[Dovecot] strip realms and force lowercasing of usernames?

Chris Wakelin c.d.wakelin at reading.ac.uk
Mon Jun 20 19:55:32 EEST 2005


Dan Hollis wrote:
>>
>>Actually, I've discovered this isn't necessary. You can use
>>
>>auth_username_translation = 
>>AaBbCcDdEeFfGgHhIiJjKkLlMmNnOoPpQqRrSsTtUuVvWwXxYyZz
>>
>>in Dovecot 1.0 stable/tests.
>>
>>It's no help for stripping domains though, but solves my problem 
>>authenticating against AD via PAM but using userdb=passwd (AD isn't 
>>case-senstive).
> 
> 
> Wow. That's pretty wacky. Seems to me it would be better off using regex 
> syntax. Then you could uppercase/lowercase and strip domains too.
> 
> -Dan
> 

Right! A little not-very-well-tested patch to strip domains in 
dovecot-1.0-stable (may work in dovecot-1.0-testXX) :-

To use, add "auth_strip_realm = yes" to dovecot.conf in the section that 
has "auth_default_realm".

It's not very pretty (e.g. if you have "auth_default_realm" set it'll 
strip that too, whereas you might actually want to replace the user 
given domain with default_realm).

I had a think about using regular expressions but it's not easy to see 
why you'd need something so general, and I don't think I'm up to doing 
it anyway!

Hope this helps,
Chris

--- dovecot-1.0-stable/src/auth/mech.c.orig     Mon Jan 31 16:37:54 2005
+++ dovecot-1.0-stable/src/auth/mech.c  Mon Jun 20 17:42:14 2005
@@ -27,6 +27,7 @@

  const char *const *auth_realms;
  const char *default_realm;
+int strip_realm;
  const char *anonymous_username;
  char username_chars[256], username_translation[256];
  int ssl_require_client_cert;
@@ -176,6 +177,9 @@
  {
         unsigned char *p;

+       if ((p = (unsigned char *)strchr(username, '@')) != NULL && 
strip_realm)
+               *p = '\0';
+
         if (*username == '\0') {
                 /* Some PAM plugins go nuts with empty usernames */
                 *error_r = "Empty username";
@@ -487,6 +491,7 @@
         default_realm = getenv("DEFAULT_REALM");
         if (default_realm != NULL && *default_realm == '\0')
                 default_realm = NULL;
+       strip_realm = getenv("STRIP_REALM") != NULL;

         env = getenv("USERNAME_CHARS");
         if (env == NULL || *env == '\0') {
--- dovecot-1.0-stable/src/auth/mech.h.orig     Mon Jan 31 16:37:54 2005
+++ dovecot-1.0-stable/src/auth/mech.h  Mon Jun 20 16:21:47 2005
@@ -71,6 +71,7 @@

  extern const char *const *auth_realms;
  extern const char *default_realm;
+extern int strip_realm;
  extern const char *anonymous_username;
  extern char username_chars[256];
  extern int ssl_require_client_cert;
--- dovecot-1.0-stable/src/master/master-settings.c.orig        Fri Jun 
17 10:05:15 2005
+++ dovecot-1.0-stable/src/master/master-settings.c     Mon Jun 20 
16:03:28 2005
@@ -140,6 +140,7 @@
         DEF(SET_STR, mechanisms),
         DEF(SET_STR, realms),
         DEF(SET_STR, default_realm),
+       DEF(SET_BOOL, strip_realm),
         DEF(SET_STR, userdb),
         DEF(SET_STR, passdb),
         DEF(SET_INT, cache_size),
@@ -316,6 +317,7 @@
         MEMBER(mechanisms) "plain",
         MEMBER(realms) NULL,
         MEMBER(default_realm) NULL,
+       MEMBER(strip_realm) FALSE,
         MEMBER(userdb) "passwd",
         MEMBER(passdb) "pam",
         MEMBER(cache_size) 0,
--- dovecot-1.0-stable/src/master/master-settings.h.orig        Fri Jun 
17 10:05:15 2005
+++ dovecot-1.0-stable/src/master/master-settings.h     Mon Jun 20 
16:04:17 2005
@@ -130,6 +130,7 @@
         const char *mechanisms;
         const char *realms;
         const char *default_realm;
+       int strip_realm;
         const char *userdb;
         const char *passdb;
         unsigned int cache_size;
--- dovecot-1.0-stable/src/master/auth-process.c.orig   Mon Jan 31 
16:37:55 2005
+++ dovecot-1.0-stable/src/master/auth-process.c        Mon Jun 20 
16:06:21 2005
@@ -477,6 +477,8 @@
         env_put(t_strconcat("MECHANISMS=", group->set->mechanisms, NULL));
         env_put(t_strconcat("REALMS=", group->set->realms, NULL));
         env_put(t_strconcat("DEFAULT_REALM=", 
group->set->default_realm, NULL));
+       if (group->set->strip_realm)
+               env_put("STRIP_REALM=1");
         env_put(t_strconcat("USERDB=", group->set->userdb, NULL));
         env_put(t_strconcat("PASSDB=", group->set->passdb, NULL));
         env_put(t_strconcat("USERNAME_CHARS=", 
group->set->username_chars, NULL));

-- 
--+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+-
Christopher Wakelin,                           c.d.wakelin at reading.ac.uk
IT Services Centre, The University of Reading,  Tel: +44 (0)118 378 8439
Whiteknights, Reading, RG6 2AF, UK              Fax: +44 (0)118 975 3094


More information about the dovecot mailing list