Author Topic: New Dovecot passwd/userdb driver for password plugin  (Read 27006 times)

Offline corford

  • Newbie
  • *
  • Posts: 3
New Dovecot passwd/userdb driver for password plugin
« on: August 29, 2011, 10:11:07 AM »
Hello All

I have written a driver for the Roundcube password plugin that allows users to change their mailbox password on systems that store passwords in Dovecot passwd/userdb files (see "http://wiki.dovecot.org/AuthDatabase/PasswdFile"). I wrote it for our installation and thought I would contribute it back (although it is only likely to be of interest for small Roundcube deployments).

The code is hosted here: "http://code.google.com/p/dovecotpfd/" (tar archive here: http://dovecotpfd.googlecode.com/files/dovecotpfd-1.0.tar.gz)

To use it, you will need to:

1). Place dovecotpfd.php in roundcube/plugins/password/drivers/

2). Edit roundcube/plugins/password/config.inc.php and add the following configuration directives to the bottom of the file:

Code: [Select]
// Dovecot Password File Driver options
// -----------------------------------------
// Specify the username format used in the passwd/userdb file (valid values are "%n" or "%u", corresponding to Dovecots %n and %u variables - see: http://wiki.dovecot.org/Variables)
$rcmail_config['password_dovecotpfd_format'] = "%n";
// Desired password hashing scheme (run dovecotpw -l for a list of supported schemes on your system)
$rcmail_config['password_dovecotpfd_scheme'] = "SSHA256";

3). Place chgdovecotpw in /usr/sbin

4). Create a new linux user account:

Code: [Select]
# useradd -g nogroup -s /bin/false -d /dev/null mailpasswd
5). Place dovecotpfd-setuid.c in roundcube/plugins/password/drivers/, open it in your favourite text editor and change the UID definition to match the uid of the account created in step 4 above.

6). Compile dovecotpfd-setuid.c and set the sticky bit:
Code: [Select]
# cd roundcube/plugins/password/drivers/
# gcc -o dovecotpfd-setuid dovecotpfd-setuid.c
# chown root:www-data dovecotpfd-setuid
# strip dovecotpfd-setuid
# chmod 4750 dovecotpfd-setuid
7). Make sure the mailpasswd user, created in step 4 above, has access to and write permission on the Dovecot passwd/userdb file (the location of which is set in dovecotpfd.php). The mailpasswd user also needs to be able to execute chgdovecotpw.


To activate the plugin, edit roundcube/plugins/password/config.inc.php and set $rcmail_config['password_driver'] to 'dovecotpfd'
« Last Edit: August 30, 2011, 11:47:01 AM by corford »

Offline Marked

  • Newbie
  • *
  • Posts: 1
Finding the Dovecot passwd/userdb file
« Reply #1 on: September 05, 2011, 09:20:50 AM »
Hi and thanks for posting this.

In step 7, it says ... Dovecot passwd/userdb file (the location of which is set in dovecotpfd.php)  - which shows "$passwdfile = sprintf("/home/mail/%s/passwd", $domain);"

My /home directory only contains the users' directories - each having its own "Maildir/", but no "mail" directory or passwd file anywhere.

Any clues would be greatly appreciated.

Cheers,
Mark.

Offline schuetzi

  • Newbie
  • *
  • Posts: 1
missing linefeed in password-file
« Reply #2 on: September 07, 2011, 09:37:05 AM »
Hi

I installed this plugin. Many thanks for this great work.
When I tested it, the password was sed, but no linfeed (\n) was on the end of the line, so the next user was in the same line.
I changed line number 138 in chgdovecotpw and :

138                                                 $data[1] = $new_password_hash . "\n";

Now it works.
I speak PHP as bad as english, so I hope this is o.k.

Regards,

Klaus

Offline corford

  • Newbie
  • *
  • Posts: 3
New Dovecot passwd/userdb driver for password plugin
« Reply #3 on: September 08, 2011, 04:21:36 PM »
Quote from: Marked;36458
Hi and thanks for posting this.

In step 7, it says ... Dovecot passwd/userdb file (the location of which is set in dovecotpfd.php)  - which shows "$passwdfile = sprintf("/home/mail/%s/passwd", $domain);"

My /home directory only contains the users' directories - each having its own "Maildir/", but no "mail" directory or passwd file anywhere.

Any clues would be greatly appreciated.

Cheers,
Mark.

 

Hi Mark

The $passwdfile variable needs to point to wherever you store your Dovecot userdb/passwd file. So, wherever you happen to store this file on your system, the path to it needs to be set as $passwdfile in the dovecotpfd.php file. This assumes you use Dovecot as your SASL provider and a Dovecot passwd file as the backend authentication store (otherwise my password plugin is useless to you).

The example of "$passwdfile = sprintf("/home/mail/%s/passwd", $domain);" is there to show how it is possible to use multiple passwd files, one for each domain. If you only use one passwd file for all your users, you can of course get rid of the sprintf part and replace it with a single string containing the path to the passwd file.

Hope that helps.

Offline corford

  • Newbie
  • *
  • Posts: 3
New Dovecot passwd/userdb driver for password plugin
« Reply #4 on: September 08, 2011, 04:26:15 PM »
Quote from: schuetzi;36477
Hi

I installed this plugin. Many thanks for this great work.
When I tested it, the password was sed, but no linfeed (\n) was on the end of the line, so the next user was in the same line.
I changed line number 138 in chgdovecotpw and :

138                                                 $data[1] = $new_password_hash . "\n";

Now it works.
I speak PHP as bad as english, so I hope this is o.k.

Regards,

Klaus


Hi Klaus

I think you may have hit a bug to do with the way the script outputted the passwd file once it had processed it. I have since reworked this part of the code and would suggest you try the latest version, which you can download from here: http://dovecotpfd.googlecode.com/files/dovecotpfd-1.1.tar.gz

Please let me know if that solved the problem.

