Blame tests/p_postfix/50_postfix_tls.sh

Christoph Galuschka de9396
#!/bin/sh
Christoph Galuschka 490c76
# Author: Christoph Galuschka <christoph.galuschka@chello.at>
Christoph Galuschka 490c76
Christoph Galuschka 490c76
t_Log "Running $0 - Postfix plain SASL test."
Christoph Galuschka 490c76
t_Log "Installing prerequisits"
Christoph Galuschka 490c76
Christoph Galuschka 490c76
t_InstallPackage openssl
Christoph Galuschka 490c76
Christoph Galuschka 490c76
#creating backups of changed files
Christoph Galuschka 490c76
cp -a /etc/postfix/main.cf /etc/postfix/main.cf_testing
Christoph Galuschka 490c76
if [ $centos_ver = 5 ]
Christoph Galuschka 490c76
  then
Christoph Galuschka 490c76
  cp -a /etc/dovecot.conf /etc/dovecot.conf_testing
Christoph Galuschka 490c76
else
Christoph Galuschka 490c76
  cp -a /etc/dovecot/dovecot.conf /etc/dovecot/dovecot.conf_testing
Christoph Galuschka 490c76
fi
Christoph Galuschka 490c76
Christoph Galuschka 490c76
#creating certificates
Christoph Galuschka 490c76
TESTDIR='/var/tmp/openssl-test'
Christoph Galuschka 490c76
mkdir $TESTDIR
Christoph Galuschka 490c76
t_Log "creating private key"
Christoph Galuschka 490c76
if [ $centos_ver = 6 ] 
Christoph Galuschka 490c76
  then
Christoph Galuschka 490c76
  openssl genpkey -algorithm rsa -out $TESTDIR/server.key.secure -pkeyopt rsa_keygen_bits:2048 > /dev/null 2>&1
Christoph Galuschka 490c76
else
Christoph Galuschka 490c76
  openssl genrsa -passout pass:centos -des3 -rand file1:file2:file3:file4:file5 -out $TESTDIR/server.key.secure 2048 > /dev/null 2>&1
Christoph Galuschka 490c76
fi
Christoph Galuschka 490c76
if [ $? == 1 ]
Christoph Galuschka 490c76
  then t_Log "Creation of private key failed."
Christoph Galuschka 490c76
  ret_val=1
Christoph Galuschka 490c76
  exit
Christoph Galuschka 490c76
fi
Christoph Galuschka 490c76
Christoph Galuschka 490c76
#create default answer file
Christoph Galuschka 490c76
cat > $TESTDIR/openssl_answers<
Christoph Galuschka 490c76
[ req ]
Christoph Galuschka 490c76
default_bits       = 2048
Christoph Galuschka 490c76
distinguished_name = req_distinguished_name
Christoph Galuschka 490c76
string_mask        = nombstr
Christoph Galuschka 490c76
[ req_distinguished_name ]
Christoph Galuschka 490c76
countryName                     = Country Name (2 letter code)
Christoph Galuschka 490c76
countryName_default             = UK
Christoph Galuschka 490c76
stateOrProvinceName             = State or Province Name (full name)
Christoph Galuschka 490c76
stateOrProvinceName_default     = somestate
Christoph Galuschka 490c76
localityName                    = Locality Name (eg, city)
Christoph Galuschka 490c76
localityName_default            = somecity
Christoph Galuschka 490c76
0.organizationName              = Organization Name (eg, company)
Christoph Galuschka 490c76
0.organizationName_default      = CentOS-Project
Christoph Galuschka 490c76
organizationalUnitName          = Organizational Unit Name (eg, section)
Christoph Galuschka 490c76
organizationalUnitName_default  = CentOS
Christoph Galuschka 490c76
EOF
Christoph Galuschka 490c76
Christoph Galuschka 490c76
t_Log "creating server key"
Christoph Galuschka 490c76
if [ $centos_ver = 6 ]
Christoph Galuschka 490c76
  then
Christoph Galuschka 490c76
  openssl rsa -in $TESTDIR/server.key.secure -out $TESTDIR/server.key > /dev/null 2>&1
Christoph Galuschka 490c76
else
Christoph Galuschka 490c76
  openssl rsa -passin pass:centos -in $TESTDIR/server.key.secure -out $TESTDIR/server.key > /dev/null 2>&1
Christoph Galuschka 490c76
fi
Christoph Galuschka 490c76
if [ $? == 1 ]
Christoph Galuschka 490c76
  then t_Log "Creation of server key failed."
