Re: [Exim] Bug in MySQL/SMTP Authentication config code

Top Page
Delete this message
Reply to this message
Author: Wakko Warner
Date:  
To: The Computer Geek
CC: exim-users
Subject: Re: [Exim] Bug in MySQL/SMTP Authentication config code
> ---- SNIP ----
> login:
>   driver = plaintext
>   public_name = LOGIN
>   server_prompts = "Username:: : Password::"
>   server_condition = "${if eq{$2} \
>     {${lookup mysql{SELECT password FROM mailusers WHERE
> username='${local_part:$1}' \
>     and domain='${domain:$1}'}}}{yes}{no}}"
>   server_set_id = $1
> ---- END ----

>
> ---- CODE ----
>
> login:
>   driver = plaintext
>   public_name = LOGIN
>   server_prompts = "Username:: : Password::"
>   server_condition = "${if and {{!eq{$2}{}}{eq{$2} \
>     {${lookup mysql{SELECT password FROM mailusers WHERE
> username='${local_part:$1}' \
>     and domain='${domain:$1}'}}}}}{yes}{no}}"
>   server_set_id = $1

>
> ---- END CODE ----


I'm using the first one but there's a difference which causes the problem you
described to fail.

server_condition = ${if eq{$2}{${lookup mysql{select ...}\
                        {${if !eq{$value}{}{$value}fail}}\
                        fail\
                        }\
                }\
            {yes}{no}}


I did it this way for 2 reasons.
1) if user *DOES* exist but has no password, fail (line 2)
2) if user does not exist, fail. (line 3)

I can remove the ${if !eq{$value}{}{$value}fail} and replace it with $value
instead but any user w/o a password will authenticate however non-existant
users will never authenticate.

--
Lab tests show that use of micro$oft causes cancer in lab animals