[Dovecot] [checkpassword] I can't get a password from fd3

Durk Strooisma durk at kern.nl
Tue Jan 13 14:33:06 EET 2009 

Thanks for the example and your info about fd4.

Durk

> Durk Strooisma wrote:
>> Okay, thanks for verifying. What kind of scripting language would you
>> suggest for checkpassword instead?
>
> Perl works for me. Extract from such script:
>
>    use constant CHECKPASSWORD_MAX_LEN => 512;
>    [...]
>    my $input = IO::Handle->new_from_fd(3, "r");
>    if (not defined $input) {
>        internal_error('read_from_dovecot - getting file descriptor
>        failed'); return;
>    }
>    my $length = undef;
>    my $buffer = '';
>    do {
>        $length = $input->read($buffer, CHECKPASSWORD_MAX_LEN -
>        length($buffer), length($buffer)) ; if ($input->error or not
>        defined $length) {
>            internal_error('read_from_dovecot - read failed');
>            $input->close;
>            return;
>        }
>    } while ($length != 0);
>    $input->close;
>    my ($user, $password, $rest) = split /\0/, $buffer, 3;
>    [...]
>
> It is also possible to skip the execution of "checkpassword-reply".
> Assuming that dovecot will never change the protocol it expects from
> "checkpassword-reply", it is possible to write the reply to
> filedescriptor 4 in your script directly and skip invocation of the
> intermediate program. Works great.
>
> Extract from such script:
>
>    # Exit Codes
>    use constant AUTH_OK => 0;
>    use constant AUTH_FAIL => 1;
>    use constant AUTH_ERROR => 111;
>    [...]
>    my $output = IO::Handle->new_from_fd(4, "w");
>    if (not defined $output) {
>        internal_error('write_to_dovecot - getting filedescriptor
>        failed'); return;
>    }
>    $output->autoflush(1);
>
>    # Returning Username and Homedir to dovecot
>    my $response = "user=${user}\tuserdb_home=${homedir}\t";
>
>    $output->print($response);
>    if ($output->error) {
>        internal_error('write_to_dovecot - write failed');
>    }
>    $output->close;
>    [...]
>
> Exit your script with appropriate Exit Code (see constant definition
> above).
>
> As dovecot does not provide RADIUS as authentication mechanism, I'm
> using CheckPassword interface with a perl script to ask a list of
> RADIUS servers and return everything which is necessary back to dovecot
> (-> userdb prefetch).
>
> Heiko
>
> Heiko Schlichting          Freie Universität Berlin
> heiko at CIS.FU-Berlin.DE     Zentraleinrichtung für Datenverarbeitung
> (ZEDAT) Telefon +49 30 838-54327   Fabeckstraße 32
> Telefax +49 30 838454327   14195 Berlin

More information about the dovecot mailing list