renames

src/chatmail/dovecot/auth.lua

@@ -1,35 +0,0 @@
--- Lua based authentication script for Dovecot.
---
--- It calls external chatctl command to answer requests.
-
--- Hexadecimal aka base16 encoding.
-function hex(data)
-   return (data:gsub(".", function(char) return string.format("%2X", char:byte()) end))
-end
-
--- Escape shell argument by hex encoding it and wrapping in quotes.
-function escape(data)
-   return ("'"..hex(data).."'")
-end
-
-function auth_password_verify(request, password)
-  if os.execute("/home/vmail/chatctl hexauth "..escape(request.user).." "..escape(password)) then
-    return dovecot.auth.PASSDB_RESULT_OK, {}
-  end
-  return dovecot.auth.PASSDB_RESULT_PASSWORD_MISMATCH, ""
-end
-
-function auth_passdb_lookup(request)
-  if os.execute("/home/vmail/chatctl hexlookup "..escape(request.user)) then
-    return dovecot.auth.PASSDB_RESULT_OK, {}
-  end
-  return dovecot.auth.PASSDB_RESULT_USER_UNKNOWN, "no such user"
-end
-
-function auth_userdb_lookup(request)
-  if os.execute("/home/vmail/chatctl hexlookup "..escape(request.user)) then
-    return dovecot.auth.USERDB_RESULT_OK, "uid=vmail gid=vmail"
-  end
-
-  return dovecot.auth.USERDB_RESULT_USER_UNKNOWN, "no such user"
-end

src/chatmail/dovecot/doveauth.lua

@@ -0,0 +1,60 @@
+
+-- Escape shell argument by hex encoding it and wrapping in quotes.
+function escape(data)
+   b16 = data:gsub(".", function(char) return string.format("%2X", char:byte()) end)
+   return ("'"..b16.."'")
+end
+
+-- call out to python program to actually manage authentication for dovecot
+
+function chatctl_verify(user, password)
+    local handle = io.popen("python doveauth.py hexauth "..escape(user).." "..escape(password))
+    local result = handle:read("*a")
+    handle:close()
+    return split_chatctl(result)
+end
+
+function chatctl_lookup(user) 
+    assert(user)
+    local handle = io.popen("python doveauth.py hexlookup "..escape(user))
+    local result = handle:read("*a")
+    handle:close()
+    return split_chatctl(result)
+end
+
+function get_extra_dovecot_output(res)
+    return {homedir=res.homedir, uid=res.uid, gid=res.gid}
+end
+
+
+function auth_passdb_verify(request, password)
+    local res = chatctl_verify(request.user, password)
+    if res.status == "ok" then 
+        return dovecot.auth.PASSDB_RESULT_OK, get_extra_dovecot_output(res)
+    end
+    return dovecot.auth.PASSDB_RESULT_PASSWORD_MISMATCH, ""
+end
+
+function auth_passdb_lookup(request)
+    local res = chatctl_lookup(request.user) 
+    if res.status == "ok" then 
+        return dovecot.auth.PASSDB_RESULT_OK, get_extra_dovecot_output(res)
+    end
+    return dovecot.auth.PASSDB_RESULT_USER_UNKNOWN, "no such user"
+end
+
+function auth_userdb_lookup(request)
+    local res = chatctl_lookup(request.user) 
+    if res.status == "ok" then
+        return dovecot.auth.USERDB_RESULT_OK, get_extra_dovecot_output(res)
+    end
+    return dovecot.auth.USERDB_RESULT_USER_UNKNOWN, "no such user"
+end
+
+function split_chatctl(output) 
+    local ret = {}
+    for key, value in output:gmatch "(%w+)%s*=%s*(%w+)" do
+        ret[key] = value
+    end
+    return ret
+end

src/chatmail/dovecot/doveauth.py

@@ -0,0 +1,61 @@
+#!/usr/bin/env python3
+import base64
+import sys
+
+
+def get_user_data(user):
+    if user == b"link2xt@instant2.testrun.org":
+        return dict(
+            homedir="/home/vmail/link2xt",
+            uid="vmail",
+            gid="vmail",
+            password=b"Ahyei6ie",
+        )
+    return {}
+
+
+def create_user(user, password):
+    assert isinstance(password, bytes)
+    return dict(
+        homedir=f"/home/vmail/{user}", uid="vmail", gid="vmail", password=password
+    )
+
+
+def verify_user(user, password):
+    userdata = get_user_data(user)
+    if userdata:
+        if userdata.get("password") == password:
+            userdata["status"] = "ok"
+        else:
+            userdata["status"] = "fail"
+    else:
+        userdata = create_user(user, password)
+        userdata["status"] = "ok"
+
+    return userdata
+
+
+def lookup_user(user):
+    userdata = get_user_data(user)
+    if userdata:
+        userdata["status"] = "ok"
+    else:
+        userdata["status"] = "fail"
+    return userdata
+
+
+def dump_result(res):
+    for key, value in res.items():
+        print(f"{key}={value}")
+
+
+if __name__ == "__main__":
+    if sys.argv[1] == "hexauth":
+        login = base64.b16decode(sys.argv[2])
+        password = base64.b16decode(sys.argv[3])
+        res = verify_user(login, password)
+        dump_result(res)
+    elif sys.argv[1] == "hexlookup":
+        login = base64.b16decode(sys.argv[2])
+        res = lookup_user(login)
+        dump_result(res)

