[Dovecot] master or client
Hello,
Dovecot auth protocol 1.0 defines differend command sets for client and master.
How can a daemon distinguish a master connection from a client connection? Clients do send CPID and master does not.
I have following auth configuration:
auth external { socket connect { master { path = /var/state/dovecot/login/master-auth } } }
I try to learn my authentication daemon to learn to speak with Dovecot.
I fire up my master.py and try to login via pop3 as foo:bar. Below is what my master.py receives from Dovecot (master and client), VERSION commands are not shown:
km@thinkpad:/home/km > ./krot/sbin/master.py
CPID : ['11915']
CPID : ['11915']
CPID : ['16652']
CPID : ['11915']
AUTH : ['1', 'PLAIN', 'service=POP3', 'secured', 'lip=127.0.0.1',
'rip=127.0.0.1', 'resp=AGZvbwBiYXI=']
REQUEST : ['9', '11915', '1']
CPID : ['16652'](In the above output command and parameters are parsed.)
The protocol specification is mentioning a separate SERVICE command in the client's greeting.
I can't let my daemon die if the master issues DIE. Why should a server exit when it receives DIE?
Can anybody provide an example dialog of an authentication request that is successful and a reques that fails because of a bad password.
Thanks, Kirill
-- They make a desert and call it peace. -- Tacitus
On 3.12.2004, at 18:10, Kirill Miazine wrote:
You should listen client and master connections in separate sockets and make sure that only root user can connect to master socket (ie. socket is root/root 0600).
Put the master-auth socket elsewhere, eg. /var/state/dovecot/master-auth and start listening for clients in eg. /var/state/dovecot/login/client-auth (login prosesses connect to all sockets in /var/state/dovecot/login/).
I guess each of these comes in a new connection? Remember that you have to keep separate state in each connection you get.
The protocol specification is mentioning a separate SERVICE command in the client's greeting.
Yes, if the service=POP3 was missing in AUTH command you'd get the service from there.
I can't let my daemon die if the master issues DIE. Why should a server exit when it receives DIE?
It's mostly useful when Dovecot master process wants to restart dovecot-auth, you don't need to do it. Actually dovecot-auth doesn't do it either yet.
Can anybody provide an example dialog of an authentication request that is successful and a reques that fails because of a bad password.
Um. I'm a bit lazy now :) Add some logging into dovecot-auth, src/auth/auth-client-connection.c.
- Timo Sirainen [2004-12-03 19:07]:
I thought that too, but I couldn't see which socket client connect to, so I assumed it was the master's socket too. Your comment below explained the situation.
Aha! I couldn't think out which socket clients do connect to. It works!
Yes.
This is why I asked - I didn't see from the code what DIE is doing in the server and just wanted to know what you want it to do in the future. :-)
Thank you very much, Timo!
-- They make a desert and call it peace. -- Tacitus
participants (2)
-
Kirill Miazine
-
Timo Sirainen