mirror/docker-mailserver
1
1
Fork 0
mirror of https://github.com/docker-mailserver/docker-mailserver synced 2024-12-18 23:14:11 +01:00
Code Issues
master
docker-mailserver/target/scripts/helpers/database/manage/postfix-accounts.sh
Casper d7dab2d20d
feat: Add password confirmation (#4072) 
Co-authored-by: Georg Lauterbach <44545919+georglauterbach@users.noreply.github.com>
2024-06-19 06:10:00 +00:00

112 lines
4.0 KiB
Bash
Raw Permalink Blame History

#!/bin/bash
# Manage DB writes for:
# - DATABASE_ACCOUNTS
# - DATABASE_DOVECOT_MASTERS
# Logic to perform for requested operations handled here:
function _manage_accounts() {
local ACTION=${1}
local DATABASE=${2}
local MAIL_ACCOUNT=${3}
# Only for ACTION 'create' or 'update':
local PASSWD=${4}
_arg_expect_mail_account
_arg_check_mail_account
case "${ACTION}" in
( 'create' | 'update' )
# Fail early before requesting password:
[[ ${ACTION} == 'create' ]] && _account_should_not_exist_yet
[[ ${ACTION} == 'update' ]] && _account_should_already_exist
_password_request_if_missing
local PASSWD_HASH
PASSWD_HASH=$(doveadm pw -s SHA512-CRYPT -u "${MAIL_ACCOUNT}" -p "${PASSWD}")
# Early failure above ensures correct operation => Add (create) or Replace (update):
_db_entry_add_or_replace "${DATABASE}" "${MAIL_ACCOUNT}" "${PASSWD_HASH}"
;;
( 'delete' )
_db_entry_remove "${DATABASE}" "${MAIL_ACCOUNT}"
;;
( * ) # This should not happen if using convenience wrapper methods:
_exit_with_error "Unsupported Action: '${ACTION}'"
;;
esac
}
# Convenience wrappers:
DATABASE_ACCOUNTS='/tmp/docker-mailserver/postfix-accounts.cf'
function _manage_accounts_create { _manage_accounts 'create' "${DATABASE_ACCOUNTS}" "${@}" ; }
function _manage_accounts_update { _manage_accounts 'update' "${DATABASE_ACCOUNTS}" "${@}" ; }
function _manage_accounts_delete { _manage_accounts 'delete' "${DATABASE_ACCOUNTS}" "${@}" ; }
# Dovecot Master account support can leverage the same management logic:
DATABASE_DOVECOT_MASTERS='/tmp/docker-mailserver/dovecot-masters.cf'
function _manage_accounts_dovecotmaster_create { _manage_accounts 'create' "${DATABASE_DOVECOT_MASTERS}" "${@}" ; }
function _manage_accounts_dovecotmaster_update { _manage_accounts 'update' "${DATABASE_DOVECOT_MASTERS}" "${@}" ; }
function _manage_accounts_dovecotmaster_delete { _manage_accounts 'delete' "${DATABASE_DOVECOT_MASTERS}" "${@}" ; }
#
# Validation Methods
#
# These validation helpers rely on:
# - Exteral vars to be declared prior to calling them (MAIL_ACCOUNT, PASSWD, DATABASE).
# - Calling external method '__usage' as part of error handling.
# Also used by setquota, delquota
function _arg_expect_mail_account() {
[[ -z ${MAIL_ACCOUNT} ]] && { __usage ; _exit_with_error 'No account specified' ; }
# Dovecot Master accounts are validated (they are not email addresses):
[[ ${DATABASE} == "${DATABASE_DOVECOT_MASTERS}" ]] && return 0
# Account has both local and domain parts:
[[ ${MAIL_ACCOUNT} =~ .*\@.* ]] || { __usage ; _exit_with_error "'${MAIL_ACCOUNT}' should include the domain (eg: user@example.com)" ; }
}
# Checks the mail account string, e.g. on uppercase letters.
function _arg_check_mail_account() {
if grep -q -E '[[:upper:]]+' <<< "${MAIL_ACCOUNT}"; then
local MAIL_ACCOUNT_NORMALIZED=${MAIL_ACCOUNT,,}
_log 'warn' "Mail account '${MAIL_ACCOUNT}' has uppercase letters and will be normalized to '${MAIL_ACCOUNT_NORMALIZED}'"
MAIL_ACCOUNT=${MAIL_ACCOUNT_NORMALIZED}
fi
}
function _account_should_not_exist_yet() {
__account_already_exists && _exit_with_error "'${MAIL_ACCOUNT}' already exists"
if [[ -f ${DATABASE_VIRTUAL} ]] && grep -q "^${MAIL_ACCOUNT}" "${DATABASE_VIRTUAL}"; then
_exit_with_error "'${MAIL_ACCOUNT}' is already defined as an alias"
fi
}
# Also used by delmailuser, setquota, delquota
function _account_should_already_exist() {
! __account_already_exists && _exit_with_error "'${MAIL_ACCOUNT}' does not exist"
}
function __account_already_exists() {
local DATABASE=${DATABASE:-"${DATABASE_ACCOUNTS}"}
_db_has_entry_with_key "${MAIL_ACCOUNT}" "${DATABASE}"
}
# Also used by addsaslpassword
function _password_request_if_missing() {
local PASSWD_CONFIRM
if [[ -z ${PASSWD} ]]; then
read -r -s -p 'Enter Password: ' PASSWD
echo
[[ -z ${PASSWD} ]] && _exit_with_error 'Password must not be empty'
read -r -s -p 'Confirm Password: ' PASSWD_CONFIRM
echo
[[ ${PASSWD} != "${PASSWD_CONFIRM}" ]] && _exit_with_error 'Passwords do not match!'
fi
}
View Git Blame Copy Permalink