Re: [exim] A question on SMTP AUTH MySQL and Conditional Syn…

Página superior
Eliminar este mensaje
Responder a este mensaje
Autor: Chris Wilson
Fecha:  
A: exim.ml@riotm.co.uk
Cc: exim-users
Asunto: Re: [exim] A question on SMTP AUTH MySQL and Conditional Syntax
Hi Exim.Ml,

On Fri, 23 Apr 2010, exim.ml@??? wrote:

> plain:
> driver                          = plaintext
> public_name                     = PLAIN
> #server_advertise_condition     = ${if eq{$tls_cipher}{}{no}{yes}}
> server_condition                = ${if crypteq {$3}{\{sha1\}${lookup
> mysql{ \
> SELECT userpassword \
> FROM mailusers \
> WHERE email='${quote_mysql:$2}' \
> AND outbound=1 \}}}{yes}{no}}
> server_set_id= $2

...
> That would be mighty fine if the password values in the backend MySQL
> database were not one-way hashed with: MD5('password').
>
> Other than the option of storing the passwords in the clear (or sticking
> with plan 'a' to use Dovecot), does anyone know how I could 'rephrase
> the question' directly in the authenticator to get the desired result?


Two ways, either use Exim's MD5 function:

http://www.exim-users.org/forums/showthread.php?p=211700

or let the database do it:

   select 1 from mailusers where email='${quote_mysql:$2}' and userpassword
     = md5('${quote_mysql:$3}') and outbound = 1


> Basically I need to translate into Exim:
> If the MD5 value of the (base64) decrypted value of $3 is equal to the
> database field 'userpassword' then the test succeeds (yes) - If not it
> fails (no) - or some other way of achieving the same thing?


By the way, base64 is not encryption, it's a very basic obfuscation at
best. Calling it "encryption" will get you tied up in knots with crypteq,
sha1 and md5.

Speaking of which, I really don't know what the call to "crypteq
{$3}{\{sha1\}" is doing in your condition. I don't think it should be
there.

> Apologies if the question is stupid. This is all quite new to me, but
> I'm clawing my way up the steep learning curve. Any useful comments or
> advice is gratefully received.


It's not a stupid question and you don't need to apologise for asking it.
It's the right level of technical detail for this list.

Cheers, Chris.
-- 
_ ___ __     _
  / __/ / ,__(_)_  | Chris Wilson <0000 at qwirx.com> - Cambs UK |
/ (_/ ,\/ _/ /_ \ | Security/C/C++/Java/Perl/SQL/HTML Developer |
\ _/_/_/_//_/___/ | We are GNU-free your mind-and your software |