dovecot - Feb 2018 - AuthDatabase CheckPassword broken?

I had been using the CheckPassword authentication interface with dovecot 2.2.15,
https://wiki2.dovecot.org/AuthDatabase/CheckPassword, and it was working.

After upgrading to 2.2.33.2 CheckPassword no longer works. The referenced wiki
page says,

Checkpassword Interface

    Read <username> NUL <password> NUL from fd 3. 

I've checked the information read from fd 3 with 2.2.33.2 and I get
<username> followed by 3
nulls. I'm guessing the 2nd null is supposed to be the password.

Why is this no longer working? How can I fix it?

THX --Mark

On 01.02.2018 08:00, Mark Foley wrote:
> I had been using the CheckPassword authentication interface with dovecot
2.2.15,
> https://wiki2.dovecot.org/AuthDatabase/CheckPassword, and it was working.
>
> After upgrading to 2.2.33.2 CheckPassword no longer works. The referenced
wiki page says,
>
> Checkpassword Interface
>
>     Read <username> NUL <password> NUL from fd 3. 
>
> I've checked the information read from fd 3 with 2.2.33.2 and I get
<username> followed by 3
> nulls. I'm guessing the 2nd null is supposed to be the password.
>
> Why is this no longer working? How can I fix it?
>
> THX --Mark
Our CI has test

#!/usr/bin/env python
# -*- coding: utf-8 -*-
import os, sys

DOVECOT_PW_FD = 3

def checkPassword():
? with os.fdopen(DOVECOT_PW_FD, 'r') as s:
??? data = s.read().split("\0")
??? if data[0] != "testuser" or data[1] != "pass":
????? return False
??? os.environ["USER"] = data[0]
??? os.environ["EXTRA"] = "userdb_uid=vmail
userdb_gid=vmail"
? return True

if __name__ == "__main__":
? if not checkPassword():
??? sys.exit(1)
? os.execv(sys.argv[1], sys.argv[1:])

And it seems to work.

Aki

On Thu, 1 Feb 2018 10:02:10 +0200 Aki Tuomi <aki.tuomi at dovecot.fi>
wrote:
>
> On 01.02.2018 08:00, Mark Foley wrote:
> > I had been using the CheckPassword authentication interface with
dovecot 2.2.15,
> > https://wiki2.dovecot.org/AuthDatabase/CheckPassword, and it was
working.
> >
> > After upgrading to 2.2.33.2 CheckPassword no longer works. The
referenced wiki page says,
> >
> > Checkpassword Interface
> >
> >     Read <username> NUL <password> NUL from fd 3. 
> >
> > I've checked the information read from fd 3 with 2.2.33.2 and I
get <username> followed by 3
> > nulls. I'm guessing the 2nd null is supposed to be the password.
> >
> > Why is this no longer working? How can I fix it?
> >
> > THX --Mark
> Our CI has test
>
> #!/usr/bin/env python
> # -*- coding: utf-8 -*-
> import os, sys
>
> DOVECOT_PW_FD = 3
>
> def checkPassword():
> ? with os.fdopen(DOVECOT_PW_FD, 'r') as s:
> ??? data = s.read().split("\0")
> ??? if data[0] != "testuser" or data[1] != "pass":
> ????? return False
> ??? os.environ["USER"] = data[0]
> ??? os.environ["EXTRA"] = "userdb_uid=vmail
userdb_gid=vmail"
> ? return True
>
> if __name__ == "__main__":
> ? if not checkPassword():
> ??? sys.exit(1)
> ? os.execv(sys.argv[1], sys.argv[1:])
>
> And it seems to work.
>
> Aki
Thanks for the script. I'm testing this on a production system, so I'll
have to wait until
after business hours to test. Meanwhile, not being a python wizard, I have a
couple of
questions.

I have to run this script as my passdb { args } parameter, right?

On the line where it is checking for "testuser" and password
"test", I assume that if I want to
use a configured user I can just change these, right?

Likewise with "userdb_uid=vmail userdb_gid=vmail", what are these?
UID/GID of the user?

Is there a way in python to output the values in data[0] and data[1] to a file
so I can see
what's actually received? If after the 'split' line I added:

f = open("/tmp/checkpassword.log","a")
f.write("Name: " + data[0] + ", PW: " + data[1])
f.close()

Would that work?

--THX Mark