search for: extra_field

Hi. I have an auth plugin where an extra_field is filled. Somewhere, in login process I need to log the authentication command and the extra_field, I was trying to do it in login-common/client-common.c, adding a new variable to login_log_format_elements and trying to get the fileld from environment, but, I could not find any way to do it, the g...

...ng a plugin (for the pop3/imap process) that requires some data to provided from the authentication phase (a derivative of the password). For that, I have now implemented a passdb plugin that generates this data and I would like to "pass" this data down to the mail process (pop3/imap) via extra_fields in the reply of the authentication. The general idea is that my custom passdb plugin calculates the data, sets the extra_field and returns some error (authentication was not successful) so that the "real" passdb backend can be invoked to "really" validate the authentication dat...

Hi, I would like to supply a few users with extra_fields. All users are found by PAM first so the userdb passwd-file doesnt seem to be used. How to alter the lookup sequence? We can't remove the accounts from the central passwd, just for Dovecot. Thanks, Leroy

...AS nodelay, 'Y' AS p roxy, 'somepass' AS pass FROM iwmailsystem.virtmailbox AS v NATURAL JOIN authenticate.users AS a WHERE v.userID = 'user at host.com' and v.imap_active = 1 Error: auth(default): file auth-request.c: line 207 (auth_request_save_cache): assertion failed: (extra_fields == NULL || (strstr(extra_fields, "\tpass=") == NULL && strncmp(extra_fields, "pass=", 5) != 0)) Error: child 54122 (auth) killed with signal 6 The Wiki showed I should return a 'pass' column. However, that's choking the query up in auth-request.c. Could it...

...uest.c Tue May 05 14:16:31 2015 +0300 @@ -618,30 +627,28 @@ auth_request_want_skip_passdb(request, next_passdb)) next_passdb = next_passdb->next; + if (*result == PASSDB_RESULT_OK) { + /* this passdb lookup succeeded, preserve its extra fields */ + auth_fields_snapshot(request->extra_fields); + request->snapshot_have_userdb_prefetch_set = + request->userdb_prefetch_set; + if (request->userdb_reply != NULL) + auth_fields_snapshot(request->userdb_reply); + } else { + /* this passdb lookup failed, remove any extra fields it set */ + auth_fields_rollback(request->e...

...00 > @@ -618,30 +627,28 @@ > auth_request_want_skip_passdb(request, next_passdb)) > next_passdb = next_passdb->next; > > + if (*result == PASSDB_RESULT_OK) { > + /* this passdb lookup succeeded, preserve its extra fields */ > + auth_fields_snapshot(request->extra_fields); > + request->snapshot_have_userdb_prefetch_set = > + request->userdb_prefetch_set; > + if (request->userdb_reply != NULL) > + auth_fields_snapshot(request->userdb_reply); > + } else { > + /* this passdb lookup failed, remove any extra fields it set */ > +...

Hi list, I have a question on auth caching in 2.2.18. I am using acl_groups for a master user, appended in a static userdb file # snip ############################### master at uma:{SHA}XXXX=::::::userdb_acl_groups=umareadmaster allow_nets=127.0.0.1 # snap ############################### and use this group in a global ACL file. I discovered this only works on first NOT-cached login

...ile waiting for more data from the client (broken in rc22) - mbox: When saving a message to an empty mbox file it got one UID which immediately was incremented. - mbox: Fixed some wrong "uid-last unexpectedly lost" errors. - auth cache: In some situations we crashed if passdb had extra_fields. - auth cache: Special extra_fields weren't saved to auth cache. For example allow_nets restrictions were ignored for cached entries. - A lot of initial login processes could cause auth socket errors in log file at startup, if dovecot-auth started slowly. Now the login processes are...

...migrate a chunk of users each night and then let the proxy send them to the new server. I wonder if, instead of altering my LDAP schema to be able to add the needed attributes (matching proxy/proxy_maybe, host, ...) I could use a second userdb (preferably in a file : passwd-file ?) only for those extra_fields (i.e. the second userdb would extend the LDAP one). As a matter of fact, I guess those who will migrate users will prefer writing to a file than to add some LDAP attribute in the user entry. In other words, can I get different extra_fields for the same user in different userdb's ? -- Thomas...

If the auth backend (postgresql in my case) returns extra fields, and all of these extra_fields begin with 'userdb_', the auth_callback functions adds an unwanted extra tab at the end of the response: auth(default): client out: OK^I8^Iuser=foo at bar^I This extra tab at the end confuses exim's dovecot-auth handler (the exim-dovecot auth handler does not correctly count the numb...

...n rc22) - mbox: Broken X-UID headers assert-crashed sometimes - mbox: When saving a message to an empty mbox file it got an UID which immediately got incremented. - mbox: Fixed some wrong "uid-last unexpectedly lost" errors. - auth cache: In some situations we crashed if passdb had extra_fields. - auth cache: Special extra_fields weren't saved to auth cache. For example allow_nets restrictions were ignored for cached entries. - A lot of initial login processes could cause auth socket errors in log file at startup, if dovecot-auth started slowly. Now the login processes are...

