Hello, Dovecot auth protocol 1.0 defines differend command sets for client and master. How can a daemon distinguish a master connection from a client connection? Clients do send CPID and master does not. I have following auth configuration: auth external { socket connect { master { path = /var/state/dovecot/login/master-auth } } } I try to learn my authentication daemon to learn to speak with Dovecot. I fire up my master.py and try to login via pop3 as foo:bar. Below is what my master.py receives from Dovecot (master and client), VERSION commands are not shown: km at thinkpad:/home/km > ./krot/sbin/master.py CPID : ['11915'] CPID : ['11915'] CPID : ['16652'] CPID : ['11915'] AUTH : ['1', 'PLAIN', 'service=POP3', 'secured', 'lip=127.0.0.1', 'rip=127.0.0.1', 'resp=AGZvbwBiYXI='] REQUEST : ['9', '11915', '1'] CPID : ['16652'] (In the above output command and parameters are parsed.) The protocol specification is mentioning a separate SERVICE command in the client's greeting. I can't let my daemon die if the master issues DIE. Why should a server exit when it receives DIE? Can anybody provide an example dialog of an authentication request that is successful and a reques that fails because of a bad password. Thanks, Kirill -- They make a desert and call it peace. -- Tacitus
On 3.12.2004, at 18:10, Kirill Miazine wrote:> Dovecot auth protocol 1.0 defines differend command sets for client and > master. > > How can a daemon distinguish a master connection from a client > connection? Clients do send CPID and master does not.You should listen client and master connections in separate sockets and make sure that only root user can connect to master socket (ie. socket is root/root 0600).> I have following auth configuration: > > auth external { > socket connect { > master { > path = /var/state/dovecot/login/master-authPut the master-auth socket elsewhere, eg. /var/state/dovecot/master-auth and start listening for clients in eg. /var/state/dovecot/login/client-auth (login prosesses connect to all sockets in /var/state/dovecot/login/).> km at thinkpad:/home/km > ./krot/sbin/master.py > CPID : ['11915'] > CPID : ['11915'] > CPID : ['16652'] > CPID : ['11915']I guess each of these comes in a new connection? Remember that you have to keep separate state in each connection you get.> The protocol specification is mentioning a separate SERVICE command in > the client's greeting.Yes, if the service=POP3 was missing in AUTH command you'd get the service from there.> I can't let my daemon die if the master issues DIE. Why should a server > exit when it receives DIE?It's mostly useful when Dovecot master process wants to restart dovecot-auth, you don't need to do it. Actually dovecot-auth doesn't do it either yet.> Can anybody provide an example dialog of an authentication request that > is successful and a reques that fails because of a bad password.Um. I'm a bit lazy now :) Add some logging into dovecot-auth, src/auth/auth-client-connection.c. -------------- next part -------------- A non-text attachment was scrubbed... Name: PGP.sig Type: application/pgp-signature Size: 186 bytes Desc: This is a digitally signed message part URL: <http://dovecot.org/pipermail/dovecot/attachments/20041203/89c0dbad/attachment-0001.bin>
* Timo Sirainen [2004-12-03 19:07]:> >How can a daemon distinguish a master connection from a client > >connection? Clients do send CPID and master does not. > > You should listen client and master connections in separate sockets and > make sure that only root user can connect to master socket (ie. socket > is root/root 0600).I thought that too, but I couldn't see which socket client connect to, so I assumed it was the master's socket too. Your comment below explained the situation.> >I have following auth configuration: > > > >auth external { > > socket connect { > > master { > > path = /var/state/dovecot/login/master-auth > > Put the master-auth socket elsewhere, eg. > /var/state/dovecot/master-auth and start listening for clients in eg. > /var/state/dovecot/login/client-auth (login prosesses connect to all > sockets in /var/state/dovecot/login/).Aha! I couldn't think out which socket clients do connect to. It works! Yes.> >I can't let my daemon die if the master issues DIE. Why should a > >server exit when it receives DIE? > > It's mostly useful when Dovecot master process wants to restart > dovecot-auth, you don't need to do it. Actually dovecot-auth doesn't > do it either yet.This is why I asked - I didn't see from the code what DIE is doing in the server and just wanted to know what you want it to do in the future. :-) Thank you very much, Timo! -- They make a desert and call it peace. -- Tacitus