[Dovecot] dovecot and vmailmgr

Mij mij at bitchx.it
Wed May 10 13:51:37 EEST 2006 

hello

now that dovecot supports authentication with checkpassword-compatible
modules, I tried to get it working for IMAP on a qmail + vmailmgr  
server.

For a subtle detail, while claiming to be "a drop-in replacement for  
the standard
checkpassword", checkvpw (auth module for vmailmgr) is not "drop in".  
It actually
expects 2 args on its command line, not 1. So, a wrapper is needed to  
get it
authenticating correctly with dovecot; a very simple one  
(argswrapper.c below).

This wrapper is not sufficient though. In fact, vmailmgr represents  
user homes
like this:
$HOME_LOCUSER/users/virtual_username
this is ok with
default_mail_env = maildir:%h/users/%n

$HOME_LOCUSER depends on the domain part of the user's email. The  
relation
is held in /var/qmail/control/virtualdomains .
However, on the local part (virtual_username) some rewriting is done  
on the username, as
dots are replaced by ":".
So in the end j.doe at foo.com becomes "~mxfoocom/users/j:doe".

Now, var-expand does not support any rewriting. I patched it by  
adding another
modifier, m_str_replace(), which replaces REPLACE_SOURCE with  
REPLACE_TARGET
in a given string. By defining REPLACE_SOURCE to '.' and  
REPLACE_TARGET to ':'
one accomplishes the vmailmgr username rewriting. This modifier is  
applied with "P",
so:
default_mail_env = maildir:%h/users/%Pn

A better, general solution would be for dovecot to implement some  
kind of general
rewriting, say with regexps and sed-like replacement rules, or with  
an external process
in a cgi fashion.

With this patch, dovecot gets the correct path for any user mailbox.  
However, there's a bug
in dovecot storage modules (both maildir and mbox) which truncates  
the path in the first ":",
when expecting ":INBOX" etc specifiers:


         /* <Maildir> [:INBOX=<dir>] [:INDEX=<dir>] [:CONTROL=<dir>] */
         if (debug)
             i_info("maildir: data=%s", data);
         p = strchr(data, ':');
         if (p == NULL)
             root_dir = data;
         else {
             root_dir = t_strdup_until(data, p);

this way, a former data = /var/maildirs/foo/users/j:doe:INDEX=... is  
truncated to
/var/maildirs/foo/users/j . This opens the much worse possibility for  
user "j:doe" to be
accounted into user "j" account after authentication.

It is difficult to get a solid fix here, because the grammar is  
ambiguous for
INBOX, INDEX and CONTROL tokens. Since they are not separated with an  
illegal
path symbol from the rest of the path in default_mail_env, it is not  
possible to state
when a ":INBOX=" token belongs to the path and when it is a user  
directive. The Best
is to move the specifiers into a different configuration directive.
However, a more solid check with the current modus operandi is

         /* <Maildir> [:INBOX=<dir>] [:INDEX=<dir>] [:CONTROL=<dir>] */
         if (debug)
             i_info("maildir: data=%s", data);
         /* extracting INBOX / INDEX / CONTROL suffices */
         if (((p = strstr(data, ":INBOX=")) != NULL)
             || ((p = strstr(data, ":INDEX=")) != NULL)
             || ((p = strstr(data, ":CONTROL=")) != NULL)) {

             root_dir = t_strdup_until(data, p);

which expects the full ":INBOX=" etc strings to be present in data  
instead of the
single ":" separator.
The patches that implement this for both {maildir,mailbox}-storage  
are also appended
below.

I will take a couple of hours tomorrow to wrap all the iter up on a  
web page here
http://mij.oltrelinux.com/net/dovecot-qmail-vmailmgr/

All the patches are applied wrt 1.0-beta7

bye


-------------- next part --------------
A non-text attachment was scrubbed...
Name: argswrapper.c
Type: application/octet-stream
Size: 489 bytes
Desc: not available
Url : http://dovecot.org/pipermail/dovecot/attachments/20060510/b609ff22/argswrapper-0001.obj
-------------- next part --------------
  
-------------- next part --------------
A non-text attachment was scrubbed...
Name: var-expand.c_new
Type: application/octet-stream
Size: 4954 bytes
Desc: not available
Url : http://dovecot.org/pipermail/dovecot/attachments/20060510/b609ff22/var-expand-0001.obj
-------------- next part --------------
  
-------------- next part --------------
A non-text attachment was scrubbed...
Name: maildir-storage.c.patch
Type: application/octet-stream
Size: 1605 bytes
Desc: not available
Url : http://dovecot.org/pipermail/dovecot/attachments/20060510/b609ff22/maildir-storage.c-0001.obj
-------------- next part --------------
A non-text attachment was scrubbed...
Name: mbox-storage.c.patch
Type: application/octet-stream
Size: 1291 bytes
Desc: not available
Url : http://dovecot.org/pipermail/dovecot/attachments/20060510/b609ff22/mbox-storage.c-0001.obj
-------------- next part --------------

More information about the dovecot mailing list