[Dovecot] [checkpassword] I can't get a password from fd3

Heiko Schlichting dovecot-l at fu-berlin.de
Tue Jan 13 12:42:24 EET 2009


Durk Strooisma wrote:
> Okay, thanks for verifying. What kind of scripting language would you
> suggest for checkpassword instead?

Perl works for me. Extract from such script:

    use constant CHECKPASSWORD_MAX_LEN => 512;
    [...]
    my $input = IO::Handle->new_from_fd(3, "r");
    if (not defined $input) {
        internal_error('read_from_dovecot - getting file descriptor failed');
        return;
    }
    my $length = undef;
    my $buffer = '';
    do {
        $length = $input->read($buffer, CHECKPASSWORD_MAX_LEN - length($buffer), length($buffer)) ;
        if ($input->error or not defined $length) {
            internal_error('read_from_dovecot - read failed');
            $input->close;
            return;
        }
    } while ($length != 0);
    $input->close;
    my ($user, $password, $rest) = split /\0/, $buffer, 3;
    [...]

It is also possible to skip the execution of "checkpassword-reply".
Assuming that dovecot will never change the protocol it expects from
"checkpassword-reply", it is possible to write the reply to filedescriptor 4
in your script directly and skip invocation of the intermediate program.
Works great.

Extract from such script:

    # Exit Codes
    use constant AUTH_OK => 0;
    use constant AUTH_FAIL => 1;
    use constant AUTH_ERROR => 111;
    [...]
    my $output = IO::Handle->new_from_fd(4, "w");
    if (not defined $output) {
        internal_error('write_to_dovecot - getting filedescriptor failed');
        return;
    }
    $output->autoflush(1);

    # Returning Username and Homedir to dovecot
    my $response = "user=${user}\tuserdb_home=${homedir}\t";

    $output->print($response);
    if ($output->error) {
        internal_error('write_to_dovecot - write failed');
    }
    $output->close;
    [...]

Exit your script with appropriate Exit Code (see constant definition above).

As dovecot does not provide RADIUS as authentication mechanism, I'm using
CheckPassword interface with a perl script to ask a list of RADIUS servers and
return everything which is necessary back to dovecot (-> userdb prefetch).

Heiko

Heiko Schlichting          Freie Universität Berlin
heiko at CIS.FU-Berlin.DE     Zentraleinrichtung für Datenverarbeitung (ZEDAT)
Telefon +49 30 838-54327   Fabeckstraße 32
Telefax +49 30 838454327   14195 Berlin


More information about the dovecot mailing list