yep that would work !


Happy Tuesday !!!
Thanks - paul

Paul Kudla


Scom.ca Internet Services
004-1009 Byron Street South
Whitby, Ontario - Canada
L1N 4S3

Toronto 416.642.7266
Main 1.866.411.7266
Fax 1.888.892.7266
Email paul@scom.ca
On 8/2/2022 8:58 AM, Cristiano Deana wrote:

Hi,

I had a similar problem.
Solved with "password, TO_BASE64('%w')" and decoding later into the (php) script updating my db

Il 01/08/2022 10:47, Franz Beslmeisl ha scritto:
In order to change the password scheme I wrote a script named
updateproxy that needs the plain text password from the user.
To get that I use the line

     password_query = SELECT username as user, password, \
       '%w' as userdb_plain_pass FROM auth_user WHERE username='%n'

This works nicely with almost all passwords but not with this one

     1234567%&/abcd

the error message being

     dovecot: Failed to expand plugin setting plain_pass =
       '1234567%&/abcd': Unknown variable '%&'

It seems to me that dovecot tries to do another level of variable
evaluation upon the **value** of the already evaluated variable.

So I searched for ways to escape problematic characters like %
and changed my line to

     password_query = SELECT username as user, password, \
       '%E{w}' as userdb_plain_pass FROM auth_user WHERE username='%n'

but this produces problems with password values containing quotes.

So how can I get a plain text password containing any ascii char
(or even better any utf-8 char) safely to my script?

Thanks for your suggestions



-------------- here the nasty details, if you want -------------
$ dovecot -n
# 2.3.7.2 (3c910f64b): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.5.7.2 ()
# OS: Linux 5.4.0-122-generic x86_64 Ubuntu 20.04.4 LTS
# Hostname: mx-10-2.bildung.hessen.de
auth_mechanisms = plain login
auth_username_chars = abcdefghijklmnopqrstuvwxyz_0123456789.ABCDEFGHIJKLMNOPQRSTUVWXYZ-@
lda_mailbox_autocreate = yes
lda_mailbox_autosubscribe = yes
mail_location = maildir:~/Maildir
mail_privileged_group = mail
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext
namespace inbox {
   inbox = yes
   location =
   mailbox Drafts {
     auto = subscribe
     special_use = \Drafts
   }
   mailbox Junk {
     auto = subscribe
     special_use = \Junk
   }
   mailbox Sent {
     auto = subscribe
     special_use = \Sent
   }
   mailbox "Sent Messages" {
     special_use = \Sent
   }
   mailbox Trash {
     auto = subscribe
     special_use = \Trash
   }
   prefix =
}
passdb {
   # the following file contains a '%w'-line
   args = /etc/dovecot/db1.conf
   driver = sql
}
passdb {
   # the following file contains a '%w'-line
   args = /etc/dovecot/db2.conf
   driver = sql
}
passdb {
   # the following file contains no '%w'-line (just for detail)
   args = /etc/dovecot/db3.conf
   driver = sql
}
plugin {
   sieve = ~/.dovecot.sieve
   sieve_dir = ~/sieve
   sieve_max_actions = 64
   sieve_max_redirects = 16
   sieve_max_script_size = 10M
   sieve_trace_debug = yes
   sieve_user_log = ~/sievelog
   sieve_vacation_dont_check_recipient = yes
   sieve_vacation_use_original_recipient = yes
}
protocols = imap sieve lmtp
service auth {
   unix_listener /var/spool/postfix/private/dovecot-auth {
     group = postfix
     mode = 0660
     user = postfix
   }
}
service imap {
   executable = imap after-login
}
service lmtp {
   unix_listener /var/spool/postfix/private/dovecot-lmtp {
     group = postfix
     mode = 0660
     user = postfix
   }
}
service after-login {
   executable = script-login /etc/dovecot/updateproxy
   user = vmail
}
service stats {
   unix_listener stats-reader {
     group = mail
     mode = 0666
   }
   unix_listener stats-writer {
     group = mail
     mode = 0666
   }
}
ssl_cert = </etc/dovecot/private/dovecot.pem
ssl_cipher_list = ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP:-SSLv3
ssl_key = # hidden, use -P to show it
ssl_min_protocol = SSLv3
ssl_prefer_server_ciphers = yes
userdb {
   args = uid=vmail gid=vmail home=/var/vmail/%n
   driver = static
}
protocol lmtp {
   mail_plugins = quota sieve
   postmaster_address = somebody@somwhere.org
}
protocol lda {
   deliver_log_format = msgid=%m: %$
   mail_plugins = sieve
   postmaster_address = somebody@somehwere.org
   quota_full_tempfail = yes
   rejection_reason = Your message to <%t> was automatically rejected:%n%r
}
protocol imap {
   imap_client_workarounds = delay-newmail
   mail_max_userip_connections = 300
}