Return mail_crypt_save_version=2 on responses

485a2b6c · ale · 0f7cdc55 · 485a2b6c · 485a2b6c
Commit 485a2b6c authored 6 years ago by ale
--- a/README.md
+++ b/README.md
@@ -61,6 +61,13 @@ private keys from LDAP, and serve the *unencrypted* keys to Dovecot
 using its [dict proxy
 protocol](https://wiki2.dovecot.org/AuthDatabase/Dict).

+*NOTE* that passdb lookups using *dovecot-keylookupd* contain the
+cleartext password as part of the key, which may be logged in case of
+error! This is currently a huge limitation of this solution, but there
+seems to be no workaround that does not involve switching to a
+fork()-based solution (like the checkpassword script). That might be a
+better solution long-term.
+
 TODO: explain the lookup protocol.

 # Configuration

--- a/dovecot/keyproxy.go
+++ b/dovecot/keyproxy.go
@@ -42,19 +42,41 @@ func (c *Config) check() error {
 	return c.LDAPConfig.Valid()
 }

+// The response returned to userdb lookups. It contains the user's
+// public key as a global key for the mail_crypt plugin, and it sets
+// mail_crypt_save_version to 2. The idea is that you would then set
+// mail_crypt_save_version = 0 in the global Dovecot configuration,
+// which would then disable encryption for users without encryption
+// keys. For details on what this means, see
+// https://wiki2.dovecot.org/Plugins/MailCrypt.
 type userdbResponse struct {
-	PublicKey string `json:"mail_crypt_global_public_key"`
+	PublicKey   string `json:"mail_crypt_global_public_key"`
+	SaveVersion int    `json:"mail_crypt_save_version"`
 }

+func newUserDBResponse(publicKey string) *userdbResponse {
+	return &userdbResponse{
+		PublicKey:   publicKey,
+		SaveVersion: 2,
+	}
+}
+
+// The response returned to passdb lookups. We return the user's
+// private key and the mail_crypt_save_version attribute as userdb
+// parameters (hence the 'userdb_' prefix), and set the noauthenticate
+// bit to inform Dovecot that this lookup is only meant to provide
+// additional data, not authentication.
 type passdbResponse struct {
-	PrivateKey string `json:"userdb_mail_crypt_global_private_key"`
-	NoAuth     bool   `json:"noauthenticate"`
+	PrivateKey  string `json:"userdb_mail_crypt_global_private_key"`
+	SaveVersion int    `json:"userdb_mail_crypt_save_version"`
+	NoAuth      bool   `json:"noauthenticate"`
 }

 func newPassDBResponse(privateKey string) *passdbResponse {
 	return &passdbResponse{
-		PrivateKey: privateKey,
-		NoAuth:     true,
+		PrivateKey:  privateKey,
+		SaveVersion: 2,
+		NoAuth:      true,
 	}
 }

@@ -123,7 +145,7 @@ func (s *KeyLookupProxy) lookupUserdb(ctx context.Context, username string) (int
 		return nil, false, nil
 	}
 	log.Printf("userdb lookup for %s", username)
-	return &userdbResponse{PublicKey: s.b64encode(pub)}, true, nil
+	return newUserDBResponse(s.b64encode(pub)), true, nil
 }

 func (s *KeyLookupProxy) lookupPassdb(ctx context.Context, username, password string) (interface{}, bool, error) {