File: 0009-Normalize-the-authentication-ID.patch

package info (click to toggle)
cyrus-imapd 3.10.2-1
  • links: PTS, VCS
  • area: main
  • in suites: trixie
  • size: 59,108 kB
  • sloc: ansic: 284,386; perl: 137,327; javascript: 9,659; sh: 5,730; yacc: 2,565; makefile: 2,188; cpp: 2,147; lex: 662; xml: 621; awk: 303; python: 272; asm: 262
file content (96 lines) | stat: -rw-r--r-- 2,978 bytes parent folder | download | duplicates (3) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
 
Description: Normalize the authentication ID
 By normalize, it is intended that;
    1) Authentication IDs all can be lowercased for more accurate
       comparison without being volatile to, say, user error, and
    2) Any leading or trailing blank space can be stripped
Author: "Jeroen van Meeuwen (Kolab Systems)" <vanmeeuwen@kolabsys.com>
Forwarded: https://github.com/cyrusimap/cyrus-imapd/pull/3283
Reviewed-By: Xavier Guimard <yadd@debian.org
Last-Update: 2022-02-23

--- a/imap/global.c
+++ b/imap/global.c
@@ -359,6 +359,8 @@
                                   config_getswitch(IMAPOPT_UNIX_GROUP_ENABLE));
         libcyrus_config_setswitch(CYRUSOPT_USERNAME_TOLOWER,
                                   config_getswitch(IMAPOPT_USERNAME_TOLOWER));
+        libcyrus_config_setswitch(CYRUSOPT_NORMALIZEUID,
+        			  config_getswitch(CYRUSOPT_NORMALIZEUID));
         libcyrus_config_setswitch(CYRUSOPT_SKIPLIST_UNSAFE,
                                   config_getswitch(IMAPOPT_SKIPLIST_UNSAFE));
         libcyrus_config_setstring(CYRUSOPT_TEMP_PATH,
--- a/lib/auth_unix.c
+++ b/lib/auth_unix.c
@@ -150,9 +150,11 @@
 static const char *mycanonifyid(const char *identifier, size_t len)
 {
     static char retbuf[81];
+    char backup[81];
     struct group *grp;
     char *p;
     int username_tolower = 0;
+    int ic,rbc;
 
     if (!len) len = strlen(identifier);
     if (len >= sizeof(retbuf)) return NULL;
@@ -194,6 +196,22 @@
         }
     }
 
+    if( (libcyrus_config_getswitch(CYRUSOPT_NORMALIZEUID) == 1) ) {
+        strcpy(backup,retbuf);
+       /* remove leading blanks */
+       for(ic=0; isblank(backup[ic]); ic++);
+       for(rbc=0; backup[ic]; ic++) {
+            retbuf[rbc] = ( isalpha(backup[ic]) ?
+                 tolower(backup[ic]) : backup[ic] );
+            rbc++;
+       }
+       retbuf[rbc] = '\0';
+       /* remove trailing blanks */
+       for(--rbc; isblank(retbuf[rbc]); rbc--) {
+            retbuf[rbc] = '\0';
+       }
+    }
+
     return retbuf;
 }
 
--- a/lib/imapoptions
+++ b/lib/imapoptions
@@ -3333,6 +3333,11 @@
 { "fastmailsharing", 0, SWITCH, "3.0.0" }
 /* If enabled, use FastMail style sharing (oldschool full server paths). */
 
+{ "normalizeuid", 0, SWITCH }
+/* Lowercase uid and strip leading and trailing blanks. It is recommended
+   to set this to yes, especially if OpenLDAP is used as authentication
+   source. */
+
 /*
 .SH SEE ALSO
 .PP
--- a/lib/libcyr_cfg.c
+++ b/lib/libcyr_cfg.c
@@ -160,6 +160,10 @@
       CFGVAL(long, 0),
       CYRUS_OPT_SWITCH },
 
+    { CYRUSOPT_NORMALIZEUID,
+      CFGVAL(long, 1),
+      CYRUS_OPT_SWITCH },
+
     { CYRUSOPT_LAST, { NULL }, CYRUS_OPT_NOTOPT }
 };
 
--- a/lib/libcyr_cfg.h
+++ b/lib/libcyr_cfg.h
@@ -107,6 +107,8 @@
     CYRUSOPT_SKIPLIST_ALWAYS_CHECKPOINT,
     /* ACL override */
     CYRUSOPT_ACL_ADMIN_IMPLIES_WRITE,
+    /* Lowercase uid and strip leading and trailing blanks (OFF) */
+    CYRUSOPT_NORMALIZEUID,
 
     CYRUSOPT_LAST