diff options
| author | Jannis M. Hoffmann <jannis@fehcom.de> | 2024-03-17 13:47:52 +0100 |
|---|---|---|
| committer | Jannis M. Hoffmann <jannis@fehcom.de> | 2024-03-17 13:47:52 +0100 |
| commit | 9090f3a157b598fc79f0f279316adf5c84e6bbd7 (patch) | |
| tree | 23fa340bef0f0de8550fd952fe98710b1e3fe367 | |
| parent | ebff40e10ea7fefd9a84e8709a14048ef288d80a (diff) | |
use a seperate pipe for auth data to the authenticator
| -rwxr-xr-x | script/extract.py | 1 | ||||
| -rwxr-xr-x | script/testauthenticator.py | 2 | ||||
| -rw-r--r-- | src/jwebmail/__init__.py | 2 | ||||
| -rw-r--r-- | src/jwebmail/model/read_mails.py | 28 |
4 files changed, 19 insertions, 14 deletions
diff --git a/script/extract.py b/script/extract.py index 3ab3b53..a54f992 100755 --- a/script/extract.py +++ b/script/extract.py @@ -30,7 +30,6 @@ import re from argparse import ArgumentParser from base64 import b64encode from datetime import datetime -from glob import glob from itertools import islice from mailbox import Maildir, MaildirMessage from os import environ, getpid, path, setuid diff --git a/script/testauthenticator.py b/script/testauthenticator.py index fa7a1ac..faf4f56 100755 --- a/script/testauthenticator.py +++ b/script/testauthenticator.py @@ -10,7 +10,7 @@ VALID_PW = b"12345" def main(): with os.fdopen(3, "rb", buffering=0) as authfd: - inp = authfd.read(511) + inp = authfd.readall() u, p, *r = inp.split(b"\0") if len(r) > 2: diff --git a/src/jwebmail/__init__.py b/src/jwebmail/__init__.py index b1dd7f3..58936df 100644 --- a/src/jwebmail/__init__.py +++ b/src/jwebmail/__init__.py @@ -34,7 +34,7 @@ else: toml_read_file = dict(load=toml_load, text=True) -__version__ = "2.2.0.dev1" +__version__ = "2.2.0.dev2" def validate_config(app): diff --git a/src/jwebmail/model/read_mails.py b/src/jwebmail/model/read_mails.py index e9b6800..482030c 100644 --- a/src/jwebmail/model/read_mails.py +++ b/src/jwebmail/model/read_mails.py @@ -1,4 +1,5 @@ import shlex +import os from subprocess import PIPE, Popen, TimeoutExpired from subprocess import run as subprocess_run @@ -197,12 +198,11 @@ class QMailAuthuser: else: assert False - def _build_arg(self, user_mail_addr, mode): + def _build_arg(self, user_mail_addr, mode, rp): idx = user_mail_addr.find("@") user_name = user_mail_addr[:idx] - return ( - " ".join( + cmdline = " ".join( shlex.quote(str(x)) for x in ( self._authenticator, @@ -213,14 +213,19 @@ class QMailAuthuser: mode, ) ) - + " 3<&0" - ) - def _read_qmauth(self, cmd, args): - popen = Popen(cmd, stdin=PIPE, stdout=PIPE, shell=True, bufsize=0) + if rp != 3: + cmdline += f" 3<&{rp}-" - popen.stdin.write(f"{self._username}\0{self._password}\0\0".encode()) - popen.stdin.flush() + return cmdline + + def _read_qmauth(self, cmd, args, rp, wp): + + popen = Popen(cmd, stdin=PIPE, stdout=PIPE, pass_fds=[rp], shell=True, bufsize=0) + + os.close(rp) + os.write(wp, f"{self._username}\0{self._password}\0\0".encode()) + os.close(wp) r = popen.stdout.read(10) if popen.poll(): raise QMAuthError("qmail-authuser unexpectedly exited", popen.returncode, r) @@ -242,5 +247,6 @@ class QMailAuthuser: raise QMAuthError("got unsuccessful return code by qmail-authuser", rc, inp) def build_and_run(self, mode, args): - cmd = self._build_arg(self._username, mode) - return self._read_qmauth(cmd, args) + (rp, wp) = os.pipe() + cmd = self._build_arg(self._username, mode, rp) + return self._read_qmauth(cmd, args, rp, wp) |