ssmtp: use the authPassFile option instead of authPass

This gives users the option of storing the authPass outside the
world-readable Nix store.

2 files changed, 76 insertions, 2 deletions

diff --git a/pkgs/tools/networking/ssmtp/default.nix b/pkgs/tools/networking/ssmtp/default.nix
index 7c47f2762dd..ceac5a58800 100644
--- a/pkgs/tools/networking/ssmtp/default.nix
+++ b/pkgs/tools/networking/ssmtp/default.nix
@@ -10,6 +10,10 @@ stdenv.mkDerivation {
     sha256 = "0dps8s87ag4g3jr6dk88hs9zl46h3790marc5c2qw7l71k4pvhr2";
   };
 
+  # A request has been made to merge this patch into ssmtp.
+  # See: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858781
+  patches = [ ./ssmtp_support_AuthPassFile_parameter.patch ];
+
   configureFlags = "--sysconfdir=/etc ${if tlsSupport then "--enable-ssl" else ""}";
 
   postConfigure =
@@ -27,7 +31,8 @@ stdenv.mkDerivation {
   
   buildInputs = stdenv.lib.optional tlsSupport openssl;
 
-  meta = {
-    platforms = stdenv.lib.platforms.linux;
+  meta = with stdenv.lib; {
+    platforms = platforms.linux;
+    maintainers = with maintainers; [ basvandijk ];
   };
 }
diff --git a/pkgs/tools/networking/ssmtp/ssmtp_support_AuthPassFile_parameter.patch b/pkgs/tools/networking/ssmtp/ssmtp_support_AuthPassFile_parameter.patch
new file mode 100644
index 00000000000..371c0f6de2b
--- /dev/null
+++ b/pkgs/tools/networking/ssmtp/ssmtp_support_AuthPassFile_parameter.patch
@@ -0,0 +1,69 @@
+diff -Naurb a/ssmtp.c b/ssmtp.c
+--- a/ssmtp.c	2009-11-23 10:55:11.000000000 +0100
++++ b/ssmtp.c	2017-03-25 03:00:26.508283016 +0100
+@@ -57,6 +57,7 @@
+ char arpadate[ARPADATE_LENGTH];
+ char *auth_user = (char)NULL;
+ char *auth_pass = (char)NULL;
++char *auth_passfile = (char)NULL;
+ char *auth_method = (char)NULL;		/* Mechanism for SMTP authentication */
+ char *mail_domain = (char)NULL;
+ char *from = (char)NULL;		/* Use this as the From: address */
+@@ -1053,6 +1054,15 @@
+ 					log_event(LOG_INFO, "Set AuthPass=\"%s\"\n", auth_pass);
+ 				}
+ 			}
++			else if(strcasecmp(p, "AuthPassFile") == 0 && !auth_passfile) {
++				if((auth_passfile = strdup(q)) == (char *)NULL) {
++					die("parse_config() -- strdup() failed");
++				}
++
++				if(log_level > 0) {
++					log_event(LOG_INFO, "Set AuthPassFile=\"%s\"\n", auth_passfile);
++				}
++			}
+ 			else if(strcasecmp(p, "AuthMethod") == 0 && !auth_method) {
+ 				if((auth_method = strdup(q)) == (char *)NULL) {
+ 					die("parse_config() -- strdup() failed");
+@@ -1415,6 +1425,8 @@
+ 	struct passwd *pw;
+ 	int i, sock;
+ 	uid_t uid;
++	FILE *fp;
++	char pass_buf[BUF_SZ+1];
+ 	bool_t minus_v_save, leadingdot, linestart = True;
+ 	int timeout = 0;
+ 	int bufsize = sizeof(b)-1;
+@@ -1433,6 +1445,17 @@
+ 		log_event(LOG_INFO, "%s not found", config_file);
+ 	}
+ 
++	if(auth_passfile != (char *)NULL) {
++		if((fp = fopen(auth_passfile, "r")) == (FILE *)NULL) {
++			  die("Could not open the AuthPassFile %s", auth_passfile);
++		}
++		if (fgets(pass_buf, BUF_SZ, fp) == NULL) {
++			die("Error while reading a line from the AuthPassFile %s, or it is empty", auth_passfile);
++		}
++		fclose(fp);
++		auth_pass = strdup(pass_buf);
++	}
++
+ 	if((p = strtok(pw->pw_gecos, ";,"))) {
+ 		if((gecos = strdup(p)) == (char *)NULL) {
+ 			die("ssmtp() -- strdup() failed");
+diff -Naurb a/ssmtp.conf.5 b/ssmtp.conf.5
+--- a/ssmtp.conf.5	2008-02-29 03:50:15.000000000 +0100
++++ b/ssmtp.conf.5	2017-03-25 01:45:52.890165426 +0100
+@@ -61,6 +61,11 @@
+ .Pp
+ .It Cm AuthPass
+ The password to use for SMTP AUTH.
++It is recommended to use AuthPassFile which also takes precedence over AuthPass.
++.Pp
++.It Cm AuthPassFile
++A file that should contain the password to use for SMTP AUTH.
++This takes precedence over AuthPass.
+ .Pp
+ .It Cm AuthMethod
+ The authorization method to use.