Christoph Galuschka 490c76
  ret_val=1
Christoph Galuschka 490c76
  exit
Christoph Galuschka 490c76
fi
Christoph Galuschka 490c76
Christoph Galuschka 490c76
openssl req -batch -config $TESTDIR/openssl_answers -new -key $TESTDIR/server.key -out $TESTDIR/server.csr > /dev/null 2>&1
Christoph Galuschka 490c76
if [ $? == 1 ]
Christoph Galuschka 490c76
  then t_Log "Creation of CSR failed."
Christoph Galuschka 490c76
  ret_val=1
Christoph Galuschka 490c76
  exit
Christoph Galuschka 490c76
fi
Christoph Galuschka 490c76
Christoph Galuschka 490c76
t_Log "creating server certificate"
Christoph Galuschka 490c76
openssl x509 -req -days 3600 -in $TESTDIR/server.csr -signkey $TESTDIR/server.key -out $TESTDIR/server.crt > /dev/null 2>&1
Christoph Galuschka 490c76
if [ $? == 1 ]
Christoph Galuschka 490c76
  then t_Log "Creation of CRT failed."
Christoph Galuschka 490c76
  ret_val=1
Christoph Galuschka 490c76
  exit
Christoph Galuschka 490c76
fi
Christoph Galuschka 490c76
Christoph Galuschka 490c76
#copy files to destinations
Christoph Galuschka 490c76
cp -a $TESTDIR/server.crt /etc/pki/tls/certs/
Christoph Galuschka 490c76
cp -a $TESTDIR/server.key /etc/pki/tls/private/
Christoph Galuschka 490c76
Christoph Galuschka 490c76
#adding parameters to postfix
Christoph Galuschka 490c76
cat >> /etc/postfix/main.cf <
Christoph Galuschka 490c76
smtpd_sasl_auth_enable = yes
Christoph Galuschka 490c76
broken_sasl_auth_clients = yes
Christoph Galuschka 490c76
smtpd_sasl_type = dovecot
Christoph Galuschka 490c76
smtpd_sasl_path = private/auth
Christoph Galuschka 490c76
smtpd_sasl_security_options = noanonymous
Christoph Galuschka 490c76
Christoph Galuschka 490c76
smtpd_tls_security_level = may
Christoph Galuschka 490c76
smtpd_tls_key_file = /etc/pki/tls/private/mail.example.com.key
Christoph Galuschka 490c76
smtpd_tls_cert_file = /etc/pki/tls/certs/mail.example.com.cert
Christoph Galuschka 490c76
# smtpd_tls_CAfile = /etc/pki/tls/root.crt
Christoph Galuschka 490c76
smtpd_tls_loglevel = 1
Christoph Galuschka 490c76
smtpd_tls_session_cache_timeout = 3600s
Christoph Galuschka 490c76
smtpd_tls_session_cache_database = btree:/var/spool/postfix/smtpd_tls_cache
Christoph Galuschka 490c76
tls_random_source = dev:/dev/urandom
Christoph Galuschka 490c76
smtpd_tls_auth_only = yes
Christoph Galuschka 490c76
Christoph Galuschka 490c76
smtpd_recipient_restrictions =
Christoph Galuschka 490c76
      permit_mynetworks,
Christoph Galuschka 490c76
      permit_sasl_authenticated,
Christoph Galuschka 490c76
      reject_unauth_destination
Christoph Galuschka 490c76
EOF
Christoph Galuschka 490c76
Christoph Galuschka 490c76
#adding parameters to dovecot
Christoph Galuschka 490c76
if [ $centos_ver = 5 ]
Christoph Galuschka 490c76
  then
Christoph Galuschka 490c76
  cat > /etc/dovecot.conf <
Christoph Galuschka 490c76
