variable %w recursive expanding

Paul Kudla (SCOM.CA Internet Services Inc.) paul at scom.ca
Tue Aug 2 13:51:14 UTC 2022 

yep that would work !


Happy Tuesday !!!
Thanks - paul

Paul Kudla


Scom.ca Internet Services <http://www.scom.ca>
004-1009 Byron Street South
Whitby, Ontario - Canada
L1N 4S3

Toronto 416.642.7266
Main 1.866.411.7266
Fax 1.888.892.7266
Email paul at scom.ca
On 8/2/2022 8:58 AM, Cristiano Deana wrote:
>
> Hi,
>
> I had a similar problem.
> Solved with "password, TO_BASE64('%w')" and decoding later into the 
> (php) script updating my db
>
> Il 01/08/2022 10:47, Franz Beslmeisl ha scritto:
>> In order to change the password scheme I wrote a script named
>> updateproxy that needs the plain text password from the user.
>> To get that I use the line
>>
>>      password_query = SELECT username as user, password, \
>>        '%w' as userdb_plain_pass FROM auth_user WHERE username='%n'
>>
>> This works nicely with almost all passwords but not with this one
>>
>>      1234567%&/abcd
>>
>> the error message being
>>
>>      dovecot: Failed to expand plugin setting plain_pass =
>>        '1234567%&/abcd': Unknown variable '%&'
>>
>> It seems to me that dovecot tries to do another level of variable
>> evaluation upon the **value** of the already evaluated variable.
>>
>> So I searched for ways to escape problematic characters like %
>> and changed my line to
>>
>>      password_query = SELECT username as user, password, \
>>        '%E{w}' as userdb_plain_pass FROM auth_user WHERE username='%n'
>>
>> but this produces problems with password values containing quotes.
>>
>> So how can I get a plain text password containing any ascii char
>> (or even better any utf-8 char) safely to my script?
>>
>> Thanks for your suggestions
>>
>>
>>
>> -------------- here the nasty details, if you want -------------
>> $ dovecot -n
>> # 2.3.7.2 (3c910f64b): /etc/dovecot/dovecot.conf
>> # Pigeonhole version 0.5.7.2 ()
>> # OS: Linux 5.4.0-122-generic x86_64 Ubuntu 20.04.4 LTS
>> # Hostname: mx-10-2.bildung.hessen.de
>> auth_mechanisms = plain login
>> auth_username_chars = 
>> abcdefghijklmnopqrstuvwxyz_0123456789.ABCDEFGHIJKLMNOPQRSTUVWXYZ-@
>> lda_mailbox_autocreate = yes
>> lda_mailbox_autosubscribe = yes
>> mail_location = maildir:~/Maildir
>> mail_privileged_group = mail
>> managesieve_notify_capability = mailto
>> managesieve_sieve_capability = fileinto reject envelope 
>> encoded-character vacation subaddress comparator-i;ascii-numeric 
>> relational regex imap4flags copy include variables body enotify 
>> environment mailbox date index ihave duplicate mime foreverypart 
>> extracttext
>> namespace inbox {
>>    inbox = yes
>>    location =
>>    mailbox Drafts {
>>      auto = subscribe
>>      special_use = \Drafts
>>    }
>>    mailbox Junk {
>>      auto = subscribe
>>      special_use = \Junk
>>    }
>>    mailbox Sent {
>>      auto = subscribe
>>      special_use = \Sent
>>    }
>>    mailbox "Sent Messages" {
>>      special_use = \Sent
>>    }
>>    mailbox Trash {
>>      auto = subscribe
>>      special_use = \Trash
>>    }
>>    prefix =
>> }
>> passdb {
>>    # the following file contains a '%w'-line
>>    args = /etc/dovecot/db1.conf
>>    driver = sql
>> }
>> passdb {
>>    # the following file contains a '%w'-line
>>    args = /etc/dovecot/db2.conf
>>    driver = sql
>> }
>> passdb {
>>    # the following file contains no '%w'-line (just for detail)
>>    args = /etc/dovecot/db3.conf
>>    driver = sql
>> }
>> plugin {
>>    sieve = ~/.dovecot.sieve
>>    sieve_dir = ~/sieve
>>    sieve_max_actions = 64
>>    sieve_max_redirects = 16
>>    sieve_max_script_size = 10M
>>    sieve_trace_debug = yes
>>    sieve_user_log = ~/sievelog
>>    sieve_vacation_dont_check_recipient = yes
>>    sieve_vacation_use_original_recipient = yes
>> }
>> protocols = imap sieve lmtp
>> service auth {
>>    unix_listener /var/spool/postfix/private/dovecot-auth {
>>      group = postfix
>>      mode = 0660
>>      user = postfix
>>    }
>> }
>> service imap {
>>    executable = imap after-login
>> }
>> service lmtp {
>>    unix_listener /var/spool/postfix/private/dovecot-lmtp {
>>      group = postfix
>>      mode = 0660
>>      user = postfix
>>    }
>> }
>> service after-login {
>>    executable = script-login /etc/dovecot/updateproxy
>>    user = vmail
>> }
>> service stats {
>>    unix_listener stats-reader {
>>      group = mail
>>      mode = 0666
>>    }
>>    unix_listener stats-writer {
>>      group = mail
>>      mode = 0666
>>    }
>> }
>> ssl_cert = </etc/dovecot/private/dovecot.pem
>> ssl_cipher_list = ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP:-SSLv3
>> ssl_key = # hidden, use -P to show it
>> ssl_min_protocol = SSLv3
>> ssl_prefer_server_ciphers = yes
>> userdb {
>>    args = uid=vmail gid=vmail home=/var/vmail/%n
>>    driver = static
>> }
>> protocol lmtp {
>>    mail_plugins = quota sieve
>>    postmaster_address = somebody at somwhere.org
>> }
>> protocol lda {
>>    deliver_log_format = msgid=%m: %$
>>    mail_plugins = sieve
>>    postmaster_address = somebody at somehwere.org
>>    quota_full_tempfail = yes
>>    rejection_reason = Your message to <%t> was automatically 
>> rejected:%n%r
>> }
>> protocol imap {
>>    imap_client_workarounds = delay-newmail
>>    mail_max_userip_connections = 300
>> }
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://dovecot.org/pipermail/dovecot/attachments/20220802/51dc99cb/attachment-0001.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: scomca-logo.jpg
Type: image/jpeg
Size: 135491 bytes
Desc: not available
URL: <https://dovecot.org/pipermail/dovecot/attachments/20220802/51dc99cb/attachment-0001.jpg>

More information about the dovecot mailing list