Re: [Exim] authenticator/lookup problem

Top Page
Delete this message
Reply to this message
Author: Philip Hazel
Date:  
To: Frank Elsner
CC: exim-users
Subject: Re: [Exim] authenticator/lookup problem
On Thu, 25 Jan 2001, Frank Elsner wrote:

> plain:
>   driver = plaintext
>   public_name = PLAIN
>   server_condition = \
>    "${if or {\
>    {crypteq {$3} {${lookup{$2}dbm{DBM/auth/mailszrz}{$value}}}}\
>    {crypteq {$3} {${lookup{$2}dbm{DBM/auth/linux}{$value}}}}\
>    {crypteq {$3} {${lookup{$2}dbm{DBM/auth/sp}{$value}}}}\
>    }{yes}{no} }"
>   server_set_id = $2

>
> When fed with incorrect authentication data it incorrectly succeeds, strange.


Oh dear. You seem to have uncovered a nasty bug. The failing of the
lookup results in a blank string, and I have just tested

${if crypteq{abcde}{}{yes}{no}}

and it gives the answer "yes". This must be some artefact of the way the
code handles "crypteq". I will investigate it after lunch and post a
patch.

Meanwhile, however, you can easily get round the problem by supplying a
junk, non-empty string when the lookups fail. After each {$value} insert
{junk}.

-- 
Philip Hazel            University of Cambridge Computing Service,
ph10@???      Cambridge, England. Phone: +44 1223 334714.