lua API and returning reason and CONTACTADMIN
Hello.
Trying to pass reason response via lua by passing it at dovecot.auth.PASSDB_RESULT_USER_DISABLED like:
function auth_password_verify(request, password) return dovecot.auth.PASSDB_RESULT_USER_DISABLED, "reason=custom_message"
end
function auth_userdb_lookup(request) return dovecot.auth.PASSDB_RESULT_OK, "uid=428671 gid=9726 home=/var/mail/existusertest"
end
function script_init() return 0 end
function script_deinit() end
Unfortunately returned result contains no custom message and also returns AUTHENTICATIONFAILED instead of CONTACTADMIN:
NO [AUTHENTICATIONFAILED] Authentication failed.
while I would expect something like:
NO [CONTACTADMIN] custom_message:
Any reason for such behaviour and how to get reason passed and proper CONTACTADMIN?
Tests done on 2.3.21.1.
passdb { driver = lua mechanisms = login plain args = file=/etc/dovecot/lua_auth_script_test_fail.lua blocking=yes }
userdb { driver = lua args = file=/etc/dovecot/lua_auth_script_test_fail.lua blocking=yes }
-- Arkadiusz Miśkiewicz, arekm / ( maven.pl | pld-linux.org )
Can you post auth_debug=yes logs?
Aki
On 23/01/2025 13:26 EET Arkadiusz Miśkiewicz via dovecot <dovecot@dovecot.org> wrote:
Hello.
Trying to pass reason response via lua by passing it at dovecot.auth.PASSDB_RESULT_USER_DISABLED like:
function auth_password_verify(request, password) return dovecot.auth.PASSDB_RESULT_USER_DISABLED, "reason=custom_message"
end
function auth_userdb_lookup(request) return dovecot.auth.PASSDB_RESULT_OK, "uid=428671 gid=9726 home=/var/mail/existusertest"
end
function script_init() return 0 end
function script_deinit() end
Unfortunately returned result contains no custom message and also returns AUTHENTICATIONFAILED instead of CONTACTADMIN:
NO [AUTHENTICATIONFAILED] Authentication failed.
while I would expect something like:
NO [CONTACTADMIN] custom_message:
Any reason for such behaviour and how to get reason passed and proper CONTACTADMIN?
Tests done on 2.3.21.1.
passdb { driver = lua mechanisms = login plain args = file=/etc/dovecot/lua_auth_script_test_fail.lua blocking=yes }
userdb { driver = lua args = file=/etc/dovecot/lua_auth_script_test_fail.lua blocking=yes }
-- Arkadiusz Miśkiewicz, arekm / ( maven.pl | pld-linux.org )
dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-leave@dovecot.org
On 23/01/2025 14:23, Aki Tuomi wrote:
Can you post auth_debug=yes logs?
Attaching here (as quotation):
Jan 23 15:10:24 webx dovecot[10752]: auth: Debug: client in: AUTH 1 PLAIN service=imap session=qZ/XK2As7rsKFhKW lip=10.22.18.200 rip=10.22.18.150 lport=143 rport=48110 resp=<hidden> Jan 23 15:10:24 webx dovecot[10752]: auth: Debug: lua(test,10.22.18.150,<qZ/XK2As7rsKFhKW>): Performing passdb lookup Jan 23 15:10:24 webx dovecot[10752]: auth: Debug: lua(test,10.22.18.150,<qZ/XK2As7rsKFhKW>): cache miss Jan 23 15:10:24 webx dovecot[10752]: auth-worker(10770): Debug: conn unix:auth-worker (pid=10801,uid=172): Server accepted connection (fd=13) Jan 23 15:10:24 webx dovecot[10752]: auth-worker(10770): Debug: conn unix:auth-worker (pid=10801,uid=172): Sending version handshake Jan 23 15:10:24 webx dovecot[10752]: auth-worker(10770): Debug: conn unix:auth-worker (pid=10801,uid=172): auth-worker<1>: Handling PASSV request Jan 23 15:10:24 webx dovecot[10752]: auth-worker(10770): Debug: conn unix:auth-worker (pid=10801,uid=172): auth-worker<1>: lua(test,10.22.18.150,<qZ/XK2As7rsKFhKW>): Performing passdb lookup Jan 23 