github-com-docker-mailserver/docker-mailserver
1
0
Fork 0
mirror of https://github.com/docker-mailserver/docker-mailserver.git synced 2024-01-19 02:48:50 +00:00
Code Issues Projects Releases Wiki Activity

Protect user db with flock

Browse source
This commit is contained in:
Erik Wramner 2019-08-01 19:39:25 +02:00
parent d6861881ab
commit 81e9c7dcff
5 changed files with 68 additions and 38 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

17
target/bin/addmailuser
View file

@ -22,13 +22,20 @@ escape() {
[ -z "$USER" ] && { usage; errex "no username specified"; } [ -z "$USER" ] && { usage; errex "no username specified"; }
expr index "$USER" "@" >/dev/null || { usage; errex "username must include the domain"; } expr index "$USER" "@" >/dev/null || { usage; errex "username must include the domain"; }
grep -qi "^$(escape "$USER")|" $DATABASE 2>/dev/null && # Protect config file with lock to avoid race conditions
touch $DATABASE
(
flock -e 200
grep -qi "^$(escape "$USER")|" $DATABASE 2>/dev/null &&
errex "User \"$USER\" already exists" errex "User \"$USER\" already exists"
if [ -z "$PASSWD" ]; then if [ -z "$PASSWD" ]; then
read -s -p "Enter Password: " PASSWD read -s -p "Enter Password: " PASSWD
echo echo
[ -z "$PASSWD" ] && errex "Password must not be empty" [ -z "$PASSWD" ] && errex "Password must not be empty"
fi fi
HASH="$(doveadm pw -s SHA512-CRYPT -u "$USER" -p "$PASSWD")"
echo "$USER|$HASH" >> $DATABASE HASH="$(doveadm pw -s SHA512-CRYPT -u "$USER" -p "$PASSWD")"
echo "$USER|$HASH" >> $DATABASE
) 200<$DATABASE

12
target/bin/delmailuser
View file

@ -33,8 +33,12 @@ shift $((OPTIND-1))
[ -z "$@" ] && { usage; errex "No user specifed"; } [ -z "$@" ] && { usage; errex "No user specifed"; }
[ -s "$DATABASE" ] || exit 0 [ -s "$DATABASE" ] || exit 0
for USER in "$@"; do # Protect config file with lock to avoid race conditions
#very simple plausibility check (
flock -e 200
for USER in "$@"; do
# very simple plausibility check
[[ "$USER" != *"@"*"."* ]] && errex "No valid address: $USER" [[ "$USER" != *"@"*"."* ]] && errex "No valid address: $USER"
MAILARR=(${USER//@/ }) MAILARR=(${USER//@/ })
# XXX $USER must not contain /s and other syntactic characters # XXX $USER must not contain /s and other syntactic characters
@ -54,4 +58,6 @@ for USER in "$@"; do
[ "$MAILDEL" != "y" ] && errex "Leaving the maildir untouched. If you want to delete it at a later point use \"sudo docker exec mail rm -R /var/mail/${MAILARR[1]}/${MAILARR[0]}\"" [ "$MAILDEL" != "y" ] && errex "Leaving the maildir untouched. If you want to delete it at a later point use \"sudo docker exec mail rm -R /var/mail/${MAILARR[1]}/${MAILARR[0]}\""
rm -r -f /var/mail/${MAILARR[1]}/${MAILARR[0]} rm -r -f /var/mail/${MAILARR[1]}/${MAILARR[0]}
[ $? = 0 ] && echo "Maildir deleted." || errex "Maildir couldn't be deleted: $?" [ $? = 0 ] && echo "Maildir deleted." || errex "Maildir couldn't be deleted: $?"
done done
) 200<$DATABASE

7
target/bin/listmailuser
View file

@ -10,4 +10,9 @@ errex() {
[ -f $DATABASE ] || errex "No postfix-accounts.cf file" [ -f $DATABASE ] || errex "No postfix-accounts.cf file"
[ -s $DATABASE ] || errex "Empty postfix-accounts.cf - no users have been added" [ -s $DATABASE ] || errex "Empty postfix-accounts.cf - no users have been added"
awk -F '|' '{ print $1; }' $DATABASE # Lock database even though we are only reading
(
flock -e 200
awk -F '|' '{ print $1; }' $DATABASE
) 200<$DATABASE

10
target/bin/updatemailuser
View file

@ -27,7 +27,13 @@ if [ -z "$PASSWD" ]; then
[ -z "$PASSWD" ] && errex "Password must not be empty" [ -z "$PASSWD" ] && errex "Password must not be empty"
fi fi
HASH="$(doveadm pw -s SHA512-CRYPT -u "$USER" -p "$PASSWD")" HASH="$(doveadm pw -s SHA512-CRYPT -u "$USER" -p "$PASSWD")"
grep -qi "^$(escape "$USER")|" $DATABASE 2>/dev/null ||
# Protect config file with lock to avoid race conditions
(
flock -e 200
grep -qi "^$(escape "$USER")|" $DATABASE 2>/dev/null ||
errex "User \"$USER\" does not exist" errex "User \"$USER\" does not exist"
sed -i "s ^"$USER"|.* "$USER"|"$HASH" " $DATABASE sed -i "s ^"$USER"|.* "$USER"|"$HASH" " $DATABASE
) 200<$DATABASE

12
target/check-for-changes.sh
View file

@ -37,8 +37,7 @@ for file in postfix-accounts.cf postfix-virtual.cf postfix-aliases.cf; do
done done
# Wait to make sure server is up before we start # Wait to make sure server is up before we start
# Plus the files have just been generated, no hurry to process changes sleep 10
sleep 20
# Run forever # Run forever
while true; do while true; do
@ -46,7 +45,7 @@ while true; do
# recreate logdate # recreate logdate
log_date=$(date +"%Y-%m-%d %H:%M:%S ") log_date=$(date +"%Y-%m-%d %H:%M:%S ")
# Get chksum and check it. # Get chksum and check it, no need to lock config yet
chksum=$(sha512sum -c --ignore-missing $CHKSUM_FILE) chksum=$(sha512sum -c --ignore-missing $CHKSUM_FILE)
if [[ $chksum == *"FAIL"* ]]; then if [[ $chksum == *"FAIL"* ]]; then
@ -57,6 +56,11 @@ if [[ $chksum == *"FAIL"* ]]; then
# Also note that changes are performed in place and are not atomic # Also note that changes are performed in place and are not atomic
# We should fix that and write to temporary files, stop, swap and start # We should fix that and write to temporary files, stop, swap and start
# Lock configuration while working
# Not fixing indentation yet to reduce diff (fix later in separate commit)
(
flock -e 200
#regen postix aliases. #regen postix aliases.
echo "root: ${PM_ADDRESS}" > /etc/aliases echo "root: ${PM_ADDRESS}" > /etc/aliases
if [ -f /tmp/docker-mailserver/postfix-aliases.cf ]; then if [ -f /tmp/docker-mailserver/postfix-aliases.cf ]; then
@ -195,6 +199,8 @@ if [[ $chksum == *"FAIL"* ]]; then
echo "${log_date} Update checksum" echo "${log_date} Update checksum"
sha512sum ${cf_files[@]/#/--tag } >$CHKSUM_FILE sha512sum ${cf_files[@]/#/--tag } >$CHKSUM_FILE
) 200<postfix-accounts.cf # end lock
fi fi
sleep 1 sleep 1