[turba] contact ownership issue

jlewis@lewis.org jlewis@lewis.org
Tue, 6 Aug 2002 21:27:21 -0400 (EDT)


I honestly haven't gotten to debugging this at the imapd level...but I was
surprised to see that username is case insensitive with both the uw and
courier imapd's I've tested against.  On our system running uw imap, all 
usernames are required to be lower case...so even if this patch isn't a 
good idea for everyone, I think it'll work for me.

In the case where User and USER are different accounts, turba would have
issues since AFAIK, mysql is case insensitive, so it'll have a hard time
selecting just User's or just USER's contacts, showing them all to both
accounts.

On Tue, 6 Aug 2002, Patrick Boutilier wrote:

> Are user, User, and USER all the same account? (case-insensitive login)
> 
> I ran into a similar situation where the users were authenticating 
> against a MySql database so they could login in as user or USER (etc..) 
> but the Cyrus IMAP server would only show them their mail if they logged 
> on correctly as user (all lower case).
> 
> To get around that problem I made the pam_mysql pam module make the 
> login case sensitive.
> 
> 
> 
> jlewis@lewis.org wrote:
> > I just ran into an interesting contact ownership issue in turba-1.1.
> > 
> > Suppose a user logs into IMP as user and creates some contacts.  Later, 
> > they log in as User and create a few more.  Then later, they log in as 
> > USER.  Logged in as USER, they see all contacts created by user and User, 
> > but turba doesn't think they own the contacts, so they can't edit/delete 
> > them.
> > 
> > Is there anything wrong with doing the following:
> > 
> > --- lib/AbstractObject.php.orig Tue Aug  6 19:17:01 2002
> > +++ lib/AbstractObject.php      Tue Aug  6 19:24:25 2002
> > @@ -101,7 +101,7 @@
> >          if ($this->source->readonly) {
> >              return false;
> >          } else if ($this->hasValue('__owner') &&
> > -                   $this->getValue('__owner') != Auth::getAuth()) {
> > +                   (strcasecmp($this->getValue('__owner'),Auth::getAuth()))) {
> >              return false;
> >          }
> > 
> > 
> > ----------------------------------------------------------------------
> >  Jon Lewis *jlewis@lewis.org*|  I route
> >  System Administrator        |  therefore you are
> >  Atlantic Net                |  
> > _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
> > 
> > 
> 

----------------------------------------------------------------------
 Jon Lewis *jlewis@lewis.org*|  I route
 System Administrator        |  therefore you are
 Atlantic Net                |  
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________