Bug#860049: dovecot-core 1:2.2.13-12~deb8u2 (fix for bug 860049) seems to break dovecot dict key interpolation entirely

Mon, 10 Apr 2017 21:36:28 -0700 

Hi Nick,

On Tue, Apr 11, 2017 at 01:19:11AM +0100, Nick Thomas wrote:
> Hi,
> 
> dovecot-core/1:2.2.13-12~deb8u2 with a dict-based userdb or passdb no
> longer interprets placeholders like %u in the keys even once.
> 
> The referenced commit claims to prevent double-parsing in a situation
> like this:
> 
> 
> username: fo...@example.com
> config file: 
> 
> ```
> key userdb {
> ?? key = userdb/%u
> ?? format = json
> }
> ```
> 
> result: userdb/foo...@example.com@example.com
> 
> Instead, it claims the result should be userdb/fo...@example.com
> 
> What I'm seeing is that the key actually becomes userdb/%u
> 
> I'm using the UNIX socket "proxy" protocol listed here: https://wiki2.d
> ovecot.org/AuthDatabase/Dict
> 
> 
> Similar issues with the passdb, which is similarly configured.
> 
> In 1:2.2.13-12~deb8u1, the proxy receives lines like:
> "Lshared/passdb/foo.default.urgs.uk0.bigv.io"
> In 1:2.2.13-12~deb8u2, the proxy receives lines like:
> "Lshared/passdb/%u"
> 
> This comes up with the symbiosis integration to dovecot; I've got a
> GitHub issue open with them here: https://github.com/BytemarkHosting/sy
> mbiosis/issues/13 - I'm having trouble believing that dovecot-core
> master's functionality is broken here, although I guess it's possible.
> Their examples and wiki still show the "%u" syntax.
> 
> Regards,
> 
> Nick Thomas

Thanks for the report. I'm Cc'ing explicitly Apollon and upstream.

Timo and Aki, attached is the patch used for the version in Debian
Jessie.

Did I misss something obvious with backporting the commit to 2.2.13?

Regards,
Salvatore

>From 000030feb7a30f193197f1aab8a7b04a26b42735 Mon Sep 17 00:00:00 2001
From: Aki Tuomi <aki.tu...@dovecot.fi>
Date: Mon, 6 Mar 2017 14:59:46 +0200
Subject: [PATCH] auth: Do not double-expand key in passdb dict when
 authenticating

Broken by 79042f8c
[carnil: Backport for context in 2.2.13]
---
 src/auth/db-dict.c | 7 +------
 1 file changed, 1 insertion(+), 6 deletions(-)

--- a/src/auth/db-dict.c
+++ b/src/auth/db-dict.c
@@ -404,7 +404,7 @@ static int db_dict_iter_lookup_key_value
 			continue;
 
 		str_truncate(path, strlen(DICT_PATH_SHARED));
-		var_expand(path, key->key->key, iter->var_expand_table);
+		str_append(path, key->key->key);
 		ret = dict_lookup(iter->conn->dict, iter->pool,
 				  str_c(path), &key->value);
 		if (ret > 0) {

Reply via email to