From 143e6772aa32b7deaa28941bde07048a931c478b Mon Sep 17 00:00:00 2001
From: Aki Tuomi <aki.tuomi@open-xchange.com>
Date: Thu, 10 Oct 2024 14:36:38 +0300
Subject: [PATCH] auth: Drop username and domain %variable variants

These can be generated with %{user|username} and %{user|domain}
---
 src/auth/auth-cache.c                   | 10 ---------
 src/auth/auth-request-var-expand.c      | 28 +------------------------
 src/auth/auth-request-var-expand.h      |  4 +---
 src/auth/auth.c                         |  2 --
 src/auth/test-auth-cache.c              | 10 ++-------
 src/auth/test-auth-request-var-expand.c |  8 +++----
 6 files changed, 8 insertions(+), 54 deletions(-)

diff --git a/src/auth/auth-cache.c b/src/auth/auth-cache.c
index d6790aab25..156d4fc5c8 100644
--- a/src/auth/auth-cache.c
+++ b/src/auth/auth-cache.c
@@ -99,18 +99,8 @@ static char *auth_cache_parse_key_exclude(pool_t pool, const char *query,
 		}
 	}
 
-	if (key_seen[AUTH_REQUEST_VAR_TAB_USERNAME_IDX] &&
-	    key_seen[AUTH_REQUEST_VAR_TAB_DOMAIN_IDX]) {
-		/* %n and %d both used -> replace with %u */
-		key_seen[AUTH_REQUEST_VAR_TAB_USER_IDX] = TRUE;
-		key_seen[AUTH_REQUEST_VAR_TAB_USERNAME_IDX] = FALSE;
-		key_seen[AUTH_REQUEST_VAR_TAB_DOMAIN_IDX] = FALSE;
-	}
-
 	/* we rely on these being at the beginning */
 	i_assert(AUTH_REQUEST_VAR_TAB_USER_IDX == 0);
-	i_assert(AUTH_REQUEST_VAR_TAB_USERNAME_IDX == 1);
-	i_assert(AUTH_REQUEST_VAR_TAB_DOMAIN_IDX == 2);
 
 	extra_vars = t_strdup(str_c(str));
 	str_truncate(str, 0);
diff --git a/src/auth/auth-request-var-expand.c b/src/auth/auth-request-var-expand.c
index 5cd6b7e2d0..77753ff6ed 100644
--- a/src/auth/auth-request-var-expand.c
+++ b/src/auth/auth-request-var-expand.c
@@ -14,8 +14,6 @@ struct auth_request_var_expand_ctx {
 const struct var_expand_table
 auth_request_var_expand_static_tab[] = {
 	{ .key = "user", .value = NULL },
-	{ .key = "username", .value = NULL },
-	{ .key = "domain", .value = NULL },
 	{ .key = "protocol", .value = NULL },
 	{ .key = "home", .value = NULL },
 	{ .key = "local_ip", .value = NULL },
@@ -29,8 +27,6 @@ auth_request_var_expand_static_tab[] = {
 	{ .key = "remote_port", .value = NULL },
 	{ .key = "cert", .value = NULL },
 	{ .key = "login_user", .value = NULL },
-	{ .key = "login_username", .value = NULL },
-	{ .key = "login_domain", .value = NULL },
 	{ .key = "session", .value = NULL },
 	{ .key = "real_local_ip", .value = NULL },
 	{ .key = "real_remote_ip", .value = NULL },
@@ -41,11 +37,7 @@ auth_request_var_expand_static_tab[] = {
 	{ .key = "master_user", .value = NULL },
 	{ .key = "session_pid", .value = NULL },
 	{ .key = "original_user", .value = NULL },
-	{ .key = "original_username", .value = NULL },
-	{ .key = "original_domain", .value = NULL },
 	{ .key = "auth_user", .value = NULL },
-	{ .key = "auth_username", .value = NULL },
-	{ .key = "auth_domain", .value = NULL },
 	{ .key = "local_name", .value = NULL },
 	{ .key = "client_id", .value = NULL },
 	{ .key = "ssl_ja3_hash", .value = NULL },
@@ -95,8 +87,6 @@ auth_request_get_var_expand_table_full(const struct auth_request *auth_request,
 		username = "";
 
