Giter Site home page Giter Site logo

radicale-dovecot-auth's People

Contributors

arvedui avatar foursixnine avatar mroethke avatar toniob avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar

Forkers

toniob foursixnine devbrouwer amnore galaxy4public v8jupiter torxed lewoberst nielsb

radicale-dovecot-auth's Issues

Document auth method

Please, be more verbose about used auth method in README.

Quick look into source shows that it is described in DovecotAuth docstring, but README is first contact for readers and not all understand Python, then will not read source.

Passing the remote ip in auth request

Info:
CentOS 7.8.2003
postfix 2.10.1
dovecot 2.2.36
radicale 3.0.3

I've been trying radicale in a test server, but I can't get the auth to work. After bashing my head for a while it dawned on me to enable on auth_debug in dovecot and finally realized why it doesn't work.

I have it setup so that only some users can connect outside of the local network (defined in /etc/dovecot/remote_users). If they're not found there then it tries pam, but the issue is that it needs the remote ip to work (allow_nets=127.0.0.0/8,192.168.1.0/24). Since radicale doesn't provide it, it fails.

Is there a way to pass the remote ip to dovecot?

dovecot log

auth: Debug: pam(test_user): allow_nets: Matching for network 127.0.0.0/8
auth: Debug: pam(test_user): allow_nets: Matching for network 192.168.1.0/24
auth: pam(test_user): allow_nets check failed: Remote IP not known and 'local' missing

dovecot config

passdb {
  driver = passwd-file
  args = username_format=%Ln /etc/dovecot/remote_users
}

passdb {
  driver = pam
  override_fields = allow_nets=127.0.0.0/8,192.168.1.0/24
  skip = authenticated
}

service auth {
  unix_listener /var/spool/postfix/private/auth {
     mode = 0660
     user = postfix
     group = postfix
  }

 unix_listener auth-client {
    path = /var/run/radicale/auth
    mode = 0660
    user = radicale
    group = postfix
 }
}

radicale config

[auth]
type = radicale_dovecot_auth
auth_socket = /var/run/radicale/auth

You have to specify the socket path even when you use host/port

If you want to use dovecot via HTTP, you radicale-dovecot-auth needs only the host and the port in the config. But in practice, you need to set

[auth]
auth_socket =
auth_host = myhost
auth_port = 8888

And auth_socket must be present, but completely empty, unintuitively. Otherwise, the plugin crashes when trying to access auth_socket, and will never get around to accessing host and port.

add support for radicale 3.0 -- and update pypi, please?

Any chance to incorporate something like PR #8 and push an update to pypi, please?

I've been using automated scripts to pull releases from pypi. So for now, I'm still using 0.2.1 which I've locally patched to support Radicale 3.0 by including the .login method and stop relying upon configuration.has_option

Thank you very much!

(This diff is against version 0.2.1.)

--- __init__.py.orig    2020-05-26 05:48:00.323817543 +0000
+++ __init__.py 2020-05-26 05:56:37.737797192 +0000
@@ -39,11 +39,13 @@
     """
 
     def get_connection(self):
-        if not self.configuration.has_option('auth', 'auth_socket'):
+        try:
+            socket_path = self.configuration.get('auth', 'auth_socket')
+        except:
             raise RuntimeError('auth_socket path must be set')
 
         return DovecotAuth(
-                self.configuration.get('auth', 'auth_socket'), SERVICE)
+                socket_path, SERVICE)
 
     def is_authenticated(self, user, password):
         return self.is_authenticated2(None, user, password)
@@ -51,3 +53,6 @@
     def is_authenticated2(self, login, user, password):
         conn = self.get_connection()
         return conn.authenticate(user, password)
+
+    def login(self, login, password):
+        return login if self.is_authenticated(login, password) else ""

