MySQL password escaping

[mschering]

Hi,

I've setup opendkim with mysql. Now I have some clients with special characters in the password. For example )($@?.
I've been searching the web but can't find any documentation on this topic. Is there any documentation on how to escape that in the /etc/opendkim.conf config file?

I have it like this but it fails with special characters:

# https://github.com/trusteddomainproject/OpenDKIM/blob/master/opendkim/README.SQL
SigningTable dsn:mysql://user:mypass?$@host/groupoffice/table=community_maildomains_dkim?keycol=domain?datacol=id
KeyTable     dsn:mysql://user:mypass?$@host/groupoffice/table=community_maildomains_dkim?keycol=id?datacol=domain,selector,privateKey

Thanks for any help!

Best regards,
Merijn

[futatuki]

From the code to parse dsn, dsn parser uses dkimf_db_nextpunct() for tokenize, which uses escape expression like "=XY" where XY is 2 hexadecimal digit.

However there is no code to decode those escape expressions: the parser hold the token as is in dsn->dsn_password: the dsn->dsn_password is passed to odbx_bind() as cred argment as is.

So there is no way to pass the password which contains ':', '/', '@', '+', '?', and '='.

[mschering]

Thanks for getting back to me! It’s a pity that we have to live with that limitation. I guess we’ll have to advise our users not to use those chars in the MySQL password.

Best regards,
Merijn

[thegushi]

Thanks for the report. You have diagnosed this correctly -- the =XY escape mechanism in the DSN parser was never decoded when storing the credential fields, so there was no working way to include special characters in a password (or username, host, etc.).

We have a fix in thegushi/OpenDKIM on the fix/issue-248-dsn-special-chars branch (commit 12edab7). It decodes the escape sequences for all DSN credential fields after parsing, and also fixes a typo in the hex digit decoder that caused lowercase hex digits a-e to decode incorrectly.

Since you have hit this in production, you are welcome to cherry-pick that commit and try it out. That said, this path does not get a lot of test coverage so we would appreciate any feedback before it goes upstream.

To encode special characters in your DSN, replace them with =XY where XY is the uppercase two-digit hex value -- for example @ becomes =40, : becomes =3A, / becomes =2F, = becomes =3D.

[mschering]

Thanks! I'm not so familiar with building c. If you have a custom build for me to test on Debian trixie I'd be happy to test it!