protocol imap {
Christoph Galuschka 490c76
}
Christoph Galuschka 490c76
protocol pop3 {
Christoph Galuschka 490c76
}
Christoph Galuschka 490c76
protocol lda {
Christoph Galuschka 490c76
  postmaster_address = postmaster@example.com
Christoph Galuschka 490c76
}
Christoph Galuschka 490c76
auth default {
Christoph Galuschka 490c76
  mechanisms = plain
Christoph Galuschka 490c76
  passdb pam {
Christoph Galuschka 490c76
  }
Christoph Galuschka 490c76
  userdb passwd {
Christoph Galuschka 490c76
  }
Christoph Galuschka 490c76
  user = root
Christoph Galuschka 490c76
  socket listen {
Christoph Galuschka 490c76
    client {
Christoph Galuschka 490c76
      path = /var/spool/postfix/private/auth
Christoph Galuschka 490c76
      mode = 0660
Christoph Galuschka 490c76
      user = postfix
Christoph Galuschka 490c76
      group = postfix
Christoph Galuschka 490c76
    }
Christoph Galuschka 490c76
  }
Christoph Galuschka 490c76
}
Christoph Galuschka 490c76
dict {
Christoph Galuschka 490c76
}
Christoph Galuschka 490c76
plugin {
Christoph Galuschka 490c76
}
Christoph Galuschka 490c76
EOF
Christoph Galuschka 490c76
else
Christoph Galuschka 490c76
  cat >> /etc/dovecot/dovecot.conf <
Christoph Galuschka 490c76
service auth {
Christoph Galuschka 490c76
  unix_listener /var/spool/postfix/private/auth {
Christoph Galuschka 490c76
    mode = 0660
Christoph Galuschka 490c76
    user = postfix
Christoph Galuschka 490c76
    group = postfix
Christoph Galuschka 490c76
  }
Christoph Galuschka 490c76
}
Christoph Galuschka 490c76
EOF
Christoph Galuschka 490c76
fi
Christoph Galuschka 490c76
Christoph Galuschka 490c76
#restarting services
Christoph Galuschka 490c76
t_ServiceControl postfix restart
Christoph Galuschka 490c76
t_ServiceControl dovecot restart
Christoph Galuschka 490c76
Christoph Galuschka 490c76
#Running test
Christoph Galuschka 490c76
t_Log "Testing if postfix accepts connections and offers STARTTLS"
Christoph Galuschka 490c76
echo "ehlo test" | nc -w 3 localhost 25 | grep -q 'STARTTLS'
Christoph Galuschka 490c76
ret_val=$?
Christoph Galuschka 490c76
Christoph Galuschka 490c76
# restoring changed files
Christoph Galuschka 490c76
mv -f /etc/postfix/main.cf_testing /etc/postfix/main.cf
Christoph Galuschka 490c76
if [ $centos_ver = 5 ]
Christoph Galuschka 490c76
  then
Christoph Galuschka 490c76
  mv -f /etc/dovecot.conf_testing /etc/dovecot.conf
Christoph Galuschka 490c76
else
Christoph Galuschka 490c76
  mv -f /etc/dovecot/dovecot.conf_testing /etc/dovecot/dovecot.conf
Christoph Galuschka 490c76
fi
Christoph Galuschka 490c76
rm -rf $TESTDIR/server.*
Christoph Galuschka 490c76
rm -rf /etc/pki/tls/certs/server.crt         
Christoph Galuschka 490c76
rm -rf /etc/pki/tls/private/server.key
Christoph Galuschka 490c76
Christoph Galuschka 490c76
t_CheckExitStatus $ret_val