v2.2.19 release candidate released
Hello,
I am trying out 2.2.19.rc1 on a lightly loaded server with no problems so far. The reason I wanted to try 2.2.19.rc1 was to get access to the %{listener} variable in the auth phase so I can modify the SQL password_query according to which unix_listener is being queried.
According to the docs, "These variables work only in Dovecot-auth and login_log_format_elements setting". I can confirm that %{listener} works in login_log_format_elements but it does not work if I use it in my SQL auth query.
My logic is as follows:
I create multiple listeners for different SASL authentications in 10 -master.conf
service auth {
unix_listener auth-userdb { mode = 0660 user = dovecot group = vmail }
unix_listener exim-client { mode = 0660 user = dovecot group = exim }
unix_listener xmpp-client { mode = 0660 user = dovecot group = mail }
user = $default_internal_user }
Now I want to use %{listener} in my SQL password_query in a case statement to auth according to which listener is being used. E.g.
CASE '%{listener} '
WHEN 'exim-client' THEN ma.SMTPAUTH_allowed = 'YES'
WHEN 'xmpp-client' THEN ma.XMPP_allowed = 'YES'
ELSE ma.IMAP_allowed = 'YES'
END
Should the %{listener} variable work in this case ?
-- Greg
On 26 Sep 2015, at 12:15, Greg Wildman <lists@itns.co.za> wrote:
Hello,
I am trying out 2.2.19.rc1 on a lightly loaded server with no problems so far. The reason I wanted to try 2.2.19.rc1 was to get access to the %{listener} variable in the auth phase so I can modify the SQL password_query according to which unix_listener is being queried.
According to the docs, "These variables work only in Dovecot-auth and login_log_format_elements setting". I can confirm that %{listener} works in login_log_format_elements but it does not work if I use it in my SQL auth query.
The docs were wrong - fixed now. Although I suppose auth could also have that..
Now I want to use %{listener} in my SQL password_query in a case statement to auth according to which listener is being used. E.g.
CASE '%{listener} '
WHEN 'exim-client' THEN ma.SMTPAUTH_allowed = 'YES'
WHEN 'xmpp-client' THEN ma.XMPP_allowed = 'YES'
ELSE ma.IMAP_allowed = 'YES'
END
Typically they would use a different service (smtp, xmpp, imap) and you'd use e.g.:
protocol smtp { passdb { ... } }
This of course trusts that the auth client sends the correct service.
Timo, I have to test something on one of the BSD, namely related to src/lib/net.c . -- Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca God,Queen and country!Never Satan President Republic!Beware AntiChrist rising! http://www.fullyfollow.me/rootnl2k Look at Psalms 14 and 53 on Atheism Time for Stephen to move on on Oct 19 2015!!
On Sun, Sep 27, 2015 at 12:40:40PM -0600, The Doctor wrote:
Timo,
I have to test something on one of the BSD, namely related to src/lib/net.c .
FYI make sys/ucred.h reads #ifndef _SYS_UCRED_H_ #define _SYS_UCRED_H_ /* * Credentials. */ struct ucred { u_int cr_ref; /* reference count */ uid_t cr_uid; /* effective user id */ short cr_ngroups; /* number of groups */ gid_t cr_groups[NGROUPS]; /* groups */ }; #define cr_gid cr_groups[0] #define NOCRED NULL /* no credential available */ #define FSCRED ((struct ucred *)-1) /* filesystem credential */ struct fcred { uid_t fc_ruid; /* real user id */ gid_t fc_rgid; /* real group id */ char fc_login[MAXLOGNAME]; /* setlogin() name */ struct ucred fc_ucred; }; #define fc_uid fc_ucred.cr_uid /* effective user id */ #define fc_ngroups fc_ucred.cr_ngroups /* number of groups */ #define fc_groups fc_ucred.cr_groups /* groups */ #define fc_gid fc_ucred.cr_gid /* effective group id */ #ifdef KERNEL #define crhold(cr) (cr)->cr_ref++ struct ucred *crcopy __P((struct ucred *cr)); struct ucred *crdup __P((struct ucred *cr)); void crfree __P((struct ucred *cr)); struct ucred *crget __P((void)); int suser __P((struct ucred *, u_short *acflag)); int groupmember __P((gid_t, struct ucred *)); #endif /* KERNEL */ #endif /* !_SYS_UCRED_H_ */
-- Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca God,Queen and country!Never Satan President Republic!Beware AntiChrist rising! http://www.fullyfollow.me/rootnl2k Look at Psalms 14 and 53 on Atheism Time for Stephen to move on on Oct 19 2015!!
-- Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca God,Queen and country!Never Satan President Republic!Beware AntiChrist rising! http://www.fullyfollow.me/rootnl2k Look at Psalms 14 and 53 on Atheism Time for Stephen to move on on Oct 19 2015!!
On Sun, Sep 27, 2015 at 01:09:07PM -0600, The Doctor wrote:
On Sun, Sep 27, 2015 at 12:40:40PM -0600, The Doctor wrote:
Timo,
I have to test something on one of the BSD, namely related to src/lib/net.c .
FYI make sys/ucred.h reads
#ifndef _SYS_UCRED_H_ #define _SYS_UCRED_H_
/* * Credentials. */
struct ucred { u_int cr_ref; /* reference count */ uid_t cr_uid; /* effective user id */ short cr_ngroups; /* number of groups */ gid_t cr_groups[NGROUPS]; /* groups */ }; #define cr_gid cr_groups[0] #define NOCRED NULL /* no credential available */ #define FSCRED ((struct ucred *)-1) /* filesystem credential */
struct fcred { uid_t fc_ruid; /* real user id */ gid_t fc_rgid; /* real group id */ char fc_login[MAXLOGNAME]; /* setlogin() name */ struct ucred fc_ucred; }; #define fc_uid fc_ucred.cr_uid /* effective user id */ #define fc_ngroups fc_ucred.cr_ngroups /* number of groups */ #define fc_groups fc_ucred.cr_groups /* groups */ #define fc_gid fc_ucred.cr_gid /* effective group id */
#ifdef KERNEL #define crhold(cr) (cr)->cr_ref++
struct ucred *crcopy __P((struct ucred *cr)); struct ucred *crdup __P((struct ucred *cr)); void crfree __P((struct ucred *cr)); struct ucred *crget __P((void)); int suser __P((struct ucred *, u_short *acflag)); int groupmember __P((gid_t, struct ucred *)); #endif /* KERNEL */
#endif /* !_SYS_UCRED_H_ */
-- Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca God,Queen and country!Never Satan President Republic!Beware AntiChrist rising! http://www.fullyfollow.me/rootnl2k Look at Psalms 14 and 53 on Atheism Time for Stephen to move on on Oct 19 2015!!
-- Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca God,Queen and country!Never Satan President Republic!Beware AntiChrist rising! http://www.fullyfollow.me/rootnl2k Look at Psalms 14 and 53 on Atheism Time for Stephen to move on on Oct 19 2015!!
I might have to send you the sys/socket.h file. I did find /* * Socket credentials. */ struct sockcred { uid_t sc_uid; /* real user id */ uid_t sc_euid; /* effective user id */ gid_t sc_gid; /* real group id */ gid_t sc_egid; /* effective group id */ int sc_ngroups; /* number of supplemental groups */ gid_t sc_groups[1]; /* variable length */ }; but the 19rc1 is only staying up for less than one imnute. -- Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca God,Queen and country!Never Satan President Republic!Beware AntiChrist rising! http://www.fullyfollow.me/rootnl2k Look at Psalms 14 and 53 on Atheism Time for Stephen to move on on Oct 19 2015!!
participants (3)
-
Greg Wildman
-
The Doctor
-
Timo Sirainen