# plain digest-md5
auth_mechanisms = plain
-# Space separated list of realms with authentication methods that need them.
-# This is usually empty or the host name of the server (eg.
-# mail.mycompany.com).
-# - plain auth checks the password from all realms specified in here
-# - digest-md5 must have the password added for each realm separately, and
-# many clients simply use the first realm listed here. so if you really
-# need to add more realms, add them to end of the list.
+# Space separated list of realms for SASL authentication mechanisms that need
+# them. You can leave it empty if you don't want to support multiple realms.
+# Many clients simply use the first one listed here, so keep the default realm
+# first.
#auth_realms =
+# Default realm to use if none was specified.
+#auth_default_realm =
+
# Where user database is kept:
# passwd: /etc/passwd or similiar, using getpwnam()
# passwd-file <path>: passwd-like file with specified location
struct digest_auth_request *auth =
(struct digest_auth_request *)auth_request;
struct auth_login_reply reply;
- const char *error;
+ const char *error, *realm;
/* initialize reply */
mech_init_login_reply(&reply);
request->data_size, &error)) {
auth_request->callback = callback;
- if (auth->realm == NULL) {
+ realm = auth->realm != NULL ? auth->realm : default_realm;
+ if (realm == NULL) {
auth_request->user = p_strdup(auth_request->pool,
auth->username);
} else {
auth_request->user = p_strconcat(auth_request->pool,
auth->username, "@",
- auth->realm, NULL);
+ realm, NULL);
}
passdb->lookup_credentials(&auth->auth_request,
mech_auth_finish(auth_request, NULL, 0, FALSE);
} else {
/* split and save user/realm */
- auth_request->user = p_strdup(auth_request->pool, authenid);
+ if (strchr(authenid, '@') == NULL && default_realm != NULL) {
+ auth_request->user = p_strconcat(auth_request->pool,
+ authenid, "@",
+ default_realm, NULL);
+ } else {
+ auth_request->user = p_strdup(auth_request->pool,
+ authenid);
+ }
+
passdb->verify_plain(auth_request, pass, verify_callback);
/* make sure it's cleared */
enum auth_mech auth_mechanisms;
const char *const *auth_realms;
+const char *default_realm;
static int set_use_cyrus_sasl;
static struct mech_module_list *mech_modules;
env = "";
auth_realms = t_strsplit(env, " ");
+ default_realm = getenv("DEFAULT_REALM");
+ if (default_realm != NULL && *default_realm == '\0')
+ default_realm = NULL;
+
set_use_cyrus_sasl = getenv("USE_CYRUS_SASL") != NULL;
#ifdef USE_CYRUS_SASL2
extern enum auth_mech auth_mechanisms;
extern const char *const *auth_realms;
+extern const char *default_realm;
void mech_register_module(struct mech_module *module);
void mech_unregister_module(struct mech_module *module);
env_put(t_strconcat("AUTH_PROCESS=", dec2str(getpid()), NULL));
env_put(t_strconcat("MECHANISMS=", group->set->mechanisms, NULL));
env_put(t_strconcat("REALMS=", group->set->realms, NULL));
+ env_put(t_strconcat("DEFAULT_REALM=", group->set->default_realm, NULL));
env_put(t_strconcat("USERDB=", group->set->userdb, NULL));
env_put(t_strconcat("PASSDB=", group->set->passdb, NULL));
static struct setting_def auth_setting_defs[] = {
DEF(SET_STR, mechanisms),
DEF(SET_STR, realms),
+ DEF(SET_STR, default_realm),
DEF(SET_STR, userdb),
DEF(SET_STR, passdb),
DEF(SET_STR, executable),
const char *name;
const char *mechanisms;
const char *realms;
+ const char *default_realm;
const char *userdb;
const char *passdb;
const char *executable;
projects / thirdparty / dovecot / core.git / commitdiff
