AuthDatabase CheckPassword broken?
I had been using the CheckPassword authentication interface with dovecot 2.2.15, https://wiki2.dovecot.org/AuthDatabase/CheckPassword, and it was working.
After upgrading to 2.2.33.2 CheckPassword no longer works. The referenced wiki page says,
Checkpassword Interface
Read <username> NUL <password> NUL from fd 3.
I've checked the information read from fd 3 with 2.2.33.2 and I get <username> followed by 3 nulls. I'm guessing the 2nd null is supposed to be the password.
Why is this no longer working? How can I fix it?
THX --Mark
On 01.02.2018 08:00, Mark Foley wrote:
I had been using the CheckPassword authentication interface with dovecot 2.2.15, https://wiki2.dovecot.org/AuthDatabase/CheckPassword, and it was working.
After upgrading to 2.2.33.2 CheckPassword no longer works. The referenced wiki page says,
Checkpassword Interface
Read <username> NUL <password> NUL from fd 3.
I've checked the information read from fd 3 with 2.2.33.2 and I get <username> followed by 3 nulls. I'm guessing the 2nd null is supposed to be the password.
Why is this no longer working? How can I fix it?
THX --Mark Our CI has test
#!/usr/bin/env python # -*- coding: utf-8 -*- import os, sys
DOVECOT_PW_FD = 3
def checkPassword(): with os.fdopen(DOVECOT_PW_FD, 'r') as s: data = s.read().split("\0") if data[0] != "testuser" or data[1] != "pass": return False os.environ["USER"] = data[0] os.environ["EXTRA"] = "userdb_uid=vmail userdb_gid=vmail" return True
if __name__ == "__main__": if not checkPassword(): sys.exit(1) os.execv(sys.argv[1], sys.argv[1:])
And it seems to work.
Aki
On Thu, 1 Feb 2018 10:02:10 +0200 Aki Tuomi <aki.tuomi@dovecot.fi> wrote:
On 01.02.2018 08:00, Mark Foley wrote:
I had been using the CheckPassword authentication interface with dovecot 2.2.15, https://wiki2.dovecot.org/AuthDatabase/CheckPassword, and it was working.
After upgrading to 2.2.33.2 CheckPassword no longer works. The referenced wiki page says,
Checkpassword Interface
Read <username> NUL <password> NUL from fd 3.
I've checked the information read from fd 3 with 2.2.33.2 and I get <username> followed by 3 nulls. I'm guessing the 2nd null is supposed to be the password.
Why is this no longer working? How can I fix it?
THX --Mark Our CI has test
#!/usr/bin/env python # -*- coding: utf-8 -*- import os, sys
DOVECOT_PW_FD = 3
def checkPassword(): with os.fdopen(DOVECOT_PW_FD, 'r') as s: data = s.read().split("\0") if data[0] != "testuser" or data[1] != "pass": return False os.environ["USER"] = data[0] os.environ["EXTRA"] = "userdb_uid=vmail userdb_gid=vmail" return True
if __name__ == "__main__": if not checkPassword(): sys.exit(1) os.execv(sys.argv[1], sys.argv[1:])
And it seems to work.
Aki
Thanks for the script. I'm testing this on a production system, so I'll have to wait until after business hours to test. Meanwhile, not being a python wizard, I have a couple of questions.
I have to run this script as my passdb { args } parameter, right?
On the line where it is checking for "testuser" and password "test", I assume that if I want to use a configured user I can just change these, right?
Likewise with "userdb_uid=vmail userdb_gid=vmail", what are these? UID/GID of the user?
Is there a way in python to output the values in data[0] and data[1] to a file so I can see what's actually received? If after the 'split' line I added:
f = open("/tmp/checkpassword.log","a") f.write("Name: " + data[0] + ", PW: " + data[1]) f.close()
Would that work?
--THX Mark
Script didn't run:
File "/root/tmp/checkpwtest.py", line 8 o?= with os.fdopen(DOVECOT_PW_FD, 'r') as s: ^ SyntaxError: invalid syntax
--Mark
-----Original Message----- From: Mark Foley <mfoley@ohprs.org> Date: Thu, 01 Feb 2018 15:34:15 -0500 Organization: Ohio Highway Patrol Retirement System To: dovecot@dovecot.org Subject: Re: AuthDatabase CheckPassword broken?
On Thu, 1 Feb 2018 10:02:10 +0200 Aki Tuomi <aki.tuomi@dovecot.fi> wrote:
On 01.02.2018 08:00, Mark Foley wrote:
I had been using the CheckPassword authentication interface with dovecot 2.2.15, https://wiki2.dovecot.org/AuthDatabase/CheckPassword, and it was working.
After upgrading to 2.2.33.2 CheckPassword no longer works. The referenced wiki page says,
Checkpassword Interface
Read <username> NUL <password> NUL from fd 3.
I've checked the information read from fd 3 with 2.2.33.2 and I get <username> followed by 3 nulls. I'm guessing the 2nd null is supposed to be the password.
Why is this no longer working? How can I fix it?
THX --Mark Our CI has test
#!/usr/bin/env python # -*- coding: utf-8 -*- import os, sys
DOVECOT_PW_FD = 3
def checkPassword(): with os.fdopen(DOVECOT_PW_FD, 'r') as s: data = s.read().split("\0") if data[0] != "testuser" or data[1] != "pass": return False os.environ["USER"] = data[0] os.environ["EXTRA"] = "userdb_uid=vmail userdb_gid=vmail" return True
if __name__ == "__main__": if not checkPassword(): sys.exit(1) os.execv(sys.argv[1], sys.argv[1:])
And it seems to work.
Aki
Thanks for the script. I'm testing this on a production system, so I'll have to wait until after business hours to test. Meanwhile, not being a python wizard, I have a couple of questions.
I have to run this script as my passdb { args } parameter, right?
On the line where it is checking for "testuser" and password "test", I assume that if I want to use a configured user I can just change these, right?
Likewise with "userdb_uid=vmail userdb_gid=vmail", what are these? UID/GID of the user?
Is there a way in python to output the values in data[0] and data[1] to a file so I can see what's actually received? If after the 'split' line I added:
f = open("/tmp/checkpassword.log","a") f.write("Name: " + data[0] + ", PW: " + data[1]) f.close()
Would that work?
--THX Mark
participants (3)
-
Aki Tuomi
-
Mark Foley
-
Richard Hector