From 895f465ba505736de7675b908128642c0d9a9586 Mon Sep 17 00:00:00 2001 From: Gregory White Date: Tue, 13 Sep 2016 13:26:23 -0700 Subject: [PATCH 1/4] Updated Perl script to use a newer email library that allows authentication. --- .../artifacts/scripts/sbacProcessXML.pl | 88 ++++++++----------- 1 file changed, 39 insertions(+), 49 deletions(-) mode change 100755 => 100644 sbacInstaller/artifacts/scripts/sbacProcessXML.pl diff --git a/sbacInstaller/artifacts/scripts/sbacProcessXML.pl b/sbacInstaller/artifacts/scripts/sbacProcessXML.pl old mode 100755 new mode 100644 index 046cac3..60612db --- a/sbacInstaller/artifacts/scripts/sbacProcessXML.pl +++ b/sbacInstaller/artifacts/scripts/sbacProcessXML.pl @@ -1,12 +1,16 @@ #!/usr/bin/perl use strict; +use warnings; use Net::LDAP; use Net::LDAP::Util qw(ldap_error_text); use Net::SMTP; use File::Copy qw(move); use LWP::UserAgent; use HTTP::Request; +use Email::Sender::Simple qw(sendmail); +use Email::Stuffer; +use Email::Sender::Transport::SMTPS (); ################################################################################################### # Educational Online Test Delivery System # @@ -36,6 +40,8 @@ # # # Change Log: # # # +# 09/09/2016 - Updated email subroutine to use new libraries that allow email authentication # +# w/server # # 11/27/2015 - Modified processPasswordReset() to allow optional app defined message to be # # included in password reset message. # # 02/27/2015 - Added translation of encoded CERs to Tenancy Chain received through XML # @@ -95,8 +101,8 @@ # Control Variables - these variables controle the flow and/or output in the script (defaults shown in parentheses) -my $consoleOutput = 0; # (0) - 0 = disable console messages; 1 = enable console messages -my $sendHTTPResponse = 1; # (1) - 0 = do not send HTTP response; 1 = send HTTP response +my $consoleOutput = 1; # (0) - 0 = disable console messages; 1 = enable console messages +my $sendHTTPResponse = 0; # (1) - 0 = do not send HTTP response; 1 = send HTTP response my $sendEmailResponse = 1; # (1) - 0 = do not send email response; 1 = send email response my $extendedLogging = 1; # (1) - 0 = disable extended logging; 1 = enable extended logging my $emailOverride = 0; # (0) - 0 = use email addr from file; 1 = explicitly specify email addr @@ -104,24 +110,27 @@ # Environmental Variables - these variables may be customized to reflect your environment -my $inputXMLFileDir = "[XML-UPLOAD]"; # full path where the XML files are uploaded -my $processedFileDir = "[PROCESSED-FILES]"; # full path where the XML files are stored after processing -my $httpResponseServer = "[CALLBACK-URL]"; # HTTP server URL for response +my $inputXMLFileDir = "[XML-UPLOAD]"; # folder where the XML files are uploaded +my $processedFileDir = "[PROCESSED-FILES]"; # folder where the XML files are stored after processing +my $httpResponseServer = "[CALLBACK-URL]"; # HTTP server for callback response my $ldapHost = "[LDAP-HOST]"; # host name of the OpenDJ server my $ldapPort = "[LDAP-PORT]"; # port number of the OpenDJ server -my $ldapBindDN = "[BIND-DN]"; # administrative user on the OpenDJ server for managing accounts (i.e. cn=XXX Admin) -my $ldapBindPass = "[BIND-PASSWORD]"; # password for the administrative user -my $ldapBaseDN = "[BASEDN]"; # path in LDAP Server directory tree where the users may be found -my $ldapTimeout = "10"; # how long to wait (in seconds) for a connection to the LDAP server before timing out +my $ldapBindDN = "[BIND-DN]"; # replace with the bindDN of a service account or rootDN with permissions +my $ldapBindPass = "[BIND-PASSWORD]"; # replace with password of the OpenDJ service account +my $ldapBaseDN = "[BASEDN]"; # location where the