Hi!
Thanks John for triage, we'll take a look at this.
Aki
> On 05/08/2024 05:50 EEST John Fawcett via dovecot <dovecot@dovecot.org> wrote:
>
>
> Hi
>
> in my opinion you found a bug. In the function passdb_preinit(..) in
> file src/auth/passdb.c the username_filters are copied from
> set->username_filter to passdb->username_filter. However that code only
> gets to be executed if this line returns NULL
>
> passdb = passdb_find(set->driver, set->args, &idx);
>
> For some reason this code finds a match (i.e. != NULL) for your second
> passdb (postmasterfilter) so it never reaches the code to setup the
> filter correctly. Strange to say for the third db it doesn't find a
> match and does setup the filter.
>
> I would guess that the main reason this hasn't been noticed is that most
> use cases of multiple passdb's use different drivers. Either this should
> be treated as a bug or the documentation should be updated to state that
> multiple passdb's should not use the same driver.
>
> As a workaround to this problem, given that you are handing off
> authentication to a php script, my suggestion would be to update that
> script so that it handles all the use cases directly. In Dovecot you
> will only need to define one passdb that calls the script.
>
> John
>
> On 01/08/2024 15:17, zaxwat93--- via dovecot wrote:
> > added names:
> > passdb allusers {
> > ...
> > }
> > passdb postmasterfilter {
> > ...
> > username_filter =us...@postmaster.local.one
> > ...
> > }
> > passdb user2filter {
> > ....
> > username_filter =us...@user2.local.one
> > ,,,
> > }
> >
> > try "doveadm auth testus...@user2.local.one" and got logs:
> > Aug 1 16:08:02 auth: Debug: auth client connected (pid=0)
> > Aug 1 16:08:02 auth: Debug: client in: AUTH 1 PLAIN
> > service=doveadm debug resp=<hidden>
> > Aug 1 16:08:02 auth: Debug: allusers(us...@user2.local.one): Performing
> > passdb lookup
> > Aug 1 16:08:02 auth: Debug: allusers(us...@user2.local.one): execute:
> > /usr/local/bin/php /usr/local/dovecot/bin/checkpassword.php
> > /usr/local/libexec/dovecot/checkpassword-reply
> > Aug 1 16:08:02 auth: Debug: allusers(us...@user2.local.one): Received
> > input:
> > Aug 1 16:08:02 auth: Debug: allusers(us...@user2.local.one): exit_status=1
> > Aug 1 16:08:02 auth: allusers(us...@user2.local.one): Login failed
> > (status=1)
> > Aug 1 16:08:02 auth: Debug: allusers(us...@user2.local.one): Finished
> > passdb lookup
> > Aug 1 16:08:02 auth: Debug: postmasterfilter(us...@user2.local.one):
> > Performing passdb lookup
> > Aug 1 16:08:02 auth: Debug: postmasterfilter(us...@user2.local.one):
> > username changedus...@user2.local.one ->us...@local.one
> > Aug 1 16:08:02 auth: Debug: postmasterfilter(us...@local.one): execute:
> > /usr/local/bin/php /usr/local/dovecot/bin/checkpassword.php
> > /usr/local/libexec/dovecot/checkpassword-reply
> > Aug 1 16:08:02 auth: Debug: postmasterfilter(us...@local.one): Received
> > input:user=us...@local.one userdb_home=/var/spool/mail/
> > userdb_uid=dovecot userdb_gid=dovecot
> > Aug 1 16:08:02 auth: Debug: postmasterfilter(us...@local.one):
> > exit_status=0
> > Aug 1 16:08:02 auth: Debug: postmasterfilter(us...@local.one): username
> > changedus...@local.one ->postmas...@local.one
> > Aug 1 16:08:02 auth: Debug: postmasterfilter(postmas...@local.one):
> > Finished passdb lookup
> > Aug 1 16:08:02 auth: Debug: auth(postmas...@local.one): Auth request
> > finished
> > Aug 1 16:08:02 auth: Debug: client passdb out: OK
> > 1user=postmas...@local.one
> > original_user=us...@user2.local.one
> >
> > Same result: it should skip postmasterfilter passdb and work with
> > user2filter, but it didn't
> > _______________________________________________
> > dovecot mailing list --dovecot@dovecot.org
> > To unsubscribe send an email todovecot-le...@dovecot.org
> _______________________________________________
> dovecot mailing list -- dovecot@dovecot.org
> To unsubscribe send an email to dovecot-le...@dovecot.org
_______________________________________________
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org
