Re: AuthDatabase CheckPassword broken?
On 02/02/18 14:19, Mark Foley wrote: > Script didn't run: > > File "/root/tmp/checkpwtest.py", line 8 > o?= with os.fdopen(DOVECOT_PW_FD, 'r') as s: > ^ > SyntaxError: invalid syntax Copy/paste error? The beginning of that line doesn't seem to be in the original. Richard
Re: AuthDatabase CheckPassword broken?
Script didn't run: File "/root/tmp/checkpwtest.py", line 8 o?= with os.fdopen(DOVECOT_PW_FD, 'r') as s: ^ SyntaxError: invalid syntax --Mark -Original Message- From: Mark Foley <mfo...@ohprs.org> Date: Thu, 01 Feb 2018 15:34:15 -0500 Organization: Ohio Highway Patrol Retirement System To: dovecot@dovecot.org Subject: Re: AuthDatabase CheckPassword broken? On Thu, 1 Feb 2018 10:02:10 +0200 Aki Tuomi <aki.tu...@dovecot.fi> wrote: > > On 01.02.2018 08:00, Mark Foley wrote: > > I had been using the CheckPassword authentication interface with dovecot > > 2.2.15, > > https://wiki2.dovecot.org/AuthDatabase/CheckPassword, and it was working. > > > > After upgrading to 2.2.33.2 CheckPassword no longer works. The referenced > > wiki page says, > > > > Checkpassword Interface > > > > Read NUL NUL from fd 3. > > > > I've checked the information read from fd 3 with 2.2.33.2 and I get > > followed by 3 > > nulls. I'm guessing the 2nd null is supposed to be the password. > > > > Why is this no longer working? How can I fix it? > > > > THX --Mark > Our CI has test > > #!/usr/bin/env python > # -*- coding: utf-8 -*- > import os, sys > > DOVECOT_PW_FD = 3 > > def checkPassword(): > with os.fdopen(DOVECOT_PW_FD, 'r') as s: > data = s.read().split("\0") > if data[0] != "testuser" or data[1] != "pass": > return False > os.environ["USER"] = data[0] > os.environ["EXTRA"] = "userdb_uid=vmail userdb_gid=vmail" > return True > > if __name__ == "__main__": > if not checkPassword(): > sys.exit(1) > os.execv(sys.argv[1], sys.argv[1:]) > > And it seems to work. > > Aki Thanks for the script. I'm testing this on a production system, so I'll have to wait until after business hours to test. Meanwhile, not being a python wizard, I have a couple of questions. I have to run this script as my passdb { args } parameter, right? On the line where it is checking for "testuser" and password "test", I assume that if I want to use a configured user I can just change these, right? Likewise with "userdb_uid=vmail userdb_gid=vmail", what are these? UID/GID of the user? Is there a way in python to output the values in data[0] and data[1] to a file so I can see what's actually received? If after the 'split' line I added: f = open("/tmp/checkpassword.log","a") f.write("Name: " + data[0] + ", PW: " + data[1]) f.close() Would that work? --THX Mark
Re: AuthDatabase CheckPassword broken?
On Thu, 1 Feb 2018 10:02:10 +0200 Aki Tuomiwrote: > > On 01.02.2018 08:00, Mark Foley wrote: > > I had been using the CheckPassword authentication interface with dovecot > > 2.2.15, > > https://wiki2.dovecot.org/AuthDatabase/CheckPassword, and it was working. > > > > After upgrading to 2.2.33.2 CheckPassword no longer works. The referenced > > wiki page says, > > > > Checkpassword Interface > > > > Read NUL NUL from fd 3. > > > > I've checked the information read from fd 3 with 2.2.33.2 and I get > > followed by 3 > > nulls. I'm guessing the 2nd null is supposed to be the password. > > > > Why is this no longer working? How can I fix it? > > > > THX --Mark > Our CI has test > > #!/usr/bin/env python > # -*- coding: utf-8 -*- > import os, sys > > DOVECOT_PW_FD = 3 > > def checkPassword(): > with os.fdopen(DOVECOT_PW_FD, 'r') as s: > data = s.read().split("\0") > if data[0] != "testuser" or data[1] != "pass": > return False > os.environ["USER"] = data[0] > os.environ["EXTRA"] = "userdb_uid=vmail userdb_gid=vmail" > return True > > if __name__ == "__main__": > if not checkPassword(): > sys.exit(1) > os.execv(sys.argv[1], sys.argv[1:]) > > And it seems to work. > > Aki Thanks for the script. I'm testing this on a production system, so I'll have to wait until after business hours to test. Meanwhile, not being a python wizard, I have a couple of questions. I have to run this script as my passdb { args } parameter, right? On the line where it is checking for "testuser" and password "test", I assume that if I want to use a configured user I can just change these, right? Likewise with "userdb_uid=vmail userdb_gid=vmail", what are these? UID/GID of the user? Is there a way in python to output the values in data[0] and data[1] to a file so I can see what's actually received? If after the 'split' line I added: f = open("/tmp/checkpassword.log","a") f.write("Name: " + data[0] + ", PW: " + data[1]) f.close() Would that work? --THX Mark
Re: AuthDatabase CheckPassword broken?
On 01.02.2018 08:00, Mark Foley wrote: > I had been using the CheckPassword authentication interface with dovecot > 2.2.15, > https://wiki2.dovecot.org/AuthDatabase/CheckPassword, and it was working. > > After upgrading to 2.2.33.2 CheckPassword no longer works. The referenced > wiki page says, > > Checkpassword Interface > > Read NUL NUL from fd 3. > > I've checked the information read from fd 3 with 2.2.33.2 and I get > followed by 3 > nulls. I'm guessing the 2nd null is supposed to be the password. > > Why is this no longer working? How can I fix it? > > THX --Mark Our CI has test #!/usr/bin/env python # -*- coding: utf-8 -*- import os, sys DOVECOT_PW_FD = 3 def checkPassword(): with os.fdopen(DOVECOT_PW_FD, 'r') as s: data = s.read().split("\0") if data[0] != "testuser" or data[1] != "pass": return False os.environ["USER"] = data[0] os.environ["EXTRA"] = "userdb_uid=vmail userdb_gid=vmail" return True if __name__ == "__main__": if not checkPassword(): sys.exit(1) os.execv(sys.argv[1], sys.argv[1:]) And it seems to work. Aki
AuthDatabase CheckPassword broken?
I had been using the CheckPassword authentication interface with dovecot 2.2.15, https://wiki2.dovecot.org/AuthDatabase/CheckPassword, and it was working. After upgrading to 2.2.33.2 CheckPassword no longer works. The referenced wiki page says, Checkpassword Interface Read NUL NUL from fd 3. I've checked the information read from fd 3 with 2.2.33.2 and I get followed by 3 nulls. I'm guessing the 2nd null is supposed to be the password. Why is this no longer working? How can I fix it? THX --Mark