Exit if there's an error reading users/aliases files on startup

Today, when starting up, if there's an error reading the users or aliases files, we only log but do not exit. And then those files will not be attempted to be read on the periodic reload. We also treat "file does not exist" as an error for users file, but not aliases file, resulting in inconsistent behaviour between the two. All of this makes some classes of problems (like permission errors) more difficult to spot and troubleshoot. For example, https://github.com/albertito/chasquid/issues/55. So this patch makes errors reading users/aliases files on startup a fatal error, and also unifies the "file does not exist" behaviour to make it not an error in both cases. Note that the behaviour on the periodic reload is unchanged: treat these errors as fatal too. This may be changed in future patches.
2026-01-08 17:51:57 +00:00 · 2024-05-10 09:11:35 +01:00
parent 0414af09b4
commit e6a9410377
15 changed files with 99 additions and 25 deletions
--- a/internal/aliases/aliases.go
+++ b/internal/aliases/aliases.go
@@ -345,7 +345,8 @@ func (v *Resolver) AddDomain(domain string) {
 }

 // AddAliasesFile to the resolver. The file will be parsed, and an error
-// returned if it does not exist or parse correctly.
+// returned if it does not parse correctly.  Note that the file not existing
+// does NOT result in an error.
 func (v *Resolver) AddAliasesFile(domain, path string) error {
 	// We unconditionally add the domain and file on our list.
 	// Even if the file does not exist now, it may later. This makes it be
--- a/internal/smtpsrv/server.go
+++ b/internal/smtpsrv/server.go
@@ -132,9 +132,13 @@ func (s *Server) AddDomain(d string) {
 	s.aliasesR.AddDomain(d)
 }

-// AddUserDB adds a userdb.DB instance as backend for the domain.
-func (s *Server) AddUserDB(domain string, db *userdb.DB) {
-	s.authr.Register(domain, auth.WrapNoErrorBackend(db))
+// AddUserDB adds a userdb file as backend for the domain.
+func (s *Server) AddUserDB(domain, f string) error {
+	// Load the userdb, and register it unconditionally (so reload works even
+	// if there are errors right now).
+	udb, err := userdb.Load(f)
+	s.authr.Register(domain, auth.WrapNoErrorBackend(udb))
+	return err
 }

 // AddAliasesFile adds an aliases file for the given domain.
--- a/internal/smtpsrv/server_test.go
+++ b/internal/smtpsrv/server_test.go
@@ -13,6 +13,7 @@ import (
 	"time"

 	"blitiri.com.ar/go/chasquid/internal/aliases"
+	"blitiri.com.ar/go/chasquid/internal/auth"
 	"blitiri.com.ar/go/chasquid/internal/domaininfo"
 	"blitiri.com.ar/go/chasquid/internal/maillog"
 	"blitiri.com.ar/go/chasquid/internal/testlib"
@@ -671,8 +672,8 @@ func realMain(m *testing.M) int {
 		udb.AddUser("testuser", "testpasswd")
 		s.aliasesR.AddAliasForTesting(
 			"to@localhost", "testuser@localhost", aliases.EMAIL)
+		s.authr.Register("localhost", auth.WrapNoErrorBackend(udb))
 		s.AddDomain("localhost")
-		s.AddUserDB("localhost", udb)

 		s.AddDomain("broken")
 		s.authr.Register("broken", &brokenAuthBE{})
--- a/internal/userdb/userdb.go
+++ b/internal/userdb/userdb.go
@@ -33,6 +33,7 @@ import (
 	"crypto/subtle"
 	"errors"
 	"fmt"
+	"os"
 	"sync"

 	"golang.org/x/crypto/scrypt"
@@ -59,8 +60,8 @@ func New(fname string) *DB {
 }

 // Load the database from the given file.
-// Return the database, and a fatal error if the database could not be
-// loaded.
+// Return the database, and an error if the database could not be loaded. If
+// the file does not exist, that is not considered an error.
 func Load(fname string) (*DB, error) {
 	db := New(fname)
 	err := protoio.ReadTextMessage(fname, db.db)
@@ -72,6 +73,12 @@ func Load(fname string) (*DB, error) {
 		db.db = &ProtoDB{Users: map[string]*Password{}}
 	}

+	if os.IsNotExist(err) {
+		// If the file does not exist now, it is not an error, as it might
+		// exist later and we want to be able to read it.
+		err = nil
+	}
+
 	return db, err
 }

--- a/internal/userdb/userdb_test.go
+++ b/internal/userdb/userdb_test.go
@@ -293,14 +293,14 @@ func TestReload(t *testing.T) {
 		t.Errorf("expected 2 users, got %d", len(db.db.Users))
 	}

-	// Cause an even bigger error loading, check the database is not changed.
-	db.fname = "/does/not/exist"
+	// Delete the file (which is not considered an error).
+	os.Remove(fname)
 	err = db.Reload()
-	if err == nil {
-		t.Errorf("expected error, got nil")
+	if err != nil {
+		t.Errorf("unexpected error: %v", err)
 	}
-	if len(db.db.Users) != 2 {
-		t.Errorf("expected 2 users, got %d", len(db.db.Users))
+	if len(db.db.Users) != 0 {
+		t.Errorf("expected 0 users, got %d", len(db.db.Users))
 	}
 }