From b95bf5848897730e825459282bc688494af713d1 Mon Sep 17 00:00:00 2001
From: Antoine Nguyen <tonio@ngyn.org>
Date: Tue, 16 Sep 2025 15:40:27 +0200
Subject: [PATCH] Configuration fixes

---
 modoboa_installer/scripts/dovecot.py          |  6 ++--
 .../files/dovecot/2.4/conf.d/10-auth.conf     |  2 +-
 .../dovecot/2.4/conf.d/10-master.conf.tpl     |  7 +++++
 .../files/dovecot/2.4/conf.d/20-imap.conf     |  3 +-
 .../2.4/conf.d/30-dict-server.conf.tpl        | 11 +++++--
 .../2.4/conf.d/auth-master-mysql.conf.ext.tpl | 28 +++++++++++++++++
 .../conf.d/auth-master-postgres.conf.ext.tpl  | 30 +++++++++++++++++++
 .../2.4/conf.d/auth-sql-postgres.conf.ext.tpl | 10 ++++---
 8 files changed, 85 insertions(+), 12 deletions(-)
 create mode 100644 modoboa_installer/scripts/files/dovecot/2.4/conf.d/auth-master-mysql.conf.ext.tpl
 create mode 100644 modoboa_installer/scripts/files/dovecot/2.4/conf.d/auth-master-postgres.conf.ext.tpl

diff --git a/modoboa_installer/scripts/dovecot.py b/modoboa_installer/scripts/dovecot.py
index 6d27d96..9ed8a05 100644
--- a/modoboa_installer/scripts/dovecot.py
+++ b/modoboa_installer/scripts/dovecot.py
@@ -67,7 +67,8 @@ class Dovecot(base.Installer):
         files = self.per_version_config_files[version]
         if version == "2.4":
             files += [
-                f"conf.d/auth-sql-{self.dbengine}.conf.ext=conf.d/auth-sql.conf.ext"
+                f"conf.d/auth-sql-{self.dbengine}.conf.ext=conf.d/auth-sql.conf.ext",
+                f"conf.d/auth-master-{self.dbengine}.conf.ext=conf.d/auth-master.conf.ext",
             ]
         else:
             files += [
@@ -166,7 +167,8 @@ class Dovecot(base.Installer):
             "modoboa_2_2_or_greater": "" if self.modoboa_2_2_or_greater else "#",
             "not_modoboa_2_2_or_greater": "" if not self.modoboa_2_2_or_greater else "#",
             "do_move_spam_to_junk": "" if self.app_config["move_spam_to_junk"] else "#",
-            "oauth2_introspection_url": oauth2_introspection_url
+            "oauth2_introspection_url": oauth2_introspection_url,
+            "radicale_user": self.config.get("radicale", "user"),
         })
         return context
 
diff --git a/modoboa_installer/scripts/files/dovecot/2.4/conf.d/10-auth.conf b/modoboa_installer/scripts/files/dovecot/2.4/conf.d/10-auth.conf
index 4227467..f501a88 100644
--- a/modoboa_installer/scripts/files/dovecot/2.4/conf.d/10-auth.conf
+++ b/modoboa_installer/scripts/files/dovecot/2.4/conf.d/10-auth.conf
@@ -112,7 +112,7 @@ auth_mechanisms = plain login oauthbearer xoauth2
 # <https://doc.dovecot.org/latest/core/config/auth/userdb.html>
 
 #!include auth-deny.conf.ext
-#!include auth-master.conf.ext
+!include auth-master.conf.ext
 !include auth-oauth2.conf.ext
 
 #!include auth-system.conf.ext
diff --git a/modoboa_installer/scripts/files/dovecot/2.4/conf.d/10-master.conf.tpl b/modoboa_installer/scripts/files/dovecot/2.4/conf.d/10-master.conf.tpl
index b3a83d4..1566e4a 100644
--- a/modoboa_installer/scripts/files/dovecot/2.4/conf.d/10-master.conf.tpl
+++ b/modoboa_installer/scripts/files/dovecot/2.4/conf.d/10-master.conf.tpl
@@ -145,6 +145,13 @@ service auth {
     group = postfix
   }
 
+  %{radicale_enabled}unix_listener auth-radicale {
+  %{radicale_enabled}  mode = 0666
+  %{radicale_enabled}  user = %{radicale_user}
+  %{radicale_enabled}  group = %{radicale_user}
+  %{radicale_enabled}  type = auth-legacy
+  %{radicale_enabled}}
+
   # Auth process is run as this user.
   #user = $SET:default_internal_user
 }
diff --git a/modoboa_installer/scripts/files/dovecot/2.4/conf.d/20-imap.conf b/modoboa_installer/scripts/files/dovecot/2.4/conf.d/20-imap.conf
index 2827ca6..7000da8 100644
--- a/modoboa_installer/scripts/files/dovecot/2.4/conf.d/20-imap.conf
+++ b/modoboa_installer/scripts/files/dovecot/2.4/conf.d/20-imap.conf
@@ -99,8 +99,7 @@
 protocol imap {
   # Space separated list of plugins to load (default is global mail_plugins).
   mail_plugins {
-    imap_quota = yes
-    imap_sieve = yes
+    quota = yes
   }
 
