spaces around uid

Thu, 21 Feb 2002 05:41:22 -0800 

Hi,

we noticed, that cyrus-imapd allows users to prepend or append
whitespaces to their uid like this:

. login "   user  " secret

cyrus-imapd hand's over this string as is to the underlying
authentication system. In case of pam with pam_ldap, this results in a
DN like this:

"uid=   user  ,dc=some,dc=dom"

which will then be normalized by OpenLDAP to

"uid=user,dc=some,dc=dom"

and will give a successfull authentication... :-(

Another point is, that the uid attribute is caseINsensitve as defined
in the core openldap schema, which makes things even harder:

. login "   uSer  " secret

would be the same as 

. login "   user  " secret

for openldap in this case.

Most mailclients would then notice, that there is no inbox -because
imapd is now looking into "/var/imap/user/   uSer  /" which currently
does not exist. Then they issue a "create inbox" command and voila, we
have a new directory called "/var/imap/user/   uSer  /".

So I wrote a small patch for the auth_canonifyid function, which
strips off leading and trailing whitespaces and lowers alpha chars.

I am not exactly sure, if this is the right place to fix, but it
works.

I attached the patch to this mail.

-- 
With best regards,

Carsten Hoeger

SuSE, The Linux Experts, http://www.suse.com

Key fingerprint = E3B6 7FDB 4800 0F22 DC09  EB2B 7988 B6A8 6691 C94A

diff -urN cyrus-imapd-2.0.16/lib/auth_unix.c cyrus-imapd-2.0.16.SuSE/lib/auth_unix.c
--- cyrus-imapd-2.0.16/lib/auth_unix.c  Tue May 23 22:56:12 2000
+++ cyrus-imapd-2.0.16.SuSE/lib/auth_unix.c     Wed Feb 20 15:32:44 2002
@@ -154,9 +154,11 @@
 const char *identifier;
 {
     static char retbuf[81];
+    char backup[81];
     struct group *grp;
     char sawalpha;
     char *p;
+    int ic,rbc;
 
     if (strcasecmp(identifier, "anonymous") == 0) {
        return "anonymous";
@@ -210,6 +212,21 @@
     *p = 0;
 
     if (!sawalpha) return NULL;  /* has to be one alpha char */
+
+    strcpy(backup,retbuf);
+    /* remove leading blanks */
+    for(ic=0; isblank(backup[ic]); ic++);
+    for(rbc=0; backup[ic]; ic++) {
+       retbuf[rbc] = ( isalpha(backup[ic]) ?
+                       tolower(backup[ic]) : backup[ic] );
+       rbc++;
+    }
+    retbuf[rbc] = '\0';
+    /* remove trailing blanks */
+    for(--rbc; isblank(retbuf[rbc]); rbc--) {
+       retbuf[rbc] = '\0';
+    }
+
 
     return retbuf;
 }

Attachment: msg06101/pgp00000.pgp
Description: PGP signature

Reply via email to