15:10:24 webx dovecot[10752]: auth-worker(10770): Debug: conn unix:auth-worker (pid=10801,uid=172): auth-worker<1>: lua(test,10.22.18.150,<qZ/XK2As7rsKFhKW>): Calling auth_password_verify Jan 23 15:10:24 webx dovecot[10752]: auth-worker(10770): Debug: conn unix:auth-worker (pid=10801,uid=172): auth-worker<1>: lua(test,10.22.18.150,<qZ/XK2As7rsKFhKW>): Finished passdb lookup Jan 23 15:10:24 webx dovecot[10752]: auth-worker(10770): Debug: conn unix:auth-worker (pid=10801,uid=172): auth-worker<1>: Finished: user_disabled Jan 23 15:10:24 webx dovecot[10752]: auth: Debug: lua(test,10.22.18.150,<qZ/XK2As7rsKFhKW>): Finished passdb lookup Jan 23 15:10:24 webx dovecot[10752]: auth: Debug: auth(test,10.22.18.150,<qZ/XK2As7rsKFhKW>): Auth request finished Jan 23 15:10:24 webx dovecot[10752]: auth-worker(10803): Debug: Loading modules from directory: /usr/lib64/dovecot/plugins/auth Jan 23 15:10:24 webx dovecot[10752]: auth-worker(10803): Debug: Module loaded: /usr/lib64/dovecot/plugins/auth/lib20_auth_var_expand_crypt.so Jan 23 15:10:24 webx dovecot[10752]: auth-worker(10803): Debug: Module loaded: /usr/lib64/dovecot/plugins/auth/libdriver_mysql.so Jan 23 15:10:24 webx dovecot[10752]: auth-worker(10803): Debug: Module loaded: /usr/lib64/dovecot/plugins/auth/libdriver_pgsql.so Jan 23 15:10:24 webx dovecot[10752]: auth-worker(10803): Debug: Module loaded: /usr/lib64/dovecot/plugins/auth/libdriver_sqlite.so Jan 23 15:10:24 webx dovecot[10752]: auth-worker(10803): Debug: Loading modules from directory: /usr/lib64/dovecot/plugins/auth Jan 23 15:10:24 webx dovecot[10752]: auth-worker(10803): Debug: Module loaded: /usr/lib64/dovecot/plugins/auth/libauthdb_lua.so Jan 23 15:10:29 webx dovecot[10752]: auth: Debug: client passdb out: FAIL 1 user=test code=user_disabled Jan 23 15:10:29 webx dovecot[10752]: imap-login: Disco
Aki
On 23/01/2025 13:26 EET Arkadiusz Miśkiewicz via dovecot <dovecot@dovecot.org> wrote:
Hello.
Trying to pass reason response via lua by passing it at dovecot.auth.PASSDB_RESULT_USER_DISABLED like:
function auth_password_verify(request, password) return dovecot.auth.PASSDB_RESULT_USER_DISABLED, "reason=custom_message"
end
function auth_userdb_lookup(request) return dovecot.auth.PASSDB_RESULT_OK, "uid=428671 gid=9726 home=/var/mail/existusertest"
end
function script_init() return 0 end
function script_deinit() end
Unfortunately returned result contains no custom message and also returns AUTHENTICATIONFAILED instead of CONTACTADMIN:
NO [AUTHENTICATIONFAILED] Authentication failed.
while I would expect something like:
NO [CONTACTADMIN] custom_message:
Any reason for such behaviour and how to get reason passed and proper CONTACTADMIN?
Tests done on 2.3.21.1.
passdb { driver = lua mechanisms = login plain args = file=/etc/dovecot/lua_auth_script_test_fail.lua blocking=yes }
userdb { driver = lua args = file=/etc/dovecot/lua_auth_script_test_fail.lua blocking=yes }
-- Arkadiusz Miśkiewicz, arekm / ( maven.pl | pld-linux.org )
dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-leave@dovecot.org
-- Arkadiusz Miśkiewicz, arekm / ( maven.pl | pld-linux.org )
I was kinda hoping it would've shown bit more details. But, looks like you've ran into a bug. Lua passdb does not export fields in case return value is not OK or NEXT. I'll file this to your bug tracker.
Aki
On 23/01/2025 17:20 EET Arkadiusz Miśkiewicz via dovecot <dovecot@dovecot.org> wrote:
On 23/01/2025 14:23, Aki Tuomi wrote:
Can you post auth_debug=yes logs?
