Authmysql needs to be revamped. I'd propose to accept any local-part that can be the target of an RCPT TO command (also for imap/pop logins.) Apparently, that implies not only allowing single quotes, but also quoted string. Thus, one could patch authmysqllib.c so that, e.g., <"Roger's \"rabbit\""@example.com> would result in setting the local part as
Roger\'s "rabbit" Would that be correct? Would it break anything? Rationale and details below: Martin Strand wrote: > I've got usernames with apostrophes (don't ask me why, people are strange) That character is allowed in rfc2822: atext = ALPHA / DIGIT / ; Any character except controls, "!" / "#" / ; SP, and specials. "$" / "%" / ; Used for atoms "&" / "'" / "*" / "+" / "-" / "/" / "=" / "?" / "^" / "_" / "`" / "{" / "|" / "}" / "~" atom = [CFWS] 1*atext [CFWS] dot-atom = [CFWS] dot-atom-text [CFWS] dot-atom-text = 1*atext *("." 1*atext) > authd: SQL query: SELECT email, "", clear, uid, gid, home, maildir, quota, > "", "" FROM users WHERE email = "info [EMAIL PROTECTED]" > imapd: LOGIN FAILED, user=info'[EMAIL PROTECTED], ip=[::ffff:127.0.0.1] There is an inconsistency between get_localpart(), providing a username by skipping any double quote ("), single quote ('), and backslash (\), and append_username(), doing the same by replacing those characters with a space ( ). Thus, if a MYSQL_SELECT_CLAUSE were specified, the above would have searched for "[EMAIL PROTECTED]". In addition, the double quote and backslash apparently also deserve the same treatment. They are used to produce quoted strings. Apparently, production rules imply that such stuff can live in an email address: rfc2822 addr-spec = local-part "@" domain local-part = dot-atom / quoted-string / obs-local-part quoted-string = [CFWS] DQUOTE *([FWS] qcontent) [FWS] DQUOTE [CFWS] qtext = NO-WS-CTL / ; Non white space controls %d33 / ; The rest of the US-ASCII %d35-91 / ; characters not including "\" %d93-126 ; or the quote character qcontent = qtext / quoted-pair Is that only for headers line or also for RCPT commands? rfc2821 Mailbox = Local-part "@" Domain Local-part = Dot-string / Quoted-string ; MAY be case-sensitive Quoted-string = DQUOTE *qcontent DQUOTE The qcontent is not further specified in that rfc. Full production rules can be found in http://tools.ietf.org/html/draft-klensin-rfc2821bis-08 rcpt = "RCPT TO:" ( "<Postmaster@" Domain ">" / "<Postmaster>" / Forward-Path ) [SP Rcpt-parameters] CRLF Forward-path = Path Path = "<" [ A-d-l ":" ] Mailbox ">" Mailbox = Local-part "@" ( Domain / address-literal ) Local-part = Dot-string / Quoted-string ; MAY be case-sensitive Dot-string = Atom *("." Atom) Atom = 1*atext Quoted-string = DQUOTE *qcontentSMTP DQUOTE QcontentSMTP = qtextSMTP / quoted-pairSMTP quoted-pairSMTP = %d92 %d32-126 ; i.e., backslash followed by any ASCII ; graphic (including itself) or SPace qtextSMTP = %d32-33 / %d35-91 / %d93-126 ; i.e., within a quoted string, any ; ASCII graphic or space is permitted ; without blackslash-quoting except ; double-quote and the backslash itself. ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users