users may be found +my $ldapTimeout = "10"; # how long to wait for a connection to the LDAP server before timing out # Email Variables - these variables are specific to subroutines which generate emails -my $fromAddress = '[EMAIL-SENDER]'; # all email will come from this email address (i.e. bill.nelson@identityfusion.com) -my $fromPerson = '[EMAIL-NAME'; # the name of the person sending the email (i.e. Bill Nelson) -my $emailAddrOverride = '[OVERRIDE-EMAIL]'; # when $emailOverride flag is set, send recipient's email to this addr instead of recipient +my $fromAddress = '[EMAIL-SENDER]'; # all email will come from this email address +my $fromPerson = '[EMAIL-NAME'; # the name of the person sending the email +my $emailAddrOverride = '[OVERRIDE-EMAIL]'; # when $emailOverride flag is set, send recipient's email to this addr my $adminEmail = '[ADMIN-EMAIL]'; # email address of user who is monitoring script results -my $emailServer = "[EMAIL-SERVER]"; # email server (i.e. mail.foo.com:10025) my $defaultPassword = "[DEFAULT-PASSWORD]"; # default password for test users +my $smtpServer = '[SMTP-SERVER]'; # replace with your email server +my $smtpPort = 25; # port to connect to on smtp server +my $smtpUser = '[EMAIL-AUTHENTICATION-USER]'; # replace with your email server username +my $smtpPassword = '[EMAIL-AUTHENTICATION-PASSWORD]'; # replace with your email server password # Script Specific Variables - these are used within the processing of the script @@ -1553,19 +1562,17 @@ sub processNotifyAction { sub sendEmail { # get parameters - my ($emailSubject,$emailBody,$toAddress,$fromAddress,$emailType) = @_; - - # Open a connection to the email server (Net::SMTP support authentication if necessary) - my $smtp = Net::SMTP->new("$emailServer") or warn "Could not connect to email server!\n"; - - # Start the SMTP session - - # Uncomment and complete the following if authentication is required - # $smtp->auth($smtpuser, $smtppassword); - # $smtp->auth('AKIAJDK3WMPAGGC4ZCHQ', 'AuVbKKTGdJYkq6C+z78iZBSJkkw86PVFft4FHenBcjqC'); - - $smtp->mail( $fromAddress ); # use the MAIL command to provide the sender's email address - $smtp->to( $toAddress ); # use the TO command to provide the recipient's email address + my ($emailSubject,$emailBody,$toAddress,$fromAddress,$emailType, $smtpServer, $smtpPort, $smtpUser, $smtpPassword) = @_; + updateLog("DEBUG", "\nsubject=$_[0], body=$_[1], toAddress=$_[2], fromAddress=$_[3], emailType=$_[4], smtpServer=_[5], smtpPort=_[6], smtpUser=_[7], smtpPassword=_[8]\n"); + + my $email = Email::Stuffer->from($fromAddress)->to($toAddress)->subject($emailSubject)->html_body($emailBody)->email; + my $transport = Email::Sender::Transport::SMTPS->new({ + host => $smtpServer, + port => $smtpPort, + ssl => "starttls", + sasl_username => $smtpUser, + sasl_password => $smtpPassword, + }); # Don't include additional recipients on non-admin email (the emailType will be either Admin or User) if ($emailType eq "Admin") { @@ -1577,35 +1584,18 @@ sub sendEmail { my $emailListRecipient; foreach $emailListRecipient (@emailList) { - $smtp->to( $emailListRecipient ); + $email->to( $emailListRecipient ); # Send message to log file indicating that the file has been moved updateLog("INFO", "\"Including $emailListRecipient on the email distribution list.