[Dovecot] "doveadm auth user" requiring a tty

Sun Nov 28 01:17:25 EET 2010

Hello,

"doveadm auth user password" may be scripted without a glitch.
But this comes with the usual problem of a "ps" command showing the password, which may be especially annoying in case of a single-letter typo: the almost correct password is then visible for about two seconds...
Clearing the password argument (zeroing it) in doveadm-auth.c, in the hope to reduce the window during which the password may be catched, didn't prove successful.

"doveadm auth user" could be an alternative, but it imperatively requires a tty, which may not always easily nor efficiently be available in a scripting environment.

I thus ended with this very quick and dirty hack (I guess this should be named that way):

--- askpass.original.c	2010-05-31 18:36:52.000000000 +0200
+++ askpass.c	2010-11-27 19:12:03.000000000 +0100
@@ -16,8 +16,24 @@
	char ch;
	int fd;

+	// A very crude attempt... this supposes that STDIN not being a tty
+	// may never happen outside of "doveadm auth", and that STDIN will
+	// always be clean.
+	//if (!isatty(STDIN_FILENO))
+	//	i_fatal("stdin isn't a TTY");
	if (!isatty(STDIN_FILENO))
-		i_fatal("stdin isn't a TTY");
+	{
+		pos = 0;
+		while (read(STDIN_FILENO, &ch, 1) > 0) {
+			if (pos >= buf_size-1)
+				break;
+			if (ch == '\n' || ch == '\r')
+				break;
+			buf[pos++] = ch;
+		}
+		buf[pos] = '\0';
+		return;
+	}

	fputs(prompt, stderr);
	fflush(stderr);

but this for sure must overlook a lot of things.

What would be the best way to achieve a scriptable "doveadm auth", say through php's proc_open(), without possibly compromise passwords?

TIA,
Axel

