variable %w recursive expanding
Franz Beslmeisl
franz.beslmeisl at gmail.com
Mon Aug 1 08:47:02 UTC 2022
In order to change the password scheme I wrote a script named
updateproxy that needs the plain text password from the user.
To get that I use the line
password_query = SELECT username as user, password, \
'%w' as userdb_plain_pass FROM auth_user WHERE username='%n'
This works nicely with almost all passwords but not with this one
1234567%&/abcd
the error message being
dovecot: Failed to expand plugin setting plain_pass =
'1234567%&/abcd': Unknown variable '%&'
It seems to me that dovecot tries to do another level of variable
evaluation upon the **value** of the already evaluated variable.
So I searched for ways to escape problematic characters like %
and changed my line to
password_query = SELECT username as user, password, \
'%E{w}' as userdb_plain_pass FROM auth_user WHERE username='%n'
but this produces problems with password values containing quotes.
So how can I get a plain text password containing any ascii char
(or even better any utf-8 char) safely to my script?
Thanks for your suggestions
-------------- here the nasty details, if you want -------------
$ dovecot -n
# 2.3.7.2 (3c910f64b): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.5.7.2 ()
# OS: Linux 5.4.0-122-generic x86_64 Ubuntu 20.04.4 LTS
# Hostname: mx-10-2.bildung.hessen.de
auth_mechanisms = plain login
auth_username_chars =
abcdefghijklmnopqrstuvwxyz_0123456789.ABCDEFGHIJKLMNOPQRSTUVWXYZ-@
lda_mailbox_autocreate = yes
lda_mailbox_autosubscribe = yes
mail_location = maildir:~/Maildir
mail_privileged_group = mail
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope
encoded-character vacation subaddress comparator-i;ascii-numeric
relational regex imap4flags copy include variables body enotify
environment mailbox date index ihave duplicate mime foreverypart extracttext
namespace inbox {
inbox = yes
location =
mailbox Drafts {
auto = subscribe
special_use = \Drafts
}
mailbox Junk {
auto = subscribe
special_use = \Junk
}
mailbox Sent {
auto = subscribe
special_use = \Sent
}
mailbox "Sent Messages" {
special_use = \Sent
}
mailbox Trash {
auto = subscribe
special_use = \Trash
}
prefix =
}
passdb {
# the following file contains a '%w'-line
args = /etc/dovecot/db1.conf
driver = sql
}
passdb {
# the following file contains a '%w'-line
args = /etc/dovecot/db2.conf
driver = sql
}
passdb {
# the following file contains no '%w'-line (just for detail)
args = /etc/dovecot/db3.conf
driver = sql
}
plugin {
sieve = ~/.dovecot.sieve
sieve_dir = ~/sieve
sieve_max_actions = 64
sieve_max_redirects = 16
sieve_max_script_size = 10M
sieve_trace_debug = yes
sieve_user_log = ~/sievelog
sieve_vacation_dont_check_recipient = yes
sieve_vacation_use_original_recipient = yes
}
protocols = imap sieve lmtp
service auth {
unix_listener /var/spool/postfix/private/dovecot-auth {
group = postfix
mode = 0660
user = postfix
}
}
service imap {
executable = imap after-login
}
service lmtp {
unix_listener /var/spool/postfix/private/dovecot-lmtp {
group = postfix
mode = 0660
user = postfix
}
}
service after-login {
executable = script-login /etc/dovecot/updateproxy
user = vmail
}
service stats {
unix_listener stats-reader {
group = mail
mode = 0666
}
unix_listener stats-writer {
group = mail
mode = 0666
}
}
ssl_cert = </etc/dovecot/private/dovecot.pem
ssl_cipher_list = ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP:-SSLv3
ssl_key = # hidden, use -P to show it
ssl_min_protocol = SSLv3
ssl_prefer_server_ciphers = yes
userdb {
args = uid=vmail gid=vmail home=/var/vmail/%n
driver = static
}
protocol lmtp {
mail_plugins = quota sieve
postmaster_address = somebody at somwhere.org
}
protocol lda {
deliver_log_format = msgid=%m: %$
mail_plugins = sieve
postmaster_address = somebody at somehwere.org
quota_full_tempfail = yes
rejection_reason = Your message to <%t> was automatically rejected:%n%r
}
protocol imap {
imap_client_workarounds = delay-newmail
mail_max_userip_connections = 300
}
More information about the dovecot
mailing list