Handle permission errors gracefully during password auto-upgrade

- Catch PermissionError/IOError when attempting to write password upgrades
- Log uid/euid/gid/egid for debugging permission issues
- Continue authentication even if upgrade fails (non-fatal)
- Apply to global passwords, list admin, moderator, and poster passwords

This prevents authentication failures when the process doesn't have write
permissions to update password files, while still logging the issue for
administrator review.

Author: jared mauch

Mailman/SecurityManager.py

@@ -208,6 +208,21 @@ def cryptmatchp(response, secret):
                         self.password = hash_password(response_str)
                         if save_and_unlock:
                             self.Save()
+                    except (PermissionError, IOError) as e:
+                        # Log permission error but don't fail authentication
+                        # Get uid/euid/gid/egid for debugging
+                        try:
+                            uid = os.getuid()
+                            euid = os.geteuid()
+                            gid = os.getgid()
+                            egid = os.getegid()
+                        except (AttributeError, OSError):
+                            # Fallback if getuid/geteuid not available
+                            uid = euid = gid = egid = 'unknown'
+                        syslog('error',
+                               'Could not auto-upgrade list admin password for %s: %s (uid=%s euid=%s gid=%s egid=%s)',
+                               self.internal_name(), e, uid, euid, gid, egid)
+                        # Continue - authentication still succeeds even if upgrade fails
                     finally:
                         if save_and_unlock:
                             self.Unlock()
@@ -238,6 +253,18 @@ def cryptmatchp(response, secret):
                                 self.mod_password = hash_password(response_str)
                                 if save_and_unlock:
                                     self.Save()
+                            except (PermissionError, IOError) as e:
+                                # Log permission error but don't fail authentication
+                                try:
+                                    uid = os.getuid()
+                                    euid = os.geteuid()
+                                    gid = os.getgid()
+                                    egid = os.getegid()
+                                except (AttributeError, OSError):
+                                    uid = euid = gid = egid = 'unknown'
+                                syslog('error',
+                                       'Could not auto-upgrade moderator password for %s: %s (uid=%s euid=%s gid=%s egid=%s)',
+                                       self.internal_name(), e, uid, euid, gid, egid)
                             finally:
                                 if save_and_unlock:
                                     self.Unlock()
@@ -267,6 +294,18 @@ def cryptmatchp(response, secret):
                                 self.post_password = hash_password(response_str)
                                 if save_and_unlock:
                                     self.Save()
+                            except (PermissionError, IOError) as e:
+                                # Log permission error but don't fail authentication
+                                try:
+                                    uid = os.getuid()
+                                    euid = os.geteuid()
+                                    gid = os.getgid()
+                                    egid = os.getegid()
+                                except (AttributeError, OSError):
+                                    uid = euid = gid = egid = 'unknown'
+                                syslog('error',
+                                       'Could not auto-upgrade poster password for %s: %s (uid=%s euid=%s gid=%s egid=%s)',
+                                       self.internal_name(), e, uid, euid, gid, egid)
                             finally:
                                 if save_and_unlock:
                                     self.Unlock()

Mailman/Utils.py

@@ -843,7 +843,24 @@ def check_global_password(response, siteadmin=True, auto_upgrade=False):
     is_valid, needs_upgrade = verify_password(response, challenge)
     # Auto-upgrade if requested and password is valid but in old format
     if is_valid and needs_upgrade and auto_upgrade:
-        set_global_password(response, siteadmin)
+        try:
+            set_global_password(response, siteadmin)
+        except (PermissionError, IOError) as e:
+            # Log permission error but don't fail authentication
+            # Get uid/euid/gid/egid for debugging
+            try:
+                uid = os.getuid()
+                euid = os.geteuid()
+                gid = os.getgid()
+                egid = os.getegid()
+            except (AttributeError, OSError):
+                # Fallback if getuid/geteuid not available
+                uid = euid = gid = egid = 'unknown'
+            pw_type = 'site admin' if siteadmin else 'list creator'
+            syslog('error',
+                   'Could not auto-upgrade %s password: %s (uid=%s euid=%s gid=%s egid=%s)',
+                   pw_type, e, uid, euid, gid, egid)
+            # Continue - authentication still succeeds even if upgrade fails
     return is_valid