diff options
author | Jannis M. Hoffmann <jannis@fehcom.de> | 2024-03-17 13:47:52 +0100 |
---|---|---|
committer | Jannis M. Hoffmann <jannis@fehcom.de> | 2024-03-17 13:47:52 +0100 |
commit | 9090f3a157b598fc79f0f279316adf5c84e6bbd7 (patch) | |
tree | 23fa340bef0f0de8550fd952fe98710b1e3fe367 /src/jwebmail/model | |
parent | ebff40e10ea7fefd9a84e8709a14048ef288d80a (diff) |
use a seperate pipe for auth data to the authenticator
Diffstat (limited to 'src/jwebmail/model')
-rw-r--r-- | src/jwebmail/model/read_mails.py | 28 |
1 files changed, 17 insertions, 11 deletions
diff --git a/src/jwebmail/model/read_mails.py b/src/jwebmail/model/read_mails.py index e9b6800..482030c 100644 --- a/src/jwebmail/model/read_mails.py +++ b/src/jwebmail/model/read_mails.py @@ -1,4 +1,5 @@ import shlex +import os from subprocess import PIPE, Popen, TimeoutExpired from subprocess import run as subprocess_run @@ -197,12 +198,11 @@ class QMailAuthuser: else: assert False - def _build_arg(self, user_mail_addr, mode): + def _build_arg(self, user_mail_addr, mode, rp): idx = user_mail_addr.find("@") user_name = user_mail_addr[:idx] - return ( - " ".join( + cmdline = " ".join( shlex.quote(str(x)) for x in ( self._authenticator, @@ -213,14 +213,19 @@ class QMailAuthuser: mode, ) ) - + " 3<&0" - ) - def _read_qmauth(self, cmd, args): - popen = Popen(cmd, stdin=PIPE, stdout=PIPE, shell=True, bufsize=0) + if rp != 3: + cmdline += f" 3<&{rp}-" - popen.stdin.write(f"{self._username}\0{self._password}\0\0".encode()) - popen.stdin.flush() + return cmdline + + def _read_qmauth(self, cmd, args, rp, wp): + + popen = Popen(cmd, stdin=PIPE, stdout=PIPE, pass_fds=[rp], shell=True, bufsize=0) + + os.close(rp) + os.write(wp, f"{self._username}\0{self._password}\0\0".encode()) + os.close(wp) r = popen.stdout.read(10) if popen.poll(): raise QMAuthError("qmail-authuser unexpectedly exited", popen.returncode, r) @@ -242,5 +247,6 @@ class QMailAuthuser: raise QMAuthError("got unsuccessful return code by qmail-authuser", rc, inp) def build_and_run(self, mode, args): - cmd = self._build_arg(self._username, mode) - return self._read_qmauth(cmd, args) + (rp, wp) = os.pipe() + cmd = self._build_arg(self._username, mode, rp) + return self._read_qmauth(cmd, args, rp, wp) |