• Bug#1103623: dovecot-core: oauth2 passdb username_format not applied be

    From magicfelix@21:1/5 to All on Sat Apr 19 20:20:01 2025
    Package: dovecot-core
    Version: 1:2.3.19.1+dfsg1-2.1+deb12u1
    Severity: normal
    Tags: upstream

    Dear Maintainer,

    * What led up to the situation?

    I use multiple oauth2 passdbs, one for each domain, using password grant.

    Therefor, I use `username_filter = "*@example.org` to only check e.g. user@example.org against this passdb, and not user@example.com.

    * What exactly did you do (or not do) that was effective (or
    ineffective)?

    For this to work, `auth_username_format` has to be `%Lu`, because `%Ln` would remove the domain and break the `username_filter`, so that no passdb would match.

    So the domain is used for finding the correct passdb. But the OAuth provider expects the username to be just the username without domain, which is why I set `username_format = %Ln` inside the oauth2 passdb configuration.

    * What was the outcome of this action?

    This does not achieve the expected result. The OAuth provider is still queried with the whole user@example.org as username.

    * What outcome did you expect instead?

    The expected result would be, that (after the correct passdb was found based on the domain) the username is translated according to the `username_format` defined inside the passdb before the password grant request is sent.

    -- Package-specific info:

    -- System Information:
    Debian Release: 12.10
    APT prefers stable-updates
    APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable')
    Architecture: amd64 (x86_64)

    Kernel: Linux 6.1.0-32-amd64 (SMP w/3 CPU threads; PREEMPT)
    Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
    Shell: /bin/sh linked to /usr/bin/dash
    Init: systemd (via /run/systemd/system)
    LSM: AppArmor: enabled

    Versions of packages dovecot-core depends on:
    ii adduser 3.134
    ii init-system-helpers 1.65.2
    ii libapparmor1 3.0.8-3
    ii libbz2-1.0 1.0.8-5+b1
    ii libc6 2.36-9+deb12u10
    ii libcap2 1:2.66-4
    ii libcrypt1 1:4.4.33-2
    ii libexttextcat-2.0-0 3.4.5-1
    ii libicu72 72.1-3
    ii liblua5.4-0 5.4.4-3+deb12u1
    ii liblz4-1 1.9.4-1
    ii liblzma5 5.4.1-1
    ii libpam-runtime 1.5.2-6+deb12u1
    ii libpam0g 1.5.2-6+deb12u1
    ii libsodium23 1.0.18-1
    ii libssl3 3.0.15-1~deb12u1
    ii libstemmer0d 2.2.0-2
    ii libsystemd0 252.36-1~deb12u1
    ii libtirpc3 1.3.3+ds-1
    ii libunwind8 1.6.2-3
    ii libwrap0 7.6.q-32
    ii libzstd1 1.5.4+dfsg2-5
    ii lsb-base 11.6
    ii openssl 3.0.15-1~deb12u1
    ii ssl-cert 1.1.2
    ii sysvinit-utils [lsb-base] 3.06-4
    ii ucf 3.0043+nmu1+deb12u1
    ii zlib1g 1:1.2.13.dfsg-1

    dovecot-core recommends no packages.

    Versions of packages dovecot-core suggests:
    pn dovecot-gssapi <none>
    ii dovecot-imapd 1:2.3.19.1+dfsg1-2.1+deb12u1
    ii dovecot-ldap 1:2.3.19.1+dfsg1-2.1+deb12u1
    ii dovecot-lmtpd 1:2.3.19.1+dfsg1-2.1+deb12u1
    pn dovecot-lucene <none>
    ii dovecot-managesieved 1:2.3.19.1+dfsg1-2.1+deb12u1
    pn dovecot-mysql <none>
    pn dovecot-pgsql <none>
    pn dovecot-pop3d <none>
    ii dovecot-sieve 1:2.3.19.1+dfsg1-2.1+deb12u1
    pn dovecot-solr <none>
    pn dovecot-sqlite <none>
    pn dovecot-submissiond <none>
    pn ntp <none>

    Versions of packages dovecot-core is related to:
    ii dovecot-core [dovecot-common] 1:2.3.19.1+dfsg1-2.1+deb12u1
    pn dovecot-dev <none>
    pn dovecot-gssapi <none>
    ii dovecot-imapd 1:2.3.19.1+dfsg1-2.1+deb12u1
    ii dovecot-ldap 1:2.3.19.1+dfsg1-2.1+deb12u1
    ii dovecot-lmtpd 1:2.3.19.1+dfsg1-2.1+deb12u1
    ii dovecot-managesieved 1:2.3.19.1+dfsg1-2.1+deb12u1
    pn dovecot-mysql <none>
    pn dovecot-pgsql <none>
    pn dovecot-pop3d <none>
    ii dovecot-sieve 1:2.3.19.1+dfsg1-2.1+deb12u1
    pn dovecot-sqlite <none>

    -- no debconf information

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)