variable %w recursive expanding

Paul Kudla (SCOM.CA Internet Services Inc.) paul at scom.ca
Tue Aug 2 10:04:34 UTC 2022 

ok not what you probably want to hear

c, python etc uses % as a variable indicator along with the next 
character using a format variable (like %s being a string variable)

this is what is causing the issue

Not saying for sure but experience wise i am not familiar with any 
system allowing a % sign in the password now a days ?

could be wrong, i guess it depends on the backbone password fetcher process

even if you could get dovecot (or any c based programming) to allow for 
this clients would probably have similiar issues which there would be no 
real control over.

another charater would also be '\' as it is used to being a delimiter 
for the next character being absolute

along with \x00 (non ascii characters in a string)

again just an experience fyi



Happy Tuesday !!!
Thanks - paul

Paul Kudla


Scom.ca Internet Services <http://www.scom.ca>
004-1009 Byron Street South
Whitby, Ontario - Canada
L1N 4S3

Toronto 416.642.7266
Main 1.866.411.7266
Fax 1.888.892.7266
Email paul at scom.ca

On 8/1/2022 4:47 AM, Franz Beslmeisl wrote:
> 
> In order to change the password scheme I wrote a script named
> updateproxy that needs the plain text password from the user.
> To get that I use the line
> 
>      password_query = SELECT username as user, password, \
>        '%w' as userdb_plain_pass FROM auth_user WHERE username='%n'
> 
> This works nicely with almost all passwords but not with this one
> 
>      1234567%&/abcd
> 
> the error message being
> 
>      dovecot: Failed to expand plugin setting plain_pass =
>        '1234567%&/abcd': Unknown variable '%&'
> 
> It seems to me that dovecot tries to do another level of variable
> evaluation upon the **value** of the already evaluated variable.
> 
> So I searched for ways to escape problematic characters like %
> and changed my line to
> 
>      password_query = SELECT username as user, password, \
>        '%E{w}' as userdb_plain_pass FROM auth_user WHERE username='%n'
> 
> but this produces problems with password values containing quotes.
> 
> So how can I get a plain text password containing any ascii char
> (or even better any utf-8 char) safely to my script?
> 
> Thanks for your suggestions
> 
> 
> 
> -------------- here the nasty details, if you want -------------
> $ dovecot -n
> # 2.3.7.2 (3c910f64b): /etc/dovecot/dovecot.conf
> # Pigeonhole version 0.5.7.2 ()
> # OS: Linux 5.4.0-122-generic x86_64 Ubuntu 20.04.4 LTS
> # Hostname: mx-10-2.bildung.hessen.de
> auth_mechanisms = plain login
> auth_username_chars = 
> abcdefghijklmnopqrstuvwxyz_0123456789.ABCDEFGHIJKLMNOPQRSTUVWXYZ-@
> lda_mailbox_autocreate = yes
> lda_mailbox_autosubscribe = yes
> mail_location = maildir:~/Maildir
> mail_privileged_group = mail
> managesieve_notify_capability = mailto
> managesieve_sieve_capability = fileinto reject envelope 
> encoded-character vacation subaddress comparator-i;ascii-numeric 
> relational regex imap4flags copy include variables body enotify 
> environment mailbox date index ihave duplicate mime foreverypart 
> extracttext
> namespace inbox {
>    inbox = yes
>    location =
>    mailbox Drafts {
>      auto = subscribe
>      special_use = \Drafts
>    }
>    mailbox Junk {
>      auto = subscribe
>      special_use = \Junk
>    }
>    mailbox Sent {
>      auto = subscribe
>      special_use = \Sent
>    }
>    mailbox "Sent Messages" {
>      special_use = \Sent
>    }
>    mailbox Trash {
>      auto = subscribe
>      special_use = \Trash
>    }
>    prefix =
> }
> passdb {
>    # the following file contains a '%w'-line
>    args = /etc/dovecot/db1.conf
>    driver = sql
> }
> passdb {
>    # the following file contains a '%w'-line
>    args = /etc/dovecot/db2.conf
>    driver = sql
> }
> passdb {
>    # the following file contains no '%w'-line (just for detail)
>    args = /etc/dovecot/db3.conf
>    driver = sql
> }
> plugin {
>    sieve = ~/.dovecot.sieve
>    sieve_dir = ~/sieve
>    sieve_max_actions = 64
>    sieve_max_redirects = 16
>    sieve_max_script_size = 10M
>    sieve_trace_debug = yes
>    sieve_user_log = ~/sievelog
>    sieve_vacation_dont_check_recipient = yes
>    sieve_vacation_use_original_recipient = yes
> }
> protocols = imap sieve lmtp
> service auth {
>    unix_listener /var/spool/postfix/private/dovecot-auth {
>      group = postfix
>      mode = 0660
>      user = postfix
>    }
> }
> service imap {
>    executable = imap after-login
> }
> service lmtp {
>    unix_listener /var/spool/postfix/private/dovecot-lmtp {
>      group = postfix
>      mode = 0660
>      user = postfix
>    }
> }
> service after-login {
>    executable = script-login /etc/dovecot/updateproxy
>    user = vmail
> }
> service stats {
>    unix_listener stats-reader {
>      group = mail
>      mode = 0666
>    }
>    unix_listener stats-writer {
>      group = mail
>      mode = 0666
>    }
> }
> ssl_cert = </etc/dovecot/private/dovecot.pem
> ssl_cipher_list = ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP:-SSLv3
> ssl_key = # hidden, use -P to show it
> ssl_min_protocol = SSLv3
> ssl_prefer_server_ciphers = yes
> userdb {
>    args = uid=vmail gid=vmail home=/var/vmail/%n
>    driver = static
> }
> protocol lmtp {
>    mail_plugins = quota sieve
>    postmaster_address = somebody at somwhere.org
> }
> protocol lda {
>    deliver_log_format = msgid=%m: %$
>    mail_plugins = sieve
>    postmaster_address = somebody at somehwere.org
>    quota_full_tempfail = yes
>    rejection_reason = Your message to <%t> was automatically rejected:%n%r
> }
> protocol imap {
>    imap_client_workarounds = delay-newmail
>    mail_max_userip_connections = 300
> }
> 
>

More information about the dovecot mailing list