Re: [exim] DB lookup for PLAIN authentication doesn't work

Kezdőlap
Üzenet törlése
Válasz az üzenetre
Szerző: Todd Lyons
Dátum:  
Címzett: ml
CC: exim-users@exim.org
Tárgy: Re: [exim] DB lookup for PLAIN authentication doesn't work
On Mon, Apr 29, 2013 at 2:39 AM, John Burnham
<John.Burnham@???> wrote:
>>
>> PLAIN (doesn't work)
>> ---------------------/-----------------------
>> plain:
>>   driver= plaintext
>>   public_name= PLAIN
>>   server_prompts= :
>>   server_condition = ${if crypteq{$3}{${lookup pgsql{SELECT passwd FROM
>> mail_box WHERE \
>>                                                 local_part='${quote_pgsql:${local_part:$1}}'
>> AND \
>>                                                 domain_name='${quote_pgsql:${domain:$1}}'}}\
>>                                }\
>>                      {yes}{no}}
>>   server_set_id= $2
>> ---------------------/-----------------------

>>
>> The query is exactly the same. So, what is going wrong here?
>
> In PLAIN, $auth2 is the username and $auth3 is the password . See
>
> http://www.exim.org/exim-html-current/doc/html/spec_html/ch-the_plaintext_authenticator.html
>
> so try:
>
> plain:
>   driver= plaintext
>   public_name= PLAIN
>   server_prompts= :
>   server_condition = ${if crypteq{$auth3}{${lookup pgsql{SELECT passwd FROM
> mail_box WHERE \
>                                                 local_part='${quote_pgsql:${local_part:$auth2}}'
> AND \
>                                                 domain_name='${quote_pgsql:${domain:$auth2}}'}}\
>                                }\
>                      {yes}{no}}
>   server_set_id= $auth2

>
> (You can use $2 and $3 instead of $auth2 and $auth3 but that's for backwards compatibility).


What John said. Plus I also suggest adding a little extra checking to
the condition tests. I also make sure that the fields coming in are
not blank:

plain:
  driver = plaintext
  public_name = PLAIN
  server_prompts = :
  server_condition = ${if and { \
        {!eq{$auth2}{}} \
        {!eq{$auth3}{}} \
        { crypteq{$auth3}{\{crypt\}${lookup mysql{SELECT password FROM
user,email,domain WHERE user.name='${quote_mysql:$auth2}' AND
user.email_id=email.id AND email.domain_id=domain.id AND
email.active=1;}{$value}fail}} } \
        } {1}{0}}
  server_set_id = $auth2


...Todd
--
The total budget at all receivers for solving senders' problems is $0.
If you want them to accept your mail and manage it the way you want,
send it the way the spec says to. --John Levine