move passwords to file in user maildir

2026-05-19 04:18:09 +00:00 · 2024-07-22 16:55:24 +02:00
parent 1b3e2b32f2
commit eddfadaf7f
7 changed files with 85 additions and 158 deletions
--- a/chatmaild/src/chatmaild/config.py
+++ b/chatmaild/src/chatmaild/config.py
@@ -1,3 +1,5 @@
 import os
 import sys
 from pathlib import Path
 import iniconfig
@@ -50,6 +52,21 @@ class Config:
            res["password"] = enc_password
        return res
    def set_user_password(self, addr, enc_password):
        # reading and writing user data needs to be atomic
        # to allow concurrent logins to succeed.
        userdir = self.get_user_maildir(addr)
        try:
            userdir.mkdir()
        except FileExistsError:
            pass
        password_path = userdir.joinpath("password")
        password_path_tmp = userdir.joinpath("password.tmp")
        password_path_tmp.write_text(enc_password)
        os.rename(password_path_tmp, password_path)
        print(f"Created address: {addr}", file=sys.stderr)
        return self.get_user_dict(addr=addr, enc_password=enc_password)
 def write_initial_config(inipath, mail_domain, overrides):
    """Write out default config file, using the specified config value overrides."""
--- a/chatmaild/src/chatmaild/delete_inactive_users.py
+++ b/chatmaild/src/chatmaild/delete_inactive_users.py
@@ -7,35 +7,17 @@ import sys
 import time
 from .config import read_config
 from .database import Database
 from .lastlogin import get_last_login_from_userdir
-def delete_inactive_users(db, config, chunksize=100):
+def delete_inactive_users(config):
    cutoff_date = time.time() - config.delete_inactive_users_after * 86400
    pending = []
    def remove(userdir):
        shutil.rmtree(userdir, ignore_errors=True)
        pending.append(userdir.name)
        if len(pending) > chunksize:
            clear_pending()
    def clear_pending():
        with db.write_transaction() as conn:
            for user in pending:
                conn.execute("DELETE FROM users WHERE addr = ?", (user,))
        pending.clear()
    for userdir in config.mailboxes_dir.iterdir():
        if get_last_login_from_userdir(userdir) < cutoff_date:
-            remove(userdir)
+            shutil.rmtree(userdir, ignore_errors=True)
    clear_pending()
 def main():
    (cfgpath,) = sys.argv[1:]
    config = read_config(cfgpath)
-    db = Database(config.passdb_path)
+    delete_inactive_users(config)
    delete_inactive_users(db, config)
--- a/chatmaild/src/chatmaild/doveauth.py
+++ b/chatmaild/src/chatmaild/doveauth.py
@@ -3,19 +3,13 @@ import json
 import logging
 import os
 import sys
 from pathlib import Path
 from .config import Config, read_config
 from .database import Database
 from .dictproxy import DictProxy
 NOCREATE_FILE = "/etc/chatmail-nocreate"
 class UnknownCommand(ValueError):
    """dictproxy handler received an unkown command"""
 def encrypt_password(password: str):
    # https://doc.dovecot.org/configuration_manual/authentication/password_schemes/
    passhash = crypt.crypt(password, crypt.METHOD_SHA512)
@@ -60,61 +54,26 @@ def is_allowed_to_create(config: Config, user, cleartext_password) -> bool:
    return True
-def get_user_data(db, config: Config, user, conn=None):
+def lookup_userdb(config: Config, user):
-    if user == f"echo@{config.mail_domain}":
+    userdir = config.get_user_maildir(user)
-        return config.get_user_dict(user)
+    password_path = userdir.joinpath("password")
-
+    result = {}
-    if conn is None:
+    if password_path.exists():
-        with db.read_connection() as conn:
+        result = dict(addr=user, password=password_path.read_text())
            result = conn.get_user(user)
    else:
        result = conn.get_user(user)
    if result:
        result.update(config.get_user_dict(user))
    return result
-def lookup_userdb(db, config: Config, user):
+def lookup_passdb(config: Config, user, cleartext_password):
-    return get_user_data(db, config, user)
+    userdata = lookup_userdb(config, user)
 def lookup_passdb(db, config: Config, user, cleartext_password):
    if user == f"echo@{config.mail_domain}":
        # Echobot writes password it wants to log in with into /run/echobot/password
        try:
            password = Path("/run/echobot/password").read_text()
        except Exception:
            logging.exception("Exception when trying to read /run/echobot/password")
            return None
        return config.get_user_dict(user, enc_password=encrypt_password(password))
    userdata = get_user_data(db, config, user)
    if userdata:
        return userdata
    if not is_allowed_to_create(config, user, cleartext_password):
        return
-    # reading and writing user data needs to be atomic
+    enc_password = encrypt_password(cleartext_password)
-    # to allow concurrent logins to succeed.
