OpenWrt Forum Archive

I know there are a few people here running openwrt on their routers and running Dovecot and Xmail. I had a real hard time finding information on authenticating Dovecot users against Xmail's user database. In the end I hacked together a script to do the authentication. It's not pretty and I don't claim to know what I"m doing, but I thought I'd post it for anyone else that might be interested. Comments and criticism to improve this script would be very welcome.

#!/bin/sh
# This file is the pre-cursor to checkpassword-reply.  It is called by Dovecot
# with the location of checkpassword-reply as an argument (in $1).  To use it,
# you must enter the location of this script as an argument to a passdb
# checkpassword block in /etc/dovecot.conf:

#  passdb checkpassword {
#    args = /path/to/this_script
# It may also be possible to pass the domain as an argument
# to this script by instead using
#    args = /path/to/this_script %d
#  }

#  userdb static {
#    args = uid=vxmail gid=vxmail home=/path/to/MailRoot/domains/%d/%n
#  }

LOCAL_PART_DIR=/path/to/MailRoot
MAILDIR="maildir:$LOCAL_PART_DIR/Maildir"
XMCRYPT_PATH=/path/to/XMCrypt
XMCRYPT_PASSWORD=nothing
USERPASSFILE=$LOCAL_PART_DIR/mailusers.tab

# we need this DOMAIN variable because read cannot handle the NULLs that
# will separte the incoming data.  This is ok since we're only using
# a single domain.
DOMAIN=yourdomain.com

# read cannot handle NULL chars (so result will be all one word)
# Get name@domain<null>password<null> from fd3
read indata <&3
# Close file descriptor 3
3<&-

# use the DOMAIN to strip off username and password
username=${indata%%@$DOMAIN*}
password=${indata##*$DOMAIN}

if [ -z $username ]
then
       username=null
fi

if [ -z $password ]
then
       password=null
fi

# Find the encrypted version of the password
xpassword=`$XMCRYPT_PATH $password`

#read single lines from the $USERPASSFILE looking for $username
# stop on $username and look for XMCRYPT_PASSWORD
# if found, continue, else abort.

ismatched=0
# the read command is very useful here!  It parses into variables on whitespace.
#"domain"/t"account"/t"enc-passwd"/t"account-id"/t"account-dir"/t"account-type"/
# Note: do not use this pipe'd version as it launches a subshell and changes
# to variables inside it do not persist.  Use redirection instead.
#cat $USERPASSFILE |
while read domain account encpasswd accountid accountdir accounttype
do
       # remove the surrounding "s from the variables
       account=${account#\"}
       account=${account%\"}
       encpasswd=${encpasswd#\"}
       encpasswd=${encpasswd%\"}
       if [ "$account" = "$username" ]
       then
         if [ "$encpasswd" = "$xpassword" ]
         then
               ismatched=1
               break
         fi
       fi
done < $USERPASSFILE

# use arithmetic operator here (-neq) not string operator (!=)
if [ $ismatched -eq 1 ]
then
       # prepare data for checkpassword-reply
       # would be better to use info from mailusers.tab here?
       # set USER
       export USER=$username
       # set HOME
       export HOME=$MAILDIR/$DOMAIN/$username
       # set $UID?
       # set $GID?
fi

# run checkpassword-reply
exec $1

Also, to make this work you need for Dovecot to have permission to read the file in the MailRoot directory. I created a vxmail user and vxmail group. I then chown'd everything in MailRoot to the vxmail group. Beyond testing that I can login to the IMAP server and see the folders I can't say that this approach works. My next task is to get XMail running as non-root or Dovecot running as root and then test test test.

I'm actually quite amazed at what this little router can do (WL-500G Premium).

Thanks,
Stef