Re: lua API and returning reason and CONTACTADMIN

Wed, 05 Feb 2025 01:15:25 -0800 

On 23/01/2025 16:30, Aki Tuomi wrote:

I was kinda hoping it would've shown bit more details. But, looks like you've 
ran into a bug. Lua passdb does not export fields in case return value is not 
OK or NEXT. I'll file this to your bug tracker.


Also it seems that the code in

src/auth/db-lua.c:auth_lua_export_fields()

splits string by space

 const char *const *fields = t_strsplit_spaces(str, " ");

so it won't be possible to return like reason="This is the reason"

Looks like another bug, right?



Aki


On 23/01/2025 17:20 EET Arkadiusz Miśkiewicz via dovecot <dovecot@dovecot.org> 
wrote:


  
On 23/01/2025 14:23, Aki Tuomi wrote:

Can you post auth_debug=yes logs?



Attaching here (as quotation):


Jan 23 15:10:24 webx dovecot[10752]: auth: Debug: client in: AUTH       1       PLAIN 
  service=imap    session=qZ/XK2As7rsKFhKW        lip=10.22.18.200    
rip=10.22.18.150 lport=143       rport=48110     resp=<hidden>
Jan 23 15:10:24 webx dovecot[10752]: auth: Debug: 
lua(test,10.22.18.150,<qZ/XK2As7rsKFhKW>): Performing passdb lookup
Jan 23 15:10:24 webx dovecot[10752]: auth: Debug: 
lua(test,10.22.18.150,<qZ/XK2As7rsKFhKW>): cache miss
Jan 23 15:10:24 webx dovecot[10752]: auth-worker(10770): Debug: conn 
unix:auth-worker (pid=10801,uid=172): Server accepted connection (fd=13)
Jan 23 15:10:24 webx dovecot[10752]: auth-worker(10770): Debug: conn 
unix:auth-worker (pid=10801,uid=172): Sending version handshake
Jan 23 15:10:24 webx dovecot[10752]: auth-worker(10770): Debug: conn unix:auth-worker 
(pid=10801,uid=172): auth-worker<1>: Handling PASSV request
Jan 23 15:10:24 webx dovecot[10752]: auth-worker(10770): Debug: conn unix:auth-worker 
(pid=10801,uid=172): auth-worker<1>: lua(test,10.22.18.150,<qZ/XK2As7rsKFhKW>): 
Performing passdb lookup
Jan 23 15:10:24 webx dovecot[10752]: auth-worker(10770): Debug: conn unix:auth-worker 
(pid=10801,uid=172): auth-worker<1>: lua(test,10.22.18.150,<qZ/XK2As7rsKFhKW>): 
Calling auth_password_verify
Jan 23 15:10:24 webx dovecot[10752]: auth-worker(10770): Debug: conn unix:auth-worker 
(pid=10801,uid=172): auth-worker<1>: lua(test,10.22.18.150,<qZ/XK2As7rsKFhKW>): 
Finished passdb lookup
Jan 23 15:10:24 webx dovecot[10752]: auth-worker(10770): Debug: conn unix:auth-worker 
(pid=10801,uid=172): auth-worker<1>: Finished: user_disabled
Jan 23 15:10:24 webx dovecot[10752]: auth: Debug: 
lua(test,10.22.18.150,<qZ/XK2As7rsKFhKW>): Finished passdb lookup
Jan 23 15:10:24 webx dovecot[10752]: auth: Debug: 
auth(test,10.22.18.150,<qZ/XK2As7rsKFhKW>): Auth request finished
Jan 23 15:10:24 webx dovecot[10752]: auth-worker(10803): Debug: Loading modules 
from directory: /usr/lib64/dovecot/plugins/auth
Jan 23 15:10:24 webx dovecot[10752]: auth-worker(10803): Debug: Module loaded: 
/usr/lib64/dovecot/plugins/auth/lib20_auth_var_expand_crypt.so
Jan 23 15:10:24 webx dovecot[10752]: auth-worker(10803): Debug: Module loaded: 
/usr/lib64/dovecot/plugins/auth/libdriver_mysql.so
Jan 23 15:10:24 webx dovecot[10752]: auth-worker(10803): Debug: Module loaded: 
/usr/lib64/dovecot/plugins/auth/libdriver_pgsql.so
Jan 23 15:10:24 webx dovecot[10752]: auth-worker(10803): Debug: Module loaded: 
/usr/lib64/dovecot/plugins/auth/libdriver_sqlite.so
Jan 23 15:10:24 webx dovecot[10752]: auth-worker(10803): Debug: Loading modules 
from directory: /usr/lib64/dovecot/plugins/auth
Jan 23 15:10:24 webx dovecot[10752]: auth-worker(10803): Debug: Module loaded: 
/usr/lib64/dovecot/plugins/auth/libauthdb_lua.so
Jan 23 15:10:29 webx dovecot[10752]: auth: Debug: client passdb out: FAIL       
1       user=test       code=user_disabled
Jan 23 15:10:29 webx dovecot[10752]: imap-login: Disco





Aki


On 23/01/2025 13:26 EET Arkadiusz Miśkiewicz via dovecot <dovecot@dovecot.org> 
wrote:


   
Hello.



Trying to pass reason response via lua by passing it at
dovecot.auth.PASSDB_RESULT_USER_DISABLED like:


function auth_password_verify(request, password)
     return dovecot.auth.PASSDB_RESULT_USER_DISABLED, "reason=custom_message"

end

function auth_userdb_lookup(request)
     return dovecot.auth.PASSDB_RESULT_OK, "uid=428671 gid=9726
home=/var/mail/existusertest"

end

function script_init()
     return 0
end

function script_deinit()
end


Unfortunately returned result contains no custom message and also
returns AUTHENTICATIONFAILED instead of CONTACTADMIN:

NO [AUTHENTICATIONFAILED] Authentication failed.

while I would expect something like:

NO [CONTACTADMIN] custom_message:

Any reason for such behaviour and how to get reason passed and proper
CONTACTADMIN?

Tests done on 2.3.21.1.

passdb {
     driver = lua
     mechanisms = login plain
     args = file=/etc/dovecot/lua_auth_script_test_fail.lua blocking=yes
}


userdb {
     driver = lua
     args = file=/etc/dovecot/lua_auth_script_test_fail.lua blocking=yes
}

--
Arkadiusz Miśkiewicz, arekm / ( maven.pl | pld-linux.org )

_______________________________________________
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org





--
Arkadiusz Miśkiewicz, arekm / ( maven.pl | pld-linux.org )
_______________________________________________
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org





--
Arkadiusz Miśkiewicz, arekm / ( maven.pl | pld-linux.org )
_______________________________________________
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org






















					Reply via email to