problem with user canonicalization and pop3d

Dan White <dwhite@xxxxxxx> · Wed, 03 Oct 2007 09:03:42 -0500

Hello,

I'm experiencing problems with user canonicalization when logging 
in to pop3 via a user/pass login.

Logging in via auth/digest-md5 (pop3test) canonicalizes as 
expected, however if I telnet like this:

telnet localhost 110
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
+OK neo Cyrus POP3 Murder v2.3.8-Debian-2.3.8-1-1 server ready 
<2296241349.1191418381@neo>
user super@xxxxxxx
+OK Name is a valid mailbox
pass mysecret

I receive a mailbox does not exist error, and syslog reports that 
'super@xxxxxxx' logged in rather than my canonicalized user. My 
canonicalized user has a mailbox, but not super@xxxxxxxx

I'm using version 2.3.8 with the ldapdb auxprop+canonuser plugin. 
The following patch fixes this problem for me. It's a cut and 
paste from the cmd_auth function into the cmd_pass function:

--- pop3d.c.orig        2007-10-02 16:55:20.000000000 -0500
+++ pop3d.c     2007-10-02 16:54:35.000000000 -0500
@@ -1199,6 +1199,8 @@
  void cmd_pass(char *pass)
  {
      int plaintextloginpause;
+    int sasl_result;
+    char *canon_user;

      if (!popd_userid) {
         prot_printf(popd_out, "-ERR [AUTH] Must give USER 
command\r\n");
@@ -1258,6 +1260,42 @@
         return;
      }
      else {
+
+        /* successful authentication */
+
+        /* get the userid from SASL --- already canonicalized from
+         * mysasl_proxy_policy()
+         */
+        sasl_result = sasl_getprop(popd_saslconn, SASL_USERNAME,
+                                   (const void **) &canon_user);
+        if (sasl_result != SASL_OK) {
+            prot_printf(popd_out,
+                        "-ERR [AUTH] weird SASL error %d getting 
SASL_USERNAME\r\n",
+                        sasl_result);
+            return;
+        }
+
+        /* If we're proxying, the authzid may contain a subfolder,
+           so re-canonify it */
+        if (config_getswitch(IMAPOPT_POPSUBFOLDERS) && 
strchr(canon_user, '+')) {
+            char userbuf[MAX_MAILBOX_NAME+1];
+            unsigned userlen;
+
+            sasl_result = popd_canon_user(popd_saslconn, NULL, 
canon_user, 0,
+                                          SASL_CU_AUTHID | 
SASL_CU_AUTHZID,
+                                          NULL, userbuf, 
sizeof(userbuf), &userlen);
+            if (sasl_result != SASL_OK) {
+                prot_printf(popd_out,
+                            "-ERR [AUTH] SASL canonification 
error %d\r\n",
+                            sasl_result);
+                return;
+            }
+
+            popd_userid = xstrdup(userbuf);
+        } else {
+            popd_userid = xstrdup(canon_user);
+        }
+
         syslog(LOG_NOTICE, "login: %s %s%s plaintext%s %s", 
popd_clienthost,
                popd_userid, popd_subfolder ? popd_subfolder : "",
                popd_starttls_done ? "+TLS" : "", "User logged in");


Thank You,
-- 
Dan White <dwhite@xxxxxxx>
----
Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html




