X-Git-Url: http://git.freeside.biz/gitweb/?a=blobdiff_plain;f=rt%2Fbin%2Frt-mailgate;h=5148aa541d52067130f98411b463cdb0abb2a297;hb=5b3efac57771fbc37874a3dd39d3df835cdd6133;hp=e6f0d95c5d3963605889ce9398c95c8a4a60d8e4;hpb=c0567c688084e89fcd11bf82348b6c418f1254ac;p=freeside.git diff --git a/rt/bin/rt-mailgate b/rt/bin/rt-mailgate index e6f0d95c5..5148aa541 100755 --- a/rt/bin/rt-mailgate +++ b/rt/bin/rt-mailgate @@ -1,367 +1,526 @@ -#!!!PERL!! -w +#!/usr/bin/perl +# BEGIN BPS TAGGED BLOCK {{{ +# +# COPYRIGHT: +# +# This software is Copyright (c) 1996-2014 Best Practical Solutions, LLC +# +# +# (Except where explicitly superseded by other copyright notices) +# +# +# LICENSE: +# +# This work is made available to you under the terms of Version 2 of +# the GNU General Public License. A copy of that license should have +# been provided with this software, but in any event can be snarfed +# from www.gnu.org. +# +# This work is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +# 02110-1301 or visit their web page on the internet at +# http://www.gnu.org/licenses/old-licenses/gpl-2.0.html. +# +# +# CONTRIBUTION SUBMISSION POLICY: +# +# (The following paragraph is not intended to limit the rights granted +# to you to modify and distribute this software under the terms of +# the GNU General Public License and is only of importance to you if +# you choose to contribute your changes and enhancements to the +# community by submitting them to Best Practical Solutions, LLC.) +# +# By intentionally submitting any modifications, corrections or +# derivatives to this work, or any other work intended for use with +# Request Tracker, to Best Practical Solutions, LLC, you confirm that +# you are the copyright holder for those contributions and you grant +# Best Practical Solutions, LLC a nonexclusive, worldwide, irrevocable, +# royalty-free, perpetual, license to use, copy, create derivative +# works based on those contributions, and sublicense and distribute +# those contributions and any derivatives thereof. +# +# END BPS TAGGED BLOCK }}} +=head1 NAME + +rt-mailgate - Mail interface to RT. + +=cut -# $Header: /home/cvs/cvsroot/freeside/rt/bin/rt-mailgate,v 1.1 2002-08-12 06:17:07 ivan Exp $ -# (c) 1996-2001 Jesse Vincent -# This software is redistributable under the terms of the GNU GPL - - -package RT; use strict; -use vars qw($VERSION $Handle $Nobody $SystemUser); +use warnings; -$VERSION="!!RT_VERSION!!"; +use Getopt::Long; +my $opts = { }; +GetOptions( $opts, "queue=s", "action=s", "url=s", + "jar=s", "help", "debug", "extension=s", + "timeout=i", "verify-ssl!", "ca-file=s", + ); -use lib "!!RT_LIB_PATH!!"; -use lib "!!RT_ETC_PATH!!"; +my $gateway = RT::Client::MailGateway->new(); -use RT::Interface::Email qw(CleanEnv LoadConfig DBConnect - GetCurrentUser - GetMessageContent - CheckForLoops - CheckForSuspiciousSender - CheckForAutoGenerated - ParseMIMEEntityFromSTDIN - ParseTicketId - MailError - ParseCcAddressesFromHead - ParseSenderAddressFromHead - ParseErrorsToAddressFromHead - ); +$gateway->run($opts); -#Clean out all the nasties from the environment -CleanEnv(); +package RT::Client::MailGateway; -#Load etc/config.pm and drop privs -LoadConfig(); +use LWP::UserAgent; +use HTTP::Request::Common qw($DYNAMIC_FILE_UPLOAD); +use File::Temp qw(tempfile tempdir); +$DYNAMIC_FILE_UPLOAD = 1; -#Connect to the database and get RT::SystemUser and RT::Nobody loaded -DBConnect(); +use constant EX_TEMPFAIL => 75; +use constant BUFFER_SIZE => 8192; -#Drop setgid permissions -RT::DropSetGIDPermissions(); +sub new { + my $class = shift; + my $self = bless {}, $class; + return $self; +} -use RT::Ticket; -use RT::Queue; -use MIME::Parser; -use File::Temp; -use Mail::Address; +sub run { + my $self = shift; + my $opts = shift; + if ( $opts->{running_in_test_harness} ) { + $self->{running_in_test_harness} = 1; + } -#Set some