userdb: Add support for receive-only users

Some use cases, like receive-only MTAs, need domain users for receiving
emails, but have no real need for passwords since they will never use
submission.

Today, that is not supported, and those use-cases require the
administrator to come up with a password unnecessarily, adding
complexity and possibly risk.

This patch implements "receive-only users", which don't have a valid
password, thus exist for the purposes of delivering mail, but always
fail authentication.

See https://github.com/albertito/chasquid/issues/44 for more details and
rationale.

Thanks to xavierg who suggested this feature on IRC.

internal/userdb/userdb.go

@@ -123,6 +123,8 @@ func (p *Password) PasswordMatches(plain string) bool {
 		return s.Scrypt.PasswordMatches(plain)
 	case *Password_Plain:
 		return s.Plain.PasswordMatches(plain)
+	case *Password_Denied:
+		return false
 	default:
 		return false
 	}
@@ -164,6 +166,22 @@ func (db *DB) AddUser(name, plainPassword string) error {
 	return nil
 }
 
+// AddDenied to the database. If the user is already present, override it.
+// Note we enforce that the name has been normalized previously.
+func (db *DB) AddDeniedUser(name string) error {
+	if norm, err := normalize.User(name); err != nil || name != norm {
+		return errors.New("invalid username")
+	}
+
+	db.mu.Lock()
+	db.db.Users[name] = &Password{
+		Scheme: &Password_Denied{&Denied{}},
+	}
+	db.mu.Unlock()
+
+	return nil
+}
+
 // RemoveUser from the database. Returns True if the user was there, False
 // otherwise.
 func (db *DB) RemoveUser(name string) bool {