Re: What happened to normalizeuid?

2017-01-19 Thread Bron Gondwana via Info-cyrus 
On Fri, 20 Jan 2017, at 03:31, Sebastian Hagedorn via Info-cyrus wrote:
> --On 19. Januar 2017 um 17:18:06 +0100 Simon Matter 
>  wrote:
> 
> > We and others had this as a patch in our RPMs but I think it has never
> > been part of vanilla cyrus-imapd.
> 
> Oops. Should I open an issue for a feature request? I'm surprised that's 
> not something many sites want ...

OK, I've never heard of this thing. What is it?

.. lmgtfy ..

Right, so it's something to normalise the userid when you log in.

It will definitely have to be rewritten for Cyrus 3+, because all that stuff got
moved into mbname_t and friends.

Regards,

Bron.

-- 
  Bron Gondwana
  br...@fastmail.fm

Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: What happened to normalizeuid?

2017-01-19 Thread Sebastian Hagedorn via Info-cyrus 
--On 19. Januar 2017 um 17:18:06 +0100 Simon Matter 
 wrote:



We and others had this as a patch in our RPMs but I think it has never
been part of vanilla cyrus-imapd.


Oops. Should I open an issue for a feature request? I'm surprised that's 
not something many sites want ...

--
   .:.Sebastian Hagedorn - Weyertal 121 (Gebäude 133), Zimmer 2.02.:.
.:.Regionales Rechenzentrum (RRZK).:.
  .:.Universität zu Köln / Cologne University - ✆ +49-221-470-89578.:.

pgpo3y2etspDP.pgp
Description: PGP signature

Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: What happened to normalizeuid?

2017-01-19 Thread Simon Matter via Info-cyrus 
> Hi,
>
> I considered opening a Github issue, but the question seems too trivial
> for
> that.
>
> I'm playing around with cyrus-imapd-3.0.0-rc1. When I ran "cyr_info
> conf-lint" on the conf files from our 2.4.x production server, I got a few
> items I knew how to deal with, but also this:
>
> normalizeuid: 1
> tls_require_cert: off
>
> tls_require_cert was off by default anyway, and all the tls options were
> reworked a lot, so I figured that one could just be dropped.
>
> But in 2.4 normalizeuid 1 was off by default. I couldn't find the string
> normalizeuid anywhere in the source or the release notes. I'd say that's
> bad. If you get rid of an option, that should be documented. What is the
> new default?

Hi,

We and others had this as a patch in our RPMs but I think it has never
been part of vanilla cyrus-imapd.

Regards,
Simon


Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

What happened to normalizeuid?

2017-01-19 Thread Sebastian Hagedorn via Info-cyrus 

Hi,

I considered opening a Github issue, but the question seems too trivial for 
that.


I'm playing around with cyrus-imapd-3.0.0-rc1. When I ran "cyr_info 
conf-lint" on the conf files from our 2.4.x production server, I got a few 
items I knew how to deal with, but also this:


normalizeuid: 1
tls_require_cert: off

tls_require_cert was off by default anyway, and all the tls options were 
reworked a lot, so I figured that one could just be dropped.


But in 2.4 normalizeuid 1 was off by default. I couldn't find the string 
normalizeuid anywhere in the source or the release notes. I'd say that's 
bad. If you get rid of an option, that should be documented. What is the 
new default?


Cheers
Sebastian
--
   .:.Sebastian Hagedorn - Weyertal 121 (Gebäude 133), Zimmer 2.02.:.
.:.Regionales Rechenzentrum (RRZK).:.
  .:.Universität zu Köln / Cologne University - ✆ +49-221-470-89578.:.

pgpSwyfG2CYaU.pgp
Description: PGP signature

Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: imap impersonate

2017-01-19 Thread Jason L Tibbitts III via Info-cyrus 
> "PG" == Patrick Goetz via Info-cyrus  
> writes:

PG> Why would you need to do this as opposed to, say, just setting up
PG> multiple personalities on your MUA?

I used impersonation to initially import mailboxes into Cyrus way back
when I switched from uw-imapd.  I guess it might also be useful to be
able to see the same view of a user's mailbox that they have without
having their password.

 - J<

Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: imap impersonate

2017-01-19 Thread Patrick Goetz via Info-cyrus 
Why would you need to do this as opposed to, say, just setting up 
multiple personalities on your MUA?


