On W 29 Apr, 2009, at 22:21 , Giuliano Gavazzi wrote:
I am trying to patch the source so that the %d expansion variable
uses original_username (instead of user I suppose) of auth_request,
but I cannot find where this expansion is done..
Pointers?
Thanks
Giuliano
I thought it was in auth_request_get_var_expand_table, and changed thus:
//GG tab[2].value = strchr(auth_request->user, '@');
tab[2].value = strchr(auth_request->original_username,
'@'); //GG test to keep domain
but this makes no difference (well, not in the expansion for
mail_location).
I found other places where var_expand_table is set (easy, as you
always use tab as a local variable), but as they were not passed
auth_request it was not possible to get the original_username.
I think I can see a reason behind this: ignoring the domain passed
when authenticating means that the domain part has not been checked
and thus its use unwarranted. In the case of system users this would
pose no threat, but for virtual users it might, in principle, allow an
unauthorised access to other maildirs.
Giuliano