Thanks,
Charlie
« Last Edit: September 08, 2011, 04:35:05 PM by corford »

Offline toms130

  • Newbie
  • *
  • Posts: 2
Re: New Dovecot passwd/userdb driver for password plugin
« Reply #5 on: February 22, 2013, 12:20:22 PM »
Hi everyone,

I have a problem with this plugin :
The plugin is diaplayed in roundcube, it seems that it can read my password file, but can't update
(if i put a wrong password, he says to me)

When I put correct password ans new password, it displays a message who says that it is impossible to save the new password

I found the following message in /var/log/roundcube/errors

Code: [Select]
[22-Feb-2013 17:47:07 +0100]: PHP Error: Password plugin: Broken driver dovecotpfd in /var/www/plugins/password/password.php on line 258 (POST /?_task=settings&_action=plugin.password-save?_task=&_action=)

ps : when I'm logged with the user i've created (mailpasswd) and when i use the following command, it works and updates my password file
Code: [Select]
/usr/sbin/chgdovecotpw -f=/etc/postfix/dovecot/users.conf -u=user@domain.com -s=CRAM-MD5 -p=passwd


Any ideas ?
Thanks
Thomas

Offline ABerglund

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 673
Re: New Dovecot passwd/userdb driver for password plugin
« Reply #6 on: February 22, 2013, 03:02:55 PM »
Could be a simple permissions issue. Is the password file writable by the webserver user?
Arne Berglund
SysAdmin, Internet Services
Lane Education Service District
Eugene, OR, USA

Offline alec

  • Hero Member
  • *****
  • Posts: 1,363
Re: New Dovecot passwd/userdb driver for password plugin
« Reply #7 on: February 23, 2013, 03:07:28 AM »
Code: [Select]
[22-Feb-2013 17:47:07 +0100]: PHP Error: Password plugin: Broken driver dovecotpfd in /var/www/plugins/password/password.php on line 258 (POST /?_task=settings&_action=plugin.password-save?_task=&_action=)
This error just means that the driver is incompatible with password plugin version you're using. If you know PHP a little, see other drivers to see how the structure of the driver file should look like.

Offline toms130

  • Newbie
  • *
  • Posts: 2
Re: New Dovecot passwd/userdb driver for password plugin
« Reply #8 on: February 25, 2013, 11:03:14 AM »
Turns out that there was some things to change in code effectively.
for people who has the same mistakes :

1st - I have add the name of the class in dovecotpfd.php
Code: [Select]
class rcube_dovecotpfd_password
{
..
}

2nd - In config.inc.php, i have change the last line by removing &quot symbols
Code: [Select]
// Specify the username format used in the passwd/userdb file (valid values are "%n" or "%u", corresponding to Dovecots %n and %u variables - see: http://wiki.dovecot.org/Variables)
$rcmail_config['password_dovecotpfd_format'] = ""%u&quot";
// Desired password hashing scheme (run dovecotpw -l for a list of supported schemes on your system)
$rcmail_config['password_dovecotpfd_scheme'] = "CRAM-MD5";


Thomas

Offline bguardian

  • Newbie
  • *
  • Posts: 1
Re: New Dovecot passwd/userdb driver for password plugin
« Reply #9 on: March 28, 2013, 08:38:24 AM »
toms130 in on the right path, to get the dovecotpfd-plugin working with roundcube 0.8.6 (0.8.x?) actually this is needed:

edit  dovecotpfd.php:

Code: [Select]
class rcube_dovecotpfd_password
{
   function save($currpass, $newpass)
   {

... (the old code without the first function-declaration changed above!) ...

}

there is no need to change "config.inc.php", the old line is still working:
Code: [Select]
$rcmail_config['password_dovecotpfd_format'] = ""%u&quot";

Offline Auguss

  • Newbie
  • *
  • Posts: 3
Re: New Dovecot passwd/userdb driver for password plugin
« Reply #10 on: October 29, 2013, 02:58:49 PM »
This might a along the same lines of this thread. I am using a web host service provider as in ipage.com or godaddy.com. How do i alter this plugin to change password on their servers using this plugin.

I know all the server information, as in address and ports, just need to know where to put the information for this to happen, if it can.

Offline onlyindian

  • Newbie
  • *
  • Posts: 1
Re: New Dovecot passwd/userdb driver for password plugin
« Reply #11 on: February 09, 2014, 10:10:53 AM »


Guys 

This is my error log. Please can you tell me what am I suppose to do.  I know i am very late, as this post is quite old, still with some hope that i am posting here my error log.


[09-Feb-2014 20:33:39 +0530]: PHP Error: Password plugin: /usr/html/roundcube/plugins/password/drivers/dovecotpfd-setuid returned an error in /usr/html/roundcube/plugins/password/drivers/dovecotpfd.php on line 81 (POST /?_task=settings&_action=plugin.password-save?_task=&_action=)

Offline Porrier

  • Newbie
  • *
  • Posts: 2
Re: New Dovecot passwd/userdb driver for password plugin
« Reply #12 on: October 30, 2014, 07:28:13 AM »
Hi!

I seems I posted my first request to the wrong place.

I managed to install the dovecotpfd-1.1 plugin. It is working so far. I used to use special chars in my password like ? or !. I found out that these chars are escaped when the new password is written. I used:

/usr/sbin/chgdovecotpw -f=/usr/etc/dovecot/passwd -u=andreas@example.de -s=PLAIN -p=my?01

and the password is written as my\?01. The login then does not work ofcourse. I suppose this is the reason why I cannot login when I created a new password with -s=CRAM-MD5 too.

is this module still maintained and is there a solution for this Problem?

Greetings

  Andreas