From 5a814cbe7196bf244a5124785c143c9057dc8444 Mon Sep 17 00:00:00 2001
From: pacien
Date: Thu, 20 Sep 2018 09:52:52 +0200
Subject: Add dovecot auth support

---
 conf.d/070_authenticators.conf | 32 ++++++++++++++++++++++++--------
 1 file changed, 24 insertions(+), 8 deletions(-)

(limited to 'conf.d')

diff --git a/conf.d/070_authenticators.conf b/conf.d/070_authenticators.conf
index 93a6ce2..f64796b 100644
--- a/conf.d/070_authenticators.conf
+++ b/conf.d/070_authenticators.conf
@@ -19,12 +19,6 @@
 
 begin authenticators
 
-.ifdef USERLIST
-AUTH_CHECK = ${if crypteq{$auth3}{${lookup{$auth2}lsearch{USERLIST}}} {yes}{no}}
-.else
-AUTH_CHECK = ${if pam{$auth2:${sg{$auth3}{:}{::}}} {yes}{no}}
-.endif
-
 # PLAIN authentication has no server prompts. The client sends its
 # credentials in one lump, containing an authorization ID (which we do not
 # use), an authentication ID, and a password. The latter two appear as
@@ -33,13 +27,35 @@ AUTH_CHECK = ${if pam{$auth2:${sg{$auth3}{:}{::}}} {yes}{no}}
 # use $auth2 as a lookup key, and compare $auth3 against the result of the
 # lookup, perhaps using the crypteq{}{} condition.
 
-PLAIN:
+.ifdef USERLIST
+virtual_plain:
   driver                     = plaintext
   public_name                = PLAIN
   server_prompts             = :
   server_set_id              = $auth2
-  server_condition           = AUTH_CHECK
+  server_condition           = ${if crypteq{$auth3}{${lookup{$auth2}lsearch{USERLIST}}} {yes}{no}}
   server_advertise_condition = ${if ={587}{$interface_port} {yes}{no}}
+.endif
+
+.ifdef ENABLE_PAM_AUTH
+pam_plain:
+  driver                     = plaintext
+  public_name                = PLAIN
+  server_prompts             = :
+  server_set_id              = $auth2
+  server_condition           = ${if pam{$auth2:${sg{$auth3}{:}{::}}} {yes}{no}}
+  server_advertise_condition = ${if ={587}{$interface_port} {yes}{no}}
+.endif
+
+.ifdef DOVECOT_AUTH_SOCKET
+dovecot_plain:
+  driver                     = dovecot
+  public_name                = PLAIN
+  server_set_id              = $auth1
+  server_socket              = DOVECOT_AUTH_SOCKET
+  server_advertise_condition = ${if ={587}{$interface_port} {yes}{no}}
+.endif
+
 
 # LOGIN authentication has traditional prompts and responses. There is no
 # authorization ID in this mechanism, so unlike PLAIN the username and
-- 
cgit v1.2.3