*-login: Added %{orig_user}, %{orig_username} and %{orig_domain} variables.

The original username is what the client sent to server before any
translations.

diff --git a/src/auth/auth-request-handler.c b/src/auth/auth-request-handler.c
index 98717f944de44480c20c8c7100a317b112e29208..19b8624a2f80919a9eb3bb2ff93c38253de3f326 100644 (file)
--- a/src/auth/auth-request-handler.c
+++ b/src/auth/auth-request-handler.c
@@ -173,6 +173,11 @@ auth_str_append_extra_fields(struct auth_request *request, string_t *dest)
        auth_fields_append(request->extra_fields, dest,
                           AUTH_FIELD_FLAG_HIDDEN, 0);
 
+       if (strcmp(request->original_username, request->user) != 0) {
+               auth_str_add_keyvalue(dest, "original_user",
+                                     request->original_username);
+       }
+
        if (!request->auth_only &&
            auth_fields_exists(request->extra_fields, "proxy")) {
                /* we're proxying */

diff --git a/src/login-common/client-common.c b/src/login-common/client-common.c
index b633b12674173a6063b55dcee5415ce39178c589..ce6e9f796772efc4c57349cb03e82e6b71157173 100644 (file)
--- a/src/login-common/client-common.c
+++ b/src/login-common/client-common.c
@@ -272,6 +272,7 @@ bool client_unref(struct client **_client)
        i_free(client->proxy_user);
        i_free(client->proxy_master_user);
        i_free(client->virtual_user);
+       i_free(client->virtual_user_orig);
        i_free(client->auth_mech_name);
        i_free(client->master_data_prefix);
        pool_unref(&client->pool);
@@ -453,6 +454,7 @@ static struct var_expand_table login_var_expand_empty_tab[] = {
        { 'u', NULL, "user" },
        { 'n', NULL, "username" },
        { 'd', NULL, "domain" },
+
        { 's', NULL, "service" },
        { 'h', NULL, "home" },
        { 'l', NULL, "lip" },
@@ -469,6 +471,9 @@ static struct var_expand_table login_var_expand_empty_tab[] = {
        { '\0', NULL, "real_rip" },
        { '\0', NULL, "real_lport" },
        { '\0', NULL, "real_rport" },
+       { '\0', NULL, "orig_user" },
+       { '\0', NULL, "orig_username" },
+       { '\0', NULL, "orig_domain" },
        { '\0', NULL, NULL }
 };
 
@@ -522,6 +527,19 @@ get_var_expand_table(struct client *client)
        tab[16].value = net_ip2addr(&client->real_remote_ip);
        tab[17].value = dec2str(client->real_local_port);
        tab[18].value = dec2str(client->real_remote_port);
+       if (client->virtual_user_orig == NULL) {
+               tab[19].value = tab[0].value;
+               tab[20].value = tab[1].value;
+               tab[21].value = tab[2].value;
+       } else {
+               tab[19].value = client->virtual_user_orig;
+               tab[20].value = t_strcut(client->virtual_user_orig, '@');
+               tab[21].value = strchr(client->virtual_user_orig, '@');
+               if (tab[21].value != NULL) tab[21].value++;
+
+               for (i = 0; i < 3; i++)
+                       tab[i].value = str_sanitize(tab[i].value, 80);
+       }
        return tab;
 }
 

diff --git a/src/login-common/client-common.h b/src/login-common/client-common.h
index e2a64468e484e99c8b0383371be2510e6d8cdc87..49def5c753eba59c58fcb5a8b3b58f2e95119d4c 100644 (file)
--- a/src/login-common/client-common.h
+++ b/src/login-common/client-common.h
@@ -141,7 +141,7 @@ struct client {
        unsigned int auth_attempts, auth_successes;
        pid_t mail_pid;
 
-       char *virtual_user;
+       char *virtual_user, *virtual_user_orig;
        unsigned int destroyed:1;
        unsigned int input_blocked:1;
        unsigned int login_success:1;

diff --git a/src/login-common/sasl-server.c b/src/login-common/sasl-server.c
index 3fbc56093f603479c7d7765daa6128a961ded083..a90141d2778c0571889b7f6a979fd404c34c4a10 100644 (file)
--- a/src/login-common/sasl-server.c
+++ b/src/login-common/sasl-server.c
@@ -239,7 +239,11 @@ authenticate_callback(struct auth_client_request *request,
                for (i = 0; args[i] != NULL; i++) {
                        if (strncmp(args[i], "user=", 5) == 0) {
                                i_free(client->virtual_user);
+                               i_free_and_null(client->virtual_user_orig);
                                client->virtual_user = i_strdup(args[i] + 5);
+                       } else if (strncmp(args[i], "original_user=", 14) == 0) {
+                               i_free(client->virtual_user_orig);
+                               client->virtual_user_orig = i_strdup(args[i] + 14);
                        } else if (strcmp(args[i], "nologin") == 0 ||
                                   strcmp(args[i], "proxy") == 0) {
                                /* user can't login */
@@ -271,8 +275,13 @@ authenticate_callback(struct auth_client_request *request,
                        for (i = 0; args[i] != NULL; i++) {
                                if (strncmp(args[i], "user=", 5) == 0) {
                                        i_free(client->virtual_user);
+                                       i_free_and_null(client->virtual_user_orig);
                                        client->virtual_user =
                                                i_strdup(args[i] + 5);
+                               } else if (strncmp(args[i], "original_user=", 14) == 0) {
+                                       i_free(client->virtual_user_orig);
+                                       client->virtual_user_orig =
+                                               i_strdup(args[i] + 14);
                                }
                        }
                }