AuthDatabase CheckPassword broken?
Mark Foley
mfoley at ohprs.org
Thu Feb 1 22:34:15 EET 2018
On Thu, 1 Feb 2018 10:02:10 +0200 Aki Tuomi <aki.tuomi at dovecot.fi> wrote:
>
> On 01.02.2018 08:00, Mark Foley wrote:
> > I had been using the CheckPassword authentication interface with dovecot 2.2.15,
> > https://wiki2.dovecot.org/AuthDatabase/CheckPassword, and it was working.
> >
> > After upgrading to 2.2.33.2 CheckPassword no longer works. The referenced wiki page says,
> >
> > Checkpassword Interface
> >
> > Read <username> NUL <password> NUL from fd 3.
> >
> > I've checked the information read from fd 3 with 2.2.33.2 and I get <username> followed by 3
> > nulls. I'm guessing the 2nd null is supposed to be the password.
> >
> > Why is this no longer working? How can I fix it?
> >
> > THX --Mark
> Our CI has test
>
> #!/usr/bin/env python
> # -*- coding: utf-8 -*-
> import os, sys
>
> DOVECOT_PW_FD = 3
>
> def checkPassword():
> with os.fdopen(DOVECOT_PW_FD, 'r') as s:
> data = s.read().split("\0")
> if data[0] != "testuser" or data[1] != "pass":
> return False
> os.environ["USER"] = data[0]
> os.environ["EXTRA"] = "userdb_uid=vmail userdb_gid=vmail"
> return True
>
> if __name__ == "__main__":
> if not checkPassword():
> sys.exit(1)
> os.execv(sys.argv[1], sys.argv[1:])
>
> And it seems to work.
>
> Aki
Thanks for the script. I'm testing this on a production system, so I'll have to wait until
after business hours to test. Meanwhile, not being a python wizard, I have a couple of
questions.
I have to run this script as my passdb { args } parameter, right?
On the line where it is checking for "testuser" and password "test", I assume that if I want to
use a configured user I can just change these, right?
Likewise with "userdb_uid=vmail userdb_gid=vmail", what are these? UID/GID of the user?
Is there a way in python to output the values in data[0] and data[1] to a file so I can see
what's actually received? If after the 'split' line I added:
f = open("/tmp/checkpassword.log","a")
f.write("Name: " + data[0] + ", PW: " + data[1])
f.close()
Would that work?
--THX Mark
More information about the dovecot
mailing list