Normalize the authentication ID #3283
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
By normalize, it is intended that;
1) Authentication IDs all can be lowercased for more accurate
comparison without being volatile to, say, user error, and
2) Any leading or trailing blank space can be stripped
| @@ -346,6 +346,8 @@ EXPORTED int cyrus_init(const char *alt_config, const char *ident, unsigned flag | |||
| config_getswitch(IMAPOPT_UNIX_GROUP_ENABLE)); | |||
| libcyrus_config_setswitch(CYRUSOPT_USERNAME_TOLOWER, | |||
| config_getswitch(IMAPOPT_USERNAME_TOLOWER)); | |||
| libcyrus_config_setswitch(CYRUSOPT_NORMALIZEUID, | |||
| config_getswitch(CYRUSOPT_NORMALIZEUID)); | |||
There was a problem hiding this comment.
The bad indentation can be fixed easily enough with tools/remove-tabs.pl...
The bigger problem here is calling config_getswitch() with a CYRUSOPT_ option rather than an IMAPOPT_ one. It should probably be config_getswitch(IMAPOPT_NORMALIZEUID) like the other lines around it.
I think this is the source of one of the warnings @anatoli26 noticed.
Merged
elliefm
reviewed
Nov 11, 2020
There was a problem hiding this comment.
Upon deeper examination, I don't think this patch is useful, and Debian should just drop it (eventually).
I guess you'll probably need some sort of transition plan for users who are using it to change their configuration to use username_tolower: yes instead -- though it's on by default, so maybe it just works already and you can drop it immediately with just a note in the changes file.
| @@ -346,6 +346,8 @@ EXPORTED int cyrus_init(const char *alt_config, const char *ident, unsigned flag | |||
| config_getswitch(IMAPOPT_UNIX_GROUP_ENABLE)); | |||
| libcyrus_config_setswitch(CYRUSOPT_USERNAME_TOLOWER, | |||
| config_getswitch(IMAPOPT_USERNAME_TOLOWER)); | |||
| libcyrus_config_setswitch(CYRUSOPT_NORMALIZEUID, | |||
| config_getswitch(CYRUSOPT_NORMALIZEUID)); | |||
There was a problem hiding this comment.
The bad indentation can be fixed easily enough with tools/remove-tabs.pl...
The bigger problem here is calling config_getswitch() with a CYRUSOPT_ option rather than an IMAPOPT_ one. It should probably be config_getswitch(IMAPOPT_NORMALIZEUID) like the other lines around it.
I think this is the source of one of the warnings @anatoli26 noticed.
Comment on lines
+2922
to
+2926
| { "normalizeuid", 0, SWITCH } | ||
| /* Lowercase uid and strip leading and trailing blanks. It is recommended | ||
| to set this to yes, especially if OpenLDAP is used as authentication | ||
| source. */ | ||
|
|
There was a problem hiding this comment.
This "it is recommended" advice directly contradicts the comment around line 165 of auth_unix.c, where it explains that we used to do something naive like this, but then did it better instead...
Also, we already have a standard option that does the same thing, and is enabled by default:
username_tolower: 1 Convert usernames to all lowercase before login/authentication. This is useful with authentication backends which ignore case during username lookups (such as LDAP).
It doesn't trim leading and trailing whitespace... but if this is a real problem, we should apply a real fix (with tests).
Ionic
pushed a commit
to Ionic/skolab-cyrus-imapd.debpkg
that referenced
this pull request
May 5, 2022
Description: Normalize the authentication ID
By normalize, it is intended that;
1) Authentication IDs all can be lowercased for more accurate
comparison without being volatile to, say, user error, and
2) Any leading or trailing blank space can be stripped
N.B.: upstream advises to just drop this patch, since it's broken
(or rather, that they had something like this in the past, but
it turned out that many sites break under these assumptions).
Author: "Jeroen van Meeuwen (Kolab Systems)" <vanmeeuwen@kolabsys.com>
Forwarded: cyrusimap/cyrus-imapd#3283
Reviewed-By: Xavier Guimard <yadd@debian.org
Last-Update: 2020-02-10
Ionic
pushed a commit
to Ionic/skolab-cyrus-imapd.debpkg
that referenced
this pull request
May 12, 2022
Description: Normalize the authentication ID
By normalize, it is intended that;
1) Authentication IDs all can be lowercased for more accurate
comparison without being volatile to, say, user error, and
2) Any leading or trailing blank space can be stripped
N.B.: upstream advises to just drop this patch, since it's broken
(or rather, that they had something like this in the past, but
it turned out that many sites break under these assumptions).