Attaching here (as quotation):
Jan 23 15:10:24 webx dovecot[10752]: auth: Debug: client in: AUTH 1 PLAIN service=imap session=qZ/XK2As7rsKFhKW lip=10.22.18.200 rip=10.22.18.150 lport=143 rport=48110 resp=<hidden> Jan 23 15:10:24 webx dovecot[10752]: auth: Debug: lua(test,10.22.18.150,<qZ/XK2As7rsKFhKW>): Performing passdb lookup Jan 23 15:10:24 webx dovecot[10752]: auth: Debug: lua(test,10.22.18.150,<qZ/XK2As7rsKFhKW>): cache miss Jan 23 15:10:24 webx dovecot[10752]: auth-worker(10770): Debug: conn unix:auth-worker (pid=10801,uid=172): Server accepted connection (fd=13) Jan 23 15:10:24 webx dovecot[10752]: auth-worker(10770): Debug: conn unix:auth-worker (pid=10801,uid=172): Sending version handshake Jan 23 15:10:24 webx dovecot[10752]: auth-worker(10770): Debug: conn unix:auth-worker (pid=10801,uid=172): auth-worker<1>: Handling PASSV request Jan 23 15:10:24 webx dovecot[10752]: auth-worker(10770): Debug: conn unix:auth-worker (pid=10801,uid=172): auth-worker<1>: lua(test,10.22.18.150,<qZ/XK2As7rsKFhKW>): Performing passdb lookup Jan 23 15:10:24 webx dovecot[10752]: auth-worker(10770): Debug: conn unix:auth-worker (pid=10801,uid=172): auth-worker<1>: lua(test,10.22.18.150,<qZ/XK2As7rsKFhKW>): Calling auth_password_verify Jan 23 15:10:24 webx dovecot[10752]: auth-worker(10770): Debug: conn unix:auth-worker (pid=10801,uid=172): auth-worker<1>: lua(test,10.22.18.150,<qZ/XK2As7rsKFhKW>): Finished passdb lookup Jan 23 15:10:24 webx dovecot[10752]: auth-worker(10770): Debug: conn unix:auth-worker (pid=10801,uid=172): auth-worker<1>: Finished: user_disabled Jan 23 15:10:24 webx dovecot[10752]: auth: Debug: lua(test,10.22.18.150,<qZ/XK2As7rsKFhKW>): Finished passdb lookup Jan 23 15:10:24 webx dovecot[10752]: auth: Debug: auth(test,10.22.18.150,<qZ/XK2As7rsKFhKW>): Auth request finished Jan 23 15:10:24 webx dovecot[10752]: auth-worker(10803): Debug: Loading modules from directory: /usr/lib64/dovecot/plugins/auth Jan 23 15:10:24 webx dovecot[10752]: auth-worker(10803): Debug: Module loaded: /usr/lib64/dovecot/plugins/auth/lib20_auth_var_expand_crypt.so Jan 23 15:10:24 webx dovecot[10752]: auth-worker(10803): Debug: Module loaded: /usr/lib64/dovecot/plugins/auth/libdriver_mysql.so Jan 23 15:10:24 webx dovecot[10752]: auth-worker(10803): Debug: Module loaded: /usr/lib64/dovecot/plugins/auth/libdriver_pgsql.so Jan 23 15:10:24 webx dovecot[10752]: auth-worker(10803): Debug: Module loaded: /usr/lib64/dovecot/plugins/auth/libdriver_sqlite.so Jan 23 15:10:24 webx dovecot[10752]: auth-worker(10803): Debug: Loading modules from directory: /usr/lib64/dovecot/plugins/auth Jan 23 15:10:24 webx dovecot[10752]: auth-worker(10803): Debug: Module loaded: /usr/lib64/dovecot/plugins/auth/libauthdb_lua.so Jan 23 15:10:29 webx dovecot[10752]: auth: Debug: client passdb out: FAIL 1 user=test code=user_disabled Jan 23 15:10:29 webx dovecot[10752]: imap-login: Disco
Aki
On 23/01/2025 13:26 EET Arkadiusz Miśkiewicz via dovecot <dovecot@dovecot.org> wrote:
Hello.
Trying to pass reason response via lua by passing it at dovecot.auth.PASSDB_RESULT_USER_DISABLED like:
function auth_password_verify(request, password) return dovecot.auth.PASSDB_RESULT_USER_DISABLED, "reason=custom_message"
end
function auth_userdb_lookup(request) return dovecot.auth.PASSDB_RESULT_OK, "uid=428671 gid=9726 home=/var/mail/existusertest"
end
function script_init() return 0 end
function script_deinit() end
Unfortunately returned result contains no custom message and also returns AUTHENTICATIONFAILED instead of CONTACTADMIN:
NO [AUTHENTICATIONFAILED] Authentication failed.
while I would expect something like:
NO [CONTACTADMIN] custom_message:
Any reason for such behaviour and how to get reason passed and proper CONTACTADMIN?
