chasquid: Dovecot support (experimental)

This patch adds dovecot support to the chasquid daemon, using the
internal dovecot library added in previous patches.

Dovecot support is still considered EXPERIMENTAL and may be reverted, or
changed in backwards-incompatible ways.

The patch also adds the corresponding integration test, which brings up
a dovecot server with a custom configuration, and tests chasquid's
authentication against it.  If dovecot is not installed, the test is
skipped.

test/t-11-dovecot/config/chasquid.conf

@@ -0,0 +1,14 @@
+smtp_address: ":1025"
+submission_address: ":1587"
+submission_over_tls_address: ":1465"
+monitoring_address: ":1099"
+
+mail_delivery_agent_bin: "test-mda"
+mail_delivery_agent_args: "%to%"
+
+data_dir: "../.data"
+mail_log_path: "../.logs/mail_log"
+
+dovecot_auth: true
+dovecot_userdb_path: "/tmp/chasquid-dovecot-test/run/auth-userdb"
+dovecot_client_path: "/tmp/chasquid-dovecot-test/run/auth-client"

test/t-11-dovecot/config/dovecot.conf.in

@@ -0,0 +1,45 @@
+base_dir = $ROOT/run/
+log_path = $ROOT/dovecot.log
+ssl = no
+
+default_internal_user = $USER
+default_login_user = $USER
+
+
+passdb {
+	driver = passwd-file
+	args = $ROOT/passwd
+}
+
+userdb {
+	driver = passwd-file
+	args = $ROOT/passwd
+}
+
+service auth {
+	unix_listener auth {
+		mode = 0666
+	}
+}
+
+# Dovecot refuses to start without protocols, so we need to give it one.
+protocols = imap
+
+service imap-login {
+	chroot =
+	inet_listener imap {
+		address = 127.0.0.1
+		port = 0
+	}
+}
+
+service anvil {
+	chroot =
+}
+
+# Turn on debugging information, to help troubleshooting issues.
+auth_verbose = yes
+auth_debug = yes
+auth_debug_passwords = yes
+auth_verbose_passwords = yes
+mail_debug = yes

test/t-11-dovecot/config/passwd

@@ -0,0 +1 @@
+user@srv:{plain}password:1000:1000::/home/user

test/t-11-dovecot/content

@@ -0,0 +1,4 @@
+Subject: Prueba desde el test
+
+Crece desde el test el futuro
+Crece desde el test

test/t-11-dovecot/hosts

@@ -0,0 +1 @@
+srv localhost

test/t-11-dovecot/msmtprc

@@ -0,0 +1,28 @@
+account default
+
+host srv
+port 1587
+
+tls on
+tls_trust_file config/certs/srv/fullchain.pem
+
+from user@srv
+
+auth on
+user user@srv
+password password
+
+account smtpport : default
+port 1025
+
+account subm_tls : default
+port 1465
+tls_starttls off
+
+account baduser : default
+user unknownuser@srv
+password secretpassword
+
+account badpasswd : default
+user user@srv
+password badsecretpassword

test/t-11-dovecot/run.sh

@@ -0,0 +1,73 @@
+#!/bin/bash
+#
+# This test checks that we can use dovecot as an authentication mechanism.
+#
+# Setup:
+#  - chasquid listening on :1025.
+#  - dovecot listening on unix sockets in .dovecot/
+
+set -e
+. $(dirname ${0})/../util/lib.sh
+
+init
+
+if ! dovecot --version > /dev/null; then
+	skip "dovecot not installed"
+	exit 0
+fi
+
+# Create a temporary directory for dovecot to use, and generate the dovecot
+# config based on the template.
+# Note the lenght of the path must be < 100, because unix sockets have a low
+# limitation, so we use a directory in /tmp, which is not ideal, as a
+# workaround.
+export ROOT="/tmp/chasquid-dovecot-test"
+mkdir -p $ROOT $ROOT/run
+rm -f $ROOT/dovecot.log
+
+envsubst < config/dovecot.conf.in > $ROOT/dovecot.conf
+cp -f config/passwd $ROOT/passwd
+
+dovecot -F -c $ROOT/dovecot.conf &
+
+# Early tests: run dovecot-auth-cli for testing purposes. These fail early if
+# there are obvious problems.
+OUT=$(dovecot-auth-cli $ROOT/run/auth exists user@srv || true)
+if [ "$OUT" != "yes" ]; then
+	fail "user does not exist: $OUT"
+fi
+
+OUT=$(dovecot-auth-cli $ROOT/run/auth auth user@srv password || true)
+if [ "$OUT" != "yes" ]; then
+	fail "auth failed: $OUT"
+fi
+
+
+# Set up chasquid, using dovecot as authentication backend.
+generate_certs_for srv
+
+mkdir -p .logs
+chasquid -v=2 --logfile=.logs/chasquid.log --config_dir=config &
+wait_until_ready 1025
+
+# Send an email as user@srv successfully.
+run_msmtp user@srv < content
+wait_for_file .mail/user@srv
+mail_diff content .mail/user@srv
+
+# Fail to send to nobody@srv (user does not exist).
+if run_msmtp nobody@srv < content 2> /dev/null; then
+	fail "successfuly sent an email to a non-existent user"
+fi
+
+# Fail to send from baduser@srv (user does not exist).
+if run_msmtp -a baduser user@srv < content 2> /dev/null; then
+	fail "successfully sent an email with a bad user"
+fi
+
+# Fail to send with an incorrect password.
+if run_msmtp -a badpasswd user@srv < content 2> /dev/null; then
+	fail "successfully sent an email with a bad password"
+fi
+
+success

test/util/lib.sh

@@ -49,6 +49,10 @@ function add_user() {
 		>> .add_user_logs
 }
 
+function dovecot-auth-cli() {
+	go run ${TBASE}/../../cmd/dovecot-auth-cli/dovecot-auth-cli.go "$@"
+}
+
 function run_msmtp() {
 	# msmtp will check that the rc file is only user readable.
 	chmod 600 msmtprc