sensible defaults -my $Queue = 1; -my $time = time; -my $Action = "correspond"; + $self->validate_cli_flags($opts); -my ($Verbose, $ReturnTid, $Debug); -my ($From, $TicketId, $Subject,$SquelchReplies); + my $ua = $self->get_useragent($opts); + my $post_params = $self->setup_session($opts); + $self->upload_message( $ua => $post_params ); + $self->exit_with_success(); +} -# using --owner-from-extension, this will let you set ticket owner on create -my $AssignTicketTo = undef; -my ($status, $msg); +sub exit_with_success { + my $self = shift; + if ( $self->{running_in_test_harness} ) { + return 1; + } else { + exit 0; + } +} -# {{{ parse commandline +sub tempfail { + my $self = shift; + if ( $self->{running_in_test_harness} ) { + die "tempfail"; + } else { -while (my $flag = shift @ARGV) { - if (($flag eq '-v') or ($flag eq '--verbose')) { - $Verbose = 1; + exit EX_TEMPFAIL; } - if (($flag eq '-t') or ($flag eq '--ticketid')) { - $ReturnTid = 1; +} + +sub permfail { + my $self = shift; + if ( $self->{running_in_test_harness} ) { + die "permfail"; + } else { + + exit 1; } - - if (($flag eq '-d') or ($flag eq '--debug')) { - $RT::Logger->debug("Debug mode enabled\n"); - $Debug = 1; - } - - if (($flag eq '-q') or ($flag eq '--queue')) { - $Queue = shift @ARGV; - } - if ($flag eq '--ticket-id-from-extension') { - $TicketId = $ENV{'EXTENSION'}; +} + +sub validate_cli_flags { + my $self = shift; + my $opts = shift; + if ( $opts->{'help'} ) { + require Pod::Usage; + Pod::Usage::pod2usage( { verbose => 2 } ); + return $self->permfail() + ; # Don't want to succeed if this is really an email! } - if ($flag eq '--queue-from-extension') { - $Queue = $ENV{'EXTENSION'}; + + unless ( $opts->{'url'} ) { + print STDERR + "$0 invoked improperly\n\nNo 'url' provided to mail gateway!\n"; + return $self->permfail(); } - if ($flag eq '--owner-from-extension') { - $AssignTicketTo = $ENV{'EXTENSION'}; + + if (($opts->{'ca-file'} or $opts->{"verify-ssl"}) + and not LWP::UserAgent->can("ssl_opts")) { + print STDERR "Verifying SSL certificates requires LWP::UserAgent 6.0 or higher.\n"; + return $self->tempfail(); } - if (($flag eq '-a') or ($flag eq '--action')) { - $Action = shift @ARGV; - } - - + $opts->{"verify-ssl"} = 1 unless defined $opts->{"verify-ssl"}; } -# }}} +sub get_useragent { + my $self = shift; + my $opts = shift; + my $ua = LWP::UserAgent->new(); + $ua->cookie_jar( { file => $opts->{'jar'} } ) if $opts->{'jar'}; -# get the current mime entity from stdin -my ($entity, $head) = ParseMIMEEntityFromSTDIN(); + if ( $ua->can("ssl_opts") ) { + $ua->ssl_opts( verify_hostname => $opts->{'verify-ssl'} ); + $ua->ssl_opts( SSL_ca_file => $opts->{'ca-file'} ) + if $opts->{'ca-file'}; + } -#Get someone to send runtime errors to; -my $ErrorsTo = ParseErrorsToAddressFromHead($head); + return $ua; +} -#Get us a current user object. -my $CurrentUser = GetCurrentUser($head, $entity, $ErrorsTo); +sub setup_session { + my $self = shift; + my $opts = shift; + my %post_params; + foreach (qw(queue action)) { + $post_params{$_} = $opts->{$_} if defined $opts->{$_}; + } -# We've already performed a warning and sent the mail off to somewhere safe ($RTOwner). -# this is _exceedingly_ unlikely but we don't want to keep going if we don't have a current user + if ( ( $opts->{'extension'} || '' ) =~ /^(?:action|queue|ticket)$/i ) { + $post_params{ lc $opts->{'extension'} } = $ENV{'EXTENSION'} + || $opts->{ $opts->{'extension'} }; + } elsif ( $opts->{'extension'} && $ENV{'EXTENSION'} ) { + print STDERR + "Value of the --extension argument is not action, queue or ticket" + . ", but environment variable EXTENSION is also defined. The former is ignored.