mirror of
https://github.com/docker-mailserver/docker-mailserver.git
synced 2024-01-19 02:48:50 +00:00
Protect user db with flock
This commit is contained in:
parent
d6861881ab
commit
81e9c7dcff
|
@ -22,6 +22,11 @@ escape() {
|
||||||
[ -z "$USER" ] && { usage; errex "no username specified"; }
|
[ -z "$USER" ] && { usage; errex "no username specified"; }
|
||||||
expr index "$USER" "@" >/dev/null || { usage; errex "username must include the domain"; }
|
expr index "$USER" "@" >/dev/null || { usage; errex "username must include the domain"; }
|
||||||
|
|
||||||
|
# Protect config file with lock to avoid race conditions
|
||||||
|
touch $DATABASE
|
||||||
|
(
|
||||||
|
flock -e 200
|
||||||
|
|
||||||
grep -qi "^$(escape "$USER")|" $DATABASE 2>/dev/null &&
|
grep -qi "^$(escape "$USER")|" $DATABASE 2>/dev/null &&
|
||||||
errex "User \"$USER\" already exists"
|
errex "User \"$USER\" already exists"
|
||||||
|
|
||||||
|
@ -30,5 +35,7 @@ if [ -z "$PASSWD" ]; then
|
||||||
echo
|
echo
|
||||||
[ -z "$PASSWD" ] && errex "Password must not be empty"
|
[ -z "$PASSWD" ] && errex "Password must not be empty"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
HASH="$(doveadm pw -s SHA512-CRYPT -u "$USER" -p "$PASSWD")"
|
HASH="$(doveadm pw -s SHA512-CRYPT -u "$USER" -p "$PASSWD")"
|
||||||
echo "$USER|$HASH" >> $DATABASE
|
echo "$USER|$HASH" >> $DATABASE
|
||||||
|
) 200<$DATABASE
|
||||||
|
|
|
@ -33,6 +33,10 @@ shift $((OPTIND-1))
|
||||||
[ -z "$@" ] && { usage; errex "No user specifed"; }
|
[ -z "$@" ] && { usage; errex "No user specifed"; }
|
||||||
[ -s "$DATABASE" ] || exit 0
|
[ -s "$DATABASE" ] || exit 0
|
||||||
|
|
||||||
|
# Protect config file with lock to avoid race conditions
|
||||||
|
(
|
||||||
|
flock -e 200
|
||||||
|
|
||||||
for USER in "$@"; do
|
for USER in "$@"; do
|
||||||
# very simple plausibility check
|
# very simple plausibility check
|
||||||
[[ "$USER" != *"@"*"."* ]] && errex "No valid address: $USER"
|
[[ "$USER" != *"@"*"."* ]] && errex "No valid address: $USER"
|
||||||
|
@ -55,3 +59,5 @@ for USER in "$@"; do
|
||||||
rm -r -f /var/mail/${MAILARR[1]}/${MAILARR[0]}
|
rm -r -f /var/mail/${MAILARR[1]}/${MAILARR[0]}
|
||||||
[ $? = 0 ] && echo "Maildir deleted." || errex "Maildir couldn't be deleted: $?"
|
[ $? = 0 ] && echo "Maildir deleted." || errex "Maildir couldn't be deleted: $?"