No permission

I am getting permission error with latest on Ubuntu using systemctl

Apr 07 19:55:28 env[41647]: Traceback (most recent call last):
Apr 07 19:55:28 env[41647]:   File "/var/lib/radicale/.local/lib/python3.6/site-packages/radicale/app/__init__.py", line 105, in __call__
Apr 07 19:55:28 env[41647]:     status_text, headers, answers = self._handle_request(environ)
Apr 07 19:55:28 env[41647]:   File "/var/lib/radicale/.local/lib/python3.6/site-packages/radicale/app/__init__.py", line 239, in _handle_request
Apr 07 19:55:28 env[41647]:     user = self._auth.login(login, password) or "" if login else ""
Apr 07 19:55:28  env[41647]:   File "/var/lib/radicale/.local/lib/python3.6/site-packages/radicale_dovecot_auth/__init__.py", line 64, in login
Apr 07 19:55:28 env[41647]:     return login if self.is_authenticated(login, password) else ""
Apr 07 19:55:28 env[41647]:   File "/var/lib/radicale/.local/lib/python3.6/site-packages/radicale_dovecot_auth/__init__.py", line 57, in is_authenticated
Apr 07 19:55:28 env[41647]:     return self.is_authenticated2(None, user, password)
Apr 07 19:55:28 env[41647]:   File "/var/lib/radicale/.local/lib/python3.6/site-packages/radicale_dovecot_auth/__init__.py", line 60, in is_authenticated2
Apr 07 19:55:28 env[41647]:     conn = self.get_connection()
Apr 07 19:55:28 env[41647]:   File "/var/lib/radicale/.local/lib/python3.6/site-packages/radicale_dovecot_auth/__init__.py", line 54, in get_connection
Apr 07 19:55:28 env[41647]:     return DovecotAuth(SERVICE, **kwargs)
Apr 07 19:55:28 env[41647]:   File "/var/lib/radicale/.local/lib/python3.6/site-packages/radicale_dovecot_auth/dovecot_auth.py", line 69, in __init__
Apr 07 19:55:28  env[41647]:     self.socket.connect(self.socket_path)
Apr 07 19:55:28 env[41647]: PermissionError: [Errno 13] Permission denied

Avoid import radicale-dovecot-auth from setup.py

Importing radicale-dovecot-auth module from setup.py breaks basic debian's packaging workflow, because it not possible to clean package's tree without full radicale-dovecot-auth's build dependencies installed.

These dependencies are of course needed to build package, but in my case i use separate chroot to build packages (pbuilder), but i cannot use eg. debclean tool, because it fails to run setup.py due missing dependencies. When i patched (v0.2.1) to remove mentioned import and add exact version number, all works as expected. But this is not a solution, while i will easily forget to correct version number in future versions...

Please, consider to move version info out of radicale-dovecot-auth module, as i can see, it is used only in setup.py.

OSError: [Errno 97] Address family not supported by protocol

I was successfully using Dovecot + Radicale + radicale-dovecot-auth-git on my old server, but after restoring the setup using the same exact configurations, I get "Error: 500 Internal Server Error" from the web GUI, and the following messages from syslog when a client tries to connect:

# [...]

 [2020-11-28 16:24:37 +0100] [335/Thread-8] [DEBUG] Script name overwritten by client: '/radicale'
 [2020-11-28 16:24:37 +0100] [335/Thread-8] [DEBUG] Sanitized script name: '/radicale'
 [2020-11-28 16:24:37 +0100] [335/Thread-8] [DEBUG] Sanitized path: '/'
 [2020-11-28 16:24:37 +0100] [335/Thread-8] [ERROR] An exception occurred during PROPFIND request on '/': [Errno 97] Address family not supported by protocol
 Traceback (most recent call last):
   File "/usr/lib/python3.8/site-packages/radicale/app/__init__.py", line 105, in __call__
     status, headers, answers = self._handle_request(environ)
   File "/usr/lib/python3.8/site-packages/radicale/app/__init__.py", line 227, in _handle_request
     user = self._auth.login(login, password) or "" if login else ""
   File "/usr/lib/python3.8/site-packages/radicale_dovecot_auth/__init__.py", line 64, in login
     return login if self.is_authenticated(login, password) else ""
   File "/usr/lib/python3.8/site-packages/radicale_dovecot_auth/__init__.py", line 57, in is_authenticated
     return self.is_authenticated2(None, user, password)
   File "/usr/lib/python3.8/site-packages/radicale_dovecot_auth/__init__.py", line 60, in is_authenticated2
     conn = self.get_connection()
   File "/usr/lib/python3.8/site-packages/radicale_dovecot_auth/__init__.py", line 54, in get_connection
     return DovecotAuth(SERVICE, **kwargs)
   File "/usr/lib/python3.8/site-packages/radicale_dovecot_auth/dovecot_auth.py", line 68, in __init__
     self.socket = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM)
   File "/usr/lib/python3.8/socket.py", line 231, in __init__
     _socket.socket.__init__(self, family, type, proto, fileno)
 OSError: [Errno 97] Address family not supported by protocol

Radicale conf:

# [...]

[auth]
type = radicale_dovecot_auth
auth_socket = /var/lib/radicale/dovecot-auth-client

# [...]

Dovecot conf:

# [...]

service auth {
 unix_listener /var/spool/postfix/private/dovecot-auth-client {
  mode = 0660
  user = postfix
  group = postfix
 }
 unix_listener /var/lib/radicale/dovecot-auth-client {
  mode = 0660
  user = radicale
  group = radicale
 }
 user = dovecot
}

# [...]

I can login to Radicale using different authentication backends, and Postfix is able to talk to its socket without problems.
Am I missing a package or additional configuration?

Publish a package on pypi

Hi,

It would be great to have the package published on pypi. It will give it visibility, possibly more contributions and it would be easier to install.

Thanks

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.