\n"; + } -unless ($CurrentUser->Id) { - exit(1); -} + # add ENV{'EXTENSION'} as X-RT-MailExtension to the message header + if ( my $value = ( $ENV{'EXTENSION'} || $opts->{'extension'} ) ) { -my $MessageId = $head->get('Message-Id') || - ""; + # prepare value to avoid MIME format breakage + # strip trailing newline symbols + $value =~ s/(\r*\n)+$//; -#Pull apart the subject line -$Subject = $head->get('Subject') || "[no subject]"; -chomp $Subject; + # make a correct multiline header field, + # with tabs in the beginning of each line + $value =~ s/(\r*\n)/$1\t/g; + $opts->{'headers'} .= "X-RT-Mail-Extension: $value\n"; + } + + # Read the message in from STDIN + # _raw_message is used for testing + my $message = $opts->{'_raw_message'} || $self->slurp_message(); + unless ( $message->{'filename'} ) { + $post_params{'message'} = [ + undef, '', + 'Content-Type' => 'application/octet-stream', + Content => ${ $message->{'content'} }, + ]; + } else { + $post_params{'message'} = [ + $message->{'filename'}, '', + 'Content-Type' => 'application/octet-stream', + ]; + } -# Get the ticket ID unless it's already set -$TicketId = ParseTicketId($Subject) unless ($TicketId); + return \%post_params; +} -#Set up a queue object -my $QueueObj = RT::Queue->new($CurrentUser); -$QueueObj->Load($Queue); -unless ($QueueObj->id ) { +sub upload_message { + my $self = shift; + my $ua = shift; + my $post_params = shift; + my $full_url = $opts->{'url'} . "/REST/1.0/NoAuth/mail-gateway"; + print STDERR "$0: connecting to $full_url\n" if $opts->{'debug'}; - MailError(To => $RT::OwnerEmail, - Subject => "RT Bounce: $Subject", - Explanation => "RT couldn't find the queue: $Queue", - MIMEObj => $entity); + $ua->timeout( exists( $opts->{'timeout'} ) ? $opts->{'timeout'} : 180 ); + my $r = $ua->post( $full_url, $post_params, Content_Type => 'form-data' ); + $self->check_failure($r); -} + my $content = $r->content; + print STDERR $content . "\n" if $opts->{'debug'}; -# {{{ Lets check for mail loops of various sorts. + return if ( $content =~ /^(ok|not ok)/ ); -my $IsAutoGenerated = CheckForAutoGenerated($head); + # It's not the server's fault if the mail is bogus. We just want to know that + # *something* came out of the server. + print STDERR <tempfail(); +} -#If the message is autogenerated, we need to know, so we can not -# send mail to the sender -if ($IsSuspiciousSender || $IsAutoGenerated || $IsALoop) { - $SquelchReplies = 1; +sub check_failure { + my $self = shift; + my $r = shift; + return if $r->is_success; - $ErrorsTo = $RT::OwnerEmail; - - #TODO: Is what we want to do here really - # "Make the requestor cease to get mail from RT"? - # This might wreak havoc with vacation-mailing users. - # Maybe have a "disabled for bouncing" state that gets - # turned off when we get a legit incoming message + # XXX TODO 4.2: Remove the multi-line error strings in favor of something more concise + print STDERR <<" ERROR"; +An Error Occurred +================= +@{[ $r->status_line ]} + ERROR + print STDERR "\n$0: undefined server error\n" if $opts->{'debug'}; + return $self->tempfail(); } +sub slurp_message { + my $self = shift; + + local $@; + + my %message; + my ( $fh, $filename ) + = eval { tempfile( DIR => tempdir( CLEANUP => 1 ) ) }; + if ( !$fh || $@ ) { + print STDERR "$0: Couldn't create temp file, using memory\n"; + print STDERR "error: $@\n" if $@; + + my $message = \do { local ( @ARGV, $/ ); }; + unless ( $$message =~ /\S/ ) { + print STDERR "$0: no message passed on STDIN\n"; + $self->exit_with_success; + } + $$message = $opts->{'headers'} . $$message if $opts->{'headers'}; + return ( { content => $message } ); + } + + binmode $fh; + binmode \*STDIN; + + print $fh $opts->{'headers'} if $opts->{'headers'}; + + my $buf; + my $empty = 1; + while (1) { + my $status = read \*STDIN, $buf, BUFFER_SIZE; + unless ( defined $status ) { + print STDERR "$0: couldn't read message: $!\n"; + return $self->tempfail(); + } elsif ( !