security/ejabberd-dovecot-auth: import (version 0.20120116)

Script to authenticate ejabberd against dovecot Features: auth and isUser work, but setPass doesn't. OK: kn@ sthen@
2026-06-17 23:13:55 +02:00 · 2025-01-05 11:03:56 +00:00
parent 9c9dbfc5da
commit 9958df5f3e
7 changed files with 148 additions and 0 deletions
@@ -0,0 +1,49 @@
+COMMENT =		authenticate ejabberd against dovecot
+
+V =			0.20120116
+DISTNAME =		ejabberd-dovecot-auth-${V}
+
+CATEGORIES =		security net
+
+HOMEPAGE =		https://www.ejabberd.im/check_dovecot_perl/index.html
+
+MAINTAINER =		Kirill A. Korinsky <kirill@korins.ky>
+
+# GPLv2+
+#
+# This script is based on check_mysql.pl
+#   https://www.ejabberd.im/files/efiles/check_mysql.pl.txt
+# which is based on check_pass_null.pl, a part of ejabberd:
+#   https://github.com/processone/ejabberd/blob/23.04/examples/extauth/check_pass_null.pl
+#
+# Since ejabberd has always been distributed under GPLv2+, this script
+# inherits the same license.
+PERMIT_PACKAGE =	Yes
+
+SITES =			https://www.ejabberd.im/files/contributions/
+
+DISTFILES =		${DISTNAME}.pl{check_dovecot.pl.txt}
+
+EXTRACT_ONLY =
+EXTRACT_SUFX =
+
+RUN_DEPENDS =		mail/dovecot \
+			net/ejabberd \
+			security/p5-Authen-SASL-Authd \
+			sysutils/p5-Unix-Syslog
+
+NO_BUILD =		Yes
+NO_TEST =		Yes
+
+do-extract:
+	mkdir -p ${WRKSRC}
+	cp ${FULLDISTDIR}/${DISTNAME}.pl ${WRKSRC}/check-dovecot
+
+do-install:
+	${INSTALL_DATA_DIR} ${PREFIX}/share/ejabberd-dovecot-auth
+	${INSTALL_DATA} ${FILESDIR}/dovecot-ejabberd-auth.conf \
+			${PREFIX}/share/ejabberd-dovecot-auth
+	${INSTALL_SCRIPT} ${WRKSRC}/check-dovecot \
+			${PREFIX}/share/ejabberd-dovecot-auth
+
+.include <bsd.port.mk>
@@ -0,0 +1,2 @@
+SHA256 (ejabberd-dovecot-auth-0.20120116.pl) = B2u51A+Nj2WMB2Iq247uHm/B5aeeSZ2reMhtF6WGCJo=
+SIZE (ejabberd-dovecot-auth-0.20120116.pl) = 3572
@@ -0,0 +1,13 @@
+service auth {
+  unix_listener ejabberd-userdb {
+    mode = 0660
+    user = _ejabberd
+    group = _ejabberd
+  }
+
+  unix_listener ejabberd-client {
+    mode = 0660
+    user = _ejabberd
+    group = _ejabberd
+  }
+}
@@ -0,0 +1,65 @@
+Update path to dovecot sockets, lift restrictions on password, use
+services name, improve loging
+
+Index: check-dovecot
+--- check-dovecot.orig
+++ check-dovecot
+@@ -61,32 +61,22 @@ use Authen::SASL::Authd qw(auth_dovecot user_dovecot);
+ 
+ while(1) {
+     my $buf = "";
+-    syslog LOG_INFO,"ejabberd-dovecot-auth: waiting for packet";
+    syslog LOG_DEBUG,"ejabberd-dovecot-auth: waiting for packet";
+     my $nread = sysread STDIN,$buf,2;
+-    do { syslog LOG_INFO,"ejabberd-dovecot-auth: port closed"; exit; } unless $nread == 2;
+    do { syslog LOG_DEBUG,"ejabberd-dovecot-auth: port closed"; exit; } unless $nread == 2;
+     my $len = unpack "n",$buf;
+     my $nread = sysread STDIN,$buf,$len;
+ 
+-    my ($op,$user,$domain,$password) = split /:/,$buf;
+-    
+-    # Filter dangerous characters
+-    $user =~ s/[."\n\r'\$`]//g;
+-    $password =~ s/[."\n\r'\$`]//g;
+-    
+-    #$user =~ s/\./\//og;
+    my ($op,$user,$domain,$password) = split /:/,$buf,4;
+
+     my $result;
+ 
+-    syslog(LOG_INFO,"ejabberd-dovecot-auth: request ($op, \"$user\@$domain\", '****')");
+-    #print "ejabberd-dovecot-auth: request ($op, \"$user\@$domain\", $password)";
+-
+     SWITCH: {
+         $op eq 'auth' and do {
+-       	       if (auth_dovecot("$user\@$domain", $password, timeout => 3, socket => '/var/run/dovecot/ejabberd')) {
+       	       if (auth_dovecot("$user\@$domain", $password, timeout => 3, socket => '/var/dovecot/ejabberd-client', service_name => 'ejabberd')) {
+                  $result = true;
+-                 syslog(LOG_INFO,"ejabberd-dovecot-auth: -> +OK");
+                } else {
+                  $result = false;
+-                 syslog(LOG_INFO,"ejabberd-dovecot-auth: -> -ERR");
+                }
+         },last SWITCH;
+ 
+@@ -95,15 +85,17 @@ while(1) {
+         },last SWITCH;
+ 
+         $op eq 'isuser' and do {
+-       	       if (user_dovecot("$user\@$domain", timeout => 3, socket => '/var/run/dovecot/ejabberd')) {
+       	       if (user_dovecot("$user\@$domain", timeout => 3, socket => '/var/dovecot/ejabberd-userdb', service_name => 'ejabberd')) {
+                  $result = true;
+-                 syslog(LOG_INFO,"ejabberd-dovecot-auth: -> +OK");
+                } else {
+                  $result = false;
+-                 syslog(LOG_INFO,"ejabberd-dovecot-auth: -> -ERR");
+                }
+           },last SWITCH;
+     };
+
+    syslog(LOG_INFO, "ejabberd-dovecot-auth: request ($op, \"$user\@$domain\") -> "
+           . ($result ? "+OK" : "-ERR"));
+
+     my $out = pack "nn",2,$result ? 1 : 0;
+     syswrite STDOUT,$out;
+   }
@@ -0,0 +1,3 @@
+Script to authenticate ejabberd against dovecot
+
+Features: auth and isUser work, but setPass doesn't.
@@ -0,0 +1,5 @@
+share/doc/pkg-readmes/${PKGSTEM}
+share/ejabberd-dovecot-auth/
+share/ejabberd-dovecot-auth/check-dovecot
+share/ejabberd-dovecot-auth/dovecot-ejabberd-auth.conf
+@sample ${SYSCONFDIR}/dovecot/conf.d/90-ejabberd-auth.conf
@@ -0,0 +1,11 @@
+-------------------------------------------------------------------------------
+| Running ${PKGSTEM} on OpenBSD
+-------------------------------------------------------------------------------
+
+To use dovecot as authentication method you must enable it inside
+ejabeerd. Following code might be added globally to switch all vhosts to
+dovecot based authentication, or per required vhost.
+
+	auth_method: [external]
+	extauth_program: ${TRUEPREFIX}/share/ejabberd-dovecot-auth/check-dovecot
+