On Monday 04 January 2016 16:04:48 Jeremy Harris wrote:
> On 04/01/16 12:53, Thomas Stein wrote:
> > Am 04.01.16 um 13:40 schrieb Jeremy Harris:
> >> On 02/01/16 12:14, Thomas Stein wrote:
> >>> Wrong user:
> >>>
> >>> exim # exim -be '${if exists{/etc/exim/passwd}
> >>> {${lookup{eitadmin}lsearch{/etc/exim/paur sswd} {${if crypteq{test}
> >>> {\{md5\}${extract{1}{:}{$value}{$value}fail}} {true}{false} }} {${if
> >>> pam{eitadmin:${sg{MyPassw0rd}{:}{::}} } {true}{false}} } }} {${if
> >>> pam{eitadmin:${sg{MyPassw0rdaaa}{:}{::}} } {true}{false}} }}'
> >>> Failed: missing or misplaced { or }
> >>
> >> Try laying out that with all the matching brackets carefully
> >> vertically aligned. Does the layout match the syntax
> >> and semantics of each component?
> >
> > Well, it has to because if i use a user which exists in /etc/exim/passwd
> > everything works as expected. But i tried your suggestion anyway. Looks
> > good to me.
>
> OK, next add a debug option "-d-all+expand+lookup". This will show the
> processing flow of the expansion. Where does it first see a problem?
Hi Jeremy.
Thanks for your help. Here the output with "-d-all+expand+lookup". Don't
really know what it means. I shortend the construct a little bit. Skipped the
pam section.
With existing user:
serve ~ # exim -d-all+expand+lookup -be '${if exists{/etc/exim/passwd}
{${lookup{testuser}lsearch{/etc/exim/passwd} {${if crypteq{test}
{\{md5\}${extract{1}{:}{$value}{$value}fail}} {true}{false} }} }}}'
Exim version 4.87_RC2 uid=0 gid=0 pid=15854 D=10100
Berkeley DB: Berkeley DB 6.0.30: (January 23, 2014)
Support for: crypteq iconv() PAM Perl TCPwrappers OpenSSL Content_Scanning
Old_Demime DKIM DNSSEC Event OCSP PRDR Experimental_SPF
Lookups (built-in): lsearch wildlsearch nwildlsearch iplsearch cdb dbm dbmjz
dbmnz dnsdb dsearch passwd
Authenticators: cram_md5 plaintext spa
Routers: accept dnslookup ipliteral manualroute queryprogram redirect
Transports: appendfile/maildir/mailstore autoreply pipe smtp
Fixed never_users: 0
Size of off_t: 8
Compiler: GCC [5.3.0]
Library version: OpenSSL: Compile: OpenSSL 1.0.2d 9 Jul 2015
Runtime: OpenSSL 1.0.2e 3 Dec 2015
: built on: reproducible build, date
unspecified
Library version: PCRE: Compile: 8.35
Runtime: 8.35 2014-04-04
Total 12 lookups
WHITELIST_D_MACROS unset
TRUSTED_CONFIG_LIST unset
configuration file is /etc/exim/exim.conf
log selectors = 00000ffc 10332001
trusted user
admin user
expanding: /etc/exim/passwd
result: /etc/exim/passwd
condition: exists{/etc/exim/passwd}
result: true
expanding: testuser
result: testuser
expanding: /etc/exim/passwd
result: /etc/exim/passwd
search_open: lsearch "/etc/exim/passwd"
search_find: file="/etc/exim/passwd"
key="testuser" partial=-1 affix=NULL starflags=0
LRU list:
7/etc/exim/passwd
End
internal_search_find: file="/etc/exim/passwd"
type=lsearch key="testuser"
file lookup required for testuser
in /etc/exim/passwd
lookup yielded: 098f6bcd4621d373cade4e832627b4f6:test
expanding: test
result: test
expanding: 1
result: 1
expanding: :
result: :
expanding: $value
result: 098f6bcd4621d373cade4e832627b4f6:test
expanding: $value
result: 098f6bcd4621d373cade4e832627b4f6
expanding: \{md5\}${extract{1}{:}{$value}{$value}fail}
result: {md5}098f6bcd4621d373cade4e832627b4f6
condition: crypteq{test}{\{md5\}${extract{1}{:}{$value}{$value}fail}}
result: true
expanding: true
result: true
expanding: false
result: false
skipping: result is not used
