I agree, but with one possible caveat: most RDBMSs allow you to configure
the quoting behavior away from the default if you want. I am not a mysql
expert, but if mysql allows the quote character (default "\" for mysql)
then authmysql should also allow this to be configurable.
Just a thought.
<quote who="Alessandro Vesely">
> Authmysql needs to be revamped. I'd propose to accept any local-part
> that can be the target of an RCPT TO command (also for imap/pop
> logins.) Apparently, that implies not only allowing single quotes, but
> also quoted string. Thus, one could patch authmysqllib.c so that,
> e.g., <"Roger's \"rabbit\""@example.com> would result in setting the
> local part as
>
> Roger\'s "rabbit"
>
> Would that be correct? Would it break anything?
>
> Rationale and details below:
>
> Martin Strand wrote:
>> I've got usernames with apostrophes (don't ask me why, people are
>> strange)
>
> That character is allowed in rfc2822:
>
> atext = ALPHA / DIGIT / ; Any character except controls,
> "!" / "#" / ; SP, and specials.
> "$" / "%" / ; Used for atoms
> "&" / "'" /
> "*" / "+" /
> "-" / "/" /
> "=" / "?" /
> "^" / "_" /
> "`" / "{" /
> "|" / "}" /
> "~"
> atom = [CFWS] 1*atext [CFWS]
> dot-atom = [CFWS] dot-atom-text [CFWS]
> dot-atom-text = 1*atext *("." 1*atext)
>
>> authd: SQL query: SELECT email, "", clear, uid, gid, home, maildir,
>> quota,
>> "", "" FROM users WHERE email = "info [EMAIL PROTECTED]"
>
>> imapd: LOGIN FAILED, user=info'[EMAIL PROTECTED], ip=[::ffff:127.0.0.1]
>
> There is an inconsistency between get_localpart(), providing a
> username by skipping any double quote ("), single quote ('), and
> backslash (\), and append_username(), doing the same by replacing
> those characters with a space ( ). Thus, if a MYSQL_SELECT_CLAUSE were
> specified, the above would have searched for "[EMAIL PROTECTED]".
>
> In addition, the double quote and backslash apparently also deserve
> the same treatment. They are used to produce quoted strings.
> Apparently, production rules imply that such stuff can live in an
> email address:
>
> rfc2822
> addr-spec = local-part "@" domain
> local-part = dot-atom / quoted-string / obs-local-part
> quoted-string = [CFWS]
> DQUOTE *([FWS] qcontent) [FWS] DQUOTE
> [CFWS]
> qtext = NO-WS-CTL / ; Non white space controls
> %d33 / ; The rest of the US-ASCII
> %d35-91 / ; characters not including "\"
> %d93-126 ; or the quote character
> qcontent = qtext / quoted-pair
>
> Is that only for headers line or also for RCPT commands?
>
> rfc2821
> Mailbox = Local-part "@" Domain
> Local-part = Dot-string / Quoted-string ; MAY be case-sensitive
> Quoted-string = DQUOTE *qcontent DQUOTE
>
> The qcontent is not further specified in that rfc. Full production
> rules can be found in
> http://tools.ietf.org/html/draft-klensin-rfc2821bis-08
>
> rcpt = "RCPT TO:" ( "<Postmaster@" Domain ">" / "<Postmaster>" /
> Forward-Path ) [SP Rcpt-parameters] CRLF
>
> Forward-path = Path
>
> Path = "<" [ A-d-l ":" ] Mailbox ">"
> Mailbox = Local-part "@" ( Domain / address-literal )
>
> Local-part = Dot-string / Quoted-string
> ; MAY be case-sensitive
>
>
> Dot-string = Atom *("." Atom)
>
> Atom = 1*atext
>
> Quoted-string = DQUOTE *qcontentSMTP DQUOTE
>
> QcontentSMTP = qtextSMTP / quoted-pairSMTP
>
> quoted-pairSMTP = %d92 %d32-126
> ; i.e., backslash followed by any ASCII
> ; graphic (including itself) or SPace
>
> qtextSMTP = %d32-33 / %d35-91 / %d93-126
> ; i.e., within a quoted string, any
> ; ASCII graphic or space is permitted
> ; without blackslash-quoting except
> ; double-quote and the backslash itself.
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> -------------------------------------------------------------------------
> This SF.net email is sponsored by: Microsoft
> Defy all challenges. Microsoft(R) Visual Studio 2008.
> http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
> _______________________________________________
> courier-users mailing list
> [email protected]
> Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
>
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
courier-users mailing list
[email protected]
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