\""); - } - } + } + } - } - - # Start the DATA for the SMTP session - - $smtp->data(); - $smtp->datasend("MIME-Version: 1.0\n"); - $smtp->datasend("Content-Type: text/html; charset=us-ascii\n"); + } - # Send the header. - $smtp->datasend("From: " . $fromAddress . "($fromPerson)\n"); - $smtp->datasend("To: " . $toAddress . "\n"); - $smtp->datasend("Subject: " . $emailSubject . "\n"); - $smtp->datasend("\n"); - $smtp->datasend("\n"); + sendmail($email, { transport => $transport }); - # Send the body. - $smtp->datasend( $emailBody ); - $smtp->datasend("\n"); - $smtp->dataend(); - $smtp->quit; - -return 1; + return 1; } # end of sendEmail() From fcfad593848d1eee56134214eed7c479c9dfd6a1 Mon Sep 17 00:00:00 2001 From: Gregory White Date: Wed, 14 Sep 2016 09:24:48 -0700 Subject: [PATCH 2/4] Added ability to choose whether or not to use email authentication and reset script options to default --- .../artifacts/scripts/sbacProcessXML.pl | 30 ++++++++++++------- 1 file changed, 19 insertions(+), 11 deletions(-) diff --git a/sbacInstaller/artifacts/scripts/sbacProcessXML.pl b/sbacInstaller/artifacts/scripts/sbacProcessXML.pl index 60612db..8b93266 100644 --- a/sbacInstaller/artifacts/scripts/sbacProcessXML.pl +++ b/sbacInstaller/artifacts/scripts/sbacProcessXML.pl @@ -101,9 +101,10 @@ # Control Variables - these variables controle the flow and/or output in the script (defaults shown in parentheses) -my $consoleOutput = 1; # (0) - 0 = disable console messages; 1 = enable console messages -my $sendHTTPResponse = 0; # (1) - 0 = do not send HTTP response; 1 = send HTTP response +my $consoleOutput = 0; # (0) - 0 = disable console messages; 1 = enable console messages +my $sendHTTPResponse = 1; # (1) - 0 = do not send HTTP response; 1 = send HTTP response my $sendEmailResponse = 1; # (1) - 0 = do not send email response; 1 = send email response +my $useSmtpAuth = 1; # (1) - 0 = do not include auth credentials when emailing; 1 = include auth credentials when emailing my $extendedLogging = 1; # (1) - 0 = disable extended logging; 1 = enable extended logging my $emailOverride = 0; # (0) - 0 = use email addr from file; 1 = explicitly specify email addr my $testXMLFile = 0; # (0) - 0 = processing real XML file; 1 = processing test XML file @@ -1562,17 +1563,24 @@ sub processNotifyAction { sub sendEmail { # get parameters - my ($emailSubject,$emailBody,$toAddress,$fromAddress,$emailType, $smtpServer, $smtpPort, $smtpUser, $smtpPassword) = @_; - updateLog("DEBUG", "\nsubject=$_[0], body=$_[1], toAddress=$_[2], fromAddress=$_[3], emailType=$_[4], smtpServer=_[5], smtpPort=_[6], smtpUser=_[7], smtpPassword=_[8]\n"); + my ($emailSubject,$emailBody,$toAddress,$fromAddress,$emailType, $smtpServer, $smtpPort, $smtpUser, $smtpPassword, $useSmtpAuth) = @_; + updateLog("DEBUG", "\nsubject=$_[0], body=$_[1], toAddress=$_[2], fromAddress=$_[3], emailType=$_[4], smtpServer=_[5], smtpPort=_[6], smtpUser=_[7], smtpPassword=_[8], useSmtpAuth=_[9]\n"); my $email = Email::Stuffer->from($fromAddress)->to($toAddress)->subject($emailSubject)->html_body($emailBody)->email; - my $transport = Email::Sender::Transport::SMTPS->new({ - host => $smtpServer, - port => $smtpPort, - ssl => "starttls", - sasl_username => $smtpUser, - sasl_password => $smtpPassword, - }); + + my $transport = (useSmtpAuth == 1) ? + Email::Sender::Transport::SMTPS->new({ + host => $smtpServer, + port => $smtpPort, + ssl => "starttls", + sasl_username => $smtpUser, + sasl_password => $smtpPassword + }) : + Email::Sender::Transport::SMTPS->new({ + host => $smtpServer, + port => $smtpPort + }); + # Don't include additional recipients on non-admin email (the emailType will be either Admin or User) if ($emailType eq "Admin") { From 2caa749506b6e5527162b47352d42cf6e97bf850 Mon Sep 17 00:00:00 2001 From: Gregory White Date: Wed, 14 Sep 2016 11:01:06 -0700 Subject: [PATCH 3/4] Update method signatures --- sbacInstaller/artifacts/scripts/sbacProcessXML.pl | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/sbacInstaller/artifacts/scripts/sbacProcessXML.pl b/sbacInstaller/artifacts/scripts/sbacProcessXML.pl index 8b93266..0aae853 