ok not what you probably want to hear
c, python etc uses % as a variable indicator along with the next character using a format variable (like %s being a string variable)
this is what is causing the issue
Not saying for sure but experience wise i am not familiar with any system allowing a % sign in the password now a days ?
could be wrong, i guess it depends on the backbone password fetcher process
even if you could get dovecot (or any c based programming) to allow for this clients would probably have similiar issues which there would be no real control over.
another charater would also be '\' as it is used to being a delimiter for the next character being absolute
along with \x00 (non ascii characters in a string)
again just an experience fyi
Happy Tuesday !!! Thanks - paul
Paul Kudla
Scom.ca Internet Services http://www.scom.ca 004-1009 Byron Street South Whitby, Ontario - Canada L1N 4S3
Toronto 416.642.7266 Main 1.866.411.7266 Fax 1.888.892.7266 Email paul@scom.ca
On 8/1/2022 4:47 AM, Franz Beslmeisl wrote:
In order to change the password scheme I wrote a script named updateproxy that needs the plain text password from the user. To get that I use the line
password_query = SELECT username as user, password,
'%w' as userdb_plain_pass FROM auth_user WHERE username='%n'This works nicely with almost all passwords but not with this one
1234567%&/abcd
the error message being
dovecot: Failed to expand plugin setting plain_pass = '1234567%&/abcd': Unknown variable '%&'
It seems to me that dovecot tries to do another level of variable evaluation upon the **value** of the already evaluated variable.
So I searched for ways to escape problematic characters like % and changed my line to
password_query = SELECT username as user, password,
'%E{w}' as userdb_plain_pass FROM auth_user WHERE username='%n'but this produces problems with password values containing quotes.
So how can I get a plain text password containing any ascii char (or even better any utf-8 char) safely to my script?
Thanks for your suggestions
-------------- here the nasty details, if you want ------------- $ dovecot -n # 2.3.7.2 (3c910f64b): /etc/dovecot/dovecot.conf # Pigeonhole version 0.5.7.2 () # OS: Linux 5.4.0-122-generic x86_64 Ubuntu 20.04.4 LTS # Hostname: mx-10-2.bildung.hessen.de auth_mechanisms = plain login auth_username_chars = abcdefghijklmnopqrstuvwxyz_0123456789.ABCDEFGHIJKLMNOPQRSTUVWXYZ-@ lda_mailbox_autocreate = yes lda_mailbox_autosubscribe = yes mail_location = maildir:~/Maildir mail_privileged_group = mail managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext namespace inbox { inbox = yes location = mailbox Drafts { auto = subscribe special_use = \Drafts } mailbox Junk { auto = subscribe special_use = \Junk } mailbox Sent { auto = subscribe special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { auto = subscribe special_use = \Trash } prefix = } passdb { # the following file contains a '%w'-line args = /etc/dovecot/db1.conf driver = sql } passdb { # the following file contains a '%w'-line args = /etc/dovecot/db2.conf driver = sql } passdb { # the following file contains no '%w'-line (just for detail) args = /etc/dovecot/db3.conf driver = sql } plugin { sieve = ~/.dovecot.sieve sieve_dir = ~/sieve sieve_max_actions = 64 sieve_max_redirects = 16 sieve_max_script_size = 10M sieve_trace_debug = yes sieve_user_log = ~/sievelog sieve_vacation_dont_check_recipient = yes sieve_vacation_use_original_recipient = yes } protocols = imap sieve lmtp service auth { unix_listener /var/spool/postfix/private/dovecot-auth { group = postfix mode = 0660 user = postfix } } service imap { executable = imap after-login } service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0660 user = postfix } } service after-login { executable = script-login /etc/dovecot/updateproxy user = vmail } service stats { unix_listener stats-reader { group = mail mode = 0666 } unix_listener stats-writer { group = mail mode = 0666 } } ssl_cert = was automatically rejected:%n%r } protocol imap { imap_client_workarounds = delay-newmail mail_max_userip_connections = 300 }