Tests done on 2.3.21.1.
passdb { driver = lua mechanisms = login plain args = file=/etc/dovecot/lua_auth_script_test_fail.lua blocking=yes }
userdb { driver = lua args = file=/etc/dovecot/lua_auth_script_test_fail.lua blocking=yes }
-- Arkadiusz Miśkiewicz, arekm / ( maven.pl | pld-linux.org )
dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-leave@dovecot.org
-- Arkadiusz Miśkiewicz, arekm / ( maven.pl | pld-linux.org )
dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-leave@dovecot.org
On 23/01/2025 16:30, Aki Tuomi wrote:
I was kinda hoping it would've shown bit more details. But, looks like you've ran into a bug. Lua passdb does not export fields in case return value is not OK or NEXT. I'll file this to your bug tracker.
Also it seems that the code in
src/auth/db-lua.c:auth_lua_export_fields()
splits string by space
const char *const *fields = t_strsplit_spaces(str, " ");
so it won't be possible to return like reason="This is the reason"
Looks like another bug, right?
Aki
On 23/01/2025 17:20 EET Arkadiusz Miśkiewicz via dovecot <dovecot@dovecot.org> wrote:
On 23/01/2025 14:23, Aki Tuomi wrote:
Can you post auth_debug=yes logs?
Attaching here (as quotation):
Jan 23 15:10:24 webx dovecot[10752]: auth: Debug: client in: AUTH 1 PLAIN service=imap session=qZ/XK2As7rsKFhKW lip=10.22.18.200 rip=10.22.18.150 lport=143 rport=48110 resp=<hidden> Jan 23 15:10:24 webx dovecot[10752]: auth: Debug: lua(test,10.22.18.150,<qZ/XK2As7rsKFhKW>): Performing passdb lookup Jan 23 15:10:24 webx dovecot[10752]: auth: Debug: lua(test,10.22.18.150,<qZ/XK2As7rsKFhKW>): cache miss Jan 23 15:10:24 webx dovecot[10752]: auth-worker(10770): Debug: conn unix:auth-worker (pid=10801,uid=172): Server accepted connection (fd=13) Jan 23 15:10:24 webx dovecot[10752]: auth-worker(10770): Debug: conn unix:auth-worker (pid=10801,uid=172): Sending version handshake Jan 23 15:10:24 webx dovecot[10752]: auth-worker(10770): Debug: conn unix:auth-worker (pid=10801,uid=172): auth-worker<1>: Handling PASSV request Jan 23 15:10:24 webx dovecot[10752]: auth-worker(10770): Debug: conn unix:auth-worker (pid=10801,uid=172): auth-worker<1>: lua(test,10.22.18.150,<qZ/XK2As7rsKFhKW>): Performing passdb lookup Jan 23 15:10:24 webx dovecot[10752]: auth-worker(10770): Debug: conn unix:auth-worker (pid=10801,uid=172): auth-worker<1>: lua(test,10.22.18.150,<qZ/XK2As7rsKFhKW>): Calling auth_password_verify Jan 23 15:10:24 webx dovecot[10752]: auth-worker(10770): Debug: conn unix:auth-worker (pid=10801,uid=172): auth-worker<1>: lua(test,10.22.18.150,<qZ/XK2As7rsKFhKW>): Finished passdb lookup Jan 23 15:10:24 webx dovecot[10752]: auth-worker(10770): Debug: conn unix:auth-worker (pid=10801,uid=172): auth-worker<1>: Finished: user_disabled Jan 23 15:10:24 webx dovecot[10752]: auth: Debug: lua(test,10.22.18.150,<qZ/XK2As7rsKFhKW>): Finished passdb lookup Jan 23 15:10:24 webx dovecot[10752]: auth: Debug: auth(test,10.22.18.150,<qZ/XK2As7rsKFhKW>): Auth request finished Jan 23 15:10:24 webx dovecot[10752]: auth-worker(10803): Debug: Loading modules from directory: /usr/lib64/dovecot/plugins/auth Jan 23 15:10:24 webx dovecot[10752]: auth-worker(10803): Debug: Module loaded: /usr/lib64/dovecot/plugins/auth/lib20_auth_var_expand_crypt.so Jan 23 15:10:24 webx dovecot[10752]: auth-worker(10803): Debug: Module loaded: /usr/lib64/dovecot/plugins/auth/libdriver_mysql.so Jan 23 15:10:24 webx dovecot[10752]: auth-worker(10803): Debug: Module loaded: /usr/lib64/dovecot/plugins/auth/libdriver_pgsql.so Jan 23 15:10:24 webx dovecot[10752]: auth-worker(10803): Debug: Module loaded: /usr/lib64/dovecot/plugins/auth/libdriver_sqlite.so Jan 23 15:10:24 webx dovecot[10752]: auth-worker(10803): Debug: Loading modules from directory: /usr/lib64/dovecot/plugins/auth Jan 23 15:10:24 webx dovecot[10752]: auth-worker(10803): Debug: Module loaded: /usr/lib64/dovecot/plugins/auth/libauthdb_lua.so Jan 23 15:10:29 webx dovecot[10752]: auth: Debug: client passdb out: FAIL 1 user=test code=user_disabled Jan 23 15:10:29 webx dovecot[10752]: imap-login: Disco
Aki
On 23/01/2025 13:26 EET Arkadiusz Miśkiewicz via dovecot <dovecot@dovecot.org> wrote:
Hello.
Trying to pass reason response via lua by passing it at dovecot.auth.PASSDB_RESULT_USER_DISABLED like:
function auth_password_verify(request, password) return dovecot.auth.PASSDB_RESULT_USER_DISABLED, "reason=custom_message"
end
function auth_userdb_lookup(request) return dovecot.auth.PASSDB_RESULT_OK, "uid=428671 gid=9726 home=/var/mail/existusertest"
end
function script_init() return 0 end
function script_deinit() end
Unfortunately returned result contains no custom message and also returns AUTHENTICATIONFAILED instead of CONTACTADMIN:
NO [AUTHENTICATIONFAILED] Authentication failed.
while I would expect something like:
NO [CONTACTADMIN] custom_message:
Any reason for such behaviour and how to get reason passed and proper CONTACTADMIN?
Tests done on 2.3.21.1.
passdb { driver = lua mechanisms = login plain args = file=/etc/dovecot/lua_auth_script_test_fail.lua blocking=yes }
userdb { driver = lua args = file=/etc/dovecot/lua_auth_script_test_fail.lua blocking=yes }
-- Arkadiusz Miśkiewicz, arekm / ( maven.pl | pld-linux.org )
dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-leave@dovecot.org
-- Arkadiusz Miśkiewicz, arekm / ( maven.pl | pld-linux.org )
dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-leave@dovecot.org
-- Arkadiusz Miśkiewicz, arekm / ( maven.pl | pld-linux.org )
You can also use the array syntax to export fields, which is the
["reason"]="something"
then dovecot will treat this as an array of fields and spaces can be in the value.
Aki
On 05/02/2025 11:14 EET Arkadiusz Miśkiewicz via dovecot <dovecot@dovecot.org> wrote:
On 23/01/2025 16:30, Aki Tuomi wrote:
I was kinda hoping it would've shown bit more details. But, looks like you've ran into a bug. Lua passdb does not export fields in case return value is not OK or NEXT. I'll file this to your bug tracker.
Also it seems that the code in
src/auth/db-lua.c:auth_lua_export_fields()
splits string by space
const char *const *fields = t_strsplit_spaces(str, " ");
so it won't be possible to return like reason="This is the reason"
Looks like another bug, right?
Aki
On 23/01/2025 17:20 EET Arkadiusz Miśkiewicz via dovecot <dovecot@dovecot.org> wrote:
On 23/01/2025 14:23, Aki Tuomi wrote:
Can you post auth_debug=yes logs?
