Dovecot 2.4 has a new configuration format, which is unfortunately
backwards-incompatible with Dovecot 2.3.
This patch adds a 2.4-compatible config, and selects which one to use
based on the Dovecot version in the environment.
In the future, once 2.4 becomes more common, we will drop the 2.3 config
from the test.
Note that we don't change the config used in the Docker image, because
that is based on Debian **stable** which is still on 2.3.
Dovecot applies an authentication penalty, where it delays failed attempts.
Because we intentionally do bad authentications for testing, this slows
downs the tests significantly. So this patch disables it.
Dovecot's `state_dir` usually defaults to be at `/var/lib/dovecot`, or a
similar system-wide path.
Under some conditions, our test Dovecot instance can fail, because it's
wanting to write to state_dir, but it is not writeable by us in the test
environment.
This was reported by foxcpp in
https://github.com/albertito/chasquid/issues/28.
This patch fixes the problem by setting a custom state_dir to be within
our testing directory.
Thanks to foxcpp for reporting this problem and suggesting a fix.
In the Dovecot integration test, we can now simplify the configuration
as we assume Dovecot 2.3 is the minimum version supported for testing
(as that's the one from Debian stable at the moment).
Some deployments already have users that authenticate without a domain.
Today, we refuse to even consider those, and reject them at parsing time.
However, it is a use-case worth supporting, at least with some
restrictions that make the complexity manageable.
This patch changes the auth package to support authenticating users
without an "@domain" part.
Those requests will always be directly passed on to the fallback
authenticator, if available.
The dovecot fallback authenticator can already handle this case just fine.
The current dovecot config for integration test t-11-dovecot is not
compatible with dovecot 2.3. There are some new services which want to
change the group owner for some files to the default, and that does not
work when run as non-root.
The errors look like:
master: Error: service(stats): chown(/tmp/chasquid-dovecot-test/run/stats-writer, 4294967295, 127) failed: Operation not permitted
master: Error: service(imap-hibernate): chown(/tmp/chasquid-dovecot-test/run/imap-hibernate, 4294967295, 127) failed: Operation not permitted
master: Error: service(dict): chown(/tmp/chasquid-dovecot-test/run/dict, 4294967295, 127) failed: Operation not permitted
master: Error: service(dict-async): chown(/tmp/chasquid-dovecot-test/run/dict-async, 4294967295, 127) failed: Operation not permitted
master: Fatal: Failed to start listeners
(127 is the "dovecot" user)
So this patch adds some config settings to set the group manually for
these services, which is backwards compatible with 2.2.
Eventually we will stop supporting 2.2 for tests, at which point we can
change to just setting default_internal_group.
Dovecot has options for changing the formatting of usernames; for
example, dropping the domain part, or replacing characters.
chasquid's implementation, however, fails to handle this well, as it
expects the reply to contain the username exactly as requested.
This patch fixes the problem by making chasquid ignoring the returned
username, which is unused anyway. The protocol is unambiguous enough.
Tests are also amended to always exercise this case.
This patch adds dovecot support to the chasquid daemon, using the
internal dovecot library added in previous patches.
Dovecot support is still considered EXPERIMENTAL and may be reverted, or
changed in backwards-incompatible ways.
The patch also adds the corresponding integration test, which brings up
a dovecot server with a custom configuration, and tests chasquid's
authentication against it. If dovecot is not installed, the test is
skipped.
