Add support for Dovecot auth over network

2025-04-03 21:27:36 +03:00 · 2025-01-13 23:10:18 -08:00 · 2025-01-13 23:10:18 -08:00 · 3f04914de4
commit 3f04914de4
parent 1c77fd819f
3 changed files with 32 additions and 6 deletions
--- a/radicale/auth/init.py
+++ b/radicale/auth/init.py
@ -43,6 +43,8 @@ INTERNAL_TYPES: Sequence[str] = ("none", "remote_user", "http_x_remote_user",
                                 "ldap",
                                 "dovecot")

+AUTH_SOCKET_FAMILY: Sequence[str] = ("AF_UNIX", "AF_INET", "AF_INET6")
+

 def load(configuration: "config.Configuration") -> "BaseAuth":
    """Load the authentication module chosen in configuration."""
--- a/radicale/auth/dovecot.py
+++ b/radicale/auth/dovecot.py
@ -28,10 +28,21 @@ from radicale.log import logger
 class Auth(auth.BaseAuth):
    def __init__(self, configuration):
        super().__init__(configuration)
-        self.socket = configuration.get("auth", "dovecot_socket")
        self.timeout = 5
        self.request_id_gen = itertools.count(1)

+        config_family = configuration.get("auth", "dovecot_connection_type")
+        if config_family == "AF_UNIX":
+            self.family = socket.AF_UNIX
+            self.address = configuration.get("auth", "dovecot_socket")
+            return
+
+        self.address = configuration.get("auth", "dovecot_host"), configuration.get("auth", "dovecot_port")
+        if config_family == "AF_INET":
+            self.family = socket.AF_INET
+        else:
+            self.family = socket.AF_INET6
+
    def _login(self, login, password):
        """Validate credentials.

@ -49,12 +60,12 @@ class Auth(auth.BaseAuth):
            return ""

        with closing(socket.socket(
-                socket.AF_UNIX,
+                self.family,
                socket.SOCK_STREAM)
        ) as sock:
            try:
                sock.settimeout(self.timeout)
-                sock.connect(self.socket)
+                sock.connect(self.address)

                buf = bytes()
                supported_mechs = []
@ -171,8 +182,8 @@ class Auth(auth.BaseAuth):

            except socket.error as e:
                logger.fatal(
-                        "Failed to communicate with Dovecot socket %r: %s" %
-                        (self.socket, e)
+                        "Failed to communicate with Dovecot: %s" %
+                        (e)
                )

        return ""
--- a/radicale/config.py
+++ b/radicale/config.py
@ -207,10 +207,23 @@ DEFAULT_CONFIG_SCHEMA: types.CONFIG_SCHEMA = OrderedDict([
            "value": "False",
            "help": "enable caching of htpasswd file",
            "type": bool}),
+        ("dovecot_connection_type", {
+            "value": "AF_UNIX",
+            "help": "Connection type for dovecot authentication",
+            "type": str_or_callable,
+            "internal": auth.AUTH_SOCKET_FAMILY}),
        ("dovecot_socket", {
            "value": "/var/run/dovecot/auth-client",
-            "help": "dovecot auth socket",
+            "help": "dovecot auth AF_UNIX socket",
            "type": str}),
+        ("dovecot_host", {
+            "value": "",
+            "help": "dovecot auth AF_INET or AF_INET6 host",
+            "type": str}),
+        ("dovecot_port", {
+            "value": "12345",
+            "help": "dovecot auth port",
+            "type": int}),
        ("realm", {
            "value": "Radicale - Password Required",
            "help": "message displayed when a password is needed",