[Dovecot] Drac and Dovecot, almost there ...
I have dracd and dovecot up and running and trying to get the two connected. I'm using the FC3 rpms from callimg yum install.
I've downloaded the drac patch from http://dovecot.org/patches/drac.c and compiled it with both
gcc -Wall -W -shared -fPIC -DHAVE_CONFIG_H -I$dovecot -I$dovecot/src/lib drac.c -o drac.so -ldrac
and
gcc -Wall -W -shared -fPIC -DHAVE_CONFIG_H -I$dovecot -I$dovecot/src/lib drac.c -o drac.so
I get no warnings or errors on the compiling to drac.so. In the conf file I have
imap_use_modules = yes imap_modules = /usr/lib/dovecot/imap
However, I don't see the module being called. Is there a way to tell. The dracd database (/etc/mail/dracd.db) is not being updated via testing with the drac utilities.
Thoughts? Ideas?
Below is output from a strace ... I don't see /usr/lib/dovecot/imap/drac.so being opened ...
execve("/usr/sbin/dovecot", ["/usr/sbin/dovecot"], [/* 20 vars */]) = 0
uname({sys="Linux", node="masra.org", ...}) = 0
brk(0) = 0x8c85000
access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or
directory)
open("/etc/ld.so.cache", O_RDONLY) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=28209, ...}) = 0
old_mmap(NULL, 28209, PROT_READ, MAP_PRIVATE, 3, 0) = 0xf6ff9000
close(3) = 0
open("/lib/libssl.so.4", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\20\226"...,
512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=213600, ...}) = 0
old_mmap(0x7c0000, 212692, PROT_READ|PROT_EXEC,
MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7c0000
old_mmap(0x7f1000, 12288, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x31000) = 0x7f1000
close(3) = 0
open("/lib/libcrypto.so.4", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\0\31d\000"...,
512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=933408, ...}) = 0
old_mmap(0x617000, 949656, PROT_READ|PROT_EXEC,
MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x617000
old_mmap(0x6ea000, 73728, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0xd2000) = 0x6ea000
old_mmap(0x6fc000, 11672, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x6fc000
close(3) = 0
open("/usr/lib/libgssapi_krb5.so.2", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\320\214"...,
512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=82944, ...}) = 0
old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS,
-1, 0) = 0xf6ff8000
old_mmap(0x724000, 80272, PROT_READ|PROT_EXEC,
MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x724000
old_mmap(0x737000, 4096, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x13000) = 0x737000
close(3) = 0
open("/usr/lib/libkrb5.so.3", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\370[\000"..., 512) = 512 fstat64(3, {st_mode=S_IFREG|0755, st_size=415188, ...}) = 0 old_mmap(0x5b0000, 413000, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x5b0000 old_mmap(0x613000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x63000) = 0x613000 close(3) = 0 open("/lib/libcom_err.so.2", O_RDONLY) = 3 read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\3548Y\000"..., 512) = 512 fstat64(3, {st_mode=S_IFREG|0755, st_size=7004, ...}) = 0 old_mmap(0x593000, 8636, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x593000 old_mmap(0x595000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1000) = 0x595000 close(3) = 0 open("/usr/lib/libk5crypto.so.3", O_RDONLY) = 3 read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0
Bp\000"...,
512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=136016, ...}) = 0
old_mmap(0x701000, 134560, PROT_READ|PROT_EXEC,
MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x701000
old_mmap(0x721000, 4096, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x20000) = 0x721000
close(3) = 0
open("/lib/libresolv.so.2", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\360\363"...,
512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=81316, ...}) = 0
old_mmap(0x57d000, 80040, PROT_READ|PROT_EXEC,
MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x57d000
mprotect(0x58c000, 18600, PROT_NONE) = 0
old_mmap(0x58d000, 8192, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0xf000) = 0x58d000
old_mmap(0x58f000, 6312, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x58f000
close(3) = 0
open("/lib/libdl.so.2", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\260\313"...,
512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=16908, ...}) = 0
old_mmap(0x4ec000, 12388, PROT_READ|PROT_EXEC,
MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x4ec000
old_mmap(0x4ee000, 8192, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1000) = 0x4ee000
close(3) = 0
open("/usr/lib/libz.so.1", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\260\205"...,
512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=63528, ...}) = 0
old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS,
-1, 0) = 0xf6ff7000
old_mmap(0x517000, 65028, PROT_READ|PROT_EXEC,
MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x517000
old_mmap(0x526000, 4096, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0xe000) = 0x526000
