From 20caa6854f0ba83719248a94464a7a24bb7dbd20 Mon Sep 17 00:00:00 2001 From: Timo Sirainen Date: Wed, 2 Apr 2003 04:00:02 +0300 Subject: [PATCH] Added auth_default_realm (based on patch by Kristian Hoffmann) --HG-- branch : HEAD --- dovecot-example.conf | 14 +++++++------- src/auth/mech-digest-md5.c | 7 ++++--- src/auth/mech-plain.c | 10 +++++++++- src/auth/mech.c | 5 +++++ src/auth/mech.h | 1 + src/master/auth-process.c | 1 + src/master/master-settings.c | 1 + src/master/master-settings.h | 1 + 8 files changed, 29 insertions(+), 11 deletions(-) diff --git a/dovecot-example.conf b/dovecot-example.conf index 6393bd5b4b..0178e17eb2 100644 --- a/dovecot-example.conf +++ b/dovecot-example.conf @@ -348,15 +348,15 @@ auth = default # plain digest-md5 auth_mechanisms = plain -# Space separated list of realms with authentication methods that need them. -# This is usually empty or the host name of the server (eg. -# mail.mycompany.com). -# - plain auth checks the password from all realms specified in here -# - digest-md5 must have the password added for each realm separately, and -# many clients simply use the first realm listed here. so if you really -# need to add more realms, add them to end of the list. +# Space separated list of realms for SASL authentication mechanisms that need +# them. You can leave it empty if you don't want to support multiple realms. +# Many clients simply use the first one listed here, so keep the default realm +# first. #auth_realms = +# Default realm to use if none was specified. +#auth_default_realm = + # Where user database is kept: # passwd: /etc/passwd or similiar, using getpwnam() # passwd-file : passwd-like file with specified location diff --git a/src/auth/mech-digest-md5.c b/src/auth/mech-digest-md5.c index 9c7844f352..ab8e506ed1 100644 --- a/src/auth/mech-digest-md5.c +++ b/src/auth/mech-digest-md5.c @@ -551,7 +551,7 @@ mech_digest_md5_auth_continue(struct auth_request *auth_request, struct digest_auth_request *auth = (struct digest_auth_request *)auth_request; struct auth_login_reply reply; - const char *error; + const char *error, *realm; /* initialize reply */ mech_init_login_reply(&reply); @@ -568,13 +568,14 @@ mech_digest_md5_auth_continue(struct auth_request *auth_request, request->data_size, &error)) { auth_request->callback = callback; - if (auth->realm == NULL) { + realm = auth->realm != NULL ? auth->realm : default_realm; + if (realm == NULL) { auth_request->user = p_strdup(auth_request->pool, auth->username); } else { auth_request->user = p_strconcat(auth_request->pool, auth->username, "@", - auth->realm, NULL); + realm, NULL); } passdb->lookup_credentials(&auth->auth_request, diff --git a/src/auth/mech-plain.c b/src/auth/mech-plain.c index 87549c1e1f..4f92105b6f 100644 --- a/src/auth/mech-plain.c +++ b/src/auth/mech-plain.c @@ -47,7 +47,15 @@ mech_plain_auth_continue(struct auth_request *auth_request, mech_auth_finish(auth_request, NULL, 0, FALSE); } else { /* split and save user/realm */ - auth_request->user = p_strdup(auth_request->pool, authenid); + if (strchr(authenid, '@') == NULL && default_realm != NULL) { + auth_request->user = p_strconcat(auth_request->pool, + authenid, "@", + default_realm, NULL); + } else { + auth_request->user = p_strdup(auth_request->pool, + authenid); + } + passdb->verify_plain(auth_request, pass, verify_callback); /* make sure it's cleared */ diff --git a/src/auth/mech.c b/src/auth/mech.c index e57809575b..8a0688692a 100644 --- a/src/auth/mech.c +++ b/src/auth/mech.c @@ -17,6 +17,7 @@ struct mech_module_list { enum auth_mech auth_mechanisms; const char *const *auth_realms; +const char *default_realm; static int set_use_cyrus_sasl; static struct mech_module_list *mech_modules; @@ -229,6 +230,10 @@ void mech_init(void) env = ""; auth_realms = t_strsplit(env, " "); + default_realm = getenv("DEFAULT_REALM"); + if (default_realm != NULL && *default_realm == '\0') + default_realm = NULL; + set_use_cyrus_sasl = getenv("USE_CYRUS_SASL") != NULL; #ifdef USE_CYRUS_SASL2 diff --git a/src/auth/mech.h b/src/auth/mech.h index c0616327ba..1f5024e4aa 100644 --- a/src/auth/mech.h +++ b/src/auth/mech.h @@ -37,6 +37,7 @@ struct mech_module { extern enum auth_mech auth_mechanisms; extern const char *const *auth_realms; +extern const char *default_realm; void mech_register_module(struct mech_module *module); void mech_unregister_module(struct mech_module *module); diff --git a/src/master/auth-process.c b/src/master/auth-process.c index 327cc30aac..882924bbf2 100644 --- a/src/master/auth-process.c +++ b/src/master/auth-process.c @@ -313,6 +313,7 @@ static pid_t create_auth_process(struct auth_process_group *group) env_put(t_strconcat("AUTH_PROCESS=", dec2str(getpid()), NULL)); env_put(t_strconcat("MECHANISMS=", group->set->mechanisms, NULL)); env_put(t_strconcat("REALMS=", group->set->realms, NULL)); + env_put(t_strconcat("DEFAULT_REALM=", group->set->default_realm, NULL)); env_put(t_strconcat("USERDB=", group->set->userdb, NULL)); env_put(t_strconcat("PASSDB=", group->set->passdb, NULL)); diff --git a/src/master/master-settings.c b/src/master/master-settings.c index cfdcf09f12..8b8f72c86f 100644 --- a/src/master/master-settings.c +++ b/src/master/master-settings.c @@ -106,6 +106,7 @@ static struct setting_def login_setting_defs[] = { static struct setting_def auth_setting_defs[] = { DEF(SET_STR, mechanisms), DEF(SET_STR, realms), + DEF(SET_STR, default_realm), DEF(SET_STR, userdb), DEF(SET_STR, passdb), DEF(SET_STR, executable), diff --git a/src/master/master-settings.h b/src/master/master-settings.h index 4edbc6176a..b8975531fc 100644 --- a/src/master/master-settings.h +++ b/src/master/master-settings.h @@ -92,6 +92,7 @@ struct auth_settings { const char *name; const char *mechanisms; const char *realms; + const char *default_realm; const char *userdb; const char *passdb; const char *executable; -- 2.47.3