#720334 prayer: could not use email address as login

Package:
prayer
Source:
prayer
Description:
standalone IMAP-based webmail server
Submitter:
FUSTE Emmanuel
Date:
2024-02-26 18:33:27 UTC
Severity:
important
#720334#5
Date:
2013-08-20 16:24:49 UTC
From:
To:
Dear Maintainer,

prayer could not be used with email addresses as user login.
The @ character completely confuse the session and front-end
process communication :
A socket is created with a @ character but the front-end use the
@ character as a separator between the socket name and the command
to pass it into.

Could be downgraded to a feature request, but get it unusable in
most modern imap config/use.

Best regards,
Emmanuel.

#720334#10
Date:
2013-08-27 13:59:20 UTC
From:
To:
Ok, I implemented minimum required support to get it working with
email address as username.
It is enough to log in and navigate in the mailbox.
It surely have some limitations (I did not check email sending) but
now perfectly suit my needs (simple and self contained webmail
to consult and delete emails).

Emmanuel.
----------
email_as_login.patch:

Description: add basic support to use email address as username/login
  Username:backenPID was limited to 32 bytes. Bump to 64 to be usable with
  email address.
  @ was used unconditionally as a delimiter to split the request int the argv
  array. As many proxy/reverse-proxy rewrite %40 as @, do not split on @
  if we are processing the username (second field).
Author: Emmanuel Fusté <emmanuel.fuste@thalesgroup.com>
Origin: other
Bug-Debian: http://bugs.debian.org/720334
Last-Update: 2013-08-27
--- prayer-1.3.5-dfsg1.orig/servers/prayer_server.c +++ prayer-1.3.5-dfsg1/servers/prayer_server.c @@ -58,7 +58,7 @@ prayer_compose_dump(struct prayer *praye static BOOL check_argv_valid(char *s) { - if (!(s && s[0] && (strlen(s) < 32))) + if (!(s && s[0] && (strlen(s) < 64))) return(NIL); /* Check for ".." or "/" embedded into username */ --- prayer-1.3.5-dfsg1.orig/shared/request.c +++ prayer-1.3.5-dfsg1/shared/request.c @@ -1482,7 +1482,8 @@ void request_parse_argv(struct request * if (*t == '?') break; - if ((*t == '/') || (*t == '@')) + /* If @ is found in the second field, it is part of the username */ + if ((*t == '/') || ((*t == '@') && (request->argc > 2))) request->argc++; } @@ -1495,7 +1496,7 @@ void request_parse_argv(struct request * i = 0; t = s; while (*t) { - if ((*t == '/') || (*t == '@')) { + if ((*t == '/') || ((*t == '@') && (i > 1))) { *t++ = '\0'; /* Tie off previous string */ request->argv[++i] = t; /* Found start of next argv elt */ continue;
#720334#15
Date:
2024-02-26 18:31:17 UTC
From:
To:
Dear submitter,

as the package prayer has just been removed from the Debian archive
unstable we hereby close the associated bug reports.  We are sorry
that we couldn't deal with your issue properly.

For details on the removal, please see https://bugs.debian.org/1063872

The version of this package that was in Debian prior to this removal
can still be found using https://snapshot.debian.org/.

Please note that the changes have been done on the master archive and
will not propagate to any mirrors until the next dinstall run at the
earliest.

This message was generated automatically; if you believe that there is
a problem with it please contact the archive administrators by mailing
ftpmaster@ftp-master.debian.org.

Debian distribution maintenance software
pp.
Thorsten Alteholz (the ftpmaster behind the curtain)