mirror of
https://github.com/foxcpp/maddy.git
synced 2025-04-05 14:07:38 +03:00
Implement Dovecot authentication client support
This commit is contained in:
fox.cpp
parent
08f98f15d9
commit
e06f2e201c
5 changed files with 164 additions and 0 deletions
|
|
@ -230,3 +230,30 @@ Configuration block for any auth. provider module can be used here, even
|
|||
|
||||
The used auth. provider must provide username:password pair-based
|
||||
authentication.
|
||||
|
||||
# Dovecot authentication client (dovecot_sasl)
|
||||
|
||||
The 'dovecot_sasl' module implements the client side of the Dovecot
|
||||
authentication protocol, allowing maddy to use it as a credentials source.
|
||||
|
||||
Currently SASL mechanisms support is limited to mechanisms supported by maddy
|
||||
so you cannot get e.g. SCRAM-MD5 this way.
|
||||
|
||||
```
|
||||
dovecot_sasl {
|
||||
endpoint unix://socket_path
|
||||
}
|
||||
|
||||
dovecot_sasl unix://socket_path
|
||||
```
|
||||
|
||||
## Configuration directives
|
||||
|
||||
*Syntax*: endpoint _schema://address_ ++
|
||||
*Default*: not set
|
||||
|
||||
Set the address to use to contact Dovecot SASL server in the standard endpoint
|
||||
format.
|
||||
|
||||
tcp://10.0.0.1:2222 for TCP, unix:///var/lib/dovecot/auth.sock for Unix
|
||||
domain sockets.
|
||||
|
|
|
|||
1
go.mod
1
go.mod
|
|
@ -18,6 +18,7 @@ require (
|
|||
github.com/emersion/go-msgauth v0.4.1-0.20200429175443-e4c87369d72f
|
||||
github.com/emersion/go-sasl v0.0.0-20191210011802-430746ea8b9b
|
||||
github.com/emersion/go-smtp v0.12.2-0.20200219094142-f9be832b5554
|
||||
github.com/foxcpp/go-dovecot-sasl v0.0.0-20200504181415-c4db6731332d // indirect
|
||||
github.com/foxcpp/go-imap-i18nlevel v0.0.0-20200208001533-d6ec88553005
|
||||
github.com/foxcpp/go-imap-sql v0.4.1-0.20200426175844-c3172a53940a
|
||||
github.com/foxcpp/go-mockdns v0.0.0-20200503193630-ff72b88723f2
|
||||
|
|
|
|||
4
go.sum
4
go.sum
|
|
@ -56,6 +56,10 @@ github.com/emersion/go-smtp v0.12.2-0.20200219094142-f9be832b5554 h1:/Wxg1q8rzmz
|
|||
github.com/emersion/go-smtp v0.12.2-0.20200219094142-f9be832b5554/go.mod h1:SD9V/xa4ndMw77lR3Mf7htkp8RBNYuPh9UeuBs9tpUQ=
|
||||
github.com/emersion/go-textwrapper v0.0.0-20160606182133-d0e65e56babe h1:40SWqY0zE3qCi6ZrtTf5OUdNm5lDnGnjRSq9GgmeTrg=
|
||||
github.com/emersion/go-textwrapper v0.0.0-20160606182133-d0e65e56babe/go.mod h1:aqO8z8wPrjkscevZJFVE1wXJrLpC5LtJG7fqLOsPb2U=
|
||||
github.com/foxcpp/go-dovecot-sasl v0.0.0-20200504173201-4582a99ffc3f h1:eT/8SMQqCbE2hU9x0JL7Zvkjyqiu+3f7SnHiYMqRyN0=
|
||||
github.com/foxcpp/go-dovecot-sasl v0.0.0-20200504173201-4582a99ffc3f/go.mod h1:5yZUmwr851vgjyAfN7OEfnrmKOh/qLA5dbGelXYsu1E=
|
||||
github.com/foxcpp/go-dovecot-sasl v0.0.0-20200504181415-c4db6731332d h1:R2o7Kw2CJEy2N8ycjDxFTMxU0xp8gsGv7ZjWyR65LQs=
|
||||
github.com/foxcpp/go-dovecot-sasl v0.0.0-20200504181415-c4db6731332d/go.mod h1:5yZUmwr851vgjyAfN7OEfnrmKOh/qLA5dbGelXYsu1E=
|
||||
github.com/foxcpp/go-imap-backend-tests v0.0.0-20200426175250-4110e9b66176 h1:qyze36XjZnwK9geEzr5qlChS8zJgz7L+YZ5O8JNhh90=
|
||||
github.com/foxcpp/go-imap-backend-tests v0.0.0-20200426175250-4110e9b66176/go.mod h1:yUISYv/uXLQ6tQZcds/p/hdcZ5JzrEUifyED2VffWpc=
|
||||
github.com/foxcpp/go-imap-i18nlevel v0.0.0-20200208001533-d6ec88553005 h1:pfoFtkTTQ473qStSN79jhCFBWqMQt/3DQ3NGuXvT+50=
|
||||
|
|
|
|||
131
internal/auth/dovecot_sasl/dovecot_sasl.go
Normal file
131
internal/auth/dovecot_sasl/dovecot_sasl.go
Normal file
|
|
@ -0,0 +1,131 @@
|
|||
package dovecotsasl
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"net"
|
||||
|
||||
"github.com/emersion/go-sasl"
|
||||
dovecotsasl "github.com/foxcpp/go-dovecot-sasl"
|
||||
"github.com/foxcpp/maddy/internal/auth"
|
||||
"github.com/foxcpp/maddy/internal/config"
|
||||
"github.com/foxcpp/maddy/internal/log"
|
||||
"github.com/foxcpp/maddy/internal/module"
|
||||
)
|
