Re: username_filter settings in passdb

Aki Tuomi via dovecot Sun, 04 Aug 2024 23:56:39 -0700

This is fixed in main with 
https://github.com/dovecot/core/commit/7bad6a24160e34bce8f10e73dbbf9e5fbbcd1904.patch


and will be fixed in 2.4.0

Aki

> On 05/08/2024 09:07 EEST Aki Tuomi via dovecot <dovecot@dovecot.org> wrote:
> 
>  
> Hi!
> 
> Thanks John for triage, we'll take a look at this.
> 
> Aki
> 
> > On 05/08/2024 05:50 EEST John Fawcett via dovecot <dovecot@dovecot.org> 
> > wrote:
> > 
> >  
> > Hi
> > 
> > in my opinion you found a bug. In the function passdb_preinit(..) in 
> > file src/auth/passdb.c the username_filters are copied from 
> > set->username_filter to passdb->username_filter. However that code only 
> > gets to be executed if this line returns NULL
> > 
> > passdb = passdb_find(set->driver, set->args, &idx);
> > 
> > For some reason this code finds a match (i.e. != NULL) for your second 
> > passdb (postmasterfilter) so it never reaches the code to setup the 
> > filter correctly. Strange to say for the third db it doesn't find a 
> > match and does setup the filter.
> > 
> > I would guess that the main reason this hasn't been noticed is that most 
> > use cases of multiple passdb's use different drivers. Either this should 
> > be treated as a bug or the documentation should be updated to state that 
> > multiple passdb's should not use the same driver.
> > 
> > As a workaround to this problem, given that you are handing off 
> > authentication to a php script, my suggestion would be to update that 
> > script so that it handles all the use cases directly. In Dovecot you 
> > will only need to define one passdb that calls the script.
> > 
> > John
> > 
> > On 01/08/2024 15:17, zaxwat93--- via dovecot wrote:
> > > added names:
> > > passdb allusers {
> > >   ...
> > > }
> > > passdb postmasterfilter {
> > >    ...
> > >    username_filter =us...@postmaster.local.one  
> > >    ...
> > > }
> > > passdb user2filter {
> > >    ....
> > >    username_filter =us...@user2.local.one  
> > >    ,,,
> > > }
> > >
> > > try "doveadm auth testus...@user2.local.one" and got logs:
> > > Aug  1 16:08:02 auth: Debug: auth client connected (pid=0)
> > > Aug  1 16:08:02 auth: Debug: client in: AUTH   1       PLAIN       
> > > service=doveadm debug   resp=<hidden>
> > > Aug  1 16:08:02 auth: Debug: allusers(us...@user2.local.one): Performing 
> > > passdb lookup
> > > Aug  1 16:08:02 auth: Debug: allusers(us...@user2.local.one): execute: 
> > > /usr/local/bin/php /usr/local/dovecot/bin/checkpassword.php 
> > > /usr/local/libexec/dovecot/checkpassword-reply
> > > Aug  1 16:08:02 auth: Debug: allusers(us...@user2.local.one): Received 
> > > input:
> > > Aug  1 16:08:02 auth: Debug: allusers(us...@user2.local.one): 
> > > exit_status=1
> > > Aug  1 16:08:02 auth: allusers(us...@user2.local.one): Login failed 
> > > (status=1)
> > > Aug  1 16:08:02 auth: Debug: allusers(us...@user2.local.one): Finished 
> > > passdb lookup
> > > Aug  1 16:08:02 auth: Debug: postmasterfilter(us...@user2.local.one): 
> > > Performing passdb lookup
> > > Aug  1 16:08:02 auth: Debug: postmasterfilter(us...@user2.local.one): 
> > > username changedus...@user2.local.one  ->us...@local.one
> > > Aug  1 16:08:02 auth: Debug: postmasterfilter(us...@local.one): execute: 
> > > /usr/local/bin/php /usr/local/dovecot/bin/checkpassword.php 
> > > /usr/local/libexec/dovecot/checkpassword-reply
> > > Aug  1 16:08:02 auth: Debug: postmasterfilter(us...@local.one): Received 
> > > input:user=us...@local.one        userdb_home=/var/spool/mail/    
> > > userdb_uid=dovecot  userdb_gid=dovecot
> > > Aug  1 16:08:02 auth: Debug: postmasterfilter(us...@local.one): 
> > > exit_status=0
> > > Aug  1 16:08:02 auth: Debug: postmasterfilter(us...@local.one): username 
> > > changedus...@local.one  ->postmas...@local.one
> > > Aug  1 16:08:02 auth: Debug: postmasterfilter(postmas...@local.one): 
> > > Finished passdb lookup
> > > Aug  1 16:08:02 auth: Debug: auth(postmas...@local.one): Auth request 
> > > finished
> > > Aug  1 16:08:02 auth: Debug: client passdb out: OK     
> > > 1user=postmas...@local.one                 
> > > original_user=us...@user2.local.one
> > >
> > > Same result: it should skip postmasterfilter passdb and work with 
> > > user2filter, but it didn't
> > > _______________________________________________
> > > dovecot mailing list --dovecot@dovecot.org
> > > To unsubscribe send an email todovecot-le...@dovecot.org
> > _______________________________________________
> > dovecot mailing list -- dovecot@dovecot.org
> > To unsubscribe send an email to dovecot-le...@dovecot.org
> _______________________________________________
> dovecot mailing list -- dovecot@dovecot.org
> To unsubscribe send an email to dovecot-le...@dovecot.org
_______________________________________________
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org

Re: username_filter settings in passdb

Reply via email to