Author: "Jeroen van Meeuwen (Kolab Systems)" <vanmeeuwen@kolabsys.com>
Forwarded: cyrusimap/cyrus-imapd#3283
Reviewed-By: Xavier Guimard <yadd@debian.org
Last-Update: 2020-02-10
Ionic
pushed a commit
to Ionic/skolab-cyrus-imapd.debpkg
that referenced
this pull request
May 12, 2022
Description: Normalize the authentication ID
By normalize, it is intended that;
1) Authentication IDs all can be lowercased for more accurate
comparison without being volatile to, say, user error, and
2) Any leading or trailing blank space can be stripped
N.B.: upstream advises to just drop this patch, since it's broken
(or rather, that they had something like this in the past, but
it turned out that many sites break under these assumptions).
Author: "Jeroen van Meeuwen (Kolab Systems)" <vanmeeuwen@kolabsys.com>
Forwarded: cyrusimap/cyrus-imapd#3283
Reviewed-By: Xavier Guimard <yadd@debian.org
Last-Update: 2020-02-10
Ionic
pushed a commit
to Ionic/skolab-cyrus-imapd.debpkg
that referenced
this pull request
May 12, 2022
Description: Normalize the authentication ID
By normalize, it is intended that;
1) Authentication IDs all can be lowercased for more accurate
comparison without being volatile to, say, user error, and
2) Any leading or trailing blank space can be stripped
N.B.: upstream advises to just drop this patch, since it's broken
(or rather, that they had something like this in the past, but
it turned out that many sites break under these assumptions).
Author: "Jeroen van Meeuwen (Kolab Systems)" <vanmeeuwen@kolabsys.com>
Forwarded: cyrusimap/cyrus-imapd#3283
Reviewed-By: Xavier Guimard <yadd@debian.org
Last-Update: 2020-02-10
Ionic
pushed a commit
to Ionic/skolab-cyrus-imapd.debpkg
that referenced
this pull request
May 13, 2022
Description: Normalize the authentication ID
By normalize, it is intended that;
1) Authentication IDs all can be lowercased for more accurate
comparison without being volatile to, say, user error, and
2) Any leading or trailing blank space can be stripped
N.B.: upstream advises to just drop this patch, since it's broken
(or rather, that they had something like this in the past, but
it turned out that many sites break under these assumptions).
Author: "Jeroen van Meeuwen (Kolab Systems)" <vanmeeuwen@kolabsys.com>
Forwarded: cyrusimap/cyrus-imapd#3283
Reviewed-By: Xavier Guimard <yadd@debian.org
Last-Update: 2020-02-10
Ionic
pushed a commit
to Ionic/skolab-cyrus-imapd.debpkg
that referenced
this pull request
May 14, 2022
Description: Normalize the authentication ID
By normalize, it is intended that;
1) Authentication IDs all can be lowercased for more accurate
comparison without being volatile to, say, user error, and
2) Any leading or trailing blank space can be stripped
N.B.: upstream advises to just drop this patch, since it's broken
(or rather, that they had something like this in the past, but
it turned out that many sites break under these assumptions).
Author: "Jeroen van Meeuwen (Kolab Systems)" <vanmeeuwen@kolabsys.com>
Forwarded: cyrusimap/cyrus-imapd#3283
Reviewed-By: Xavier Guimard <yadd@debian.org
Last-Update: 2020-02-10
Ionic
pushed a commit
to Ionic/skolab-cyrus-imapd.debpkg
that referenced
this pull request
May 14, 2022
Description: Normalize the authentication ID
By normalize, it is intended that;
1) Authentication IDs all can be lowercased for more accurate
comparison without being volatile to, say, user error, and
2) Any leading or trailing blank space can be stripped
N.B.: upstream advises to just drop this patch, since it's broken
(or rather, that they had something like this in the past, but
it turned out that many sites break under these assumptions).
Author: "Jeroen van Meeuwen (Kolab Systems)" <vanmeeuwen@kolabsys.com>
Forwarded: cyrusimap/cyrus-imapd#3283
Reviewed-By: Xavier Guimard <yadd@debian.org
Last-Update: 2020-02-10
|
Closing this for the reasons outlined in #3283 (comment) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Debian author comment: