This file is indexed.

/usr/bin/saslfinger is in sasl2-bin 2.1.25.dfsg1-3.

This file is owned by root:root, with mode 0o755.

The actual contents of the file can be viewed below.

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
#!/bin/bash
#
# Copyright © 2004 Patrick Koetter
# 
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or (at
# your option) any later version.
#
# This program is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
# General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program.  If not, see <http://www.gnu.org/licenses/>.
#

#####################################################################
#                          VARIABLES                                #
#####################################################################
# set -e
scriptname="${0##*/}"
scriptversion=1.0.4

declare -a sasl_dirs valid_sasl_lib_names

sasl_dirs=(/usr/lib/sasl \
/usr/lib64/sasl2 \
/var/lib/sasl \
/opt/lib/sasl \
/usr/lib/sasl2 \
/var/lib/sasl2 \
/opt/lib/sasl2 \
/usr/local/lib/sasl2 \
/etc/sasl2 \
/etc/postfix/sasl \
/etc/cyrus-sasl \
/usr/pkg/lib)

sasl_libs=(libsasl.so libsasl2.so)

#####################################################################
#                     COMMANDS AND FUNCTIONS                        #
#####################################################################

export PATH="/bin:/sbin:/usr/bin:/usr/sbin:$PATH"

function start () {
	echo "${scriptname} - postfix Cyrus sasl configuration $(date)"
	echo "version: ${scriptversion}"
	echo "mode: ${mode} SMTP AUTH"
}

function end () {
	echo "-- end of ${scriptname} output --"
}

function postconf_get () { 
	postconf -h ${1}; 
}

function get_saslpasswd () { 
	postconf -h smtp_sasl_password_maps | sed -e s/^.*://; 
}

function get_mail_version () {
	declare -a systems
	local systems=("/etc/redhat-release" "/etc/fedora-release" "/etc/slackware-version" "/etc/gentoo-release" "/etc/issue" "/etc/motd")
	echo "-- basics --"
	echo "Postfix: $(postconf_get mail_version)"
	for system in ${systems[@]}; do
		if [[ -e ${system} ]]; then
			echo "System: $(cat ${system})"
			break
		else
			continue
		fi
	done
}

function get_sasl_dirs () {
	local i=0
	local sasldir=""
	for sasldir in ${sasl_dirs[@]}; do
		if [ -d ${sasldir} ]; then
			valid_sasldirs[$i]=${sasldir}
			let "i = $i + 1"
		fi
	done
	if ! [[ ${valid_sasldirs[@]} ]]; then
		echo -e "\aCould not find any valid Cyrus SASL directories."
		echo "Cyrus SASL is required to setup SMTP AUTH!"
		exit 72
	fi
}


function get_sasl_support () {
	local sasllib=""
	echo "-- $1 is linked to --"
	for sasllib in ${sasl_libs[@]}; do
	local ldd_res="$(ldd "$(postconf_get daemon_directory)/${1}" | egrep -e "${sasllib}" 2>/dev/null)"
		if [ -n "${ldd_res}" ]; then
			echo "${ldd_res}"
		fi
	done
}


function get_smtp_dialogue () {
	echo "-- mechanisms on ${1} --"
	if echo "EHLO $HOSTNAME\r\nQUIT\r\n" | nc -w 1 -v ${1} 25 2>/dev/null | egrep "AUTH" 2>/dev/null; then
	  echo
	elif echo "EHLO $HOSTNAME\r\nQUIT\r\n" | netcat -w 1 -v ${1} 25 2>/dev/null | egrep "AUTH" 2>/dev/null; then
	  echo
	else
		(echo "EHLO $HOSTNAME"; sleep 2) | telnet ${1} 25 2>/dev/null | egrep "(AUTH)"
	fi
}


function get_maincf () {
	if test ${1} = "smtpd"; then
		local authparams="(^smtpd_sasl_*|broken_sasl_auth_clients|^smtpd_use_tls|^smtpd_tls_*)"
	elif test ${1} = "smtp"; then
		local authparams="(^smtp_sasl_*|^relayhost|^smtp_use_tls|^smtp_tls_*)"
	fi

	for daemon in ${1}; do
		echo "-- active SMTP AUTH and TLS parameters for ${1} --"
		if postconf -n | egrep -i ${authparams} 2> /dev/null; then
			continue
		else
			echo -e "\aNo active SMTP AUTH and TLS parameters for ${1} in main.cf!"
			echo "SMTP AUTH can't work!"
			exit 72
		fi
	done
}


function get_sasl_apps () {
	active_services[0]=""
	if [[ $(egrep -v "^#.*smtpd_sasl_application_name" $(postconf_get config_directory)/master.cf |\
		egrep "^.*smtpd_sasl_application_name" 2>/dev/null) ]]; then
		active_services=$(egrep -v "^#.*smtpd_sasl_application_name" $(postconf_get config_directory)/master.cf |\
			egrep "^.*smtpd_sasl_application_name" | sed 's/.*-o smtpd_sasl_application_name=//g' | awk '{print $1}')
	else
		active_services[0]="smtpd"
	fi
}

