[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [pysieved] patch for Dovecot auth and lookup
- From: Philippe Levan <levan at epix dot net>
- Subject: Re: [pysieved] patch for Dovecot auth and lookup
- Date: Sun, 22 Jul 2007 16:31:04 -0400 (EDT)
Hi,
As far as the choice of the section goes, I thought it would
be better to keep the settings in the section of the plugin
that actually uses them since other plugins do not implement
that feature. Either that or make it a general feature in
the [main] section.
The 'permission denied' error comes from the fact that the
/var/spool/postfix/private directory is usually 0700 and
therefore cannot be traversed. Since the socket doesn't
have to be private, I opted to move it to a separate
directory with looser permissions :
# ls -la /var/spool/postfix/auth
total 8
drwxr-xr-x 2 root root 4096 Jul 20 19:58 .
drwxr-xr-x 23 root root 4096 Jul 20 08:17 ..
srw-rw-rw- 1 postfix postfix 0 Jul 20 19:58 dovecot
Please see the end of the README.dovecot file for the
changes that are needed in the different configuration
files.
Or you can opt to run pysieved as root and not set the
global uid/gid.
Philippe.
--
Philippe Levan - Frontier/epix Systems
On Sun, 22 Jul 2007, Farkas Levente wrote:
> Philippe Levan wrote:
> > Greetings,
> >
> > While trying to get pysieved to work with my Dovecot
> > installation where all users are virtual and share
> > the same uid/gid, I made the following changes to the
> > current HEAD revision.
> >
> > This is mostly based on the code contributed by Koen
> > Vermeer and partly merged by Neale Pickett.
> >
> > I went back to opening the sockets on-demand in order
> > to avoid problems when Dovecot's authentication daemon
> > is restarted while pysieved is running.
> >
> > I also added the lookup function (which doesn't need
> > to know the password, after all).
> >
> > I also added code to switch uid/gid early if they are
> > already known, so that pysieved can run as non-root,
> > but then you need special care with permissions.
> >
> > A few name mismatches were corrected along the way
> > (passwd -> password, create -> create_storage).
> >
> > And finally, I added a little write-up on how I got
> > the whole thing to work for me.
> >
> > I hope this can help others out there.
>
> thanks!!!
> a small note. it'd be better to use [Virtual] section's uid,gid?
> another problem it's not working for me:-(
> any tip would be useful.
> the relevant config:
> ---------------------------------
> [Dovecot]
> # Path to Dovecot's auth socket (do not set unless you're using Dovecot
> auth)
> mux = /var/spool/postfix/private/auth
> master = /var/run/dovecot/auth-master
>
> # Path to sievec
> sievec = /usr/libexec/dovecot/sievec
>
> # Where in user directory to store scripts
> scripts = .pysieved
>
> # What user/group owns the mail storage
> uid = 101
> gid = 12
> ---------------------------------
> sockets:
> ---------------------------------
> # ls -ln /var/spool/postfix/private/auth /var/run/dovecot/auth-master
> srw-rw---- 1 101 12 0 Jul 18 14:20 /var/run/dovecot/auth-master
> srw-rw---- 1 89 12 0 Jul 18 14:20 /var/spool/postfix/private/auth
> ---------------------------------
> and the result of run:
> ---------------------------------
> # python pysieved.py -p /var/run/pysieved/pysieved.pid -c
> /etc/pysieved.ini -d -d -d
> 1185125464.98 == Connect from ('127.0.0.1', 52746)
> 1185125464.98 S: '"IMPLEMENTATION" "pysieved 0.9+DEV"\r\n'
> 1185125464.98 S: '"SASL" "PLAIN"\r\n'
> 1185125464.98 S: '"SIEVE" "fileinto reject envelope vacation imapflags
> notify subaddress relational comparator-i;ascii-numeric"\r\n'
> 1185125464.98 C: 'OK\r\n'
> 1185125464.98 C: 'AUTHENTICATE "PLAIN" {48+}'
> 1185125464.98 C: 'aW5mb0BsZW51eC5odQBpbmZvQGxlbnV4Lmh1AGxvZmFzejQ0'
> 1185125464.98 C: ''
> Traceback (most recent call last):
> File "/usr/lib/python2.4/site-packages/pysieved/managesieve.py", line
> 150, in handle
> func(*cmd[1:])
> File "/usr/lib/python2.4/site-packages/pysieved/managesieve.py", line
> 234, in do_authenticate
> if not self.authenticate(user, passwd):
> File "pysieved.py", line 98, in authenticate
> return authenticate.auth(self.params)
> File "/usr/lib/python2.4/site-packages/pysieved/plugins/dovecot.py",
> line 199, in auth
> self.auth_sock.connect(self.mux)
> File "<string>", line 1, in connect
> error: (13, 'Permission denied')
> 1185125464.98 C: 'BYE "Server error"\r\n'
> ----------------------------------------
> Exception happened during processing of request from ('127.0.0.1', 52746)
> Traceback (most recent call last):
> File "/usr/lib64/python2.4/SocketServer.py", line 440, in process_request
> self.finish_request(request, client_address)
> File "/usr/lib64/python2.4/SocketServer.py", line 254, in finish_request
> self.RequestHandlerClass(request, client_address, self)
> File "pysieved.py", line 93, in __init__
> managesieve.RequestHandler.__init__(self, *args)
> File "/usr/lib/python2.4/site-packages/pysieved/managesieve.py", line
> 47, in __init__
> server)
> File "/usr/lib64/python2.4/SocketServer.py", line 521, in __init__
> self.handle()
> File "/usr/lib/python2.4/site-packages/pysieved/managesieve.py", line
> 150, in handle
> func(*cmd[1:])
> File "/usr/lib/python2.4/site-packages/pysieved/managesieve.py", line
> 234, in do_authenticate
> if not self.authenticate(user, passwd):
> File "pysieved.py", line 98, in authenticate
> return authenticate.auth(self.params)
> File "/usr/lib/python2.4/site-packages/pysieved/plugins/dovecot.py",
> line 199, in auth
> self.auth_sock.connect(self.mux)
> File "<string>", line 1, in connect
> error: (13, 'Permission denied')
> ---------------------------------
>
>
>