userdb: Add support for receive-only users

Some use cases, like receive-only MTAs, need domain users for receiving emails, but have no real need for passwords since they will never use submission. Today, that is not supported, and those use-cases require the administrator to come up with a password unnecessarily, adding complexity and possibly risk. This patch implements "receive-only users", which don't have a valid password, thus exist for the purposes of delivering mail, but always fail authentication. See https://github.com/albertito/chasquid/issues/44 for more details and rationale. Thanks to xavierg who suggested this feature on IRC.
2025-12-17 14:37:02 +00:00 · 2023-12-03 00:12:46 +00:00
parent dbff2f0455
commit 83ae4c3478
9 changed files with 213 additions and 47 deletions
--- a/cmd/chasquid-util/chasquid-util.go
+++ b/cmd/chasquid-util/chasquid-util.go
@@ -29,7 +29,7 @@ import (
 // Usage to show users on --help or invocation errors.
 const usage = `
 Usage:
-  chasquid-util [options] user-add <user@domain> [--password=<password>]
+  chasquid-util [options] user-add <user@domain> [--password=<password>] [--receive_only]
  chasquid-util [options] user-remove <user@domain>
  chasquid-util [options] authenticate <user@domain> [--password=<password>]
  chasquid-util [options] check-userdb <domain>
@@ -140,12 +140,25 @@ func checkUserDB() {
 	fmt.Println("Database loaded")
 }

-// chasquid-util user-add <user@domain> [--password=<password>]
+// chasquid-util user-add <user@domain> [--password=<password>] [--receive_only]
 func userAdd() {
 	user, _, db := userDBFromArgs(true)
-	password := getPassword()

-	err := db.AddUser(user, password)
+	_, recvOnly := args["--receive_only"]
+	_, hasPassword := args["--password"]
+
+	if recvOnly && hasPassword {
+		Fatalf("Cannot specify both --receive_only and --password")
+	}
+
+	var err error
+	if recvOnly {
+		err = db.AddDeniedUser(user)
+	} else {
+		password := getPassword()
+		err = db.AddUser(user, password)
+	}
+
 	if err != nil {
 		Fatalf("Error adding user: %v", err)
 	}
--- a/cmd/chasquid-util/test.sh
+++ b/cmd/chasquid-util/test.sh
@@ -34,6 +34,17 @@ if ! r user-add user@domain --password=passwd > /dev/null; then
 fi
 check_userdb

+if ! r user-add denied@domain --receive_only > /dev/null; then
+	echo user-add --receive_only failed
+	exit 1
+fi
+check_userdb
+
+if r user-add xxx@domain --password=passwd --receive_only > /dev/null; then
+	echo user-add --password --receive_only worked
+	exit 1
+fi
+
 if ! r authenticate user@domain --password=passwd > /dev/null; then
 	echo authenticate failed
 	exit 1
@@ -44,6 +55,11 @@ if r authenticate user@domain --password=abcd > /dev/null; then
 	exit 1
 fi

+if r authenticate denied@domain --password=abcd > /dev/null; then
+	echo authenticate on a no-submission user worked
+	exit 1
+fi
+
 # Interactive authentication.
 # Need to wrap the execution under "script" since the interaction requires an
 # actual TTY, and that's a fairly portable way to do that.