$status ) { + last; + } + $empty = 0 if $buf =~ /\S/; + print $fh $buf; + } + close $fh; -# {{{ Warn someone if it's a loop - -# Warn someone if it's a loop, before we drop it on the ground -if ($IsALoop) { - $RT::Logger->crit("RT Received mail ($MessageId) from itself."); - - #Should we mail it to RTOwner? - if ($RT::LoopsToRTOwner) { - MailError(To => $RT::OwnerEmail, - Subject => "RT Bounce: $Subject", - Explanation => "RT thinks this message may be a bounce", - MIMEObj => $entity); - - #Do we actually want to store it? - exit unless ($RT::StoreLoops); + if ($empty) { + print STDERR "$0: no message passed on STDIN\n"; + $self->exit_with_success; } + print STDERR "$0: temp file is '$filename'\n" if $opts->{'debug'}; + return ( { filename => $filename } ); } -# }}} +=head1 SYNOPSIS + rt-mailgate --help : this text - #Don't let the user stuff the RT-Squelch-Replies-To header. - if ($head->get('RT-Squelch-Replies-To')) { - $head->add('RT-Relocated-Squelch-Replies-To', - $head->get('RT-Squelch-Replies-To')); - $head->delete('RT-Squelch-Replies-To') - } +Usual invocation (from MTA): + rt-mailgate --action (correspond|comment|...) --queue queuename + --url http://your.rt.server/ + [ --debug ] + [ --extension (queue|action|ticket) ] + [ --timeout seconds ] -if ($SquelchReplies) { - ## TODO: This is a hack. It should be some other way to - ## indicate that the transaction should be "silent". - my ($Sender, $junk) = ParseSenderAddressFromHead($head); - $head->add('RT-Squelch-Replies-To', $Sender); -} -# }}} +=head1 OPTIONS +=over 3 -# {{{ If we require that the sender be found in an external DB and they're not -# forward this message to RTOwner +=item C<--action> +Specifies what happens to email sent to this alias. The avaliable +basic actions are: C, C. -if ($RT::LookupSenderInExternalDatabase && - $RT::SenderMustExistInExternalDatabase ) { +If you've set the RT configuration variable B<< C >>, +C and C are also available. You can execute two or more +actions on a single message using a C<-> separated list. RT will execute +the actions in the listed order. For example you can use C, +C or C as actions. - MailError(To => $RT::OwnerEmail, - Subject => "RT Bounce: $Subject", - Explanation => "RT couldn't find requestor via its external database lookup", - MIMEObj => $entity); - -} +Note that C and C actions ignore message text if used +alone. Include a C or C action if you want RT +to record the incoming message. -# }}} - -# {{{ elsif we don't have a ticket Id, we're creating a new ticket - - - -elsif (!defined($TicketId)) { - - # {{{ Create a new ticket - if ($Action =~ /correspond/) { - - # open a new ticket - my @Requestors = ($CurrentUser->id); - - my @Cc; - if ($RT::ParseNewMessageForTicketCcs) { - @Cc = ParseCcAddressesFromHead(Head => $head, - CurrentUser => $CurrentUser, - QueueObj => $QueueObj ); - } - - my $Ticket = new RT::Ticket($CurrentUser); - my ($id, $Transaction, $ErrStr) = - $Ticket->Create ( Queue => $Queue, - Subject => $Subject, - Owner => $AssignTicketTo, - Requestor => \@Requestors, - Cc => \@Cc, - MIMEObj => $entity - ); - if ($id == 0 ) { - MailError( To => $ErrorsTo, - Subject => "Ticket creation failed", - Explanation => $ErrStr, - MIMEObj => $entity - ); - $RT::Logger->error("Create failed: $id / $Transaction / $ErrStr "); - } - } +The default action is C. - # }}} - - else { - #TODO Return an error message - MailError( To => $ErrorsTo, - Subject => "No ticket id specified", - Explanation => "$Action aliases require a TicketId to work on", - MIMEObj => $entity - ); - - $RT::Logger->crit("$Action aliases require a TicketId to work on ". - "(from ".