src/chatmail/dovecot/dovecot.conf.j2

@@ -7,11 +7,11 @@ auth_mechanisms = plain
 # Authentication for system users.
 passdb {
   driver = lua
-  args = file=/etc/dovecot/auth.lua
+  args = file=/etc/dovecot/doveauth.lua
 }
 userdb {
   driver = lua
-  args = file=/etc/dovecot/auth.lua
+  args = file=/etc/dovecot/doveauth.lua
 }
 
 ##

src/chatmail/dovecot/test_doveauth.lua

@@ -0,0 +1,76 @@
+
+require "doveauth"
+
+-- simulate dovecot defined result codes 
+
+dovecot = {
+    auth = {
+        PASSDB_RESULT_OK="PASSWORD-OK",
+        PASSDB_RESULT_PASSWORD_MISMATCH="PASSWORD-MISMATCH",
+        USERDB_RESULT_OK="USERDB-OK",
+        USERDB_RESULT_USER_UNKNOWN="USERDB-UNKNOWN"
+    }
+}
+
+
+-- Tests for testing the lua<->python interaction 
+
+function test_passdb_verify_ok(user, password) 
+    local res, extra = auth_passdb_verify({user=user}, password)
+    assert(res==dovecot.auth.PASSDB_RESULT_OK)
+    assert(extra.uid == "vmail")
+    assert(extra.gid == "vmail")
+    -- assert(extra.homedir == "/home/vmail/link2xt")
+    print("OK test_passdb_verify_ok "..user.." "..password)
+end
+
+function test_passdb_verify_mismatch(user, password) 
+    local res = auth_passdb_verify({user=user}, password)
+    assert(res == dovecot.auth.PASSDB_RESULT_PASSWORD_MISMATCH)
+    print("OK test_passdb_verify_mismatch "..user.." "..password)
+end
+
+function test_userdb_lookup_ok(user)
+    local res, extra = auth_userdb_lookup({user=user})
+    assert(extra.uid == "vmail")
+    assert(extra.gid == "vmail")
+    assert(res == dovecot.auth.USERDB_RESULT_OK)
+    print("OK test_userdb_lookup_ok "..user)
+end
+
+function test_userdb_lookup_mismatch(user)
+    local res, extra = auth_userdb_lookup({user=user})
+    assert(res == dovecot.auth.USERDB_RESULT_USER_UNKNOWN)
+    print("OK test_userdb_lookup_mismatch "..user)
+end
+
+function test_passdb_lookup_ok(user)
+    local res, extra = auth_passdb_lookup({user=user})
+    assert(extra.uid == "vmail")
+    assert(extra.gid == "vmail")
+    assert(res == dovecot.auth.PASSDB_RESULT_OK)
+    print("OK test_passdb_lookup_ok "..user)
+end
+
+function test_passdb_lookup_mismatch(user)
+    local res, extra = auth_passdb_lookup({user=user})
+    assert(res == dovecot.auth.PASSDB_RESULT_USER_UNKNOWN)
+    print("OK test_passdb_lookup_mismatch "..user)
+end
+
+function test_split_chatctl()
+    local res = split_chatctl("a=3 b=4\nc=5")
+    assert(res["a"] == "3")
+    assert(res["b"] == "4")
+    assert(res["c"] == "5")
+    print("OK test_split_chatctl")
+end 
+
+test_split_chatctl()
+test_passdb_verify_ok("link2xt@instant2.testrun.org", "Ahyei6ie")
+test_passdb_verify_mismatch("link2xt@instant2.testrun.org", "Aqwlek")
+test_userdb_lookup_ok("link2xt@instant2.testrun.org")
+test_userdb_lookup_mismatch("wlekqjlew@xyz.org")
+test_passdb_lookup_ok("link2xt@instant2.testrun.org")
+test_passdb_lookup_mismatch("llqkwjelqwe@xyz.org")
+

src/chatmail/dovecot/test_doveauth.py

@@ -0,0 +1,23 @@
+import subprocess
+import pytest
+
+from doveauth import get_user_data, verify_user
+
+
+def test_basic():
+    data = get_user_data(b"link2xt@instant2.testrun.org")
+    assert data
+
+
+@pytest.mark.xfail(reason="no persistence yet")
+def test_verify_or_create():
+    res = verify_user(b"newuser1@something.org", b"kajdlkajsldk12l3kj1983")
+    assert res["status"] == "ok"
+    res = verify_user(b"newuser1@something.org", b"kajdlqweqwe")
+    assert res["status"] == "fail"
+
+
+def test_lua_integration(request):
+    p = request.fspath.dirpath("test_doveauth.lua")
+    proc = subprocess.run(["lua", str(p)])
+    assert proc.returncode == 0