[Dovecot] [checkpassword] I can't get a password from fd3
Heiko Schlichting
dovecot-l at fu-berlin.de
Tue Jan 13 12:42:24 EET 2009
Durk Strooisma wrote:
> Okay, thanks for verifying. What kind of scripting language would you
> suggest for checkpassword instead?
Perl works for me. Extract from such script:
use constant CHECKPASSWORD_MAX_LEN => 512;
[...]
my $input = IO::Handle->new_from_fd(3, "r");
if (not defined $input) {
internal_error('read_from_dovecot - getting file descriptor failed');
return;
}
my $length = undef;
my $buffer = '';
do {
$length = $input->read($buffer, CHECKPASSWORD_MAX_LEN - length($buffer), length($buffer)) ;
if ($input->error or not defined $length) {
internal_error('read_from_dovecot - read failed');
$input->close;
return;
}
} while ($length != 0);
$input->close;
my ($user, $password, $rest) = split /\0/, $buffer, 3;
[...]
It is also possible to skip the execution of "checkpassword-reply".
Assuming that dovecot will never change the protocol it expects from
"checkpassword-reply", it is possible to write the reply to filedescriptor 4
in your script directly and skip invocation of the intermediate program.
Works great.
Extract from such script:
# Exit Codes
use constant AUTH_OK => 0;
use constant AUTH_FAIL => 1;
use constant AUTH_ERROR => 111;
[...]
my $output = IO::Handle->new_from_fd(4, "w");
if (not defined $output) {
internal_error('write_to_dovecot - getting filedescriptor failed');
return;
}
$output->autoflush(1);
# Returning Username and Homedir to dovecot
my $response = "user=${user}\tuserdb_home=${homedir}\t";
$output->print($response);
if ($output->error) {
internal_error('write_to_dovecot - write failed');
}
$output->close;
[...]
Exit your script with appropriate Exit Code (see constant definition above).
As dovecot does not provide RADIUS as authentication mechanism, I'm using
CheckPassword interface with a perl script to ask a list of RADIUS servers and
return everything which is necessary back to dovecot (-> userdb prefetch).
Heiko
Heiko Schlichting Freie Universität Berlin
heiko at CIS.FU-Berlin.DE Zentraleinrichtung für Datenverarbeitung (ZEDAT)
Telefon +49 30 838-54327 Fabeckstraße 32
Telefax +49 30 838454327 14195 Berlin
More information about the dovecot
mailing list