$CurrentUser->UserObj->EmailAddress.") ". - $MessageId); - } -} +=item C<--queue> -# }}} - -# {{{ If we've got a ticket ID, update the ticket - -else { - - # If the action is comment, add a comment. - if ($Action =~ /comment/i){ - - my $Ticket = new RT::Ticket($CurrentUser); - $Ticket->Load($TicketId); - unless ($Ticket->Id) { - MailError( To => $ErrorsTo, - Subject => "Comment not recorded", - Explanation => "Could not find a ticket with id $TicketId", - MIMEObj => $entity - ); - #Return an error message saying that Ticket "#foo" wasn't found. - } - - ($status, $msg) = $Ticket->Comment(MIMEObj=>$entity); - unless ($status) { - #Warn the sender that we couldn't actually submit the comment. - MailError( To => $ErrorsTo, - Subject => "Comment not recorded", - Explanation => $msg, - MIMEObj => $entity - ); - } - } +This flag determines which queue this alias should create a ticket in if no ticket identifier +is found. - # If the message is correspondence, add it to the ticket - elsif ($Action =~ /correspond/i) { - my $Ticket = RT::Ticket->new($CurrentUser); - $Ticket->Load($TicketId); - - #TODO: Check for error conditions - ($status, $msg) = $Ticket->Correspond(MIMEObj => $entity); - unless ($status) { - - #Return mail to the sender with an error - MailError( To => $ErrorsTo, - Subject => "Correspondence not recorded", - Explanation => $msg, - MIMEObj => $entity - ); - } - } +=item C<--url> - else { - #Return mail to the sender with an error - MailError( To => $ErrorsTo, - Subject => "RT Configuration error", - Explanation => "'$Action' not a recognized action.". - " Your RT administrator has misconfigured ". - "the mail aliases which invoke RT" , - MIMEObj => $entity - ); - - $RT::Logger->crit("$Action type unknown for $MessageId"); - - } - -} +This flag tells the mail gateway where it can find your RT server. You should +probably use the same URL that users use to log into RT. -# }}} +If your RT server uses SSL, you will need to install additional Perl +libraries. RT will detect and install these dependencies if you pass the +C<--enable-ssl-mailgate> flag to configure as documented in RT's README. -$RT::Handle->Disconnect(); +If you have a self-signed SSL certificate, you may also need to pass +C<--ca-file> or C<--no-verify-ssl>, below. +=item C<--ca-file> I -# Everything below this line is a helper sub. most of them will eventually -# move to Interface::Email +Specifies the path to the public SSL certificate for the certificate +authority that should be used to verify the website's SSL certificate. +If your webserver uses a self-signed certificate, you should +preferentially use this option over C<--no-verify-ssl>, as it will +ensure that the self-signed certificate that the mailgate is seeing the +I self-signed certificate. -#When we call die, trap it and log->crit with the value of the die. -$SIG{__DIE__} = sub { - unless ($^S || !defined $^S ) { - $RT::Logger->crit("$_[0]"); - MailError( To => $ErrorsTo, - Bcc => $RT::OwnerEmail, - Subject => "RT Critical error. Message not recorded!", - Explanation => "$_[0]", - MIMEObj => $entity - ); - exit(-1); - } - else { - #Get out of here if we're in an eval - die $_[0]; - } -}; +=item C<--no-verify-ssl> + +This flag tells the mail gateway to trust all SSL certificates, +regardless of if their hostname matches the certificate, and regardless +of CA. This is required if you have a self-signed certificate, or some +other certificate which is not traceable back to an certificate your +system ultimitely trusts. + +Verifying SSL certificates requires L version 6.0 or +higher; explicitly passing C<--verify-ssl> on prior versions will error. + +=item C<--extension> OPTIONAL + +Some MTAs will route mail sent to user-foo@host or user+foo@host to user@host +and present "foo" in the environment variable $EXTENSION. By specifying +the value "queue" for this parameter, the queue this message should be +submitted to will be set to the value of $EXTENSION. By specifying +"ticket", $EXTENSION will be interpreted as the id of the ticket this message +is related to. "action" will allow the user to specify either "comment" or +"correspond" in the address extension. + +=item C<--debug> OPTIONAL + +Print