Authmysql needs to be revamped. I'd propose to accept any local-part
that can be the target of an RCPT TO command (also for imap/pop
logins.) Apparently, that implies not only allowing single quotes, but
also quoted string. Thus, one could patch authmysqllib.c so that,
e.g., <"Roger's \"rabbit\""@example.com> would result in setting the
local part as
Roger\'s "rabbit"
Would that be correct? Would it break anything?
Rationale and details below:
Martin Strand wrote:
> I've got usernames with apostrophes (don't ask me why, people are strange)
That character is allowed in rfc2822:
atext = ALPHA / DIGIT / ; Any character except controls,
"!" / "#" / ; SP, and specials.
"$" / "%" / ; Used for atoms
"&" / "'" /
"*" / "+" /
"-" / "/" /
"=" / "?" /
"^" / "_" /
"`" / "{" /
"|" / "}" /
"~"
atom = [CFWS] 1*atext [CFWS]
dot-atom = [CFWS] dot-atom-text [CFWS]
dot-atom-text = 1*atext *("." 1*atext)
> authd: SQL query: SELECT email, "", clear, uid, gid, home, maildir, quota,
> "", "" FROM users WHERE email = "info [EMAIL PROTECTED]"
> imapd: LOGIN FAILED, user=info'[EMAIL PROTECTED], ip=[::ffff:127.0.0.1]
There is an inconsistency between get_localpart(), providing a
username by skipping any double quote ("), single quote ('), and
backslash (\), and append_username(), doing the same by replacing
those characters with a space ( ). Thus, if a MYSQL_SELECT_CLAUSE were
specified, the above would have searched for "[EMAIL PROTECTED]".
In addition, the double quote and backslash apparently also deserve
the same treatment. They are used to produce quoted strings.
Apparently, production rules imply that such stuff can live in an
email address:
rfc2822
addr-spec = local-part "@" domain
local-part = dot-atom / quoted-string / obs-local-part
quoted-string = [CFWS]
DQUOTE *([FWS] qcontent) [FWS] DQUOTE
[CFWS]
qtext = NO-WS-CTL / ; Non white space controls
%d33 / ; The rest of the US-ASCII
%d35-91 / ; characters not including "\"
%d93-126 ; or the quote character
qcontent = qtext / quoted-pair
Is that only for headers line or also for RCPT commands?
rfc2821
Mailbox = Local-part "@" Domain
Local-part = Dot-string / Quoted-string ; MAY be case-sensitive
Quoted-string = DQUOTE *qcontent DQUOTE
The qcontent is not further specified in that rfc. Full production
rules can be found in
http://tools.ietf.org/html/draft-klensin-rfc2821bis-08
rcpt = "RCPT TO:" ( "<Postmaster@" Domain ">" / "<Postmaster>" /
Forward-Path ) [SP Rcpt-parameters] CRLF
Forward-path = Path
Path = "<" [ A-d-l ":" ] Mailbox ">"
Mailbox = Local-part "@" ( Domain / address-literal )
Local-part = Dot-string / Quoted-string
; MAY be case-sensitive
Dot-string = Atom *("." Atom)
Atom = 1*atext
Quoted-string = DQUOTE *qcontentSMTP DQUOTE
QcontentSMTP = qtextSMTP / quoted-pairSMTP
quoted-pairSMTP = %d92 %d32-126
; i.e., backslash followed by any ASCII
; graphic (including itself) or SPace
qtextSMTP = %d32-33 / %d35-91 / %d93-126
; i.e., within a quoted string, any
; ASCII graphic or space is permitted
; without blackslash-quoting except
; double-quote and the backslash itself.
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
courier-users mailing list
[email protected]
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
