[exim] exim4 calculate cram_md5 for authentication against m…

Top Page
Delete this message
Reply to this message
Author: Thomas Baumann
Date:  
To: exim users
Subject: [exim] exim4 calculate cram_md5 for authentication against mysql(smtp_auth)
Hello list,

I hope sb can help me. I've got problems with smtp_auth and cram_md5.

In my MYSQL database the passwords are stored as a md5_hex hash, caculated by

perl -MDigest::MD5=md5_hex -e 'print md5_hex($ARGV[0]),"\n"' password

Authentication for LOGIN or PLAIN works well, but CRAM_MD5 doesnt.

If I provide the md5_hex hashed password, the it works, when I have

cram_md5_server:
driver = cram_md5
public_name = CRAM-MD5
# wenn statt des kennworts der md5-hash uebergeben wird
server_secret = "${lookup mysql {SELECT password FROM user WHERE
mbox = '${sg
{$auth1}{'}{}}' AND active = '1';} {$value} fail}"
server_set_id = $auth1

+++ this works, but is wrong, because i cannot tell the user to
+++ use the perl function above....

19:52:41 30148 SMTP>> 250-test.example.local Hello client.example.com  
[10.10.21.24]
19:52:41 30148 250-SIZE 52428800
19:52:41 30148 250-PIPELINING
19:52:41 30148 250-AUTH CRAM-MD5
19:52:41 30148 250-STARTTLS
19:52:41 30148 250 HELP
19:52:43 30148 SMTP<< AUTH CRAM-MD5
19:52:43 30148 SMTP>> 334 PDMwMTQ4LjEyMTA2MjE5NjNAYXZtZnJpdHoubG9jYWw+
19:52:43 30148 SMTP<< ZGF2aWQgOThlMjliZjcwMjFiMmMyNDkwZGVkN2M3YjYwMjM2MTE=
19:52:43 30148 expanding: $auth1
19:52:43 30148    result: david
19:52:43 30148 expanding: '
19:52:43 30148    result: '
19:52:43 30148 expanding:
19:52:43 30148    result:
19:52:43 30148 expanding: SELECT password FROM user WHERE mbox = '${sg  
{$auth1}{'}{}}'
AND active = '1';
19:52:43 30148    result: SELECT password FROM user WHERE mbox =  
'david' AND active = '1';
19:52:43 30148 search_open: mysql "NULL"
19:52:43 30148 search_find: file="NULL"
19:52:43 30148   key="SELECT password FROM user WHERE mbox = 'david'  
AND active = '1';"
partial=-1 affix=NULL starflags=0
19:52:43 30148 LRU list:
19:52:43 30148 internal_search_find: file="NULL"
19:52:43 30148   type=mysql key="SELECT password FROM user WHERE mbox  
= 'david' AND
active = '1';"
19:52:43 30148 database lookup required for SELECT password FROM user  
WHERE mbox =
'david' AND active = '1';
19:52:43 30148 MYSQL query: SELECT password FROM user WHERE mbox =  
'david' AND active =
'1';
19:52:43 30148 lookup yielded: cbcecfe7118b84588beb52d2058c3016
19:52:43 30148 expanding: $value
19:52:43 30148    result: cbcecfe7118b84588beb52d2058c3016
19:52:43 30148 expanding: ${lookup mysql {SELECT password FROM user  
WHERE mbox = '${sg
{$auth1}{'}{}}' AND active = '1';} {$value} fail}
19:52:43 30148    result: cbcecfe7118b84588beb52d2058c3016
19:52:43 30148 CRAM-MD5: user name = david
19:52:43 30148           challenge = <30148.1210621963@???>
19:52:43 30148           received  = 98e29bf7021b2c2490ded7c7b6023611
19:52:43 30148           digest    = 98e29bf7021b2c2490ded7c7b6023611
19:52:43 30148 expanding: $auth1
19:52:43 30148    result: david
19:52:43 30148 SMTP>> 235 Authentication succeeded


I need a solution like this:

server_secret = "${lookup mysql {SELECT password FROM user WHERE
mbox = '${sg
{$auth1}{'}{}}' AND active = '1';} {${md5:$value}} fail}"

But here the ${md5:$value} is not correct yet, because cram_md5 is more than
just a md5_hex hash.

I hope sb can provide me a solution to calculate the correct comparator.

Thanks for any reply in advance.

Thomas.
--
http://www.tiri.li - http://inhalt.serviert.de

----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.