Re: [exim] A question on SMTP AUTH MySQL and Conditional Syn…

Pàgina inicial
Delete this message
Reply to this message
Autor: Chris Wilson
Data: 2010-04-23 14:02 -000
A: exim.ml@riotm.co.uk
CC: exim-users
Assumpte: Re: [exim] A question on SMTP AUTH MySQL and Conditional Syntax
Hi Exim.Ml (I still don't know what your name is, which seems a little
odd form),

On Fri, 23 Apr 2010, exim.ml@??? wrote:

>> or let the database do it:
>>
>>    select 1 from mailusers where email='${quote_mysql:$2}' and userpassword
>>      = md5('${quote_mysql:$3}') and outbound = 1
> That's what I was hoping to be able to do. Where I am getting confused
> (and you've picked it up) was this line:

>
> crypteq {$3}{\{sha1\}
> I can't honestly decipher that (yet) but a guess would be that it
> results in the salted hash 1 of $3 - which you are quite right, I don't
> want! (I suspect I've pinched this example from someone who has
> passwords in a MySQL database al la SHA1).


Yes, and you might be able to change SHA1 to MD5 and it might just work,
as you suggested below, but I'm not sure.

> My confusion stems from the test for {yes}{no} and crypteq{$3}. In my
> logic I would assume that Exim is this testing the value of crypteq{$3}
> against the database return??? But I think I wholly wrong on that
> because your SELECT 1 WHERE .... example would break that theory. If it
> worked the way I thought it worked I could probably do:
>
> crypteq {$3}{\{md5\} ...
>
> But I'm starting to think that if the database gets a hit - then ${s3}
> gets the {yes} ELSE it gets the {no}. If I've got that bit right Chris
> then I've finally 'got' something fundamental with Exim logic today and
> I'm indebted to you - thanks!


You would leave out the crypteq entirely if you write the condition the
way that I proposed. Then exim gets "1" from the database if it finds a
matching username and password record, and nothing (lookup failure) if it
doesn't, which count as true and false as far as the condition is
concerned.

> I don't like to ask and put people out and I appreciate the time you
> have taken to put me right. Thank you.


It's no problem, this list exists to answer technical questions of
Exim users, there's no need to apologise for using it the way it was
intended. You could use your real name, though.

Cheers, Chris.
-- 
_ ___ __     _
  / __/ / ,__(_)_  | Chris Wilson <0000 at qwirx.com> - Cambs UK |
/ (_/ ,\/ _/ /_ \ | Security/C/C++/Java/Perl/SQL/HTML Developer |
\ _/_/_/_//_/___/ | We are GNU-free your mind-and your software |