[Dovecot] Work with auth socket
---------- Forwarded message ---------- From: Неворотин Вадим <nevorotin@gmail.com> Date: 2010/6/29 Subject: Re: [Dovecot] Work with auth socket To: Steffen Kaiser <skdovecot@smail.inf.fh-brs.de>
Hmm, I have some problems with realization of authentication throw dovecot socket.
I've wrote such script:
#!/usr/bin/perl
$login = "test"; $passwd = "test";
#utf8::encode($login); # I don't know are we really need it #utf8::encode($passwd);
my $service = "ejabberd"; my $timeout = 1; my $socket = '/var/spool/postfix/private/auth-client';
my $sock = new IO::Socket::UNIX(Type => SOCK_STREAM, Peer => $socket) or die "Can't open socket.";
my $sel = new IO::Select($sock); while (1) { $sel->can_read($timeout) or last; defined recv($sock, my $buf, 256, 0) or warn 'Error while reading response'; print $buf; }
send($sock,"VERSION\t1\t0\nCPID\t$$\n",0) or die "Can't write to $socket";
my $base64 = encode_base64("\0$login\0$passwd"); $sock->send("AUTH\t1\tPLAIN\tservice=$service\tsecured\tresp=$base64\n") or die "Can't write to $socket";
my $i = 10; while ($i--) { $sel->can_read($timeout) or last; # "Timed out while waiting for response"; defined recv($sock, my $buf, 256, 0) or warn 'Error while reading response'; print $buf; }
And has such log:
# ./test.pl MECH PLAIN plaintext MECH LOGIN plaintext VERSION 1 0 SPID 26023 CUID 1818 DONE
So dovecot doesn't answer anything after AUTH command. May be http://wiki.dovecot.org/Authentication%20Protocol is not fully describe auth protocol?
2010/6/24 Неворотин Вадим <nevorotin@gmail.com>
Thank you!
2010/6/24 Steffen Kaiser <skdovecot@smail.inf.fh-brs.de>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Thu, 24 Jun 2010, Неворотин Вадим wrote:
I need to use Dovecot auth socket from my perl script to validate user's
passwords (for jabber server). Is there any information about how to communicate with dovecot auth socket?
http://search.cpan.org/~sasha/Authen-SASL-Authd-0.04/lib/Authen/SASL/Authd.p...
"NAME
Authen::SASL::Authd - Client authentication via Cyrus saslauthd or Dovecot authentication daemon."
http://wiki.dovecot.org/Authentication+Protocol
Regards,
- -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux)
iQEVAwUBTCNOy7+Vh58GPL/cAQJXEQf/SHlQTrUo/OiNFSLteEuF6kGGY/iYGYZ2 CUEKLJQtE92yyGJqt7CYun3Z64llrkzYUGoJDnyPtEFgP2a1uqaEUyusilobuYfB E/B7zdRbHOD2+4afdwHocGundcfWB2GxZi+j454rCDWt5haX+cSd5Be561WdpyE0 yUc3raXLRz6qeRC/A+vmpbA4sbmm+Fd1fCHtwcQhOVvk+X7fJRLb30HUq1wRjyMi LBTv5TxCib+O34MPYpA6xLyrNCkjwAuhdshiw6KihVBx29U9HcoNtUIjfSqL6/gG vhKt6RfgahpytJm97LuDwE7GNf6/3oDeHlTJfAS5EfYdSqcnxxyfLw== =1C+5 -----END PGP SIGNATURE-----
Hi,
I've wrote such script:
use Authen::SASL::Authd, as suggested by Steffen.
This code-snippet should help you:
http://search.cpan.org/~sasha/Authen-SASL-Authd-0.04/lib/Authen/SASL/Authd.p...
#!/usr/bin/perl use Authen::SASL::Authd qw(auth_cyrus auth_dovecot);
$login = "test"; $passwd = "test";
# authenticate user against Dovecot authentication daemon auth_dovecot('login', 'passwd') or die "dovecot-auth: FAIL";
I realized a monitoring-script with this snippet, works great.
good luck!
Yes, but this module doesn't work with my dovecot)) So I've tried to manually debug it - and it really does not work and has an error somewhere.
Dovecot 1.2.10 from Debian backports.
2010/6/29 Anton Dollmaier <antondollmaier@aditsystems.de>
Hi,
I've wrote such script:
use Authen::SASL::Authd, as suggested by Steffen.
This code-snippet should help you:
http://search.cpan.org/~sasha/Authen-SASL-Authd-0.04/lib/Authen/SASL/Authd.p...
#!/usr/bin/perl
use Authen::SASL::Authd qw(auth_cyrus auth_dovecot);
$login = "test"; $passwd = "test";
# authenticate user against Dovecot authentication daemon auth_dovecot('login', 'passwd') or die "dovecot-auth: FAIL";
I realized a monitoring-script with this snippet, works great.
good luck!
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Tue, 29 Jun 2010, Неворотин Вадим wrote:
my $base64 = encode_base64("\0$login\0$passwd"); $sock->send("AUTH\t1\tPLAIN\tservice=$service\tsecured\tresp=$base64\n") or die "Can't write to $socket";
There is a wicked side effect of encode_base64(), use this:
my $base64 = encode_base64("\0$login\0$passwd", '');
Try strace -s99 -e recvfrom,sendto,send,recv perl ...
or similiar command of your system to see the difference.
my $i = 10; while ($i--) { $sel->can_read($timeout) or last; # "Timed out while waiting for response";
If Dovecot starts to answer in less than 1s, the loop terminates. IMHO you should try with a longer timeout the 1st time can_read() is called.
Regards,
Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux)
iQEVAwUBTCoH5L+Vh58GPL/cAQKbLQgApMqn+QDNLJnDksrp1/Qb7lbGji8Qxp1+ BkZTy2Pp/hld4jwr0R6MQgF10MNgt7luatSo3WzvL1KS/zINCoiAMxL3CIcNIIjQ RW57LhsdBiFUpKvmwrMaHrV+VJM2gDONTPMXRTfLkpTsSYSnVfvGZMDgLr7rPMid GRT+dLyXuUMxmqSWH4XPPohSuQam1E2g5cNKXp+VHUikxunz0NbPHA5ni0byCmwR vVx4R0DEjTPw9ydcWPOCPxHwAS48eXrcpo8/1QD5Bp5S7x9CKre6PA+wdcWmHmOk p17tAG12vGG7MGXy0f7jmI476Dp+fi0han9Z2d7QbtbI1f0yOpfMsw== =FHUX -----END PGP SIGNATURE-----
Thanks, the problem was in base64. Timeout for 1 sec. I use only for testing.
2010/6/29 Steffen Kaiser <skdovecot@smail.inf.fh-brs.de>
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Tue, 29 Jun 2010, Неворотин Вадим wrote:
my $base64 = encode_base64("\0$login\0$passwd");
$sock->send("AUTH\t1\tPLAIN\tservice=$service\tsecured\tresp=$base64\n") or die "Can't write to $socket";
There is a wicked side effect of encode_base64(), use this:
my $base64 = encode_base64("\0$login\0$passwd", '');
Try strace -s99 -e recvfrom,sendto,send,recv perl ...
or similiar command of your system to see the difference.
my $i = 10;
while ($i--) { $sel->can_read($timeout) or last; # "Timed out while waiting for response";
If Dovecot starts to answer in less than 1s, the loop terminates. IMHO you should try with a longer timeout the 1st time can_read() is called.
Regards,
- -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux)
iQEVAwUBTCoH5L+Vh58GPL/cAQKbLQgApMqn+QDNLJnDksrp1/Qb7lbGji8Qxp1+ BkZTy2Pp/hld4jwr0R6MQgF10MNgt7luatSo3WzvL1KS/zINCoiAMxL3CIcNIIjQ RW57LhsdBiFUpKvmwrMaHrV+VJM2gDONTPMXRTfLkpTsSYSnVfvGZMDgLr7rPMid GRT+dLyXuUMxmqSWH4XPPohSuQam1E2g5cNKXp+VHUikxunz0NbPHA5ni0byCmwR vVx4R0DEjTPw9ydcWPOCPxHwAS48eXrcpo8/1QD5Bp5S7x9CKre6PA+wdcWmHmOk p17tAG12vGG7MGXy0f7jmI476Dp+fi0han9Z2d7QbtbI1f0yOpfMsw== =FHUX -----END PGP SIGNATURE-----
participants (3)
-
Anton Dollmaier
-
Steffen Kaiser
-
Неворотин Вадим