||||
|
||||
type Auth struct {
|
||||
instName string
|
||||
serverEndpoint string
|
||||
log log.Logger
|
||||
|
||||
network string
|
||||
addr string
|
||||
|
||||
mechanisms map[string]dovecotsasl.Mechanism
|
||||
}
|
||||
|
||||
const modName = "dovecot_sasl"
|
||||
|
||||
func New(_, instName string, _, inlineArgs []string) (module.Module, error) {
|
||||
a := &Auth{
|
||||
instName: instName,
|
||||
log: log.Logger{Name: modName, Debug: log.DefaultLogger.Debug},
|
||||
}
|
||||
|
||||
switch len(inlineArgs) {
|
||||
case 0:
|
||||
case 1:
|
||||
a.serverEndpoint = inlineArgs[0]
|
||||
default:
|
||||
return nil, fmt.Errorf("%s: one or none arguments needed", modName)
|
||||
}
|
||||
|
||||
return a, nil
|
||||
}
|
||||
|
||||
func (a *Auth) Name() string {
|
||||
return modName
|
||||
}
|
||||
|
||||
func (a *Auth) InstanceName() string {
|
||||
return a.instName
|
||||
}
|
||||
|
||||
func (a *Auth) getConn() (*dovecotsasl.Client, error) {
|
||||
// TODO: Connection pooling
|
||||
conn, err := net.Dial(a.network, a.addr)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("%s: unable to contact server: %v", modName, err)
|
||||
}
|
||||
|
||||
cl, err := dovecotsasl.NewClient(conn)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("%s: unable to contact server: %v", modName, err)
|
||||
}
|
||||
|
||||
return cl, nil
|
||||
}
|
||||
|
||||
func (a *Auth) returnConn(cl *dovecotsasl.Client) {
|
||||
cl.Close()
|
||||
}
|
||||
|
||||
func (a *Auth) Init(cfg *config.Map) error {
|
||||
cfg.String("endpoint", false, false, a.serverEndpoint, &a.serverEndpoint)
|
||||
if _, err := cfg.Process(); err != nil {
|
||||
return err
|
||||
}
|
||||
if a.serverEndpoint == "" {
|
||||
return fmt.Errorf("%s: missing server endpoint", modName)
|
||||
}
|
||||
|
||||
endp, err := config.ParseEndpoint(a.serverEndpoint)
|
||||
if err != nil {
|
||||
return fmt.Errorf("%s: invalid server endpoint: %v", modName, err)
|
||||
}
|
||||
if endp.Path == "" {
|
||||
return fmt.Errorf("%s: unexpected path in endpoint ", modName)
|
||||
}
|
||||
|
||||
// Dial once to check usability and also to get list of mechanisms.
|
||||
conn, err := net.Dial(endp.Scheme, endp.Address())
|
||||
if err != nil {
|
||||
return fmt.Errorf("%s: unable to contact server: %v", modName, err)
|
||||
}
|
||||
|
||||
cl, err := dovecotsasl.NewClient(conn)
|
||||
if err != nil {
|
||||
return fmt.Errorf("%s: unable to contact server: %v", modName, err)
|
||||
}
|
||||
|
||||
defer cl.Close()
|
||||
a.mechanisms = cl.ConnInfo().Mechs
|
||||
|
||||
a.network = endp.Scheme
|
||||
a.addr = endp.Address()
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
func (a *Auth) AuthPlain(username, password string) error {
|
||||
if _, ok := a.mechanisms[sasl.Plain]; ok {
|
||||
cl, err := a.getConn()
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
// Pretend it is SMTP even though we really don't know.
|
||||
// We also have no connection information to pass to the server...
|
||||
return cl.Do("SMTP", sasl.NewPlainClient("", username, password))
|
||||
}
|
||||
if _, ok := a.mechanisms[sasl.Login]; ok {
|
||||
cl, err := a.getConn()
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
// Pretend it is SMTP even though we really don't know.
|
||||
return cl.Do("SMTP", sasl.NewLoginClient(username, password))
|
||||
}
|
||||
|
||||
return auth.ErrUnsupportedMech
|
||||
}
|
||||
1
maddy.go
1
maddy.go
|
|
@ -19,6 +19,7 @@ import (
|
|||
parser "github.com/foxcpp/maddy/pkg/cfgparser"
|
||||
|
||||
// Import packages for side-effect of module registration.
|
||||
_ "github.com/foxcpp/maddy/internal/auth/dovecot_sasl"
|
||||
_ "github.com/foxcpp/maddy/internal/auth/external"
|
||||
_ "github.com/foxcpp/maddy/internal/auth/pam"
|
||||
_ "github.com/foxcpp/maddy/internal/auth/pass_table"
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue