Re: [Exim] Not your normal SMTP-Auth problem?

Top Page
Delete this message
Reply to this message
Author: Philip Hazel
Date:  
To: daniel-ml-reply
CC: exim-users
Subject: Re: [Exim] Not your normal SMTP-Auth problem?
On Wed, 9 Jan 2002, Daniel Einspanjer wrote:

> Both my plain and my login authenticators are broken under 3.34. I
> ran with full debug mode, but I was never able to see any more
> information than what was in my prior post. Here are my two
> authenticators:


(I've made a note that "debug_print" would be useful in authenticators.)

> plain:
> driver = plaintext
> public_name = PLAIN
> server_condition = "${if and {{!eq{$2}{}}{!eq{$3}{}} {crypteq{$3}{${extract{2}{:} {${lookup mysql{select password_hash from popbox where mbox_name = '${local_part:$2}' and domain_name = '${domain:$2}'} {$value}{fail}}}}}}}{1}{0}}"
> server_set_id = $2


I've remembered about the problem someone else had. It was caused by
this change:

1. Check for string shorter than 2 chars for the second argument of
crypteq, and force failure. Otherwise, with an empty string, it gives a
false positive.

This doesn't seem to be likely in your case because your problem is when
the lookup succeeds (I presume), and in any case you have the string
"fail" in the failure case and that is longer than 2.

I'm afraid the only way I can think of debugging this is to add
additional debugging statements to the code. At line 979 in the source
file expand.c there is the code

      /* If the encrypted string contains fewer than two characters (for the
      salt), force failure. Otherwise we get false positives: with an empty
      string the yield of crypt() is an empty string! */


      *yield = (strlen(sub[1]) < 2)? !testfor :
        (strcmp(crypt(CS sub[0], CS sub[1]), sub[1]) == 0) == testfor;
      }


The strings being compared are by this time in sub[0] and sub[1], so it
might be instructive to print them out. Add this line

      debug_printf("+++sub[0]=%s\n+++sub[1]=%s\n", sub[0], sub[1]);


and then do a debugging run again... and send me the output.

--
Philip Hazel            University of Cambridge Computing Service,
ph10@???      Cambridge, England. Phone: +44 1223 334714.