fix set rspamd worker password

data/Dockerfiles/dockerapi/dockerapi.py

@@ -494,27 +494,14 @@ class DockerUtils:
       for container in (await self.docker_client.containers.list()):
         if container._id == container_id:
           
-          cmd = "/usr/bin/rspamadm pw -e -p '" + request_json['raw'].replace("'", "'\\''") + "' 2> /dev/null"
+          cmd = "./set_worker_password.sh '" + request_json['raw'].replace("'", "'\\''") + "' 2> /dev/null"
           rspamd_password_exec = await container.exec(cmd, user='_rspamd')  
           async with rspamd_password_exec.start(detach=False) as stream:
             rspamd_password_return = await stream.read_out()
 
-          matched = False
+          if "OK" in rspamd_password_return.data.decode('utf-8'):
-          for line in rspamd_password_return.data.decode('utf-8').split("\n"):
+            matched = True
-            if '$2$' in line:
+            await container.restart()
-              hash = line.strip()
-              hash_out = re.search('\$2\$.+$', hash).group(0)
-              rspamd_passphrase_hash = re.sub('[^0-9a-zA-Z\$]+', '', hash_out.rstrip())
-
-              rspamd_password_filename = "/etc/rspamd/override.d/worker-controller-password.inc"
-              cmd = '''/bin/echo 'enable_password = "%s";' > %s && cat %s''' % (rspamd_passphrase_hash, rspamd_password_filename, rspamd_password_filename)
-              rspamd_password_exec = await container.exec(cmd, user='_rspamd')  
-              async with rspamd_password_exec.start(detach=False) as stream:
-                rspamd_password_return = await stream.read_out()
-
-              if rspamd_passphrase_hash.startswith("$2$") and rspamd_passphrase_hash in rspamd_password_return.data.decode('utf-8'):
-                await container.restart()
-                matched = True
 
           if matched:
             res = {

data/Dockerfiles/rspamd/Dockerfile

@@ -26,6 +26,7 @@ RUN apt-get update && apt-get install -y \
 
 COPY settings.conf /etc/rspamd/settings.conf
 COPY metadata_exporter.lua /usr/share/rspamd/plugins/metadata_exporter.lua
+COPY set_worker_password.sh /set_worker_password.sh
 COPY docker-entrypoint.sh /docker-entrypoint.sh
 
 ENTRYPOINT ["/docker-entrypoint.sh"]

data/Dockerfiles/rspamd/set_worker_password.sh

@@ -0,0 +1,12 @@
+#!/bin/bash
+
+password_file='/etc/rspamd/override.d/worker-controller-password.inc'
+password_hash=`/usr/bin/rspamadm pw -e -p $1`
+
+echo 'enable_password = "'$password_hash'";' > $password_file
+
+if grep -q "$password_hash" "$password_file"; then
+    echo "OK"
+else
+    echo "ERROR"
+fi

docker-compose.yml

@@ -76,7 +76,7 @@ services:
             - clamd
 
     rspamd-mailcow:
-      image: mailcow/rspamd:1.90
+      image: mailcow/rspamd:1.91
       stop_grace_period: 30s
       depends_on:
         - dovecot-mailcow
@@ -509,7 +509,7 @@ services:
             - watchdog
 
     dockerapi-mailcow:
-      image: mailcow/dockerapi:1.43
+      image: mailcow/dockerapi:1.44
       security_opt:
         - label=disable
       restart: always