On 01/19/2017 02:17 AM, Gabriele Bulfon via Info-cyrus wrote:

Hi,

is there any mechanism with Cyrus imap to impersonate another user?
I've seen other imap servers scenarios where one may use plain
authentication and sending user as mailboxuser plus a separator plus
adminuser and use only adminpassword, to get access to the mailboxuser
as is (dovecot, exchange).

Anything like this in Cyrus?

Gabriele


*Sonicle S.r.l. *: http://www.sonicle.com 
*Music: *http://www.gabrielebulfon.com 
*Quantum Mechanics : *http://www.cdbaby.com/cd/gabrielebulfon



Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus



Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: imap impersonate

2017-01-19 Thread Gabriele Bulfon via Info-cyrus 
wow...I just found that in Java is already implemented:
Properties props=System.getProperties();
props.setProperty("mail.imap.sasl.authorizationid","targetmail...@domain.tld" );
Session session=Session.getInstance(props);
Store store=session.getStore("imap");
store.connect("host",143,"adminuser","adminpass");
there you go with the session on the targetmailbox ;)
Thanks a lot!
Gabriele

Sonicle S.r.l.
:
http://www.sonicle.com
Music:
http://www.gabrielebulfon.com
Quantum Mechanics :
http://www.cdbaby.com/cd/gabrielebulfon
--
Da: Michael Menge
A: Gabriele Bulfon
Cc: info-cyrus@lists.andrew.cmu.edu
Data: 19 gennaio 2017 13.14.13 CET
Oggetto: Re: imap impersonate
Quoting Gabriele Bulfon
:
Thanks,
my imapd.conf has already :
admins: sonicle
sasl_mech_list: plain
if I try an imap session with:
A01 AUTHENTICATE PLAIN
+
xxx
where xxx comes from 'echo -en "\0sonicle\0pass" | base64' , I
get authenticated as sonicle.
Now, how do I switch to the desired user?
Once I understand how to do it via imap protocol, I need to
replicate it in java code through:
store.connect(host,143,user,pass);
Thanks in advance!
Gabriele
Quoting from https://tools.ietf.org/html/rfc4616
2.  PLAIN SASL Mechanism
The mechanism consists of a single message, a string of [UTF-8]
encoded [Unicode] characters, from the client to the server.  The
client presents the authorization identity (identity to act as),
followed by a NUL (U+) character, followed by the authentication
identity (identity whose password will be used), followed by a NUL
(U+) character, followed by the clear-text password.  As with
other SASL mechanisms, the client does not provide an authorization
identity when it wishes the server to derive an identity from the
credentials and use that as the authorization identity.
so it is UserID\0AdminID\0AdminPass

M.MengeTel.: (49) 7071/29-70316
Universität Tübingen   Fax.: (49) 7071/29-5912
Zentrum für Datenverarbeitung  mail:
michael.me...@zdv.uni-tuebingen.de
Wächterstraße 76
72074 Tübingen

Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: imap impersonate

2017-01-19 Thread Michael Menge via Info-cyrus 

Quoting Gabriele Bulfon :


Thanks,
my imapd.conf has already :
admins: sonicle
sasl_mech_list: plain
if I try an imap session with:
A01 AUTHENTICATE PLAIN
+
xxx
where xxx comes from 'echo -en "\0sonicle\0pass" | base64' , I  
get authenticated as sonicle.

Now, how do I switch to the desired user?
Once I understand how to do it via imap protocol, I need to  
replicate it in java code through:

store.connect(host,143,user,pass);
Thanks in advance!
Gabriele


Quoting from https://tools.ietf.org/html/rfc4616


2.  PLAIN SASL Mechanism

  The mechanism consists of a single message, a string of [UTF-8]
  encoded [Unicode] characters, from the client to the server.  The
  client presents the authorization identity (identity to act as),
  followed by a NUL (U+) character, followed by the authentication
  identity (identity whose password will be used), followed by a NUL
  (U+) character, followed by the clear-text password.  As with
  other SASL mechanisms, the client does not provide an authorization
  identity when it wishes the server to derive an identity from the
  credentials and use that as the authorization identity.


