Having '@' in the username

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

Having '@' in the username

Vasil Kolev
Hi all,
(I don't know if this would be better suited for the -devel list, but
AFAIK this is also read by the developers)

I'm working on a service which currently uses email addresses as
usernames (and I know it's somewhat a bad idea). I went through the
RFCs, asked around, and it doesn't seem to be a problem, but...

1) I had to patch opensips not to parse the @domain part, as it's not
part of any standard (parser/digest/digest_parser.c, parse_username(),
have it just do the 'return').

2) then, the username didn't match the one I try to register with, so I
needed an entry in the URI table that looks like this:
'user@domain','user%40domain'.

Now, I'm able to call around, and presence seems to work, but then when
I try using XCAP for the presence, most of the stuff starts to think
that the username is the leftmost part of the first '@', which for some
reason seems wrong. I can patch the xcap a bit, but then I'll probably
have to go back and see what has to be escaped where and how...

So, the question goes like this - should I even bother with this, or
should I just have the client part escape '@' and be done with it?

--
Regards,
Vasil Kolev
Attractel NV
dCAP #1324, LPIC2


_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

Re: Having '@' in the username

Iñaki Baz Castillo
2009/2/10 Vasil Kolev <[hidden email]>:
> So, the question goes like this - should I even bother with this, or
> should I just have the client part escape '@' and be done with it?

SIP BNF grammar doesn't allow @ into the SIP URI username part. If you
need it you should escape it in hexadecimal.

BTW OpenXCAP already has a workaround for multidomain, it's explained
in the documentation (not 100% sure anyway since I've never configured
it).

--
Iñaki Baz Castillo
<[hidden email]>

_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

Re: Having '@' in the username

Vasil Kolev
В 15:01 +0100 на 10.02.2009 (вт), Iñaki Baz Castillo написа:
> 2009/2/10 Vasil Kolev <[hidden email]>:
> > So, the question goes like this - should I even bother with this, or
> > should I just have the client part escape '@' and be done with it?
>
> SIP BNF grammar doesn't allow @ into the SIP URI username part. If you
> need it you should escape it in hexadecimal.

Yes, this gets escaped. But it's not escaped automatically for the
digest username, which in turn led me to patch parse_username() and do
the URI hack.  

If I use user%40domain instead of user@domain, then in the SIP URI it
will get escaped once more and will probably still lead to the same kind
of problems.

>
> BTW OpenXCAP already has a workaround for multidomain, it's explained
> in the documentation (not 100% sure anyway since I've never configured
> it).
>

That I'll discuss with them, as they split on the first '@' (as I
understand the python code), which won't really work.

--
Regards,
Vasil Kolev
Attractel NV
dCAP #1324, LPIC2


_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

Re: Having '@' in the username

Iñaki Baz Castillo
2009/2/10 Vasil Kolev <[hidden email]>:

> В 15:01 +0100 на 10.02.2009 (вт), Iñaki Baz Castillo написа:
>> 2009/2/10 Vasil Kolev <[hidden email]>:
>> > So, the question goes like this - should I even bother with this, or
>> > should I just have the client part escape '@' and be done with it?
>>
>> SIP BNF grammar doesn't allow @ into the SIP URI username part. If you
>> need it you should escape it in hexadecimal.
>
> Yes, this gets escaped. But it's not escaped automatically for the
> digest username, which in turn led me to patch parse_username() and do
> the URI hack.

According to SIP BFN, "username" field in Authentication header looks like:

  username          =  "username" EQUAL username-value
  username-value    =  quoted-string

It's a quoted string so it doesn't need to be escaped. I think you are
getting into SIP BNF core issues. No easy solution for it.


> That I'll discuss with them, as they split on the first '@' (as I
> understand the python code), which won't really work.

Do you mean the "username" field in Authentication header?


--
Iñaki Baz Castillo
<[hidden email]>

_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

Re: Having '@' in the username

Vasil Kolev
В 15:22 +0100 на 10.02.2009 (вт), Iñaki Baz Castillo написа:

> 2009/2/10 Vasil Kolev <[hidden email]>:
> > В 15:01 +0100 на 10.02.2009 (вт), Iñaki Baz Castillo написа:
> >> 2009/2/10 Vasil Kolev <[hidden email]>:
> >> > So, the question goes like this - should I even bother with this, or
> >> > should I just have the client part escape '@' and be done with it?
> >>
> >> SIP BNF grammar doesn't allow @ into the SIP URI username part. If you
> >> need it you should escape it in hexadecimal.
> >
> > Yes, this gets escaped. But it's not escaped automatically for the
> > digest username, which in turn led me to patch parse_username() and do
> > the URI hack.
>
> According to SIP BFN, "username" field in Authentication header looks like:
>
>   username          =  "username" EQUAL username-value
>   username-value    =  quoted-string
>
> It's a quoted string so it doesn't need to be escaped. I think you are
> getting into SIP BNF core issues. No easy solution for it.
>
>

So, to rephrase my question, should OpenSIPS be able to use normally
usernames in the database in the form of user@anydomain, and to handle
presence, etc. for them? Three examples:
1) when you use presence for '[hidden email]', the username in the database
says 'aaa%40bbb.com')
2) when you try to register with [hidden email] (in the digest auth.
field), it tries to check the username aaa%40bbb.com and says it's
spoofed.
3) when you try registering with [hidden email] (in the digest auth.
field), it also tries to authorize it in the domain bbb.com, why?


If this should be possible, would you accept patches for this?

> > That I'll discuss with them, as they split on the first '@' (as I
> > understand the python code), which won't really work.
>
> Do you mean the "username" field in Authentication header?
>
Yes, and the one in the URL for the POST/GET/PUT.

>
--
Regards,
Vasil Kolev
Attractel NV
dCAP #1324, LPIC2


_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users