From 9090f3a157b598fc79f0f279316adf5c84e6bbd7 Mon Sep 17 00:00:00 2001
From: "Jannis M. Hoffmann" <jannis@fehcom.de>
Date: Sun, 17 Mar 2024 13:47:52 +0100
Subject: use a seperate pipe for auth data to the authenticator

---
 src/jwebmail/__init__.py         |  2 +-
 src/jwebmail/model/read_mails.py | 28 +++++++++++++++++-----------
 2 files changed, 18 insertions(+), 12 deletions(-)

(limited to 'src/jwebmail')

diff --git a/src/jwebmail/__init__.py b/src/jwebmail/__init__.py
index b1dd7f3..58936df 100644
--- a/src/jwebmail/__init__.py
+++ b/src/jwebmail/__init__.py
@@ -34,7 +34,7 @@ else:
 
     toml_read_file = dict(load=toml_load, text=True)
 
-__version__ = "2.2.0.dev1"
+__version__ = "2.2.0.dev2"
 
 
 def validate_config(app):
diff --git a/src/jwebmail/model/read_mails.py b/src/jwebmail/model/read_mails.py
index e9b6800..482030c 100644
--- a/src/jwebmail/model/read_mails.py
+++ b/src/jwebmail/model/read_mails.py
@@ -1,4 +1,5 @@
 import shlex
+import os
 from subprocess import PIPE, Popen, TimeoutExpired
 from subprocess import run as subprocess_run
 
@@ -197,12 +198,11 @@ class QMailAuthuser:
         else:
             assert False
 
-    def _build_arg(self, user_mail_addr, mode):
+    def _build_arg(self, user_mail_addr, mode, rp):
         idx = user_mail_addr.find("@")
         user_name = user_mail_addr[:idx]
 
-        return (
-            " ".join(
+        cmdline = " ".join(
                 shlex.quote(str(x))
                 for x in (
                     self._authenticator,
@@ -213,14 +213,19 @@ class QMailAuthuser:
                     mode,
                 )
             )
-            + " 3<&0"
-        )
 
-    def _read_qmauth(self, cmd, args):
-        popen = Popen(cmd, stdin=PIPE, stdout=PIPE, shell=True, bufsize=0)
+        if rp != 3:
+            cmdline += f" 3<&{rp}-"
 
-        popen.stdin.write(f"{self._username}\0{self._password}\0\0".encode())
-        popen.stdin.flush()
+        return cmdline
+
+    def _read_qmauth(self, cmd, args, rp, wp):
+
+        popen = Popen(cmd, stdin=PIPE, stdout=PIPE, pass_fds=[rp], shell=True, bufsize=0)
+
+        os.close(rp)
+        os.write(wp, f"{self._username}\0{self._password}\0\0".encode())
+        os.close(wp)
         r = popen.stdout.read(10)
         if popen.poll():
             raise QMAuthError("qmail-authuser unexpectedly exited", popen.returncode, r)
@@ -242,5 +247,6 @@ class QMailAuthuser:
             raise QMAuthError("got unsuccessful return code by qmail-authuser", rc, inp)
 
     def build_and_run(self, mode, args):
-        cmd = self._build_arg(self._username, mode)
-        return self._read_qmauth(cmd, args)
+        (rp, wp) = os.pipe()
+        cmd = self._build_arg(self._username, mode, rp)
+        return self._read_qmauth(cmd, args, rp, wp)
-- 
cgit v1.2.3