so it is UserID\0AdminID\0AdminPass






M.MengeTel.: (49) 7071/29-70316
Universität Tübingen   Fax.: (49) 7071/29-5912
Zentrum für Datenverarbeitung  mail:  
michael.me...@zdv.uni-tuebingen.de

Wächterstraße 76
72074 Tübingen


Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: imap impersonate

2017-01-19 Thread Gabriele Bulfon via Info-cyrus 
Thanks,
my imapd.conf has already :
admins: sonicle
sasl_mech_list: plain
if I try an imap session with:
A01 AUTHENTICATE PLAIN
+
xxx
where xxx comes from 'echo -en "\0sonicle\0pass" | base64' , I get 
authenticated as sonicle.
Now, how do I switch to the desired user?
Once I understand how to do it via imap protocol, I need to replicate it in 
java code through:
store.connect(host,143,user,pass);
Thanks in advance!
Gabriele

Sonicle S.r.l.
:
http://www.sonicle.com
Music:
http://www.gabrielebulfon.com
Quantum Mechanics :
http://www.cdbaby.com/cd/gabrielebulfon
--
Da: Michael Menge via Info-cyrus
A: info-cyrus@lists.andrew.cmu.edu
Data: 19 gennaio 2017 9.53.51 CET
Oggetto: Re: imap impersonate
Quoting Gabriele Bulfon via Info-cyrus
:
Hi,
is there any mechanism with Cyrus imap to impersonate another user?
I've seen other imap servers scenarios where one may use plain
authentication and sending user as mailboxuser plus a separator plus
adminuser and use only adminpassword, to get access to the
mailboxuser as is (dovecot, exchange).
Anything like this in Cyrus?
Gabriele
Cyrus can use the PLAIN mech to allow admin access as the user.
You need to add plain to sasl_mech_list in imapd.conf
And the "admin" account has to be listed in admins or proxyservers
in imapd.conf
Regards,
Michael

M.MengeTel.: (49) 7071/29-70316
Universität Tübingen   Fax.: (49) 7071/29-5912
Zentrum für Datenverarbeitung  mail:
michael.me...@zdv.uni-tuebingen.de
Wächterstraße 76
72074 Tübingen

Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: imap impersonate

2017-01-19 Thread Michael Menge via Info-cyrus 


Quoting Gabriele Bulfon via Info-cyrus :


Hi,
is there any mechanism with Cyrus imap to impersonate another user?
I've seen other imap servers scenarios where one may use plain  
authentication and sending user as mailboxuser plus a separator plus  
adminuser and use only adminpassword, to get access to the  
mailboxuser as is (dovecot, exchange).

Anything like this in Cyrus?
Gabriele


Cyrus can use the PLAIN mech to allow admin access as the user.
You need to add plain to sasl_mech_list in imapd.conf
And the "admin" account has to be listed in admins or proxyservers
in imapd.conf

Regards,

   Michael



M.MengeTel.: (49) 7071/29-70316
Universität Tübingen   Fax.: (49) 7071/29-5912
Zentrum für Datenverarbeitung  mail:  
michael.me...@zdv.uni-tuebingen.de

Wächterstraße 76
72074 Tübingen


Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: imap impersonate

2017-01-19 Thread Simon Matter via Info-cyrus 
> Hi,
> is there any mechanism with Cyrus imap to impersonate another user?
> I've seen other imap servers scenarios where one may use plain
> authentication and sending user as mailboxuser plus a separator plus
> adminuser and use only adminpassword, to get access to the mailboxuser as
> is (dovecot, exchange).
> Anything like this in Cyrus?
> Gabriele

Hi Gabriele,

Check the "proxyservers" directive in imapd.conf.

Regards,
Simon


Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

imap impersonate

2017-01-19 Thread Gabriele Bulfon via Info-cyrus 
Hi,
is there any mechanism with Cyrus imap to impersonate another user?
I've seen other imap servers scenarios where one may use plain authentication 
and sending user as mailboxuser plus a separator plus adminuser and use only 
adminpassword, to get access to the mailboxuser as is (dovecot, exchange).
Anything like this in Cyrus?
Gabriele

Sonicle S.r.l.
:
http://www.sonicle.com
Music:
http://www.gabrielebulfon.com
Quantum Mechanics :
http://www.cdbaby.com/cd/gabrielebulfon

Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus