variable %w recursive expanding

Franz Beslmeisl franz.beslmeisl at gmail.com
Mon Aug 1 08:47:02 UTC 2022


In order to change the password scheme I wrote a script named
updateproxy that needs the plain text password from the user.
To get that I use the line

     password_query = SELECT username as user, password, \
       '%w' as userdb_plain_pass FROM auth_user WHERE username='%n'

This works nicely with almost all passwords but not with this one

     1234567%&/abcd

the error message being

     dovecot: Failed to expand plugin setting plain_pass =
       '1234567%&/abcd': Unknown variable '%&'

It seems to me that dovecot tries to do another level of variable
evaluation upon the **value** of the already evaluated variable.

So I searched for ways to escape problematic characters like %
and changed my line to

     password_query = SELECT username as user, password, \
       '%E{w}' as userdb_plain_pass FROM auth_user WHERE username='%n'

but this produces problems with password values containing quotes.

So how can I get a plain text password containing any ascii char
(or even better any utf-8 char) safely to my script?

Thanks for your suggestions



-------------- here the nasty details, if you want -------------
$ dovecot -n
# 2.3.7.2 (3c910f64b): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.5.7.2 ()
# OS: Linux 5.4.0-122-generic x86_64 Ubuntu 20.04.4 LTS
# Hostname: mx-10-2.bildung.hessen.de
auth_mechanisms = plain login
auth_username_chars = 
abcdefghijklmnopqrstuvwxyz_0123456789.ABCDEFGHIJKLMNOPQRSTUVWXYZ-@
lda_mailbox_autocreate = yes
lda_mailbox_autosubscribe = yes
mail_location = maildir:~/Maildir
mail_privileged_group = mail
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope 
encoded-character vacation subaddress comparator-i;ascii-numeric 
relational regex imap4flags copy include variables body enotify 
environment mailbox date index ihave duplicate mime foreverypart extracttext
namespace inbox {
   inbox = yes
   location =
   mailbox Drafts {
     auto = subscribe
     special_use = \Drafts
   }
   mailbox Junk {
     auto = subscribe
     special_use = \Junk
   }
   mailbox Sent {
     auto = subscribe
     special_use = \Sent
   }
   mailbox "Sent Messages" {
     special_use = \Sent
   }
   mailbox Trash {
     auto = subscribe
     special_use = \Trash
   }
   prefix =
}
passdb {
   # the following file contains a '%w'-line
   args = /etc/dovecot/db1.conf
   driver = sql
}
passdb {
   # the following file contains a '%w'-line
   args = /etc/dovecot/db2.conf
   driver = sql
}
passdb {
   # the following file contains no '%w'-line (just for detail)
   args = /etc/dovecot/db3.conf
   driver = sql
}
plugin {
   sieve = ~/.dovecot.sieve
   sieve_dir = ~/sieve
   sieve_max_actions = 64
   sieve_max_redirects = 16
   sieve_max_script_size = 10M
   sieve_trace_debug = yes
   sieve_user_log = ~/sievelog
   sieve_vacation_dont_check_recipient = yes
   sieve_vacation_use_original_recipient = yes
}
protocols = imap sieve lmtp
service auth {
   unix_listener /var/spool/postfix/private/dovecot-auth {
     group = postfix
     mode = 0660
     user = postfix
   }
}
service imap {
   executable = imap after-login
}
service lmtp {
   unix_listener /var/spool/postfix/private/dovecot-lmtp {
     group = postfix
     mode = 0660
     user = postfix
   }
}
service after-login {
   executable = script-login /etc/dovecot/updateproxy
   user = vmail
}
service stats {
   unix_listener stats-reader {
     group = mail
     mode = 0666
   }
   unix_listener stats-writer {
     group = mail
     mode = 0666
   }
}
ssl_cert = </etc/dovecot/private/dovecot.pem
ssl_cipher_list = ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP:-SSLv3
ssl_key = # hidden, use -P to show it
ssl_min_protocol = SSLv3
ssl_prefer_server_ciphers = yes
userdb {
   args = uid=vmail gid=vmail home=/var/vmail/%n
   driver = static
}
protocol lmtp {
   mail_plugins = quota sieve
   postmaster_address = somebody at somwhere.org
}
protocol lda {
   deliver_log_format = msgid=%m: %$
   mail_plugins = sieve
   postmaster_address = somebody at somehwere.org
   quota_full_tempfail = yes
   rejection_reason = Your message to <%t> was automatically rejected:%n%r
}
protocol imap {
   imap_client_workarounds = delay-newmail
   mail_max_userip_connections = 300
}



More information about the dovecot mailing list