RE: [Dovecot] strip realms and force lowercasing of usernames?
I don't know C or C++ but here's the patch I wrote for lowercase auth on test69. Hopefully it's a starting point for anyone who wants to try and tackle this but well beyond my abilities.
Jeff Graves, MCSA Customer Support Engineer Image Source, Inc. 10 Mill Street Bellingham, MA 02019
508.966.5200 - Phone 508.966.5170 - Fax jeff@image-src.com - Email www.image-src.com
-----Original Message----- From: dovecot-bounces@dovecot.org [mailto:dovecot-bounces@dovecot.org] On Behalf Of Peter Evans Sent: Wednesday, June 15, 2005 8:33 PM To: dovecot@dovecot.org Subject: Re: [Dovecot] strip realms and force lowercasing of usernames?
Dan Hollis (test3943395@anime.net) wrote:
So that's three people then. me, jeff graves and peter hessler. More than two :-)
What's the exact 'minimum required users for a feature' number? :-)
Feel free to code it yourself and submit a patch to Timo.
I guess you want to start with 1.0-test-reallybignumber
as a base.
If I had the energy, I might do this.
PJeff Graves wrote:
I don't know C or C++ but here's the patch I wrote for lowercase auth on test69. Hopefully it's a starting point for anyone who wants to try and tackle this but well beyond my abilities.
Actually, I've discovered this isn't necessary. You can use
auth_username_translation = AaBbCcDdEeFfGgHhIiJjKkLlMmNnOoPpQqRrSsTtUuVvWwXxYyZz
in Dovecot 1.0 stable/tests.
It's no help for stripping domains though, but solves my problem authenticating against AD via PAM but using userdb=passwd (AD isn't case-senstive).
Best Wishes, Chris
-- --+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+- Christopher Wakelin, c.d.wakelin@reading.ac.uk IT Services Centre, The University of Reading, Tel: +44 (0)118 378 8439 Whiteknights, Reading, RG6 2AF, UK Fax: +44 (0)118 975 3094
On Mon, 20 Jun 2005, Chris Wakelin wrote:
Jeff Graves wrote:
I don't know C or C++ but here's the patch I wrote for lowercase auth on test69. Hopefully it's a starting point for anyone who wants to try and tackle this but well beyond my abilities. Actually, I've discovered this isn't necessary. You can use
auth_username_translation = AaBbCcDdEeFfGgHhIiJjKkLlMmNnOoPpQqRrSsTtUuVvWwXxYyZz
in Dovecot 1.0 stable/tests.
It's no help for stripping domains though, but solves my problem authenticating against AD via PAM but using userdb=passwd (AD isn't case-senstive).
Wow. That's pretty wacky. Seems to me it would be better off using regex syntax. Then you could uppercase/lowercase and strip domains too.
-Dan
Dan Hollis wrote:
Actually, I've discovered this isn't necessary. You can use
auth_username_translation = AaBbCcDdEeFfGgHhIiJjKkLlMmNnOoPpQqRrSsTtUuVvWwXxYyZz
in Dovecot 1.0 stable/tests.
It's no help for stripping domains though, but solves my problem authenticating against AD via PAM but using userdb=passwd (AD isn't case-senstive).
Wow. That's pretty wacky. Seems to me it would be better off using regex syntax. Then you could uppercase/lowercase and strip domains too.
-Dan
Right! A little not-very-well-tested patch to strip domains in dovecot-1.0-stable (may work in dovecot-1.0-testXX) :- To use, add "auth_strip_realm = yes" to dovecot.conf in the section that has "auth_default_realm". It's not very pretty (e.g. if you have "auth_default_realm" set it'll strip that too, whereas you might actually want to replace the user given domain with default_realm). I had a think about using regular expressions but it's not easy to see why you'd need something so general, and I don't think I'm up to doing it anyway! Hope this helps, Chris --- dovecot-1.0-stable/src/auth/mech.c.orig Mon Jan 31 16:37:54 2005 +++ dovecot-1.0-stable/src/auth/mech.c Mon Jun 20 17:42:14 2005 @@ -27,6 +27,7 @@ const char *const *auth_realms; const char *default_realm; +int strip_realm; const char *anonymous_username; char username_chars[256], username_translation[256]; int ssl_require_client_cert; @@ -176,6 +177,9 @@ { unsigned char *p; + if ((p = (unsigned char *)strchr(username, '@')) != NULL && strip_realm) + *p = '\0'; + if (*username == '\0') { /* Some PAM plugins go nuts with empty usernames */ *error_r = "Empty username"; @@ -487,6 +491,7 @@ default_realm = getenv("DEFAULT_REALM"); if (default_realm != NULL && *default_realm == '\0') default_realm = NULL; + strip_realm = getenv("STRIP_REALM") != NULL; env = getenv("USERNAME_CHARS"); if (env == NULL || *env == '\0') { --- dovecot-1.0-stable/src/auth/mech.h.orig Mon Jan 31 16:37:54 2005 +++ dovecot-1.0-stable/src/auth/mech.h Mon Jun 20 16:21:47 2005 @@ -71,6 +71,7 @@ extern const char *const *auth_realms; extern const char *default_realm; +extern int strip_realm; extern const char *anonymous_username; extern char username_chars[256]; extern int ssl_require_client_cert; --- dovecot-1.0-stable/src/master/master-settings.c.orig Fri Jun 17 10:05:15 2005 +++ dovecot-1.0-stable/src/master/master-settings.c Mon Jun 20 16:03:28 2005 @@ -140,6 +140,7 @@ DEF(SET_STR, mechanisms), DEF(SET_STR, realms), DEF(SET_STR, default_realm), + DEF(SET_BOOL, strip_realm), DEF(SET_STR, userdb), DEF(SET_STR, passdb), DEF(SET_INT, cache_size), @@ -316,6 +317,7 @@ MEMBER(mechanisms) "plain", MEMBER(realms) NULL, MEMBER(default_realm) NULL, + MEMBER(strip_realm) FALSE, MEMBER(userdb) "passwd", MEMBER(passdb) "pam", MEMBER(cache_size) 0, --- dovecot-1.0-stable/src/master/master-settings.h.orig Fri Jun 17 10:05:15 2005 +++ dovecot-1.0-stable/src/master/master-settings.h Mon Jun 20 16:04:17 2005 @@ -130,6 +130,7 @@ const char *mechanisms; const char *realms; const char *default_realm; + int strip_realm; const char *userdb; const char *passdb; unsigned int cache_size; --- dovecot-1.0-stable/src/master/auth-process.c.orig Mon Jan 31 16:37:55 2005 +++ dovecot-1.0-stable/src/master/auth-process.c Mon Jun 20 16:06:21 2005 @@ -477,6 +477,8 @@ env_put(t_strconcat("MECHANISMS=", group->set->mechanisms, NULL)); env_put(t_strconcat("REALMS=", group->set->realms, NULL)); env_put(t_strconcat("DEFAULT_REALM=", group->set->default_realm, NULL)); + if (group->set->strip_realm) + env_put("STRIP_REALM=1"); env_put(t_strconcat("USERDB=", group->set->userdb, NULL)); env_put(t_strconcat("PASSDB=", group->set->passdb, NULL)); env_put(t_strconcat("USERNAME_CHARS=", group->set->username_chars, NULL)); -- --+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+- Christopher Wakelin, c.d.wakelin@reading.ac.uk IT Services Centre, The University of Reading, Tel: +44 (0)118 378 8439 Whiteknights, Reading, RG6 2AF, UK Fax: +44 (0)118 975 3094
participants (3)
-
Chris Wakelin
-
Dan Hollis
-
Jeff Graves