100644 --- a/sbacInstaller/artifacts/scripts/sbacProcessXML.pl +++ b/sbacInstaller/artifacts/scripts/sbacProcessXML.pl @@ -391,7 +391,7 @@ if ($emailOverride == 1) { $adminEmail = $emailAddrOverride; } - sendEmail($emailSubject,$emailBody,$adminEmail,$fromAddress,"Admin"); + sendEmail($emailSubject,$emailBody,$adminEmail,$fromAddress,"Admin", $smtpServer, $smtpPort, $smtpUser, $smtpPassword, $useSmtpAuth); # if extended logging is enabled, add additional details to log file if ( $extendedLogging == 1 ) { updateLog("INFO", "\"Administrator notified of run results ($adminEmail)\""); } @@ -743,7 +743,7 @@ sub processAddAction { if ($emailOverride == 1) { $mail = $emailAddrOverride; } - sendEmail($emailSubject,$emailBody,$mail,$fromAddress,"User"); + sendEmail($emailSubject,$emailBody,$mail,$fromAddress,"User", $smtpServer, $smtpPort, $smtpUser, $smtpPassword, $useSmtpAuth); # if extended logging is enabled, add additional details to log file if ( $extendedLogging == 1 ) { updateLog("INFO", "\"User notified of new account ($mail)\""); } @@ -1275,7 +1275,7 @@ sub processResetAction { if ($emailOverride == 1) { $mail = $emailAddrOverride; } - sendEmail($emailSubject,$emailBody,$mail,$fromAddress,"User"); + sendEmail($emailSubject,$emailBody,$mail,$fromAddress,"User", $smtpServer, $smtpPort, $smtpUser, $smtpPassword, $useSmtpAuth); # if extended logging is enabled, add additional details to log file if ( $extendedLogging == 1 ) { updateLog("INFO", "\"User notified of password reset ($mail)\""); } @@ -1370,7 +1370,7 @@ sub processPwdChangeAction { # if ($emailOverride == 1) { # $mail = $emailAddrOverride; # } -# sendEmail($emailSubject,$emailBody,$mail,$fromAddress,"User"); +# sendEmail($emailSubject,$emailBody,$mail,$fromAddress,"User", $smtpServer, $smtpPort, $smtpUser, $smtpPassword, $useSmtpAuth); # # if extended logging is enabled, add additional details to log file # if ( $extendedLogging == 1 ) { updateLog("INFO", "\"User notified of password reset ($mail)\""); } @@ -1568,7 +1568,7 @@ sub sendEmail { my $email = Email::Stuffer->from($fromAddress)->to($toAddress)->subject($emailSubject)->html_body($emailBody)->email; - my $transport = (useSmtpAuth == 1) ? + my $transport = ($useSmtpAuth == 1) ? Email::Sender::Transport::SMTPS->new({ host => $smtpServer, port => $smtpPort, @@ -1851,7 +1851,7 @@ sub processEarlyExit { if ($emailOverride == 1) { my $toAddress = $emailAddrOverride; } - sendEmail($emailSubject,$htmlFormattedErrorMessage,$toAddress,$fromAddress,"Admin"); + sendEmail($emailSubject,$htmlFormattedErrorMessage,$toAddress,$fromAddress,"Admin", $smtpServer, $smtpPort, $smtpUser, $smtpPassword, $useSmtpAuth); } ########## Update Log File ########## From 08eb753a2c35a87ea03cc55edf03f2a341ce1cc5 Mon Sep 17 00:00:00 2001 From: Gregory White Date: Wed, 14 Sep 2016 11:21:02 -0700 Subject: [PATCH 4/4] Added flag for SSL type --- .../artifacts/scripts/sbacProcessXML.pl | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/sbacInstaller/artifacts/scripts/sbacProcessXML.pl b/sbacInstaller/artifacts/scripts/sbacProcessXML.pl index 0aae853..c675e5f 100644 --- a/sbacInstaller/artifacts/scripts/sbacProcessXML.pl +++ b/sbacInstaller/artifacts/scripts/sbacProcessXML.pl @@ -132,6 +132,7 @@ my $smtpPort = 25; # port to connect to on smtp server my $smtpUser = '[EMAIL-AUTHENTICATION-USER]'; # replace with your email server username my $smtpPassword = '[EMAIL-AUTHENTICATION-PASSWORD]'; # replace with your email server password +my $smtpSsl = "starttls" # if 'starttls', use STARTTLS; if 'ssl' (or 1), connect securely; otherwise, no security # Script Specific Variables - these are used within the processing of the script @@ -391,7 +392,7 @@ if ($emailOverride == 1) { $adminEmail = $emailAddrOverride; } - sendEmail($emailSubject,$emailBody,$adminEmail,$fromAddress,"Admin", $smtpServer, $smtpPort, $smtpUser, $smtpPassword, $useSmtpAuth); + sendEmail($emailSubject,$emailBody,$adminEmail,$fromAddress,"Admin", $smtpServer, $smtpPort, $smtpUser, $smtpPassword, $useSmtpAuth, $smtpSsl); # if extended logging is enabled, add additional details to log file if ( $extendedLogging == 1 ) { updateLog("INFO", "\"Administrator notified of run results ($adminEmail)\""); } @@ -743,7 +744,7 @@ sub processAddAction { if ($emailOverride == 1) { $mail = $emailAddrOverride; } - sendEmail($emailSubject,$emailBody,$mail,$fromAddress,"User", $smtpServer, $smtpPort, $smtpUser, $smtpPassword, $useSmtpAuth); + sendEmail($emailSubject,$emailBody,$mail,$fromAddress,"User", $smtpServer, $smtpPort, $smtpUser, $smtpPassword, $useSmtpAuth, $smtpSsl); # if extended logging is enabled, add additional details to log file if ( $extendedLogging == 1 ) { updateLog("INFO", "\"User notified of new account ($mail)\""); } @@ -1275,7 +1276,7 @@ sub processResetAction { if ($emailOverride == 1) { $mail = $emailAddrOverride; } - sendEmail($emailSubject,$emailBody,$mail,$fromAddress,"User", $smtpServer, $smtpPort, $smtpUser, $smtpPassword, $useSmtpAuth); + sendEmail($emailSubject,$emailBody,$mail,$fromAddress,"User", $smtpServer, $smtpPort, $smtpUser, $smtpPassword, $useSmtpAuth, $smtpSsl); # if extended logging is enabled, add additional details to log file if ( $extendedLogging == 1 ) { updateLog("INFO", "\"User notified of password reset ($mail)\""); } @@ -1370,7 +1371,7 @@ sub processPwdChangeAction { # if ($emailOverride == 1) { # $mail = $emailAddrOverride; # } -# sendEmail($emailSubject,$emailBody,$mail,$fromAddress,"User", $smtpServer, $smtpPort, $smtpUser, $smtpPassword, $useSmtpAuth); +# sendEmail($emailSubject,$emailBody,$mail,$fromAddress,"User", $smtpServer, $smtpPort, $smtpUser, $smtpPassword, $useSmtpAuth, $smtpSsl); # # if extended logging is enabled, add additional details to log file # if ( $extendedLogging == 1 ) { updateLog("INFO", "\"User notified of password reset ($mail)\""); } @@ -1563,8 +1564,8 @@ sub processNotifyAction { sub sendEmail { # get parameters - my ($emailSubject,$emailBody,$toAddress,$fromAddress,$emailType, $smtpServer, $smtpPort, $smtpUser, $smtpPassword, $useSmtpAuth) = @_; - updateLog("DEBUG", "\nsubject=$_[0], body=$_[1], toAddress=$_[2], fromAddress=$_[3], emailType=$_[4], smtpServer=_[5], smtpPort=_[6], smtpUser=_[7], smtpPassword=_[8], useSmtpAuth=_[9]\n"); + my ($emailSubject,$emailBody,$toAddress,$fromAddress,$emailType, $smtpServer, $smtpPort, $smtpUser, $smtpPassword, $useSmtpAuth, $smtpSsl) = @_; + updateLog("DEBUG", "\nsubject=$_[0], body=$_[1], toAddress=$_[2], fromAddress=$_[3], emailType=$_[4], smtpServer=$_[5], smtpPort=$_[6], smtpUser=$_[7], smtpPassword=$_[8], useSmtpAuth=$_[9], smtpSsl=$_[10]\n"); my $email = Email::Stuffer->from($fromAddress)->to($toAddress)->subject($emailSubject)->html_body($emailBody)->email; @@ -1572,7 +1573,7 @@ sub sendEmail { Email::Sender::Transport::SMTPS->new({ host => $smtpServer, port => $smtpPort, - ssl => "starttls", + ssl => $smtpSsl, sasl_username => $smtpUser, sasl_password => $smtpPassword }) : @@ -1851,7 +1852,7 @@ sub processEarlyExit { if ($emailOverride == 1) { my $toAddress = $emailAddrOverride; } - sendEmail($emailSubject,$htmlFormattedErrorMessage,$toAddress,$fromAddress,"Admin", $smtpServer, $smtpPort, $smtpUser, $smtpPassword, $useSmtpAuth); + sendEmail($emailSubject,$htmlFormattedErrorMessage,$toAddress,$fromAddress,"Admin", $smtpServer, $smtpPort, $smtpUser, $smtpPassword, $useSmtpAuth, $smtpSsl); } ########## Update Log File ##########