 	var_expand_table_set_value(tab, "user", username);
-	var_expand_table_set_value(tab, "username", t_strcut(username, '@'));
-	var_expand_table_set_value(tab, "domain", i_strchr_to_next(username, '@'));
 	var_expand_table_set_value(tab, "protocol", fields->protocol);
 	/* tab['home'] = we have no home dir */
 	if (fields->local_ip.family != 0) {
@@ -138,15 +128,7 @@ auth_request_get_var_expand_table_full(const struct auth_request *auth_request,
 	var_expand_table_set_value(tab, "cert",
 			fields->valid_client_cert ? "valid" : "");
 
-	if (fields->requested_login_user != NULL) {
-		const char *login_user = fields->requested_login_user;
-
-		var_expand_table_set_value(tab, "login_user", login_user);
-		var_expand_table_set_value(tab, "login_username",
-					   t_strcut(login_user, '@'));
-		var_expand_table_set_value(tab, "login_domain",
-					   i_strchr_to_next(login_user, '@'));
-	}
+	var_expand_table_set_value(tab, "login_user", fields->requested_login_user);
 
 	var_expand_table_set_value(tab, "session", fields->session_id);
 	if (fields->real_local_ip.family != 0) {
@@ -180,18 +162,10 @@ auth_request_get_var_expand_table_full(const struct auth_request *auth_request,
 	orig_user = fields->original_username != NULL ?
 		fields->original_username : username;
 	var_expand_table_set_value(tab, "original_user", orig_user);
-	var_expand_table_set_value(tab, "original_username",
-				   t_strcut(orig_user, '@'));
-	var_expand_table_set_value(tab, "original_domain",
-				   i_strchr_to_next(orig_user, '@'));
 
 	auth_user = fields->master_user != NULL ?
 		fields->master_user : orig_user;
 	var_expand_table_set_value(tab, "auth_user", auth_user);
-	var_expand_table_set_value(tab, "auth_username",
-				   t_strcut(auth_user, '@'));
-	var_expand_table_set_value(tab, "auth_domain",
-				   i_strchr_to_next(auth_user, '@'));
 	var_expand_table_set_value(tab, "local_name", fields->local_name);
 	var_expand_table_set_value(tab, "client_id", fields->client_id);
 	var_expand_table_set_value(tab, "ssl_ja3_hash", fields->ssl_ja3_hash);
diff --git a/src/auth/auth-request-var-expand.h b/src/auth/auth-request-var-expand.h
index 9708372fc5..3f4a394003 100644
--- a/src/auth/auth-request-var-expand.h
+++ b/src/auth/auth-request-var-expand.h
@@ -6,9 +6,7 @@ auth_request_escape_func_t(const char *string,
 			   const struct auth_request *auth_request);
 
 #define AUTH_REQUEST_VAR_TAB_USER_IDX 0
-#define AUTH_REQUEST_VAR_TAB_USERNAME_IDX 1
-#define AUTH_REQUEST_VAR_TAB_DOMAIN_IDX 2
-#define AUTH_REQUEST_VAR_TAB_COUNT 37
+#define AUTH_REQUEST_VAR_TAB_COUNT 29
 extern const struct var_expand_table
 auth_request_var_expand_static_tab[AUTH_REQUEST_VAR_TAB_COUNT+1];
 
diff --git a/src/auth/auth.c b/src/auth/auth.c
index c73dcb27c2..e3ae4db347 100644
--- a/src/auth/auth.c
+++ b/src/auth/auth.c
@@ -475,8 +475,6 @@ void auths_init(void)
 
