This is fixed in main with https://github.com/dovecot/core/commit/7bad6a24160e34bce8f10e73dbbf9e5fbbcd1...
and will be fixed in 2.4.0
Aki
On 05/08/2024 09:07 EEST Aki Tuomi via dovecot dovecot@dovecot.org wrote:
Hi!
Thanks John for triage, we'll take a look at this.
Aki
On 05/08/2024 05:50 EEST John Fawcett via dovecot dovecot@dovecot.org wrote:
Hi
in my opinion you found a bug. In the function passdb_preinit(..) in file src/auth/passdb.c the username_filters are copied from set->username_filter to passdb->username_filter. However that code only gets to be executed if this line returns NULL
passdb = passdb_find(set->driver, set->args, &idx);
For some reason this code finds a match (i.e. != NULL) for your second passdb (postmasterfilter) so it never reaches the code to setup the filter correctly. Strange to say for the third db it doesn't find a match and does setup the filter.
I would guess that the main reason this hasn't been noticed is that most use cases of multiple passdb's use different drivers. Either this should be treated as a bug or the documentation should be updated to state that multiple passdb's should not use the same driver.
As a workaround to this problem, given that you are handing off authentication to a php script, my suggestion would be to update that script so that it handles all the use cases directly. In Dovecot you will only need to define one passdb that calls the script.
John
On 01/08/2024 15:17, zaxwat93--- via dovecot wrote:
added names: passdb allusers { ... } passdb postmasterfilter { ... username_filter =user1@postmaster.local.one
... } passdb user2filter { .... username_filter =user3@user2.local.one
,,, }try "doveadm auth testuser3@user2.local.one" and got logs: Aug 1 16:08:02 auth: Debug: auth client connected (pid=0) Aug 1 16:08:02 auth: Debug: client in: AUTH 1 PLAIN service=doveadm debug resp=<hidden> Aug 1 16:08:02 auth: Debug: allusers(user3@user2.local.one): Performing passdb lookup Aug 1 16:08:02 auth: Debug: allusers(user3@user2.local.one): execute: /usr/local/bin/php /usr/local/dovecot/bin/checkpassword.php /usr/local/libexec/dovecot/checkpassword-reply Aug 1 16:08:02 auth: Debug: allusers(user3@user2.local.one): Received input: Aug 1 16:08:02 auth: Debug: allusers(user3@user2.local.one): exit_status=1 Aug 1 16:08:02 auth: allusers(user3@user2.local.one): Login failed (status=1) Aug 1 16:08:02 auth: Debug: allusers(user3@user2.local.one): Finished passdb lookup Aug 1 16:08:02 auth: Debug: postmasterfilter(user3@user2.local.one): Performing passdb lookup Aug 1 16:08:02 auth: Debug: postmasterfilter(user3@user2.local.one): username changeduser3@user2.local.one ->user3@local.one Aug 1 16:08:02 auth: Debug: postmasterfilter(user3@local.one): execute: /usr/local/bin/php /usr/local/dovecot/bin/checkpassword.php /usr/local/libexec/dovecot/checkpassword-reply Aug 1 16:08:02 auth: Debug: postmasterfilter(user3@local.one): Received input:user=user3@local.one userdb_home=/var/spool/mail/ userdb_uid=dovecot userdb_gid=dovecot Aug 1 16:08:02 auth: Debug: postmasterfilter(user3@local.one): exit_status=0 Aug 1 16:08:02 auth: Debug: postmasterfilter(user3@local.one): username changeduser3@local.one ->postmaster@local.one Aug 1 16:08:02 auth: Debug: postmasterfilter(postmaster@local.one): Finished passdb lookup Aug 1 16:08:02 auth: Debug: auth(postmaster@local.one): Auth request finished Aug 1 16:08:02 auth: Debug: client passdb out: OK 1user=postmaster@local.one original_user=user3@user2.local.one
Same result: it should skip postmasterfilter passdb and work with user2filter, but it didn't
dovecot mailing list --dovecot@dovecot.org To unsubscribe send an email todovecot-leave@dovecot.org
dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-leave@dovecot.org
dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-leave@dovecot.org