Does anyone have any thoughts on this (the proxy piece isn't needed,
since you can't proxy with USER/PASS)? Would it break any
installations? It works in my testing. For sites using their own
canonicalization plugin, this is probably necessary.
--
Kenneth Murchison
Systems Programmer
Project Cyrus Developer/Maintainer
Carnegie Mellon University
--- Begin Message ---
Hello,
I'm experiencing problems with user canonicalization when logging
in to pop3 via a user/pass login.
Logging in via auth/digest-md5 (pop3test) canonicalizes as
expected, however if I telnet like this:
telnet localhost 110
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
+OK neo Cyrus POP3 Murder v2.3.8-Debian-2.3.8-1-1 server ready
<[EMAIL PROTECTED]>
user [EMAIL PROTECTED]
+OK Name is a valid mailbox
pass mysecret
I receive a mailbox does not exist error, and syslog reports that
'[EMAIL PROTECTED]' logged in rather than my canonicalized user. My
canonicalized user has a mailbox, but not [EMAIL PROTECTED]
I'm using version 2.3.8 with the ldapdb auxprop+canonuser plugin.
The following patch fixes this problem for me. It's a cut and
paste from the cmd_auth function into the cmd_pass function:
--- pop3d.c.orig 2007-10-02 16:55:20.000000000 -0500
+++ pop3d.c 2007-10-02 16:54:35.000000000 -0500
@@ -1199,6 +1199,8 @@
void cmd_pass(char *pass)
{
int plaintextloginpause;
+ int sasl_result;
+ char *canon_user;
if (!popd_userid) {
prot_printf(popd_out, "-ERR [AUTH] Must give USER
command\r\n");
@@ -1258,6 +1260,42 @@
return;
}
else {
+
+ /* successful authentication */
+
+ /* get the userid from SASL --- already canonicalized from
+ * mysasl_proxy_policy()
+ */
+ sasl_result = sasl_getprop(popd_saslconn, SASL_USERNAME,
+ (const void **) &canon_user);
+ if (sasl_result != SASL_OK) {
+ prot_printf(popd_out,
+ "-ERR [AUTH] weird SASL error %d getting
SASL_USERNAME\r\n",
+ sasl_result);
+ return;
+ }
+
+ /* If we're proxying, the authzid may contain a subfolder,
+ so re-canonify it */
+ if (config_getswitch(IMAPOPT_POPSUBFOLDERS) &&
strchr(canon_user, '+')) {
+ char userbuf[MAX_MAILBOX_NAME+1];
+ unsigned userlen;
+
+ sasl_result = popd_canon_user(popd_saslconn, NULL,
canon_user, 0,
+ SASL_CU_AUTHID |
SASL_CU_AUTHZID,
+ NULL, userbuf,
sizeof(userbuf), &userlen);
+ if (sasl_result != SASL_OK) {
+ prot_printf(popd_out,
+ "-ERR [AUTH] SASL canonification
error %d\r\n",
+ sasl_result);
+ return;
+ }
+
+ popd_userid = xstrdup(userbuf);
+ } else {
+ popd_userid = xstrdup(canon_user);
+ }
+
syslog(LOG_NOTICE, "login: %s %s%s plaintext%s %s",
popd_clienthost,
popd_userid, popd_subfolder ? popd_subfolder : "",
popd_starttls_done ? "+TLS" : "", "User logged in");
Thank You,
--
Dan White <[EMAIL PROTECTED]>
----
Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
--- End Message ---