auth: Allow users without a domain

Some deployments already have users that authenticate without a domain. Today, we refuse to even consider those, and reject them at parsing time. However, it is a use-case worth supporting, at least with some restrictions that make the complexity manageable. This patch changes the auth package to support authenticating users without an "@domain" part. Those requests will always be directly passed on to the fallback authenticator, if available. The dovecot fallback authenticator can already handle this case just fine.
2025-12-30 16:47:02 +00:00 · 2021-06-11 20:05:41 +01:00
parent 099e2e2269
commit cfe0e48c0a
7 changed files with 48 additions and 21 deletions
--- a/test/t-11-dovecot/config/dovecot.conf.in
+++ b/test/t-11-dovecot/config/dovecot.conf.in
@@ -5,10 +5,11 @@ ssl = no
 default_internal_user = $USER
 default_login_user = $USER

-# Before auth checks, rename "u@d" to "u-AT-d". This exercises that chasquid
+# Before auth checks, rename "u@d" to "u-x". This exercises that chasquid
 # handles well the case where the returned user information does not match the
 # requested user.
-auth_username_format = "%n-AT-%d"
+# We drop the domain, to exercise "naked" auth handling.
+auth_username_format = "%n-x"

 passdb {
 	driver = passwd-file
--- a/test/t-11-dovecot/config/passwd
+++ b/test/t-11-dovecot/config/passwd
@@ -1 +1,2 @@
-user-AT-srv:{plain}password:1000:1000::/home/user
+user-x:{plain}password:1000:1000::/home/user
+naked-x:{plain}gun:1001:1001::/home/naked