 	/* sanity checks */
 	i_assert(*auth_request_var_expand_static_tab[AUTH_REQUEST_VAR_TAB_USER_IDX].key == 'u');
-	i_assert(*auth_request_var_expand_static_tab[AUTH_REQUEST_VAR_TAB_USERNAME_IDX].key == 'u');
-	i_assert(*auth_request_var_expand_static_tab[AUTH_REQUEST_VAR_TAB_DOMAIN_IDX].key == 'd');
 	i_assert(auth_request_var_expand_static_tab[AUTH_REQUEST_VAR_TAB_COUNT].key == NULL);
 	i_assert(auth_request_var_expand_static_tab[AUTH_REQUEST_VAR_TAB_COUNT-1].key != NULL);
 
diff --git a/src/auth/test-auth-cache.c b/src/auth/test-auth-cache.c
index c1075bdb62..f7bb5a7d1f 100644
--- a/src/auth/test-auth-cache.c
+++ b/src/auth/test-auth-cache.c
@@ -8,10 +8,7 @@
 
 const struct var_expand_table
 auth_request_var_expand_static_tab[AUTH_REQUEST_VAR_TAB_COUNT + 1] = {
-	/* these 3 must be in this order */
 	{ .key = "user", .value = NULL },
-	{ .key = "username", .value = NULL },
-	{ .key = "domain", .value = NULL },
 
 	{ .key = "a", .value = NULL },
 	{ .key = "b", .value = NULL },
@@ -73,11 +70,8 @@ static void test_auth_cache_parse_key(void)
 	static const struct {
 		const char *in, *out;
 	} tests[] = {
-		{ "%{username}@%{domain}", "%{user}" },
-		{ "%{username}@%{domain}", "%{user}" },
-		{ "%{username}%{domain}%{user}", "%{user}" },
-		{ "%{username}", "%{username}" },
-		{ "%{domain}", "%{domain}" },
+		{ "%{user|username}", "%{user}" },
+		{ "%{user|domain}", "%{user}" },
 		{ "%{a}%{b}%{user}", "%{user}\t%{a}\t%{b}" },
 
 		{ "foo%{a | substr(5, 5) }bar", "%{a}" },
diff --git a/src/auth/test-auth-request-var-expand.c b/src/auth/test-auth-request-var-expand.c
index 9cf26397f3..6a4ba82a70 100644
--- a/src/auth/test-auth-request-var-expand.c
+++ b/src/auth/test-auth-request-var-expand.c
@@ -85,7 +85,7 @@ static bool test_empty_request(string_t *str, const char *input)
 static void test_auth_request_var_expand_keys(void)
 {
 	static const char *test_input_long =
-		"%{user}\n%{username}\n%{domain}\n%{protocol}\n%{home}\n"
+		"%{user}\n%{user | username}\n%{user | domain}\n%{protocol}\n%{home}\n"
 		"%{local_ip}\n%{remote_ip}\n"
 		"%{client_pid}\n%{password}\n%{mechanism}\n%{secured}\n"
 		"%{local_port}\n%{remote_port}\n%{cert}\n";
@@ -151,11 +151,11 @@ static void test_auth_request_var_expand_flags(void)
 static void test_auth_request_var_expand_long(void)
 {
 	static const char *test_input =
-		"%{login_user}\n%{login_username}\n%{login_domain}\n%{session}\n"
+		"%{login_user}\n%{login_user | username}\n%{login_user | domain}\n%{session}\n"
 		"%{real_local_ip}\n%{real_remote_ip}\n"
 		"%{real_local_port}\n%{real_remote_port}\n"
 		"%{master_user}\n%{session_pid}\n"
-		"%{original_user}\n%{original_username}\n%{original_domain}\n";
+		"%{original_user}\n%{original_user | username}\n%{original_user | domain}\n";
 	static const char *test_output =
 		"+loginuser@+logindomain1@+logindomain2\n+loginuser\n+logindomain1@+logindomain2\n+session\n"
 		"13.81.174.20\n13.81.174.21\n"
@@ -190,7 +190,7 @@ static void test_auth_request_var_expand_usernames(void)
 		{ "-foo@-domain1@-domain2", "+foo\n+domain1@+domain2\n+domain1\n+domain2\n+foo@+domain1@+domain2" }
 	};
 	static const char *test_input =
-		"%{username}\n%{domain}\n%{domain_first}\n%{domain_last}\n%{user}";
+		"%{user | username}\n%{user | domain}\n%{domain_first}\n%{domain_last}\n%{user}";
 	string_t *str = t_str_new(64);
 	const char *error;
 	unsigned int i;
-- 
2.47.3