Variable expansion in password field (again?!)
Aki Tuomi
aki.tuomi at open-xchange.com
Tue May 11 13:09:46 EEST 2021
> On 11/05/2021 12:33 Timo Sirainen <timo at sirainen.com> wrote:
>
>
> On 10. May 2021, at 17.33, Mathias Rabe <mathias-rabe at post-x.de> wrote:
> >
> > pass_attrs = mail=user,userPassword=password,=userdb_mail_crypt_private_password=%w,mailCrypt=userdb_mail_crypt_save_version
> ..
> > The users can log-in and everything works fine including the mail-crypt-plugin until an user password contains a % I get the following error message (example):
> >
> > Error: Failed to expand plugin setting mail_crypt_private_password = '"1234%Passwort"': Unknown variable '%P‘
> >
> > I’ve found some mails but I didn’t found a solution. It seems that Dovecot tries to expand some variable in the password:
> >
> > https://dovecot.org/pipermail/dovecot/2019-July/116338.html
> > https://dovecot.org/pipermail/dovecot/2020-April/118634.html
> >
> > So this seems to be a bug or something. Is there any new information on this topic or even any solution or workaround?
>
> It's a long-known issue, tracked internally as DOP-323. It only happens to plugin settings. I'm not sure how easy or difficult it would be to fix, but it might also break some existing systems that rely on the behavior. We have also DOP-329 issue about doing somewhat larger config redesign so that plugin settings become more normal settings. Doing that would also solve this problem as a side effect.
>
> Lots of things to do, but not enough time. Which reminds me: We're now hiring a new Dovecot developer if anyone is interested (it's not publicly posted yet).
Luckily there is a simple workaround for this:
mail_crypt_private_password=%{sha256:w}
Aki
More information about the dovecot
mailing list