deliver: Allow userdb to change the username.

--HG--
branch : HEAD

diff --git a/src/deliver/auth-client.c b/src/deliver/auth-client.c
index 18ea8e9c69bd4f18daeaace6fc94fb585f850668..eec24d46e7c9c65c3cf147df8df4dd6ce2a2ff47 100644 (file)
--- a/src/deliver/auth-client.c
+++ b/src/deliver/auth-client.c
@@ -125,7 +125,7 @@ static int set_env(struct auth_user_reply *reply,
 }
 
 int auth_client_lookup_and_restrict(const char *auth_socket,
-                                   const char *user, uid_t euid, pool_t pool,
+                                   const char **user, uid_t euid, pool_t pool,
                                    ARRAY_TYPE(const_string) *extra_fields_r)
 {
         struct auth_master_connection *conn;
@@ -134,12 +134,13 @@ int auth_client_lookup_and_restrict(const char *auth_socket,
        int ret = EX_TEMPFAIL;
 
        conn = auth_master_init(auth_socket, debug);
-       switch (auth_master_user_lookup(conn, user, "deliver", pool, &reply)) {
+       switch (auth_master_user_lookup(conn, *user, "deliver", pool, &reply)) {
        case 0:
                ret = EX_NOUSER;
                break;
        case 1:
-               if (set_env(&reply, user, euid) == 0) {
+               if (set_env(&reply, *user, euid) == 0) {
+                       *user = p_strdup(pool, reply.user);
                        restrict_access_by_env(TRUE);
                        ret = EX_OK;
                }

diff --git a/src/deliver/auth-client.h b/src/deliver/auth-client.h
index e48043c77b7dbc094c9e16d1af6441b29d794261..2cc3cb01181e47d2d509eb47670ec5417c70dcd8 100644 (file)
--- a/src/deliver/auth-client.h
+++ b/src/deliver/auth-client.h
@@ -2,7 +2,7 @@
 #define AUTH_CLIENT_H
 
 int auth_client_lookup_and_restrict(const char *auth_socket,
-                                   const char *user, uid_t euid, pool_t pool,
+                                   const char **user, uid_t euid, pool_t pool,
                                    ARRAY_TYPE(const_string) *extra_fields_r);
 
 #endif

diff --git a/src/deliver/deliver.c b/src/deliver/deliver.c
index 85ea0db135d79b958d6c235d1e32db0e4347bdfb..42a900e9f8ae3f1ac001d3d87a737de578df0c08 100644 (file)
--- a/src/deliver/deliver.c
+++ b/src/deliver/deliver.c
@@ -814,7 +814,7 @@ int main(int argc, char *argv[])
        const char *config_path = DEFAULT_CONFIG_FILE;
        const char *mailbox = "INBOX";
        const char *auth_socket;
-       const char *home, *destaddr, *user, *value, *errstr, *path;
+       const char *home, *destaddr, *user, *value, *errstr, *path, *orig_user;
        ARRAY_TYPE(const_string) extra_fields = ARRAY_INIT;
        struct mail_user *mail_user, *raw_mail_user;
        struct mail_namespace *raw_ns;
@@ -980,21 +980,30 @@ int main(int argc, char *argv[])
                }
 
                userdb_pool = pool_alloconly_create("userdb lookup replys", 512);
+               orig_user = user;
                ret = auth_client_lookup_and_restrict(auth_socket,
-                                                     user, process_euid,
+                                                     &user, process_euid,
                                                      userdb_pool,
                                                      &extra_fields);
                if (ret != 0)
                        return ret;
+
+               if (strcmp(user, orig_user) != 0) {
+                       /* auth lookup changed the user. */
+                       if (getenv("DEBUG") != NULL)
+                               i_info("userdb changed username to %s", user);
+                       i_set_failure_prefix(t_strdup_printf("deliver(%s): ",
+                                                            user));
+               }
        }
-       if (destaddr == NULL)
-               destaddr = user;
 
        expand_envs(user);
        if (userdb_pool != NULL) {
                putenv_extra_fields(&extra_fields);
                pool_unref(&userdb_pool);
        }
+       if (destaddr == NULL)
+               destaddr = user;
 
        /* Fix namespaces with empty locations */
        for (i = 1;; i++) {

diff --git a/src/lib-auth/auth-master.c b/src/lib-auth/auth-master.c
index 02e5de3d24e40f7d9b0529bce77a59a2f963b306..9cc7bb3ce300124a0c81a91a9d5035c3b9df0baa 100644 (file)
--- a/src/lib-auth/auth-master.c
+++ b/src/lib-auth/auth-master.c
@@ -97,7 +97,8 @@ static void auth_parse_input(struct auth_master_connection *conn,
        reply->gid = (gid_t)-1;
        p_array_init(&reply->extra_fields, conn->pool, 64);
 
-       for (; *args != NULL; args++) {
+       reply->user = p_strdup(conn->pool, *args);
+       for (args++; *args != NULL; args++) {
                if (conn->debug)
                        i_info("auth input: %s", *args);
 

diff --git a/src/lib-auth/auth-master.h b/src/lib-auth/auth-master.h
index 7f1cce774539747878b6219a2102acf8caa559f2..4198fa27fd25b35210342a37ef73c54c3d6da357 100644 (file)
--- a/src/lib-auth/auth-master.h
+++ b/src/lib-auth/auth-master.h
@@ -6,7 +6,7 @@
 struct auth_user_reply {
        uid_t uid;
        gid_t gid;
-       const char *home, *chroot;
+       const char *user, *home, *chroot;
        ARRAY_TYPE(const_string) extra_fields;
 };