   # Maximum number of IMAP connections allowed for a user from each IP address.
diff --git a/modoboa_installer/scripts/files/dovecot/2.4/conf.d/30-dict-server.conf.tpl b/modoboa_installer/scripts/files/dovecot/2.4/conf.d/30-dict-server.conf.tpl
index 23996ff..21118bc 100644
--- a/modoboa_installer/scripts/files/dovecot/2.4/conf.d/30-dict-server.conf.tpl
+++ b/modoboa_installer/scripts/files/dovecot/2.4/conf.d/30-dict-server.conf.tpl
@@ -9,13 +9,18 @@
 # "proxy::<name>".
 
 dict_server {
+  pgsql %dbhost {
+    parameters {
+      port = %dbport
+      dbname = %modoboa_dbname
+      user = %modoboa_dbuser
+      password = %modoboa_dbpassword
+    }
+  }
   dict quota {
     driver = sql
     sql_driver = %db_driver
     hostname = %dbhost
-    dbname = %modoboa_dbname
-    user = %modoboa_dbuser
-    password = %modoboa_dbpassword
 
     dict_map priv/quota/storage {
       sql_table = admin_quota
diff --git a/modoboa_installer/scripts/files/dovecot/2.4/conf.d/auth-master-mysql.conf.ext.tpl b/modoboa_installer/scripts/files/dovecot/2.4/conf.d/auth-master-mysql.conf.ext.tpl
new file mode 100644
index 0000000..ec0a1ed
--- /dev/null
+++ b/modoboa_installer/scripts/files/dovecot/2.4/conf.d/auth-master-mysql.conf.ext.tpl
@@ -0,0 +1,28 @@
+# Authentication for master users. Included from auth.conf.
+
+# By adding master=yes setting inside a passdb you make the passdb a list
+# of "master users", who can log in as anyone else.
+# <https://doc.dovecot.org/latest/core/config/auth/master_users.html>
+
+# Example master user passdb using passwd-file. You can use any passdb though.
+#passdb master-passwd-file {
+#  driver = passwd-file
+#  master = yes
+#  passwd_file_path = /etc/dovecot/master-users
+#}
+
+sql_driver = %db_driver
+
+mysql %dbhost {
+  port = %dbport
+  dbname = %modoboa_dbname
+  user = %modoboa_dbuser
+  password = %modoboa_dbpassword
+}
+
+passdb db1 {
+  driver = sql
+  sql_query = SELECT email AS user, password FROM core_user WHERE email='%%{user}' and is_active=1 and master_user=1
+  master = yes
+  result_success = continue
+}
diff --git a/modoboa_installer/scripts/files/dovecot/2.4/conf.d/auth-master-postgres.conf.ext.tpl b/modoboa_installer/scripts/files/dovecot/2.4/conf.d/auth-master-postgres.conf.ext.tpl
new file mode 100644
index 0000000..c4692d7
--- /dev/null
+++ b/modoboa_installer/scripts/files/dovecot/2.4/conf.d/auth-master-postgres.conf.ext.tpl
@@ -0,0 +1,30 @@
+# Authentication for master users. Included from auth.conf.
+
+# By adding master=yes setting inside a passdb you make the passdb a list
+# of "master users", who can log in as anyone else.
+# <https://doc.dovecot.org/latest/core/config/auth/master_users.html>
+
+# Example master user passdb using passwd-file. You can use any passdb though.
+#passdb master-passwd-file {
+#  driver = passwd-file
+#  master = yes
+#  passwd_file_path = /etc/dovecot/master-users
+#}
+
+sql_driver = %db_driver
+
+pgsql %dbhost {
+  parameters {
+    port = %dbport
+    dbname = %modoboa_dbname
+    user = %modoboa_dbuser
+    password = %modoboa_dbpassword
+  }
+}
+
+passdb db1 {
+  driver = sql
+  sql_query = SELECT email AS user, password FROM core_user WHERE email='%%{user}' and is_active and master_user
+  master = yes
+  result_success = continue
+}
diff --git a/modoboa_installer/scripts/files/dovecot/2.4/conf.d/auth-sql-postgres.conf.ext.tpl b/modoboa_installer/scripts/files/dovecot/2.4/conf.d/auth-sql-postgres.conf.ext.tpl
index 9363642..9055dc8 100644
--- a/modoboa_installer/scripts/files/dovecot/2.4/conf.d/auth-sql-postgres.conf.ext.tpl
+++ b/modoboa_installer/scripts/files/dovecot/2.4/conf.d/auth-sql-postgres.conf.ext.tpl
@@ -80,10 +80,12 @@ sql_driver = %db_driver
 # ...
 #}
 pgsql %dbhost {
-  port = %dbport
-  dbname = %modoboa_dbname
-  user = %modoboa_dbuser
-  password = %modoboa_dbpassword
+  parameters {
+    port = %dbport
+    dbname = %modoboa_dbname
+    user = %modoboa_dbuser
+    password = %modoboa_dbpassword
+  }
 }
 
 #passdb sql {