# hcoop-change: acquire AFS token for the user -- the condition
# statement is executed for side-effects only, and nothing should ever
# be accepted by this router
+#
+# Currently disabled in favor of getting the token during transport --
+# that is, after changing uid.
-get_token:
- driver = accept
- domains = +local_domains
- condition = ${run{/etc/exim4/get-token ${local_part}}{0}{0}}
- transport = dev_null
- no_verify
- no_expn
+# get_token:
+# driver = accept
+# domains = +local_domains
+# condition = ${run{/etc/exim4/get-token ${local_part}}{0}{0}}
+# transport = dev_null
+# no_verify
+# no_expn
# hcoop-change: Transport for mailman lists
+# TODO: get an appropriate AFS token
mailman_transport:
debug_print = "T: mailman for $local_part@$domain"
driver = pipe
# This transport is used for handling deliveries directly to files that are
# generated by aliasing or forwarding.
#
+# hcoop-change: Add bogus group line to make sure get-token gets executed
address_file:
debug_print = "T: address_file for $local_part@$domain"
driver = appendfile
+ group = mail${run{/etc/exim4/get-token ${local_part}}{}}
delivery_date_add
envelope_to_add
return_path_add
# .forward files. If the commands fails and produces any output on standard
# output or standard error streams, the output is returned to the sender
# of the message as a delivery error.
+#
+# hcoop-change: Set a nonsensical environment variable in order that a
+# the token-acquiring command may be run
address_pipe:
debug_print = "T: address_pipe for $local_part@$domain"
driver = pipe
+ environment = AFS_IS=${run{/etc/exim4/get-token ${local_part}}{}}enabled
return_fail_output
# home-directory - change the definition of LOCAL_DELIVERY
#
# hcoop-change: Deliver to MAILDIR_HOME_MAILDIR_LOCATION/$local_part
+#
+# hcoop-change: Make sure get-token gets executed
maildir_home:
debug_print = "T: maildir_home for $local_part@$domain"
driver = appendfile
.ifdef MAILDIR_HOME_MAILDIR_LOCATION
- directory = MAILDIR_HOME_MAILDIR_LOCATION/$local_part
+ directory = MAILDIR_HOME_MAILDIR_LOCATION/$local_part${run{/etc/exim4/get-token ${local_part}}{}}
.else
directory = $home/Maildir
.endif
+# hcoop-change: Set a nonsensical environment variable in order that a
+# the token-acquiring command may be run
maildrop_pipe:
debug_print = "T: maildrop_pipe for $local_part@$domain"
driver = pipe
path = "/bin:/usr/bin:/usr/local/bin"
+ environment = AFS_IS=${run{/etc/exim4/get-token ${local_part}}{}}enabled
command = "/usr/bin/maildrop"
return_path_add
delivery_date_add
+# hcoop-change: Set a nonsensical environment variable in order that a
+# the token-acquiring command may be run
procmail_pipe:
debug_print = "T: procmail_pipe for $local_part@$domain"
driver = pipe
path = "/bin:/usr/bin:/usr/local/bin"
+ environment = AFS_IS=${run{/etc/exim4/get-token ${local_part}}{}}enabled
command = "/usr/bin/procmail"
return_path_add
delivery_date_add
#
# This is used to deliver mail with the appropriate credentials.
+touch /tmp/get-token-was-called
+
+exec 2>&1
+exec >& /tmp/get-token-log
+
+echo ==============================================================================
+echo invoked: get-token $@
+echo userid: `who am i`
+
USER=$1
export KRB5CCNAME=FILE:/tmp/krb5cc_$USER.email
kdestroy
unlog
-#echo kinit -kt /etc/keytabs/$USER.email.keytab $USER/mailfilter@HCOOP.NET > /tmp/script-log
-kinit -kt /etc/keytabs/$USER.email.keytab $USER/mailfilter@HCOOP.NET
-#aklog
-#tokens
+KEYTAB=/etc/keytabs/email/$USER.email.keytab
+echo kinit -kt $KEYTAB $USER/mailfilter@HCOOP.NET
+kinit -kt $KEYTAB $USER/mailfilter@HCOOP.NET
+aklog
+tokens
+echo ..............................................................................
+