close(3) = 0
open("/lib/tls/libc.so.6", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0 O=\000"...,
512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=1524828, ...}) = 0
old_mmap(0x3c0000, 1219740, PROT_READ|PROT_EXEC,
MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x3c0000
mprotect(0x4e3000, 27804, PROT_NONE) = 0
old_mmap(0x4e4000, 16384, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x123000) = 0x4e4000
old_mmap(0x4e8000, 7324, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x4e8000
close(3) = 0
old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS,
-1, 0) = 0xf6ff6000
mprotect(0x4e4000, 8192, PROT_READ) = 0
mprotect(0x4ee000, 4096, PROT_READ) = 0
mprotect(0x58d000, 4096, PROT_READ) = 0
mprotect(0x3bc000, 4096, PROT_READ) = 0
set_thread_area({entry_number:-1 -> 6, base_addr:0xf6ff66c0,
limit:1048575, seg_32bit:1, contents:0, read_exec_only:0,
limit_in_pages:1, seg_not_present:0,
useable:1}) = 0
munmap(0xf6ff9000, 28209) = 0
time(NULL) = 1110856826
brk(0) = 0x8c85000
brk(0x8cae000) = 0x8cae000
uname({sys="Linux", node="masra.org", ...}) = 0
getpid() = 18177
geteuid32() = 510
open("/etc/dovecot.conf", O_RDONLY|O_LARGEFILE) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=20533, ...}) = 0
pread(3, "## Dovecot 1.0 configuration fil"..., 2048, 0) = 2048
pread(3, "ges, use this logfile instead of"..., 2023, 2048) = 2023
pread(3, "g\n# we check only once in a seco"..., 1970, 4071) = 1970
pread(3, "to give \"mail\" group write acces"..., 2046, 6041) = 2046
pread(3, "STRUCTURE\n# gen"..., 1981, 8087) = 1981
pread(3, "is setting specifies the minimum"..., 2034, 10068) = 2034
pread(3, "dlinks = no\n\n# Check if mails\' c"..., 2026, 12102) = 2026
pread(3, "processes then.\n#mail_drop_priv_"..., 1986, 14128) = 1986
pread(3, " client authenticates in the IMA"..., 2029, 16114) = 2029
pread(3, "ice> | *]: PAM authentication\n# "..., 2034, 18143) = 2034
pread(3, "s, so it may be 0600-root owned "..., 356, 20177) = 356
close(3) = 0
socket(PF_FILE, SOCK_STREAM, 0) = 3
fcntl64(3, F_GETFL) = 0x2 (flags O_RDWR)
fcntl64(3, F_SETFL, O_RDWR|O_NONBLOCK) = 0
connect(3, {sa_family=AF_FILE, path="/var/run/nscd/socket"}, 110) = -1
ENOENT (No such file or directory)
close(3) = 0
socket(PF_FILE, SOCK_STREAM, 0) = 3
fcntl64(3, F_GETFL) = 0x2 (flags O_RDWR)
fcntl64(3, F_SETFL, O_RDWR|O_NONBLOCK) = 0
connect(3, {sa_family=AF_FILE, path="/var/run/nscd/socket"}, 110) = -1
ENOENT (No such file or directory)
close(3) = 0
open("/etc/nsswitch.conf", O_RDONLY) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=1686, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1,
0) = 0xf6fff000
read(3, "#\n# /etc/nsswitch.conf\n#\n# An ex"..., 4096) = 1686
read(3, "", 4096) = 0
close(3) = 0
munmap(0xf6fff000, 4096) = 0
open("/etc/ld.so.cache", O_RDONLY) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=28209, ...}) = 0
old_mmap(NULL, 28209, PROT_READ, MAP_PRIVATE, 3, 0) = 0xf6ff9000
close(3) = 0
open("/lib/libnss_files.so.2", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\320\32"...,
512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=47496, ...}) = 0
old_mmap(NULL, 41604, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3,
0) = 0xf6feb000
old_mmap(0xf6ff4000, 8192, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x8000) = 0xf6ff4000
close(3) = 0
mprotect(0xf6ff4000, 4096, PROT_READ) = 0
munmap(0xf6ff9000, 28209) = 0
open("/etc/passwd", O_RDONLY) = 3
fcntl64(3, F_GETFD) = 0
fcntl64(3, F_SETFD, FD_CLOEXEC) = 0
fstat64(3, {st_mode=S_IFREG|0644, st_size=3306, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1,
0) = 0xf6fff000
read(3, "root:x:0:0:root:/root:/bin/bash\n"..., 4096) = 3306
close(3) = 0
munmap(0xf6fff000, 4096) = 0
access("/usr/libexec/dovecot/pop3-login", X_OK) = 0
open("/etc/passwd", O_RDONLY) = 3
fcntl64(3, F_GETFD) = 0
fcntl64(3, F_SETFD, FD_CLOEXEC) = 0
fstat64(3, {st_mode=S_IFREG|0644, st_size=3306, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1,
0) = 0xf6fff000
read(3, "root:x:0:0:root:/root:/bin/bash\n"..., 4096) = 3306
close(3) = 0
munmap(0xf6fff000, 4096) = 0
access("/usr/libexec/dovecot/imap-login", X_OK) = 0
access("/usr/libexec/dovecot/imap", X_OK) = 0
access("/usr/lib/dovecot/imap", R_OK|X_OK) = 0
access("/usr/libexec/dovecot/pop3", X_OK) = 0
access("/usr/lib/dovecot/pop3", R_OK|X_OK) = 0
access("/usr/share/ssl/certs/dovecot.pem", R_OK) = -1 EACCES (Permission
denied)
write(2, "Fatal: ", 7Fatal: ) = 7
write(2, "Can\'t use SSL certificate /usr/s"..., 77Can't use SSL
certificate /usr/share/ssl/certs/dovecot.pem: Permission denied) = 77
write(2, "\n", 1
) = 1
exit_group(89) = ?
Jon Shoberg jon@shoberg.net writes:
I have dracd and dovecot up and running and trying to get the two connected. I'm using the FC3 rpms from callimg yum install.
What makes you prefer an inherently insecure hack that drac is over a real and easily available solution such as SMTP AUTH or SMTP with SSL/TLS client certificates, or if you provide dialin services, RADIUS or WHOSON?
-- Matthias Andree
participants (2)
-
Jon Shoberg
-
Matthias Andree