+    config.set_user_password(user, enc_password=enc_password)
-    with db.write_transaction() as conn:
+    return config.get_user_dict(user, enc_password=enc_password)
        userdata = get_user_data(db, config, user, conn=conn)
        if userdata:
            return userdata
        enc_password = encrypt_password(cleartext_password)
        q = "INSERT INTO users (addr, password) VALUES (?, ?)"
        conn.execute(q, (user, enc_password))
        print(f"Created address: {user}", file=sys.stderr)
        return config.get_user_dict(user, enc_password=enc_password)
 def iter_userdb(db) -> list:
    """Get a list of all user addresses."""
    with db.read_connection() as conn:
        rows = conn.execute("SELECT addr from users").fetchall()
    return [x[0] for x in rows]
 def split_and_unescape(s):
@@ -144,9 +103,8 @@ def split_and_unescape(s):
 class AuthDictProxy(DictProxy):
-    def __init__(self, db, config):
+    def __init__(self, config):
        super().__init__()
        self.db = db
        self.config = config
    def handle_lookup(self, parts):
@@ -158,14 +116,13 @@ class AuthDictProxy(DictProxy):
        args = list(split_and_unescape(args))
        config = self.config
        db = self.db
        reply_command = "F"
        res = ""
        if namespace == "shared":
            if type == "userdb":
                user = args[0]
                if user.endswith(f"@{config.mail_domain}"):
-                    res = lookup_userdb(db, config, user)
+                    res = lookup_userdb(config, user)
                if res:
                    reply_command = "O"
                else:
@@ -173,7 +130,7 @@ class AuthDictProxy(DictProxy):
            elif type == "passdb":
                user = args[1]
                if user.endswith(f"@{config.mail_domain}"):
-                    res = lookup_passdb(db, config, user, cleartext_password=args[0])
+                    res = lookup_passdb(config, user, cleartext_password=args[0])
                if res:
                    reply_command = "O"
                else:
@@ -184,16 +141,21 @@ class AuthDictProxy(DictProxy):
    def handle_iterate(self, parts):
        # example: I0\t0\tshared/userdb/
        if parts[2] == "shared/userdb/":
-            db = self.db
+            result = "".join(
-            result = "".join(f"Oshared/userdb/{user}\t\n" for user in iter_userdb(db))
+                f"Oshared/userdb/{user}\t\n" for user in self.iter_userdb()
            )
            return f"{result}\n"
    def iter_userdb(self) -> list:
        """Get a list of all user addresses."""
        getuserpaths = self.config.mailboxes_dir.iterdir()
        return [x.name for x in getuserpaths if "@" in x.name]
 def main():
    socket, cfgpath = sys.argv[1:]
    config = read_config(cfgpath)
    db = Database(config.passdb_path)
-    dictproxy = AuthDictProxy(db=db, config=config)
+    dictproxy = AuthDictProxy(config=config)
    dictproxy.serve_forever_from_socket(socket)
--- a/chatmaild/src/chatmaild/echo.py
+++ b/chatmaild/src/chatmaild/echo.py
@@ -6,9 +6,7 @@ it will echo back any message that has non-empty text and also supports the /hel
 import logging
 import os
 import subprocess
 import sys
 from pathlib import Path
 from deltachat_rpc_client import Bot, DeltaChat, EventType, Rpc, events
@@ -80,23 +78,17 @@ def main():
        bot = Bot(account, hooks)
        config = read_config(sys.argv[1])
        addr = "echo@" + config.mail_domain
        # Create password file
        if bot.is_configured():
            password = bot.account.get_config("mail_pw")
        else:
            password = create_newemail_dict(config)["password"]
-        Path("/run/echobot/password").write_text(password)
+        config.set_user_password(addr, password)
