as author of mentioned patch, I'm replying here just to clarify some things.
> What this patch does is take a large chunk of code out of courier-authlib,
> add a small amount of dovecot-specific logic, and include it into maildrop's
> A very large portion of code ends up being duplicated here. This is not a
> good way to do thing, from a long-term maintenance perspective.
Although as a software developer I'm also strongly against unnecessary
duplicated code, you're exaggerating here a little bit. Only code that was
copied (with some minor changes) from authlib is related to socket communication
as I did not want to reinvent the wheel (and is properly documented). If you
take a brief look at dovecotauth.c where most of the code is you'll see that the
ratio between authlib code and dovecot communication code is along the lines of
50:50. Also, the overall file size is just 10k, so saying that a "large" portion
of code is duplicated in general is overstating. Not to mention that there is
also a lot of duplicated code in authlib itself (one example from top of my head
is read_env() function that's re-implemented in several auth modules).
With that being said, I would like to elaborate why I wrote the patch in this
way. The main reason is that I did not want or need to use authlib at all. There
simply is no need for having one more daemon running just for doing user info
lookups. Not using authlib simplifies things greatly as there is no additional
maintenance needed (or code compilation for that matter). The idea was to make
maildrop be able to use different authentication libraries (dovecot, authlib,
etc.) and allow users to choose which one to use. The second reason is that I
only wanted to implement user info lookups ("PRE" auth in authlib terminology or
"MASTER" lookups in dovecot terminology), which are only thing needed by
maildrop. Implementing full username / password login capability ("CLIENT"
lookups in dovecot terminology) is beyond the scope of my needs and having an
authentication backend in authlib that just implements user info lookups will be
very limited in its use. Not to mention that trying to implement full login
capability will result in a lot of duplicated functionality as dovecot
authentication protocol for example is able to process challenge-response
authentication mechanisms on its own.
> Maildrop already has an authentication plugin – the courier-authlib hook.
> The right way to implement this functionality would be to add a Dovecot
> module to courier-authlib. I would be generally agreeable to this approach.
> In addition to mailrop, this would also allow sqwebmail to leverage this
> functionality too.
As my patch only implements user info lookups, I doubt that it would work with
sqwebmail, since it would also require login capability. Anyway, I wrote above
the reasons why I did not implement this in authlib and now that I don't even
use maildrop anymore, I personally won't be spending any of my time on improving
the patch. However, if there is someone interested in pursuing this further
current code can probably be integrated with authlib, main part of code is
located in dovecotauth.c in two functions: _dovecotauth_getuserinfo(),
parse_userinfo(). But, as this only implements user info lookups, use of such
authentication backed would be very limited.
Oh, I would like to thank Sam for making maildrop, which is a great piece of
software (especially its xfilter command) that I have been using in the past
(and Courier-IMAP, which I also used for quite some time).
Marko Njezic - mr.maX @ MAX Interactive corp.
MAX's Empire: http://www.maxempire.com/
MAX's HTML Beauty++ 2004: http://www.htmlbeauty.com/