On Thu, 1 Feb 2018 10:02:10 +0200 Aki Tuomi <aki.tu...@dovecot.fi> wrote: > > On 01.02.2018 08:00, Mark Foley wrote: > > I had been using the CheckPassword authentication interface with dovecot > > 2.2.15, > > https://wiki2.dovecot.org/AuthDatabase/CheckPassword, and it was working. > > > > After upgrading to 2.2.33.2 CheckPassword no longer works. The referenced > > wiki page says, > > > > Checkpassword Interface > > > > Read <username> NUL <password> NUL from fd 3. > > > > I've checked the information read from fd 3 with 2.2.33.2 and I get > > <username> followed by 3 > > nulls. I'm guessing the 2nd null is supposed to be the password. > > > > Why is this no longer working? How can I fix it? > > > > THX --Mark > Our CI has test > > #!/usr/bin/env python > # -*- coding: utf-8 -*- > import os, sys > > DOVECOT_PW_FD = 3 > > def checkPassword(): > with os.fdopen(DOVECOT_PW_FD, 'r') as s: > data = s.read().split("\0") > if data[0] != "testuser" or data[1] != "pass": > return False > os.environ["USER"] = data[0] > os.environ["EXTRA"] = "userdb_uid=vmail userdb_gid=vmail" > return True > > if __name__ == "__main__": > if not checkPassword(): > sys.exit(1) > os.execv(sys.argv[1], sys.argv[1:]) > > And it seems to work. > > Aki
Thanks for the script. I'm testing this on a production system, so I'll have to wait until after business hours to test. Meanwhile, not being a python wizard, I have a couple of questions. I have to run this script as my passdb { args } parameter, right? On the line where it is checking for "testuser" and password "test", I assume that if I want to use a configured user I can just change these, right? Likewise with "userdb_uid=vmail userdb_gid=vmail", what are these? UID/GID of the user? Is there a way in python to output the values in data[0] and data[1] to a file so I can see what's actually received? If after the 'split' line I added: f = open("/tmp/checkpassword.log","a") f.write("Name: " + data[0] + ", PW: " + data[1]) f.close() Would that work? --THX Mark