        # Give the user which doveauth runs as access to the password file.
        subprocess.run(
            ["/usr/bin/setfacl", "-m", "user:vmail:r", "/run/echobot/password"],
            check=True,
        )
        if not bot.is_configured():
-            email = "echo@" + config.mail_domain
+            bot.configure(addr, password)
            bot.configure(email, password)
        bot.run_forever()
--- a/chatmaild/src/chatmaild/tests/plugin.py
+++ b/chatmaild/src/chatmaild/tests/plugin.py
@@ -8,7 +8,6 @@ from pathlib import Path
 import pytest
 from chatmaild.config import read_config, write_initial_config
 from chatmaild.database import Database
@pytest.fixture
@@ -54,13 +53,6 @@ def gencreds(maildomain):
    return lambda domain=None: next(gen(domain))
@pytest.fixture()
 def db(tmpdir):
    db_path = tmpdir / "passdb.sqlite"
    print("database path:", db_path)
    return Database(db_path)
@pytest.fixture
 def maildata(request):
    try:
--- a/chatmaild/src/chatmaild/tests/test_delete_inactive_users.py
+++ b/chatmaild/src/chatmaild/tests/test_delete_inactive_users.py
@@ -25,14 +25,13 @@ def test_delete_skips_non_email_dir(db, example_config):
    assert not list(userdir.iterdir())
-def test_delete_inactive_users(db, example_config):
+def test_delete_inactive_users(example_config):
    new = time.time()
    old = new - (example_config.delete_inactive_users_after * 86400) - 1
    def create_user(addr, last_login):
-        lookup_passdb(db, example_config, addr, "q9mr3faue")
+        lookup_passdb(example_config, addr, "q9mr3faue")
        md = example_config.get_user_maildir(addr)
        md.mkdir(parents=True)
        md.joinpath("cur").mkdir()
        md.joinpath("cur", "something").mkdir()
        write_last_login_to_userdir(md, timestamp=last_login)
@@ -42,8 +41,6 @@ def test_delete_inactive_users(db, example_config):
    for i in range(150):
        addr = f"oldold{i:03}@chat.example.org"
        create_user(addr, last_login=old)
        with db.read_connection() as conn:
            assert conn.get_user(addr)
        to_remove.append(addr)
    remain = []
@@ -57,17 +54,15 @@ def test_delete_inactive_users(db, example_config):
    for addr in to_remove:
        assert example_config.get_user_maildir(addr).exists()
-    delete_inactive_users(db, example_config)
+    delete_inactive_users(example_config)
    for p in example_config.mailboxes_dir.iterdir():
        assert not p.name.startswith("old")
    for addr in to_remove:
        assert not example_config.get_user_maildir(addr).exists()
        with db.read_connection() as conn:
            assert not conn.get_user(addr)
    for addr in remain:
-        assert example_config.get_user_maildir(addr).exists()
+        userdir = example_config.get_user_maildir(addr)
-        with db.read_connection() as conn:
+        assert userdir.exists()
-            assert conn.get_user(addr)
+        assert userdir.joinpath("password").read_text()
--- a/chatmaild/src/chatmaild/tests/test_doveauth.py
+++ b/chatmaild/src/chatmaild/tests/test_doveauth.py
@@ -6,35 +6,35 @@ import traceback
 import chatmaild.doveauth
 import pytest
 from chatmaild.database import DBError
 from chatmaild.doveauth import (
    AuthDictProxy,
    get_user_data,
    is_allowed_to_create,
    iter_userdb,
    lookup_passdb,
    lookup_userdb,
 )
 from chatmaild.newemail import create_newemail_dict
-def test_basic(db, example_config):
+def test_basic(example_config):
-    lookup_passdb(db, example_config, "asdf12345@chat.example.org", "q9mr3faue")
+    lookup_passdb(example_config, "asdf12345@chat.example.org", "q9mr3faue")
-    data = get_user_data(db, example_config, "asdf12345@chat.example.org")
+    data = lookup_userdb(example_config, "asdf12345@chat.example.org")
    assert data
    data2 = lookup_passdb(
-        db, example_config, "asdf12345@chat.example.org", "q9mr3jewvadsfaue"
+        example_config, "asdf12345@chat.example.org", "q9mr3jewvadsfaue"
    )
    assert data == data2
-def test_iterate_addresses(db, example_config):
+def test_iterate_addresses(example_config):
    addresses = []
    for i in range(10):
        addresses.append(f"asdf1234{i}@chat.example.org")
-        lookup_passdb(db, example_config, addresses[-1], "q9mr3faue")
+        lookup_passdb(example_config, addresses[-1], "q9mr3faue")
-    res = iter_userdb(db)
+
-    assert res == addresses
+    dictproxy = AuthDictProxy(config=example_config)
    res = dictproxy.iter_userdb()
    assert set(res) == set(addresses)
 def test_invalid_username_length(example_config):
@@ -51,40 +51,27 @@ def test_invalid_username_length(example_config):
    )
-def test_dont_overwrite_password_on_wrong_login(db, example_config):
+def test_dont_overwrite_password_on_wrong_login(example_config):
    """Test that logging in with a different password doesn't create a new user"""
    res = lookup_passdb(
-        db, example_config, "newuser12@chat.example.org", "kajdlkajsldk12l3kj1983"
+        example_config, "newuser12@chat.example.org", "kajdlkajsldk12l3kj1983"
    )
    assert res["password"]
-    res2 = lookup_passdb(db, example_config, "newuser12@chat.example.org", "kajdslqwe")
+    res2 = lookup_passdb(example_config, "newuser12@chat.example.org", "kajdslqwe")