Attaching here (as quotation):
Jan 23 15:10:24 webx dovecot[10752]: auth: Debug: client in: AUTH 1 PLAIN service=imap session=qZ/XK2As7rsKFhKW lip=10.22.18.200 rip=10.22.18.150 lport=143 rport=48110 resp=<hidden> Jan 23 15:10:24 webx dovecot[10752]: auth: Debug: lua(test,10.22.18.150,<qZ/XK2As7rsKFhKW>): Performing passdb lookup Jan 23 15:10:24 webx dovecot[10752]: auth: Debug: lua(test,10.22.18.150,<qZ/XK2As7rsKFhKW>): cache miss Jan 23 15:10:24 webx dovecot[10752]: auth-worker(10770): Debug: conn unix:auth-worker (pid=10801,uid=172): Server accepted connection (fd=13) Jan 23 15:10:24 webx dovecot[10752]: auth-worker(10770): Debug: conn unix:auth-worker (pid=10801,uid=172): Sending version handshake Jan 23 15:10:24 webx dovecot[10752]: auth-worker(10770): Debug: conn unix:auth-worker (pid=10801,uid=172): auth-worker<1>: Handling PASSV request Jan 23 15:10:24 webx dovecot[10752]: auth-worker(10770): Debug: conn unix:auth-worker (pid=10801,uid=172): auth-worker<1>: lua(test,10.22.18.150,<qZ/XK2As7rsKFhKW>): Performing passdb lookup Jan 23 15:10:24 webx dovecot[10752]: auth-worker(10770): Debug: conn unix:auth-worker (pid=10801,uid=172): auth-worker<1>: lua(test,10.22.18.150,<qZ/XK2As7rsKFhKW>): Calling auth_password_verify Jan 23 15:10:24 webx dovecot[10752]: auth-worker(10770): Debug: conn unix:auth-worker (pid=10801,uid=172): auth-worker<1>: lua(test,10.22.18.150,<qZ/XK2As7rsKFhKW>): Finished passdb lookup Jan 23 15:10:24 webx dovecot[10752]: auth-worker(10770): Debug: conn unix:auth-worker (pid=10801,uid=172): auth-worker<1>: Finished: user_disabled Jan 23 15:10:24 webx dovecot[10752]: auth: Debug: lua(test,10.22.18.150,<qZ/XK2As7rsKFhKW>): Finished passdb lookup Jan 23 15:10:24 webx dovecot[10752]: auth: Debug: auth(test,10.22.18.150,<qZ/XK2As7rsKFhKW>): Auth request finished Jan 23 15:10:24 webx dovecot[10752]: auth-worker(10803): Debug: Loading modules from directory: /usr/lib64/dovecot/plugins/auth Jan 23 15:10:24 webx dovecot[10752]: auth-worker(10803): Debug: Module loaded: /usr/lib64/dovecot/plugins/auth/lib20_auth_var_expand_crypt.so Jan 23 15:10:24 webx dovecot[10752]: auth-worker(10803): Debug: Module loaded: /usr/lib64/dovecot/plugins/auth/libdriver_mysql.so Jan 23 15:10:24 webx dovecot[10752]: auth-worker(10803): Debug: Module loaded: /usr/lib64/dovecot/plugins/auth/libdriver_pgsql.so Jan 23 15:10:24 webx dovecot[10752]: auth-worker(10803): Debug: Module loaded: /usr/lib64/dovecot/plugins/auth/libdriver_sqlite.so Jan 23 15:10:24 webx dovecot[10752]: auth-worker(10803): Debug: Loading modules from directory: /usr/lib64/dovecot/plugins/auth Jan 23 15:10:24 webx dovecot[10752]: auth-worker(10803): Debug: Module loaded: /usr/lib64/dovecot/plugins/auth/libauthdb_lua.so Jan 23 15:10:29 webx dovecot[10752]: auth: Debug: client passdb out: FAIL 1 user=test code=user_disabled Jan 23 15:10:29 webx dovecot[10752]: imap-login: Disco
Aki
On 23/01/2025 13:26 EET Arkadiusz Miśkiewicz via dovecot <dovecot@dovecot.org> wrote:
Hello.
Trying to pass reason response via lua by passing it at dovecot.auth.PASSDB_RESULT_USER_DISABLED like:
function auth_password_verify(request, password) return dovecot.auth.PASSDB_RESULT_USER_DISABLED, "reason=custom_message"
end
function auth_userdb_lookup(request) return dovecot.auth.PASSDB_RESULT_OK, "uid=428671 gid=9726 home=/var/mail/existusertest"
end
function script_init() return 0 end
function script_deinit() end
Unfortunately returned result contains no custom message and also returns AUTHENTICATIONFAILED instead of CONTACTADMIN:
NO [AUTHENTICATIONFAILED] Authentication failed.
while I would expect something like:
NO [CONTACTADMIN] custom_message:
Any reason for such behaviour and how to get reason passed and proper CONTACTADMIN?
