variable %w recursive expanding

Cristiano Deana cristiano.deana at megaweb.it
Tue Aug 2 12:58:17 UTC 2022 

Hi,

I had a similar problem.
Solved with "password, TO_BASE64('%w')" and decoding later into the 
(php) script updating my db

Il 01/08/2022 10:47, Franz Beslmeisl ha scritto:
> In order to change the password scheme I wrote a script named
> updateproxy that needs the plain text password from the user.
> To get that I use the line
> 
>      password_query = SELECT username as user, password, \
>        '%w' as userdb_plain_pass FROM auth_user WHERE username='%n'
> 
> This works nicely with almost all passwords but not with this one
> 
>      1234567%&/abcd
> 
> the error message being
> 
>      dovecot: Failed to expand plugin setting plain_pass =
>        '1234567%&/abcd': Unknown variable '%&'
> 
> It seems to me that dovecot tries to do another level of variable
> evaluation upon the **value** of the already evaluated variable.
> 
> So I searched for ways to escape problematic characters like %
> and changed my line to
> 
>      password_query = SELECT username as user, password, \
>        '%E{w}' as userdb_plain_pass FROM auth_user WHERE username='%n'
> 
> but this produces problems with password values containing quotes.
> 
> So how can I get a plain text password containing any ascii char
> (or even better any utf-8 char) safely to my script?
> 
> Thanks for your suggestions
> 
> 
> 
> -------------- here the nasty details, if you want -------------
> $ dovecot -n
> # 2.3.7.2 (3c910f64b): /etc/dovecot/dovecot.conf
> # Pigeonhole version 0.5.7.2 ()
> # OS: Linux 5.4.0-122-generic x86_64 Ubuntu 20.04.4 LTS
> # Hostname: mx-10-2.bildung.hessen.de
> auth_mechanisms = plain login
> auth_username_chars = 
> abcdefghijklmnopqrstuvwxyz_0123456789.ABCDEFGHIJKLMNOPQRSTUVWXYZ-@
> lda_mailbox_autocreate = yes
> lda_mailbox_autosubscribe = yes
> mail_location = maildir:~/Maildir
> mail_privileged_group = mail
> managesieve_notify_capability = mailto
> managesieve_sieve_capability = fileinto reject envelope 
> encoded-character vacation subaddress comparator-i;ascii-numeric 
> relational regex imap4flags copy include variables body enotify 
> environment mailbox date index ihave duplicate mime foreverypart 
> extracttext
> namespace inbox {
>    inbox = yes
>    location =
>    mailbox Drafts {
>      auto = subscribe
>      special_use = \Drafts
>    }
>    mailbox Junk {
>      auto = subscribe
>      special_use = \Junk
>    }
>    mailbox Sent {
>      auto = subscribe
>      special_use = \Sent
>    }
>    mailbox "Sent Messages" {
>      special_use = \Sent
>    }
>    mailbox Trash {
>      auto = subscribe
>      special_use = \Trash
>    }
>    prefix =
> }
> passdb {
>    # the following file contains a '%w'-line
>    args = /etc/dovecot/db1.conf
>    driver = sql
> }
> passdb {
>    # the following file contains a '%w'-line
>    args = /etc/dovecot/db2.conf
>    driver = sql
> }
> passdb {
>    # the following file contains no '%w'-line (just for detail)
>    args = /etc/dovecot/db3.conf
>    driver = sql
> }
> plugin {
>    sieve = ~/.dovecot.sieve
>    sieve_dir = ~/sieve
>    sieve_max_actions = 64
>    sieve_max_redirects = 16
>    sieve_max_script_size = 10M
>    sieve_trace_debug = yes
>    sieve_user_log = ~/sievelog
>    sieve_vacation_dont_check_recipient = yes
>    sieve_vacation_use_original_recipient = yes
> }
> protocols = imap sieve lmtp
> service auth {
>    unix_listener /var/spool/postfix/private/dovecot-auth {
>      group = postfix
>      mode = 0660
>      user = postfix
>    }
> }
> service imap {
>    executable = imap after-login
> }
> service lmtp {
>    unix_listener /var/spool/postfix/private/dovecot-lmtp {
>      group = postfix
>      mode = 0660
>      user = postfix
>    }
> }
> service after-login {
>    executable = script-login /etc/dovecot/updateproxy
>    user = vmail
> }
> service stats {
>    unix_listener stats-reader {
>      group = mail
>      mode = 0666
>    }
>    unix_listener stats-writer {
>      group = mail
>      mode = 0666
>    }
> }
> ssl_cert = </etc/dovecot/private/dovecot.pem
> ssl_cipher_list = ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP:-SSLv3
> ssl_key = # hidden, use -P to show it
> ssl_min_protocol = SSLv3
> ssl_prefer_server_ciphers = yes
> userdb {
>    args = uid=vmail gid=vmail home=/var/vmail/%n
>    driver = static
> }
> protocol lmtp {
>    mail_plugins = quota sieve
>    postmaster_address = somebody at somwhere.org
> }
> protocol lda {
>    deliver_log_format = msgid=%m: %$
>    mail_plugins = sieve
>    postmaster_address = somebody at somehwere.org
>    quota_full_tempfail = yes
>    rejection_reason = Your message to <%t> was automatically rejected:%n%r
> }
> protocol imap {
>    imap_client_workarounds = delay-newmail
>    mail_max_userip_connections = 300
> }
> 

-- 

###############################
# Cristiano Deana #
# #
# Senior Network Engineer #
# Digital Response Team #
# CittaStudi S.p.a. #
# off. +39 015 855 1172 #
# cell +39 328 310 6392 #
###############################

More information about the dovecot mailing list