debugging output to standard error + + +=item C<--timeout> OPTIONAL + +Configure the timeout for posting the message to the web server. The +default timeout is 3 minutes (180 seconds). + +=back + + +=head1 DESCRIPTION + +The RT mail gateway is the primary mechanism for communicating with RT +via email. This program simply directs the email to the RT web server, +which handles filing correspondence and sending out any required mail. +It is designed to be run as part of the mail delivery process, either +called directly by the MTA or C, or in a F<.forward> or +equivalent. + +=head1 SETUP + +Much of the set up of the mail gateway depends on your MTA and mail +routing configuration. However, you will need first of all to create an +RT user for the mail gateway and assign it a password; this helps to +ensure that mail coming into the web server did originate from the +gateway. + +Next, you need to route mail to C for the queues you're +monitoring. For instance, if you're using F and you have a +"bugs" queue, you will want something like this: + + bugs: "|/opt/rt4/bin/rt-mailgate --queue bugs --action correspond + --url http://rt.mycorp.com/" + + bugs-comment: "|/opt/rt4/bin/rt-mailgate --queue bugs --action comment + --url http://rt.mycorp.com/" + +Note that you don't have to run your RT server on your mail server, as +the mail gateway will happily relay to a different machine. + +=head1 CUSTOMIZATION + +By default, the mail gateway will accept mail from anyone. However, +there are situations in which you will want to authenticate users +before allowing them to communicate with the system. You can do this +via a plug-in mechanism in the RT configuration. + +You can set the array C<@MailPlugins> to be a list of plugins. The +default plugin, if this is not given, is C - that is, +authentication of the person is done based on the C header of the +email. If you have additional filters or authentication mechanisms, you +can list them here and they will be called in order: + + Set( @MailPlugins => + "Filter::SpamAssassin", + "Auth::LDAP", + # ... + ); + +See the documentation for any additional plugins you have. + +You may also put Perl subroutines into the C<@MailPlugins> array, if +they behave as described below. + +=head1 WRITING PLUGINS + +What's actually going on in the above is that C<@MailPlugins> is a +list of Perl modules; RT prepends C to the name, +to form a package name, and then C's this module. The module is +expected to provide a C subroutine, which takes a hash of +several parameters: + +=over 4 + +=item Message + +A C object representing the email + +=item CurrentUser + +An C object + +=item AuthStat + +The authentication level returned from the previous plugin. + +=item Ticket [OPTIONAL] + +The ticket under discussion + +=item Queue [OPTIONAL] + +If we don't already have a ticket id, we need to know which queue we're talking about + +=item Action + +The action being performed. At the moment, it's one of "comment" or "correspond" + +=back + +It returns two values, the new C object, and the new +authentication level. The authentication level can be zero, not allowed +to communicate with RT at all, (a "permission denied" error is mailed to +the correspondent) or one, which is the normal mode of operation. +Additionally, if C<-1> is returned, then the processing of the plug-ins +stops immediately and the message is ignored. + +=head1 ENVIRONMENT + +=over 4 + +=item EXTENSION + +Some MTAs will route mail sent to user-foo@host or user+foo@host to user@host +and present "foo" in the environment variable C. Mailgate adds value +of this variable to message in the C field of the message +header. + +See also C<--extension> option. Note that value of the environment variable is +always added to the message header when it's not empty even if C<--extension> +option is not provided. +=back +=cut -1;