expanding: ${if crypteq{test}{\{md5\}${extract{1}{:}{$value}{$value}fail}}
{true}{false} }
result: true
expanding: ${lookup{testuser}lsearch{/etc/exim/passwd} {${if crypteq{test}
{\{md5\}${extract{1}{:}{$value}{$value}fail}} {true}{false} }} }
result: true
expanding: ${if exists{/etc/exim/passwd}
{${lookup{testuser}lsearch{/etc/exim/passwd} {${if crypteq{test}
{\{md5\}${extract{1}{:}{$value}{$value}fail}} {true}{false} }} }}}
result: true
true
search_tidyup called
>>>>>>>>>>>>>>>> Exim pid=15854 terminating with rc=0 >>>>>>>>>>>>>>>>
With not existing user:
serve ~ # exim -d-all+expand+lookup -be '${if exists{/etc/exim/passwd}
{${lookup{test}lsearch{/etc/exim/passwd} {${if crypteq{test}
{\{md5\}${extract{1}{:}{$value}{$value}fail}} {true}{false} }} }}}'
Exim version 4.87_RC2 uid=0 gid=0 pid=15952 D=10100
Berkeley DB: Berkeley DB 6.0.30: (January 23, 2014)
Support for: crypteq iconv() PAM Perl TCPwrappers OpenSSL Content_Scanning
Old_Demime DKIM DNSSEC Event OCSP PRDR Experimental_SPF
Lookups (built-in): lsearch wildlsearch nwildlsearch iplsearch cdb dbm dbmjz
dbmnz dnsdb dsearch passwd
Authenticators: cram_md5 plaintext spa
Routers: accept dnslookup ipliteral manualroute queryprogram redirect
Transports: appendfile/maildir/mailstore autoreply pipe smtp
Fixed never_users: 0
Size of off_t: 8
Compiler: GCC [5.3.0]
Library version: OpenSSL: Compile: OpenSSL 1.0.2d 9 Jul 2015
Runtime: OpenSSL 1.0.2e 3 Dec 2015
: built on: reproducible build, date
unspecified
Library version: PCRE: Compile: 8.35
Runtime: 8.35 2014-04-04
Total 12 lookups
WHITELIST_D_MACROS unset
TRUSTED_CONFIG_LIST unset
configuration file is /etc/exim/exim.conf
log selectors = 00000ffc 10332001
trusted user
admin user
expanding: /etc/exim/passwd
result: /etc/exim/passwd
condition: exists{/etc/exim/passwd}
result: true
expanding: test
result: test
expanding: /etc/exim/passwd
result: /etc/exim/passwd
search_open: lsearch "/etc/exim/passwd"
search_find: file="/etc/exim/passwd"
key="test" partial=-1 affix=NULL starflags=0
LRU list:
7/etc/exim/passwd
End
internal_search_find: file="/etc/exim/passwd"
type=lsearch key="test"
file lookup required for test
in /etc/exim/passwd
lookup failed
expanding: test
result: test
skipping: result is not used
expanding: 1
result: 1
skipping: result is not used
expanding: :
result: :
skipping: result is not used
expanding: $value
result:
skipping: result is not used
expanding: $value
result:
skipping: result is not used
failed to expand: \{md5\}${extract{1}{:}{$value}{$value}fail}} {true}{false}
}} }}}
error message: missing or misplaced { or }
failed to expand: ${if crypteq{test}{\{md5\}${extract{1}{:}{$value}
{$value}fail}} {true}{false} }} }}}
error message: missing or misplaced { or }
failed to expand: ${lookup{test}lsearch{/etc/exim/passwd} {${if crypteq{test}
{\{md5\}${extract{1}{:}{$value}{$value}fail}} {true}{false} }} }}}
error message: missing or misplaced { or }
failed to expand: ${if exists{/etc/exim/passwd}
{${lookup{test}lsearch{/etc/exim/passwd} {${if crypteq{test}
{\{md5\}${extract{1}{:}{$value}{$value}fail}} {true}{false} }} }}}
error message: missing or misplaced { or }
Failed: missing or misplaced { or }
search_tidyup called
>>>>>>>>>>>>>>>> Exim pid=15952 terminating with rc=0 >>>>>>>>>>>>>>>>
It seems to me that "\{md5\}${extract{1}" does not expand if the user does not
exist in /etc/exim/passwd.
(fyi, i changed the password already)
cheers
t.