On Fri, 14 Sep 2007, Alan Ferrency wrote:
I have a likely unusual request regarding IP based virtual dovecot users.
When you specify a passdb passwd-file name containing "%d", then the domain portion is stripped from the login username, before the user is checked in the passwd-file. However, if you specify a passwd-file name containing "%l" (the local IP), the domain portion of the login is not stripped off before the username is checked in the passwd-file. <snip> Does anyone have any recommendations? If what I want can't already be done, and I patched dovecot to do one of these things, how likely would it be to have that patch merged into the project?
Here is a small patch which causes "%0.l" in a passdb-file filename to cause the username to have its domain stripped off. The patch was built against dovecot 1.0.5, but looking at the 1.1-alpha code, it should be directly applicable there as well. --- db-passwd-file.c 16 Mar 2007 16:23:05 -0000 1.1.1.1 +++ db-passwd-file.c 14 Sep 2007 17:20:14 -0000 @@ -288,9 +288,12 @@ for (p = path; *p != '\0'; p++) { if (*p == '%' && p[1] != '\0') { p++; - if (*p == 'd') { - /* drop domains out only if %d is given - without modifiers */ + if (*p == 'd' || + (p[0] == '0' && + p[1] == '.' && + p[2] == 'l')) { + /* drop domains out if %d is given + without modifiers, or if %0.l is specified. */ db->domain_var = TRUE; } This works, but it feels exceedingly hackish and annoying. It begs for a more general purpose solution. I think both the %d and %l cases would be handled better with an additional configuration option in the passwd-file configuration, which allows you to configure auth_username_format on a per-passwd-file basis. An example configuration would look like this: passdb passwd-file { args = /path/%l.passwd username_format = %n } This configuration would cause db_passwd_file_lookup to look up "%n" in the password file, instead of looking up %u. The current use of %d and %0.d in passwd-file names could also be handled this way: passdb passwd-file { args = /path/%d.passwd username_format = %u # instead of using %0.d.passwd } passdb passwd-file { args = /path/%d.passwd username_format = %n # the old default probably shouldn't change } This configuration also allows other interesting uses which aren't currently possible, by allowing the domain to be removed from the username at lookup time, while still making it available for variable substitution within the passdb-file itself. # IP-based virtual users, all in one file passdb passwd-file { args = /path/ip_based.passwd username_format = %n@%l } # and domain-based virtual users in a separate file passdb passwd-file { args = /path/domain_based.passwd username_format = %u } Is this interesting enough to consider adding to dovecot? Thanks, Alan Ferrency pair Networks, Inc. alan@pair.com