auth: Allow users without a domain

Some deployments already have users that authenticate without a domain. Today, we refuse to even consider those, and reject them at parsing time. However, it is a use-case worth supporting, at least with some restrictions that make the complexity manageable. This patch changes the auth package to support authenticating users without an "@domain" part. Those requests will always be directly passed on to the fallback authenticator, if available. The dovecot fallback authenticator can already handle this case just fine.
2025-12-22 15:27:02 +00:00 · 2021-06-11 20:05:41 +01:00
parent 099e2e2269
commit cfe0e48c0a
7 changed files with 48 additions and 21 deletions
--- a/test/t-11-dovecot/config/dovecot.conf.in
+++ b/test/t-11-dovecot/config/dovecot.conf.in
@@ -5,10 +5,11 @@ ssl = no
 default_internal_user = $USER
 default_login_user = $USER

-# Before auth checks, rename "u@d" to "u-AT-d". This exercises that chasquid
+# Before auth checks, rename "u@d" to "u-x". This exercises that chasquid
 # handles well the case where the returned user information does not match the
 # requested user.
-auth_username_format = "%n-AT-%d"
+# We drop the domain, to exercise "naked" auth handling.
+auth_username_format = "%n-x"

 passdb {
 	driver = passwd-file
--- a/test/t-11-dovecot/config/passwd
+++ b/test/t-11-dovecot/config/passwd
@@ -1 +1,2 @@
-user-AT-srv:{plain}password:1000:1000::/home/user
+user-x:{plain}password:1000:1000::/home/user
+naked-x:{plain}gun:1001:1001::/home/naked
--- a/test/t-11-dovecot/msmtprc
+++ b/test/t-11-dovecot/msmtprc
@@ -26,3 +26,8 @@ password secretpassword
 account badpasswd : default
 user user@srv
 password badsecretpassword
+
+account naked : default
+from naked@srv
+user naked
+password gun
--- a/test/t-11-dovecot/run.sh
+++ b/test/t-11-dovecot/run.sh
@@ -51,11 +51,22 @@ mkdir -p .logs
 chasquid -v=2 --logfile=.logs/chasquid.log --config_dir=config &
 wait_until_ready 1025

-# Send an email as user@srv successfully.
+# Send an email as "user@srv" successfully.
 run_msmtp user@srv < content
 wait_for_file .mail/user@srv
 mail_diff content .mail/user@srv

+# Send an email as "naked" successfully.
+rm .mail/user@srv
+run_msmtp -a naked user@srv < content
+wait_for_file .mail/user@srv
+mail_diff content .mail/user@srv
+
+# Send an email to the "naked" user successfully.
+run_msmtp naked@srv < content
+wait_for_file .mail/naked@srv
+mail_diff content .mail/naked@srv
+
 # Fail to send to nobody@srv (user does not exist).
 if run_msmtp nobody@srv < content 2> /dev/null; then
 	fail "successfuly sent an email to a non-existent user"