arvedui / radicale-dovecot-auth Goto Github PK
View Code? Open in Web Editor NEWRadicale plugin for dovecot authentication
License: GNU General Public License v3.0
Radicale plugin for dovecot authentication
License: GNU General Public License v3.0
Please, be more verbose about used auth method in README.
Quick look into source shows that it is described in DovecotAuth docstring, but README is first contact for readers and not all understand Python, then will not read source.
I found it confusing that the version that is installed via pip install
is 0.4.1 while the latest version in this repository is 0.4.0. Is there another source repository which is more authoritative than this one?
Info:
CentOS 7.8.2003
postfix 2.10.1
dovecot 2.2.36
radicale 3.0.3
I've been trying radicale in a test server, but I can't get the auth to work. After bashing my head for a while it dawned on me to enable on auth_debug
in dovecot and finally realized why it doesn't work.
I have it setup so that only some users can connect outside of the local network (defined in /etc/dovecot/remote_users). If they're not found there then it tries pam, but the issue is that it needs the remote ip to work (allow_nets=127.0.0.0/8,192.168.1.0/24
). Since radicale doesn't provide it, it fails.
Is there a way to pass the remote ip to dovecot?
dovecot log
auth: Debug: pam(test_user): allow_nets: Matching for network 127.0.0.0/8
auth: Debug: pam(test_user): allow_nets: Matching for network 192.168.1.0/24
auth: pam(test_user): allow_nets check failed: Remote IP not known and 'local' missing
dovecot config
passdb {
driver = passwd-file
args = username_format=%Ln /etc/dovecot/remote_users
}
passdb {
driver = pam
override_fields = allow_nets=127.0.0.0/8,192.168.1.0/24
skip = authenticated
}
service auth {
unix_listener /var/spool/postfix/private/auth {
mode = 0660
user = postfix
group = postfix
}
unix_listener auth-client {
path = /var/run/radicale/auth
mode = 0660
user = radicale
group = postfix
}
}
radicale config
[auth]
type = radicale_dovecot_auth
auth_socket = /var/run/radicale/auth
If you want to use dovecot via HTTP, you radicale-dovecot-auth needs only the host and the port in the config. But in practice, you need to set
[auth]
auth_socket =
auth_host = myhost
auth_port = 8888
And auth_socket must be present, but completely empty, unintuitively. Otherwise, the plugin crashes when trying to access auth_socket, and will never get around to accessing host and port.
Any chance to incorporate something like PR #8 and push an update to pypi, please?
I've been using automated scripts to pull releases from pypi. So for now, I'm still using 0.2.1 which I've locally patched to support Radicale 3.0 by including the .login
method and stop relying upon configuration.has_option
Thank you very much!
(This diff is against version 0.2.1.)
--- __init__.py.orig 2020-05-26 05:48:00.323817543 +0000
+++ __init__.py 2020-05-26 05:56:37.737797192 +0000
@@ -39,11 +39,13 @@
"""
def get_connection(self):
- if not self.configuration.has_option('auth', 'auth_socket'):
+ try:
+ socket_path = self.configuration.get('auth', 'auth_socket')
+ except:
raise RuntimeError('auth_socket path must be set')
return DovecotAuth(
- self.configuration.get('auth', 'auth_socket'), SERVICE)
+ socket_path, SERVICE)
def is_authenticated(self, user, password):
return self.is_authenticated2(None, user, password)
@@ -51,3 +53,6 @@
def is_authenticated2(self, login, user, password):
conn = self.get_connection()
return conn.authenticate(user, password)
+
+ def login(self, login, password):
+ return login if self.is_authenticated(login, password) else ""
I am getting permission error with latest on Ubuntu using systemctl
Apr 07 19:55:28 env[41647]: Traceback (most recent call last):
Apr 07 19:55:28 env[41647]: File "/var/lib/radicale/.local/lib/python3.6/site-packages/radicale/app/__init__.py", line 105, in __call__
Apr 07 19:55:28 env[41647]: status_text, headers, answers = self._handle_request(environ)
Apr 07 19:55:28 env[41647]: File "/var/lib/radicale/.local/lib/python3.6/site-packages/radicale/app/__init__.py", line 239, in _handle_request
Apr 07 19:55:28 env[41647]: user = self._auth.login(login, password) or "" if login else ""
Apr 07 19:55:28 env[41647]: File "/var/lib/radicale/.local/lib/python3.6/site-packages/radicale_dovecot_auth/__init__.py", line 64, in login
Apr 07 19:55:28 env[41647]: return login if self.is_authenticated(login, password) else ""
Apr 07 19:55:28 env[41647]: File "/var/lib/radicale/.local/lib/python3.6/site-packages/radicale_dovecot_auth/__init__.py", line 57, in is_authenticated
Apr 07 19:55:28 env[41647]: return self.is_authenticated2(None, user, password)
Apr 07 19:55:28 env[41647]: File "/var/lib/radicale/.local/lib/python3.6/site-packages/radicale_dovecot_auth/__init__.py", line 60, in is_authenticated2
Apr 07 19:55:28 env[41647]: conn = self.get_connection()
Apr 07 19:55:28 env[41647]: File "/var/lib/radicale/.local/lib/python3.6/site-packages/radicale_dovecot_auth/__init__.py", line 54, in get_connection
Apr 07 19:55:28 env[41647]: return DovecotAuth(SERVICE, **kwargs)
Apr 07 19:55:28 env[41647]: File "/var/lib/radicale/.local/lib/python3.6/site-packages/radicale_dovecot_auth/dovecot_auth.py", line 69, in __init__
Apr 07 19:55:28 env[41647]: self.socket.connect(self.socket_path)
Apr 07 19:55:28 env[41647]: PermissionError: [Errno 13] Permission denied
Importing radicale-dovecot-auth module from setup.py breaks basic debian's packaging workflow, because it not possible to clean package's tree without full radicale-dovecot-auth's build dependencies installed.
These dependencies are of course needed to build package, but in my case i use separate chroot to build packages (pbuilder), but i cannot use eg. debclean tool, because it fails to run setup.py due missing dependencies. When i patched (v0.2.1) to remove mentioned import and add exact version number, all works as expected. But this is not a solution, while i will easily forget to correct version number in future versions...
Please, consider to move version info out of radicale-dovecot-auth module, as i can see, it is used only in setup.py.
I was successfully using Dovecot + Radicale + radicale-dovecot-auth-git on my old server, but after restoring the setup using the same exact configurations, I get "Error: 500 Internal Server Error" from the web GUI, and the following messages from syslog when a client tries to connect:
# [...]
[2020-11-28 16:24:37 +0100] [335/Thread-8] [DEBUG] Script name overwritten by client: '/radicale'
[2020-11-28 16:24:37 +0100] [335/Thread-8] [DEBUG] Sanitized script name: '/radicale'
[2020-11-28 16:24:37 +0100] [335/Thread-8] [DEBUG] Sanitized path: '/'
[2020-11-28 16:24:37 +0100] [335/Thread-8] [ERROR] An exception occurred during PROPFIND request on '/': [Errno 97] Address family not supported by protocol
Traceback (most recent call last):
File "/usr/lib/python3.8/site-packages/radicale/app/__init__.py", line 105, in __call__
status, headers, answers = self._handle_request(environ)
File "/usr/lib/python3.8/site-packages/radicale/app/__init__.py", line 227, in _handle_request
user = self._auth.login(login, password) or "" if login else ""
File "/usr/lib/python3.8/site-packages/radicale_dovecot_auth/__init__.py", line 64, in login
return login if self.is_authenticated(login, password) else ""
File "/usr/lib/python3.8/site-packages/radicale_dovecot_auth/__init__.py", line 57, in is_authenticated
return self.is_authenticated2(None, user, password)
File "/usr/lib/python3.8/site-packages/radicale_dovecot_auth/__init__.py", line 60, in is_authenticated2
conn = self.get_connection()
File "/usr/lib/python3.8/site-packages/radicale_dovecot_auth/__init__.py", line 54, in get_connection
return DovecotAuth(SERVICE, **kwargs)
File "/usr/lib/python3.8/site-packages/radicale_dovecot_auth/dovecot_auth.py", line 68, in __init__
self.socket = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM)
File "/usr/lib/python3.8/socket.py", line 231, in __init__
_socket.socket.__init__(self, family, type, proto, fileno)
OSError: [Errno 97] Address family not supported by protocol
Radicale conf:
# [...]
[auth]
type = radicale_dovecot_auth
auth_socket = /var/lib/radicale/dovecot-auth-client
# [...]
Dovecot conf:
# [...]
service auth {
unix_listener /var/spool/postfix/private/dovecot-auth-client {
mode = 0660
user = postfix
group = postfix
}
unix_listener /var/lib/radicale/dovecot-auth-client {
mode = 0660
user = radicale
group = radicale
}
user = dovecot
}
# [...]
I can login to Radicale using different authentication backends, and Postfix is able to talk to its socket without problems.
Am I missing a package or additional configuration?
Hi,
It would be great to have the package published on pypi. It will give it visibility, possibly more contributions and it would be easier to install.
Thanks
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.