From 5092a970110843b0e9484c70c0140879b4ba1431 Mon Sep 17 00:00:00 2001
From: "root@deleuze.hcoop.net" <>
Date: Sun, 18 Mar 2007 01:55:35 -0400
Subject: [PATCH] mwolson: Mail delivery works now.  Yay!

Add some truly awful hacks to all of the transports which allow pipes,
maildir delivery, or writing to some user-controlled file so that AFS
tokens can be retrieved at the right time.
---
 conf.d/router/550_exim4-get_token             | 17 +++++++++-------
 conf.d/transport/10_exim4-config_mailman      |  1 +
 conf.d/transport/30_exim4-config_address_file |  2 ++
 conf.d/transport/30_exim4-config_address_pipe |  4 ++++
 conf.d/transport/30_exim4-config_maildir_home |  4 +++-
 .../transport/30_exim4-config_maildrop_pipe   |  3 +++
 .../transport/30_exim4-config_procmail_pipe   |  3 +++
 get-token                                     | 20 +++++++++++++++----
 8 files changed, 42 insertions(+), 12 deletions(-)

diff --git a/conf.d/router/550_exim4-get_token b/conf.d/router/550_exim4-get_token
index 2bc47f4..b297982 100644
--- a/conf.d/router/550_exim4-get_token
+++ b/conf.d/router/550_exim4-get_token
@@ -1,11 +1,14 @@
 # hcoop-change: acquire AFS token for the user -- the condition
 # statement is executed for side-effects only, and nothing should ever
 # be accepted by this router
+#
+# Currently disabled in favor of getting the token during transport --
+# that is, after changing uid.
 
-get_token:
-  driver = accept
-  domains = +local_domains
-  condition = ${run{/etc/exim4/get-token ${local_part}}{0}{0}}
-  transport = dev_null
-  no_verify
-  no_expn
+# get_token:
+#   driver = accept
+#   domains = +local_domains
+#   condition = ${run{/etc/exim4/get-token ${local_part}}{0}{0}}
+#   transport = dev_null
+#   no_verify
+#   no_expn
diff --git a/conf.d/transport/10_exim4-config_mailman b/conf.d/transport/10_exim4-config_mailman
index f6ddf40..3c7fb26 100644
--- a/conf.d/transport/10_exim4-config_mailman
+++ b/conf.d/transport/10_exim4-config_mailman
@@ -1,4 +1,5 @@
 # hcoop-change: Transport for mailman lists
+# TODO: get an appropriate AFS token
 mailman_transport:
   debug_print = "T: mailman for $local_part@$domain"
   driver = pipe
diff --git a/conf.d/transport/30_exim4-config_address_file b/conf.d/transport/30_exim4-config_address_file
index 82b55e2..67e089c 100644
--- a/conf.d/transport/30_exim4-config_address_file
+++ b/conf.d/transport/30_exim4-config_address_file
@@ -2,9 +2,11 @@
 # This transport is used for handling deliveries directly to files that are
 # generated by aliasing or forwarding.
 #
+# hcoop-change: Add bogus group line to make sure get-token gets executed
 address_file:
   debug_print = "T: address_file for $local_part@$domain"
   driver = appendfile
+  group = mail${run{/etc/exim4/get-token ${local_part}}{}}
   delivery_date_add
   envelope_to_add
   return_path_add
diff --git a/conf.d/transport/30_exim4-config_address_pipe b/conf.d/transport/30_exim4-config_address_pipe
index c5f1828..1c19408 100644
--- a/conf.d/transport/30_exim4-config_address_pipe
+++ b/conf.d/transport/30_exim4-config_address_pipe
@@ -3,8 +3,12 @@
 # .forward files. If the commands fails and produces any output on standard
 # output or standard error streams, the output is returned to the sender
 # of the message as a delivery error.
+#
+# hcoop-change: Set a nonsensical environment variable in order that a
+# the token-acquiring command may be run
 address_pipe:
   debug_print = "T: address_pipe for $local_part@$domain"
   driver = pipe
+  environment = AFS_IS=${run{/etc/exim4/get-token ${local_part}}{}}enabled
   return_fail_output
 