function get_service_config () {
# Add /etc/postfix/sasl to valid_sasldirs for Debian users.
sasl_dirs[100]="/etc/postfix/sasl"
	local o=1
	local sasldir=""
	local service=""
	for sasldir in ${sasl_dirs[@]}; do
		local i=1
		for service in ${active_services[@]}; do
			if [ -e ${sasldir}/${service}.conf ]; then
				valid_services[$i$o]=${sasldir}/${service}.conf
				let "i = $i + 1"
			elif ! [ -e ${sasldir}/${service}.conf ]; then
				continue
			fi
		done
	let "o+=1"
	done
	if ! [[ ${valid_services[@]} ]]; then
		echo; echo -e "\aThere is no smtpd.conf that defines what SASL should do for Postfix."
		echo "SMTP AUTH can't work!"; echo
		exit 72
	fi
}


function list_service_configs () {
	local smtpdconf=""
	for smtpdconf in ${valid_services[@]}; do
		echo "-- content of ${smtpdconf} --"
		cat ${smtpdconf} | sed -e 's/.*ldapdb_id.*/ldapdb_id: --- replaced ---/;s/.*sql_user:.*/sql_user: --- replaced ---/g;'\
				-e 's/.*ldapdb_pw:.*/ldapdb_pw: --- replaced ---/g;s/.*sql_passwd:.*/sql_passwd: --- replaced ---/g'
		echo
	done
}


function list_sasl_dirs () {
	local sasldir=""
	for sasldir in ${valid_sasldirs[@]}; do
		echo "-- listing of ${sasldir} --"; ls -alL ${sasldir}; echo
	done
}


function get_mastercf () {
	echo "-- active services in $(postconf_get config_directory)/master.cf --"
	echo "$(egrep "(^# service type|\(yes\))" $(postconf_get config_directory)/master.cf)"
	echo "$(cat $(postconf_get config_directory)/master.cf | egrep -v "^#")"
}


function check_saslpasswd () {
saslpasswd=$(postconf_get smtp_sasl_password_maps | sed -e s/^.*://)
if ! [ $(get_saslpasswd) ]; then
	echo -e "\aCannot find the smtp_sasl_password_maps parameter in main.cf."
	echo "Client-side SMTP AUTH cannot work without this parameter!"
	exit 78
elif [ -e $(get_saslpasswd) ]; then
	echo "-- permissions for $(get_saslpasswd) --"; echo "`ls -al ${saslpasswd}`"; echo
	if [ -e $(get_saslpasswd).db ]; then
		echo "-- permissions for $(get_saslpasswd).db --"; echo "`ls -al ${saslpasswd}.db`"; echo
		if [ $(get_saslpasswd) -nt $(get_saslpasswd).db ]; then
			echo -e "\a$(get_saslpasswd).db is older than $(get_saslpasswd)!"
			echo "Run the following command as root to sync $(get_saslpasswd).db:"
			echo;	echo -e "\tpostmap `postconf -h smtp_sasl_password_maps`"; echo
			exit 65
		else
			echo "$(get_saslpasswd).db is up to date."
		fi
	else
		echo; echo -e "\aThere is no $(get_saslpasswd).db!"
		exit 78
	fi
elif ! [ -e $(get_saslpasswd) ]; then
	echo; echo -e "\aYou have set smtp_sasl_password_maps = ${saslpasswd}"
	echo "in main.cf, but $(get_saslpasswd) does not seem to be there."
	echo "Please check and run ${scriptname} again."
	exit 78
fi
}


function get_smtp_dialogue_wrapper () {
local host=""
if [ -r $(get_saslpasswd) ]; then
	for host in $(awk '!/^#/ {print $1}' ${saslpasswd}); do
		get_smtp_dialogue ${host}; echo
	done
elif ! [ -r $(get_saslpasswd) ]; then
	echo -e "\aYou don't have the correct permissions to read $(get_saslpasswd)."
	echo "The telnet test, which gets the AUTH mechanisms offered by your remote"
	echo "MTA(s), requires reading this file. Become either root to access"
	echo "$(get_saslpasswd), or allow your current user, ${USER}, to read it."; echo
	exit 0
fi
}



function server () {
	mode="server-side"
	start; echo
	get_mail_version; echo
	get_sasl_support smtpd; echo
	get_maincf smtpd; echo
	get_sasl_dirs; echo
	list_sasl_dirs; echo
	get_sasl_apps; echo
	get_service_config; echo
	list_service_configs; echo
	get_mastercf; echo
	get_smtp_dialogue localhost; echo
	end; echo
	exit 0
}


function client () {
	mode="client-side"
	start; echo
	get_mail_version;	echo
	get_sasl_support smtp; echo
	get_maincf smtp; echo
	get_sasl_dirs; echo
	list_sasl_dirs;	echo
	check_saslpasswd;	echo
	get_mastercf; echo
	get_smtp_dialogue_wrapper; echo
	end; echo
	exit 0
}


function usage () {
	echo; echo "saslfinger -s"; echo -e "\tCheck server-side SMTP AUTH configuration"
	echo; echo "saslfinger -c"; echo -e "\tCheck client-side SMTP AUTH configuration"
	echo; echo "saslfinger -h"; echo -e "\tPrint this message."
	echo; echo "Read man (1) saslfinger for a detailed discussion on what"; echo "${scriptname} may do for you."
	echo; exit 0
}

no_args=0
if [ ${#} -eq ${no_args} ]; then
	echo; echo -e "\aUsage: `basename ${0}` [-chs]"
	echo "Use \"`basename ${0}` -h\" to find out what the options mean."
	echo; exit 65
fi 

while getopts "chs" option; do
  case ${option} in
	c ) client;;
	s ) server;;
	h ) usage;;
  esac
done
shift $(($OPTIND - 1))

exit 0