[Dovecot] Post Login Script in 2.0
Been digging through the list archives but I didn't see anything about this specifically. I've been playing with trying to get the post-login script stuff working with 2.0 (tried with a mercurial checkout from today and one I had kicking around from a few days ago), mainly to run the courier conversion script after logins. I'm using the 'executable' arg in 'service pop' and 'service imap' and I've tried with and without "drop_priv_before_exec=yes". I've just been using the test script mentioned in the wiki that dumps the environment to a file in /tmp and then execs libexec/imap or libexec/pop.
The script specified in 'executable' is definitely getting executed just fine and logins work just fine. When it executes though, they're getting just the basic environment, as opposed to the environment that shows up in 1.2.11 full of various MAIL*/NAMESPACE*/etc variables. And I see in strace output that there's no batch of env vars getting passed around anymore, even when dovecot invokes libexec/imap or libexec/pop directly. Is there a setting that tells the dovecot process to fork the post-login script with the fully populated set of environment variables? Or alternatively, in the 2.0 world, is the idea to get that info out of the /var/run/dovecot/config socket? If so, is there an example somewhere?
I can post my configs, but I figured that since this is a conceptual problem, I might as well ask first without pasting a few pages of "dovecot -a" output :)
On 20.3.2010, at 2.54, Mark Moseley wrote:
Been digging through the list archives but I didn't see anything about this specifically.
There is actually: http://dovecot.org/list/dovecot/2009-December/045139.html
On Fri, Mar 19, 2010 at 5:58 PM, Timo Sirainen <tss@iki.fi> wrote:
On 20.3.2010, at 2.54, Mark Moseley wrote:
Been digging through the list archives but I didn't see anything about this specifically.
There is actually: http://dovecot.org/list/dovecot/2009-December/045139.html
Awesome, thanks! I'm at an embarrassing loss though as to how I missed that.
On Fri, Mar 19, 2010 at 6:02 PM, Mark Moseley <moseleymark@gmail.com> wrote:
On Fri, Mar 19, 2010 at 5:58 PM, Timo Sirainen <tss@iki.fi> wrote:
On 20.3.2010, at 2.54, Mark Moseley wrote:
Been digging through the list archives but I didn't see anything about this specifically.
There is actually: http://dovecot.org/list/dovecot/2009-December/045139.html
Awesome, thanks! I'm at an embarrassing loss though as to how I missed that.
Should 'script' respect the first_valid_uid setting in the main config file? I don't see it actually reading the conf files, nor is it passed in the env. I can see 'script' connecting to /var/run/dovecot//config and reading/writing from it ok. But when 'script' runs, right after talking to the config socket and before exec'ing anything, it bails out with:
imap-postlogin: script: Fatal: Mail access for users with UID 200 not permitted (see first_valid_uid in config file)
even though "first_valid_uid" is set to 199 in my test box's dovecot.conf. In the course of debugging, I also tried setting "mail_uid=200" and "last_valid_uid=201" but neither helped. I also tried various permutations of drop_priv_before_exec on service 'imap' and 'imap-postlogin'. The actual imap/pop3 processes are perfectly happy though with uid 200. It's just 'script' that takes exception.
When it talks to the config socket, it sends (slightly obfuscated, so don't mind byte count):
15:37:20.090361 write(11, "VERSION\tconfig\t2\t0\nREQ\tmodule=script\tservice=script\tuser=benchmark@test\tlip=192.168.152.1\trip=192.168.152.1\n"..., 129) = 129
and gets back:
15:37:20.090894 read(11, "service-uses-local\tused-local\t\n\n"..., 4096) = 32
the other modules talking to the config socket seem to get a whole lot more output. This was the case for Fri's checkout as well as beta4 (tried today's checkout but compiling dies with "../../src/lib-storage/.libs/libdovecot-storage.so: undefined reference to `sdbox_copy'").
If I edit all the occurrences for first_valid_uid in (didn't try different permutations to see which actually worked):
src/master/master-settings.c src/config/all-settings.c src/lib-storage/mail-storage-settings.c
and hardcode to 199, it starts working. In dovecot -a output, I don't see anywhere that the first_valid_uid could overridden in service imap or imap-postlogin.
On Mon, 2010-03-22 at 13:04 -0700, Mark Moseley wrote:
Should 'script' respect the first_valid_uid setting in the main config file?
I think this fixes it also: http://hg.dovecot.org/dovecot-2.0/rev/841bfacb7ec3
On Fri, Mar 26, 2010 at 7:39 PM, Timo Sirainen <tss@iki.fi> wrote:
On Mon, 2010-03-22 at 13:04 -0700, Mark Moseley wrote:
Should 'script' respect the first_valid_uid setting in the main config file?
I think this fixes it also: http://hg.dovecot.org/dovecot-2.0/rev/841bfacb7ec3
Yup, that does the trick nicely. Thanks!
participants (2)
-
Mark Moseley
-
Timo Sirainen