|
||||||
done
|
done
|
||||||
|
|
||||||
|
) 200<$DATABASE
|
||||||
|
|
|
@ -10,4 +10,9 @@ errex() {
|
||||||
[ -f $DATABASE ] || errex "No postfix-accounts.cf file"
|
[ -f $DATABASE ] || errex "No postfix-accounts.cf file"
|
||||||
[ -s $DATABASE ] || errex "Empty postfix-accounts.cf - no users have been added"
|
[ -s $DATABASE ] || errex "Empty postfix-accounts.cf - no users have been added"
|
||||||
|
|
||||||
|
# Lock database even though we are only reading
|
||||||
|
(
|
||||||
|
flock -e 200
|
||||||
awk -F '|' '{ print $1; }' $DATABASE
|
awk -F '|' '{ print $1; }' $DATABASE
|
||||||
|
) 200<$DATABASE
|
||||||
|
|
||||||
|
|
|
@ -27,7 +27,13 @@ if [ -z "$PASSWD" ]; then
|
||||||
[ -z "$PASSWD" ] && errex "Password must not be empty"
|
[ -z "$PASSWD" ] && errex "Password must not be empty"
|
||||||
fi
|
fi
|
||||||
HASH="$(doveadm pw -s SHA512-CRYPT -u "$USER" -p "$PASSWD")"
|
HASH="$(doveadm pw -s SHA512-CRYPT -u "$USER" -p "$PASSWD")"
|
||||||
|
|
||||||
|
# Protect config file with lock to avoid race conditions
|
||||||
|
(
|
||||||
|
flock -e 200
|
||||||
|
|
||||||
grep -qi "^$(escape "$USER")|" $DATABASE 2>/dev/null ||
|
grep -qi "^$(escape "$USER")|" $DATABASE 2>/dev/null ||
|
||||||
errex "User \"$USER\" does not exist"
|
errex "User \"$USER\" does not exist"
|
||||||
|
|
||||||
sed -i "s ^"$USER"|.* "$USER"|"$HASH" " $DATABASE
|
sed -i "s ^"$USER"|.* "$USER"|"$HASH" " $DATABASE
|
||||||
|
) 200<$DATABASE
|
||||||
|
|
|
@ -37,8 +37,7 @@ for file in postfix-accounts.cf postfix-virtual.cf postfix-aliases.cf; do
|
||||||
done
|
done
|
||||||
|
|
||||||
# Wait to make sure server is up before we start
|
# Wait to make sure server is up before we start
|
||||||
# Plus the files have just been generated, no hurry to process changes
|
sleep 10
|
||||||
sleep 20
|
|
||||||
|
|
||||||
# Run forever
|
# Run forever
|
||||||
while true; do
|
while true; do
|
||||||
|
@ -46,7 +45,7 @@ while true; do
|
||||||
# recreate logdate
|
# recreate logdate
|
||||||
log_date=$(date +"%Y-%m-%d %H:%M:%S ")
|
log_date=$(date +"%Y-%m-%d %H:%M:%S ")
|
||||||
|
|
||||||
# Get chksum and check it.
|
# Get chksum and check it, no need to lock config yet
|
||||||
chksum=$(sha512sum -c --ignore-missing $CHKSUM_FILE)
|
chksum=$(sha512sum -c --ignore-missing $CHKSUM_FILE)
|
||||||
|
|
||||||
if [[ $chksum == *"FAIL"* ]]; then
|
if [[ $chksum == *"FAIL"* ]]; then
|
||||||
|
@ -57,6 +56,11 @@ if [[ $chksum == *"FAIL"* ]]; then
|
||||||
# Also note that changes are performed in place and are not atomic
|
# Also note that changes are performed in place and are not atomic
|
||||||
# We should fix that and write to temporary files, stop, swap and start
|
# We should fix that and write to temporary files, stop, swap and start
|
||||||
|
|
||||||
|
# Lock configuration while working
|
||||||
|
# Not fixing indentation yet to reduce diff (fix later in separate commit)
|
||||||
|
(
|
||||||
|
flock -e 200
|
||||||
|
|
||||||
#regen postix aliases.
|
#regen postix aliases.
|
||||||
echo "root: ${PM_ADDRESS}" > /etc/aliases
|
echo "root: ${PM_ADDRESS}" > /etc/aliases
|
||||||
if [ -f /tmp/docker-mailserver/postfix-aliases.cf ]; then
|
if [ -f /tmp/docker-mailserver/postfix-aliases.cf ]; then
|
||||||
|
@ -195,6 +199,8 @@ if [[ $chksum == *"FAIL"* ]]; then
|
||||||
|
|
||||||
echo "${log_date} Update checksum"
|
echo "${log_date} Update checksum"
|
||||||
sha512sum ${cf_files[@]/#/--tag } >$CHKSUM_FILE
|
sha512sum ${cf_files[@]/#/--tag } >$CHKSUM_FILE
|
||||||
|
|
||||||
|
) 200<postfix-accounts.cf # end lock
|
||||||
fi
|
fi
|
||||||
|
|
||||||
sleep 1
|
sleep 1
|
||||||
|
|
Loading…
Reference in a new issue