diff --git a/conf.d/transport/30_exim4-config_maildir_home b/conf.d/transport/30_exim4-config_maildir_home
index dd48466..2705667 100644
--- a/conf.d/transport/30_exim4-config_maildir_home
+++ b/conf.d/transport/30_exim4-config_maildir_home
@@ -6,11 +6,13 @@
 # home-directory - change the definition of LOCAL_DELIVERY
 #
 # hcoop-change: Deliver to MAILDIR_HOME_MAILDIR_LOCATION/$local_part
+#
+# hcoop-change: Make sure get-token gets executed
 maildir_home:
   debug_print = "T: maildir_home for $local_part@$domain"
   driver = appendfile
   .ifdef MAILDIR_HOME_MAILDIR_LOCATION
-  directory = MAILDIR_HOME_MAILDIR_LOCATION/$local_part
+  directory = MAILDIR_HOME_MAILDIR_LOCATION/$local_part${run{/etc/exim4/get-token ${local_part}}{}}
   .else
   directory = $home/Maildir
   .endif
diff --git a/conf.d/transport/30_exim4-config_maildrop_pipe b/conf.d/transport/30_exim4-config_maildrop_pipe
index 0ba27bc..edfc8ba 100644
--- a/conf.d/transport/30_exim4-config_maildrop_pipe
+++ b/conf.d/transport/30_exim4-config_maildrop_pipe
@@ -1,8 +1,11 @@
+# hcoop-change: Set a nonsensical environment variable in order that a
+# the token-acquiring command may be run
 
 maildrop_pipe:
   debug_print = "T: maildrop_pipe for $local_part@$domain"
   driver = pipe
   path = "/bin:/usr/bin:/usr/local/bin"
+  environment = AFS_IS=${run{/etc/exim4/get-token ${local_part}}{}}enabled
   command = "/usr/bin/maildrop"
   return_path_add
   delivery_date_add
diff --git a/conf.d/transport/30_exim4-config_procmail_pipe b/conf.d/transport/30_exim4-config_procmail_pipe
index 5fb03ff..bab810d 100644
--- a/conf.d/transport/30_exim4-config_procmail_pipe
+++ b/conf.d/transport/30_exim4-config_procmail_pipe
@@ -1,8 +1,11 @@
+# hcoop-change: Set a nonsensical environment variable in order that a
+# the token-acquiring command may be run
 
 procmail_pipe:
   debug_print = "T: procmail_pipe for $local_part@$domain"
   driver = pipe
   path = "/bin:/usr/bin:/usr/local/bin"
+  environment = AFS_IS=${run{/etc/exim4/get-token ${local_part}}{}}enabled
   command = "/usr/bin/procmail"
   return_path_add
   delivery_date_add
diff --git a/get-token b/get-token
index 23c32c0..808820b 100755
--- a/get-token
+++ b/get-token
@@ -3,12 +3,24 @@
 #
 # This is used to deliver mail with the appropriate credentials.
 
+touch /tmp/get-token-was-called
+
+exec 2>&1
+exec  >&  /tmp/get-token-log
+
+echo ==============================================================================
+echo invoked: get-token $@
+echo userid:  `who am i`
+
 USER=$1
 export KRB5CCNAME=FILE:/tmp/krb5cc_$USER.email
 kdestroy
 unlog
 
-#echo kinit -kt /etc/keytabs/$USER.email.keytab $USER/mailfilter@HCOOP.NET > /tmp/script-log
-kinit -kt /etc/keytabs/$USER.email.keytab $USER/mailfilter@HCOOP.NET
-#aklog
-#tokens
+KEYTAB=/etc/keytabs/email/$USER.email.keytab
+echo kinit -kt $KEYTAB $USER/mailfilter@HCOOP.NET
+kinit -kt $KEYTAB $USER/mailfilter@HCOOP.NET
+aklog
+tokens
+echo ..............................................................................
+
-- 
2.20.1