$1/g;
71if ($rh) {
72	if ($in{'login_none'} == 0 &&
73	    !&get_current_value("smtp_sasl_password_maps")) {
74		# Setup initial map
75		&set_current_value("smtp_sasl_password_maps",
76				"hash:".&guess_config_dir()."/smtp_sasl_password_map");
77		}
78        $pmap = &get_maps("smtp_sasl_password_maps");
79	foreach my $o (@$pmap) {
80                if ($o->{'name'} eq $rh) {
81			$old = $o;
82			}
83		}
84	$newmap = { 'name' => $rh,
85		    'value' => $in{'login_user'}.":".$in{'login_pass'} };
86	if ($old && $in{'login_def'}) {
87		# Delete entry
88		&delete_mapping("smtp_sasl_password_maps", $old);
89		}
90	elsif ($old && !$in{'login_def'}) {
91		# Update entry
92		&modify_mapping("smtp_sasl_password_maps", $old, $newmap);
93		}
94	elsif (!$old && !$in{'login_def'}) {
95		# Add entry
96		&create_mapping("smtp_sasl_password_maps", $newmap);
97		}
98	&regenerate_any_table("smtp_sasl_password_maps");
99	}
100
101&unlock_postfix_files();
102
103$err = &reload_postfix();
104&error($err) if ($err);
105
106&webmin_log("sasl");
107&redirect("");
108
109
110
111