    # this function always returns a password hash, which is actually compared by dovecot.
    assert res["password"] == res2["password"]
-def test_nocreate_file(db, monkeypatch, tmpdir, example_config):
+def test_nocreate_file(monkeypatch, tmpdir, example_config):
    p = tmpdir.join("nocreate")
    p.write("")
    monkeypatch.setattr(chatmaild.doveauth, "NOCREATE_FILE", str(p))
-    lookup_passdb(
+    lookup_passdb(example_config, "newuser12@chat.example.org", "zequ0Aimuchoodaechik")
-        db, example_config, "newuser12@chat.example.org", "zequ0Aimuchoodaechik"
+    assert not lookup_userdb(example_config, "newuser12@chat.example.org")
    )
    assert not get_user_data(db, example_config, "newuser12@chat.example.org")
-def test_db_version(db):
+def test_handle_dovecot_request(example_config):
-    assert db.get_schema_version() == 1
+    dictproxy = AuthDictProxy(config=example_config)
 def test_too_high_db_version(db):
    with db.write_transaction() as conn:
        conn.execute("PRAGMA user_version=%s;" % (999,))
    with pytest.raises(DBError):
        db.ensure_tables()
 def test_handle_dovecot_request(db, example_config):
    dictproxy = AuthDictProxy(db=db, config=example_config)
    # Test that password can contain ", ', \ and /
    msg = (
@@ -100,8 +87,8 @@ def test_handle_dovecot_request(db, example_config):
    assert userdata["password"].startswith("{SHA512-CRYPT}")
-def test_handle_dovecot_protocol_hello_is_skipped(db, example_config, caplog):
+def test_handle_dovecot_protocol_hello_is_skipped(example_config, caplog):
-    dictproxy = AuthDictProxy(db=db, config=example_config)
+    dictproxy = AuthDictProxy(config=example_config)
    rfile = io.BytesIO(b"H3\t2\t0\t\tauth\n")
    wfile = io.BytesIO()
    dictproxy.loop_forever(rfile, wfile)
@@ -109,8 +96,8 @@ def test_handle_dovecot_protocol_hello_is_skipped(db, example_config, caplog):
    assert not caplog.messages
-def test_handle_dovecot_protocol_user_not_exists(db, example_config):
+def test_handle_dovecot_protocol_user_not_exists(example_config):
-    dictproxy = AuthDictProxy(db=db, config=example_config)
+    dictproxy = AuthDictProxy(config=example_config)
    rfile = io.BytesIO(
        b"H3\t2\t0\t\tauth\nLshared/userdb/foobar@chat.example.org\tfoobar@chat.example.org\n"
    )
@@ -119,29 +106,29 @@ def test_handle_dovecot_protocol_user_not_exists(db, example_config):
    assert wfile.getvalue() == b"N\n"
-def test_handle_dovecot_protocol_iterate(db, gencreds, example_config):
+def test_handle_dovecot_protocol_iterate(gencreds, example_config):
-    dictproxy = AuthDictProxy(db=db, config=example_config)
+    dictproxy = AuthDictProxy(config=example_config)
-    lookup_passdb(db, example_config, "asdf00000@chat.example.org", "q9mr3faue")
+    lookup_passdb(example_config, "asdf00000@chat.example.org", "q9mr3faue")
-    lookup_passdb(db, example_config, "asdf11111@chat.example.org", "q9mr3faue")
+    lookup_passdb(example_config, "asdf11111@chat.example.org", "q9mr3faue")
    rfile = io.BytesIO(b"H3\t2\t0\t\tauth\nI0\t0\tshared/userdb/")
    wfile = io.BytesIO()
    dictproxy.loop_forever(rfile, wfile)
    lines = wfile.getvalue().decode("ascii").split("\n")
-    assert lines[0] == "Oshared/userdb/asdf00000@chat.example.org\t"
+    assert "Oshared/userdb/asdf00000@chat.example.org\t" in lines
-    assert lines[1] == "Oshared/userdb/asdf11111@chat.example.org\t"
+    assert "Oshared/userdb/asdf11111@chat.example.org\t" in lines
    assert not lines[2]
-def test_50_concurrent_lookups_different_accounts(db, gencreds, example_config):
+def test_50_concurrent_lookups_different_accounts(gencreds, example_config):
    num_threads = 50
    req_per_thread = 5
    results = queue.Queue()
-    def lookup(db):
+    def lookup():
        for i in range(req_per_thread):
            addr, password = gencreds()
            try:
-                lookup_passdb(db, example_config, addr, password)
+                lookup_passdb(example_config, addr, password)
            except Exception:
                results.put(traceback.format_exc())
            else:
@@ -149,7 +136,7 @@ def test_50_concurrent_lookups_different_accounts(db, gencreds, example_config):
    threads = []
    for i in range(num_threads):
-        thread = threading.Thread(target=lookup, args=(db,), daemon=True)
+        thread = threading.Thread(target=lookup, daemon=True)
        threads.append(thread)
    print(f"created {num_threads} threads, starting them and waiting for results")