Re: [exim] A question on SMTP AUTH MySQL and Conditional Syn…

Top Page
Delete this message
Reply to this message
Author: Ron White
Date:  
CC: exim-users
Subject: Re: [exim] A question on SMTP AUTH MySQL and Conditional Syntax
On Fri, 2010-04-23 at 16:02 +0200, Chris Wilson wrote:
> Hi Exim.Ml (I still don't know what your name is, which seems a little
> odd form),

Apologies. Corrected the profile.
>
> On Fri, 23 Apr 2010, exim.ml@??? wrote:
>
> >> or let the database do it:
> >>
> >>    select 1 from mailusers where email='${quote_mysql:$2}' and userpassword
> >>      = md5('${quote_mysql:$3}') and outbound = 1
> > That's what I was hoping to be able to do. Where I am getting confused
> > (and you've picked it up) was this line:

> >
> > crypteq {$3}{\{sha1\}
> > I can't honestly decipher that (yet) but a guess would be that it
> > results in the salted hash 1 of $3 - which you are quite right, I don't
> > want! (I suspect I've pinched this example from someone who has
> > passwords in a MySQL database al la SHA1).
>
> Yes, and you might be able to change SHA1 to MD5 and it might just work,
> as you suggested below, but I'm not sure.
>
> > My confusion stems from the test for {yes}{no} and crypteq{$3}. In my
> > logic I would assume that Exim is this testing the value of crypteq{$3}
> > against the database return??? But I think I wholly wrong on that
> > because your SELECT 1 WHERE .... example would break that theory. If it
> > worked the way I thought it worked I could probably do:
> >
> > crypteq {$3}{\{md5\} ...
> >
> > But I'm starting to think that if the database gets a hit - then ${s3}
> > gets the {yes} ELSE it gets the {no}. If I've got that bit right Chris
> > then I've finally 'got' something fundamental with Exim logic today and
> > I'm indebted to you - thanks!
>
> You would leave out the crypteq entirely if you write the condition the
> way that I proposed. Then exim gets "1" from the database if it finds a
> matching username and password record, and nothing (lookup failure) if it
> doesn't, which count as true and false as far as the condition is
> concerned.


Can I just focus on this to clear up some misunderstanding which is
probably really important to the logic of Exim as a whole?

'Chunking' that down and switching to a 'login' example I get:
login:
driver = plaintext
public_name = LOGIN
server_prompts = "Username:: : Password::"
server_condition = ${lookup mysql{SELECT 1 from mailusers
WHERE email='${quote_mysql:$2}' AND userpassword
= md5('${quote_mysql:$3}') and outbound = 1}}
server_set_id = $1

So that I'm clear, if 'server_condition' fails/is false the
server_set_id = $1 will never execute? It will have the value a false
value?


Not that I need to use it, but I think I misunderstood the whole:
crypteq {$3} line. I'm not clear on if this syntax if I'm honest and
what actually happens.

server_condition = ${if crypteq {$3}{\{whateva\}${lookup mysql{ SELECT
userpassword FROM mailusers WHERE some_condition.....\}}}{yes}{no}}

My best guess is that this says if the result of this:
crypteq {$3}{\{whateva\}
Matches the result of the database return the condition is {yes} that is
to day 'true', whereas if the two do not match it is {no} (false).

It's a touch confusing because I also see statements that terminate like
this: {1}fail}. My (warped) logic would say to me that means the same
thing? 1 is true whereas fail is false???? If I can get these clear in
my head it would be a big help.

> > I don't like to ask and put people out and I appreciate the time you
> > have taken to put me right. Thank you.
>
> It's no problem, this list exists to answer technical questions of
> Exim users, there's no need to apologise for using it the way it was
> intended. You could use your real name, though.


Sure, sorry. It's Ron.

>
> Cheers, Chris.
> -- 
> _ ___ __     _
>   / __/ / ,__(_)_  | Chris Wilson <0000 at qwirx.com> - Cambs UK |
> / (_/ ,\/ _/ /_ \ | Security/C/C++/Java/Perl/SQL/HTML Developer |
> \ _/_/_/_//_/___/ | We are GNU-free your mind-and your software |

>