Tests done on 2.3.21.1.
passdb { driver = lua mechanisms = login plain args = file=/etc/dovecot/lua_auth_script_test_fail.lua blocking=yes }
userdb { driver = lua args = file=/etc/dovecot/lua_auth_script_test_fail.lua blocking=yes }
-- Arkadiusz Miśkiewicz, arekm / ( maven.pl | pld-linux.org )
dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-leave@dovecot.org
-- Arkadiusz Miśkiewicz, arekm / ( maven.pl | pld-linux.org )
dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-leave@dovecot.org
-- Arkadiusz Miśkiewicz, arekm / ( maven.pl | pld-linux.org )
dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-leave@dovecot.org
On 05/02/2025 10:20, Aki Tuomi wrote:
You can also use the array syntax to export fields, which is the
["reason"]="something"
then dovecot will treat this as an array of fields and spaces can be in the value.
Thanks, that works. For lua vars not being exported on failure I'm planning to use such patch on 2.3.x series (below). Two things work now: - reason is returned (array method mentioned earlier) - returning different login (if we want user change) is possible. In case of errors to goal was to make dovecot log errors already with user changed. (first chunk below is in auth_lua_export_passdb()_table but auth_lua_export_userdb_table() probably needs similar change)
--- dovecot-2.3.21.1/src/auth/db-lua.c~ 2024-08-13 12:37:50.000000000 +0200 +++ dovecot-2.3.21.1/src/auth/db-lua.c 2025-02-05 12:12:49.397793033 +0100 @@ -555,14 +555,13 @@ { enum passdb_result ret = lua_tointeger(L, -2);
+ auth_lua_export_table(L, req, scheme_r, password_r); + if (ret != PASSDB_RESULT_OK) { - lua_pop(L, 2); - lua_gc(L, LUA_GCCOLLECT, 0); *error_r = "passb failed"; return ret; }
- auth_lua_export_table(L, req, scheme_r, password_r); return PASSDB_RESULT_OK; }
@@ -585,7 +584,8 @@
if (ret != PASSDB_RESULT_OK && ret != PASSDB_RESULT_NEXT) { *error_r = str; - } else { + } + if (str != NULL) { auth_lua_export_fields(req, str, scheme_r, password_r); }
Aki
On 05/02/2025 11:14 EET Arkadiusz Miśkiewicz via dovecot <dovecot@dovecot.org> wrote:
On 23/01/2025 16:30, Aki Tuomi wrote:
I was kinda hoping it would've shown bit more details. But, looks like you've ran into a bug. Lua passdb does not export fields in case return value is not OK or NEXT. I'll file this to your bug tracker.
Also it seems that the code in
src/auth/db-lua.c:auth_lua_export_fields()
splits string by space
const char *const *fields = t_strsplit_spaces(str, " ");
so it won't be possible to return like reason="This is the reason"
Looks like another bug, right?
Aki
On 23/01/2025 17:20 EET Arkadiusz Miśkiewicz via dovecot <dovecot@dovecot.org> wrote:
On 23/01/2025 14:23, Aki Tuomi wrote:
Can you post auth_debug=yes logs?
Attaching here (as quotation):
Jan 23 15:10:24 webx dovecot[10752]: auth: Debug: client in: AUTH 1 PLAIN service=imap session=qZ/XK2As7rsKFhKW lip=10.22.18.200 rip=10.22.18.150 lport=143 rport=48110 resp=<hidden> Jan 23 15:10:24 webx dovecot[10752]: auth: Debug: lua(test,10.22.18.150,<qZ/XK2As7rsKFhKW>): Performing passdb lookup Jan 23 15:10:24 webx dovecot[10752]: auth: Debug: lua(test,10.22.18.150,<qZ/XK2As7rsKFhKW>): cache miss Jan 23 15:10:24 webx dovecot[10752]: auth-worker(10770): Debug: conn unix:auth-worker (pid=10801,uid=172): Server accepted connection (fd=13) Jan 23 15:10:24 webx dovecot[10752]: auth-worker(10770): Debug: conn unix:auth-worker (pid=10801,uid=172): Sending version handshake Jan 23 15:10:24 webx dovecot[10752]: auth-worker(10770): Debug: conn unix:auth-worker (pid=10801,uid=172): auth-worker<1>: Handling PASSV request Jan 23 15:10:24 webx dovecot[10752]: auth-worker(10770): Debug: conn unix:auth-worker (pid=10801,uid=172): auth-worker<1>: lua(test,10.22.18.150,<qZ/XK2As7rsKFhKW>): Performing passdb lookup Jan 23 15:10:24 webx dovecot[10752]: auth-worker(10770): Debug: conn unix:auth-worker (pid=10801,uid=172): auth-worker<1>: lua(test,10.22.18.150,<qZ/XK2As7rsKFhKW>): Calling auth_password_verify Jan 23 15:10:24 webx dovecot[10752]: auth-worker(10770): Debug: conn unix:auth-worker (pid=10801,uid=172): auth-worker<1>: lua(test,10.22.18.150,<qZ/XK2As7rsKFhKW>): Finished passdb lookup Jan 23 15:10:24 webx dovecot[10752]: auth-worker(10770): Debug: conn unix:auth-worker (pid=10801,uid=172): auth-worker<1>: Finished: user_disabled Jan 23 15:10:24 webx dovecot[10752]: auth: Debug: lua(test,10.22.18.150,<qZ/XK2As7rsKFhKW>): Finished passdb lookup Jan 23 15:10:24 webx dovecot[10752]: auth: Debug: auth(test,10.22.18.150,<qZ/XK2As7rsKFhKW>): Auth request finished Jan 23 15:10:24 webx dovecot[10752]: auth-worker(10803): Debug: Loading modules from directory: /usr/lib64/dovecot/plugins/auth Jan 23 15:10:24 webx dovecot[10752]: auth-worker(10803): Debug: Module loaded: /usr/lib64/dovecot/plugins/auth/lib20_auth_var_expand_crypt.so Jan 23 15:10:24 webx dovecot[10752]: auth-worker(10803): Debug: Module loaded: /usr/lib64/dovecot/plugins/auth/libdriver_mysql.so Jan 23 15:10:24 webx dovecot[10752]: auth-worker(10803): Debug: Module loaded: /usr/lib64/dovecot/plugins/auth/libdriver_pgsql.so Jan 23 15:10:24 webx dovecot[10752]: auth-worker(10803): Debug: Module loaded: /usr/lib64/dovecot/plugins/auth/libdriver_sqlite.so Jan 23 15:10:24 webx dovecot[10752]: auth-worker(10803): Debug: Loading modules from directory: /usr/lib64/dovecot/plugins/auth Jan 23 15:10:24 webx dovecot[10752]: auth-worker(10803): Debug: Module loaded: /usr/lib64/dovecot/plugins/auth/libauthdb_lua.so Jan 23 15:10:29 webx dovecot[10752]: auth: Debug: client passdb out: FAIL 1 user=test code=user_disabled Jan 23 15:10:29 webx dovecot[10752]: imap-login: Disco
Aki
On 23/01/2025 13:26 EET Arkadiusz Miśkiewicz via dovecot <dovecot@dovecot.org> wrote:
Hello.
Trying to pass reason response via lua by passing it at dovecot.auth.PASSDB_RESULT_USER_DISABLED like:
function auth_password_verify(request, password) return dovecot.auth.PASSDB_RESULT_USER_DISABLED, "reason=custom_message"
end
function auth_userdb_lookup(request) return dovecot.auth.PASSDB_RESULT_OK, "uid=428671 gid=9726 home=/var/mail/existusertest"
end
function script_init() return 0 end
function script_deinit() end
Unfortunately returned result contains no custom message and also returns AUTHENTICATIONFAILED instead of CONTACTADMIN:
NO [AUTHENTICATIONFAILED] Authentication failed.
while I would expect something like:
NO [CONTACTADMIN] custom_message:
Any reason for such behaviour and how to get reason passed and proper CONTACTADMIN?
Tests done on 2.3.21.1.
passdb { driver = lua mechanisms = login plain args = file=/etc/dovecot/lua_auth_script_test_fail.lua blocking=yes }
userdb { driver = lua args = file=/etc/dovecot/lua_auth_script_test_fail.lua blocking=yes }
-- Arkadiusz Miśkiewicz, arekm / ( maven.pl | pld-linux.org )
_______________________________________________ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-leave@dovecot.org
-- Arkadiusz Miśkiewicz, arekm / ( maven.pl | pld-linux.org ) _______________________________________________ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-leave@dovecot.org
-- Arkadiusz Miśkiewicz, arekm / ( maven.pl | pld-linux.org ) _______________________________________________ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-leave@dovecot.org
-- Arkadiusz Miśkiewicz, arekm / ( maven.pl | pld-linux.org )
participants (2)
-
Aki Tuomi
-
Arkadiusz Miśkiewicz