...n rc22) - mbox: Broken X-UID headers assert-crashed sometimes - mbox: When saving a message to an empty mbox file it got an UID which immediately got incremented. - mbox: Fixed some wrong "uid-last unexpectedly lost" errors. - auth cache: In some situations we crashed if passdb had extra_fields. - auth cache: Special extra_fields weren't saved to auth cache. For example allow_nets restrictions were ignored for cached entries. - A lot of initial login processes could cause auth socket errors in log file at startup, if dovecot-auth started slowly. Now the login processes are...

...sql Userdb: checkpassword passwd prefetch passwd-file sql static Dec 19 12:49:42 mail dovecot: auth(default): cache(m52 at academ.org): Password mismatch Dec 19 12:49:42 mail dovecot: auth(default): file passdb-blocking.c: line 125 (passdb_blocking_verify_plain): assertion failed: (request->extra_fields == NULL) Dec 19 12:49:42 mail dovecot: child 91510 (auth) killed with signal 6 Dec 19 09:20:39 mail pid 96304 (dovecot-auth), uid 65534: exited on signal 6 Dec 19 09:43:31 mail pid 21093 (dovecot-auth), uid 65534: exited on signal 6 Dec 19 09:49:54 mail pid 36637 (dovecot-auth), uid 65534: exited...

...up of the user (user whose name is already known). a) am I correct ? b) why isn't system_user such a boolean ? Is there a case where we'd want system_user to be different than the user dovecot runs as at the moment the check takes place ? 3) same idea with acl_groups : since this extra_field holds a list of groups for the ACL plugin, why not rely on the native unix groups of the system the user belong to ? Thanks (and sorry for the 2 previous threads where I was blindly confused by the system_user thing). -- Thomas Hummel | Institut Pasteur <hummel at pasteur.fr> |...

Hello Timo, I want to deny access to some users. For now I'm doing it using 2 passdb's and listing users in a text file. !include auth-deny.conf.ext -> passwd-file driver !include auth-ldap.conf.ext -> ldap driver I want to do the same using only LDAP. I'm not quite sure how to do it : a) should I . change the driver of the first passdb from passwd-file to ldap . for user

..." user_info = (const struct setting_parser_info *) 0x8089d80 user_set = (const struct mail_user_settings *) 0xfef7fc99 userdb_fields = (const char * const *) 0x807a908 error = 0xfeff0540 "" reply = {uid = -1, gid = -1, home = 0x0, chroot = 0x0, extra_fields = {arr = {buffer = 0x809b6b8, element_size = 4}, v = 0x809b6b8, v_modifiable = 0x809b6b8}} set_parser = (struct setting_parser_context *) 0x8093d40 user_pool = (pool_t) 0x8088918 temp_pool = (pool_t) 0x809b6a8 ret = 1 #9 0xfef0be8f in mail_storage_service_look...

...t 2c2axxx.online-server.cloud[private/dovecot-lmtp] said: 550 5.1.1 <bruno at 2c2axxx.online-server.cloud> User doesn't exist: bruno at 2c2axxx.online-server.cloud (in reply to RCPT TO command)) [root at localhost bruno]# cat /etc/dovecot/users #user:password:uid:gid:(gecos):home:(shell):extra_fields bruno:{CRAM-MD5}88XXXee:5001:5001::/home/bruno:: mail:{CRAM-MD5}88XXXee:5001:5001::/home/mail:: nas:{CRAM-MD5}8eXXX40:5001:5001::/home/nas asys:{CRAM-MD5}99XXX09:5001:5001::/home/asys -------------- next part -------------- An HTML attachment was scrubbed... URL: <https://dovecot.org/pipermail/...

...e=/var/vmail/glu_vrem/%u } /etc/imap.passwd: administrator:*:95400500:95400513:Administrator:/home/DOM/administrator:/bin/bash::userdb_quota_rule=*:bytes=10G Authentication and quota - now OK. But doesn't work sending and receiving mail... postfix say 'Unknown user'... Is there "extra_field" in passwd-file for email? What generally will be advice on quotas in our case? dovecot -n: # 2.2.27 (c0f36b0): /etc/dovecot/dovecot.conf # Pigeonhole version 0.4.16 (fed8554) # OS: Linux 4.4.39-std-def-alt0.M80P.1 x86_64 ALT 8.1 Server auth_debug = yes auth_debug_passwords = yes auth_me...

...0x80ded98 "INBOX" auth_socket = <value optimized out> home = <value optimized out> destaddr = 0xbfb09f9c "example at example.com" user = 0xbfb09f9c "example at example.com" error = <value optimized out> extra_fields = {arr = {buffer = 0x80ed080, element_size = 4}, v = 0x80ed080, v_modifiable = 0x80ed080} ns = (struct mail_namespace *) 0x80f7a90 raw_ns = (struct mail_namespace *) 0x80f7ab8 storage = (struct mail_storage *) 0x80f7e98 box = (struct mailbox *) 0x8102768 i...

...like this : > > pass_attrs = ....,foo=deny in dovecot-ldap.conf.ext ? > This doesn't seem to work but maybe am I misunderstanding the logic : I thought that in the passdb{} section of auth-deny.conf.ext, you could comment "deny = yes" as long as the passdb returned an extra_field mapped on "deny" with the value of "yes" for users you'd want to deny access to: is that the case ? Maybe it's just something like : "if user is found in passdb but "deny = yes" is not stated in the passdb{} section, then access is granted ? > b) or...