Re: [exim] Unable to authenticate at present (set_id=usernam…

Top Pagina
Delete this message
Reply to this message
Auteur: Thomas Stein
Datum:  
Aan: exim-users
Onderwerp: Re: [exim] Unable to authenticate at present (set_id=username): missing or misplaced { or }
On Monday 04 January 2016 16:04:48 Jeremy Harris wrote:
> On 04/01/16 12:53, Thomas Stein wrote:
> > Am 04.01.16 um 13:40 schrieb Jeremy Harris:
> >> On 02/01/16 12:14, Thomas Stein wrote:
> >>> Wrong user:
> >>>
> >>> exim # exim -be '${if exists{/etc/exim/passwd}
> >>> {${lookup{eitadmin}lsearch{/etc/exim/paur sswd} {${if crypteq{test}
> >>> {\{md5\}${extract{1}{:}{$value}{$value}fail}} {true}{false} }} {${if
> >>> pam{eitadmin:${sg{MyPassw0rd}{:}{::}} } {true}{false}} } }} {${if
> >>> pam{eitadmin:${sg{MyPassw0rdaaa}{:}{::}} } {true}{false}} }}'
> >>> Failed: missing or misplaced { or }
> >>
> >> Try laying out that with all the matching brackets carefully
> >> vertically aligned. Does the layout match the syntax
> >> and semantics of each component?
> >
> > Well, it has to because if i use a user which exists in /etc/exim/passwd
> > everything works as expected. But i tried your suggestion anyway. Looks
> > good to me.
>
> OK, next add a debug option "-d-all+expand+lookup". This will show the
> processing flow of the expansion. Where does it first see a problem?


Hi Jeremy.

Thanks for your help. Here the output with "-d-all+expand+lookup". Don't
really know what it means. I shortend the construct a little bit. Skipped the
pam section.

With existing user:

serve ~ # exim -d-all+expand+lookup -be '${if exists{/etc/exim/passwd} 
{${lookup{testuser}lsearch{/etc/exim/passwd} {${if crypteq{test}
{\{md5\}${extract{1}{:}{$value}{$value}fail}} {true}{false} }} }}}'
Exim version 4.87_RC2 uid=0 gid=0 pid=15854 D=10100
Berkeley DB: Berkeley DB 6.0.30: (January 23, 2014)
Support for: crypteq iconv() PAM Perl TCPwrappers OpenSSL Content_Scanning 
Old_Demime DKIM DNSSEC Event OCSP PRDR Experimental_SPF
Lookups (built-in): lsearch wildlsearch nwildlsearch iplsearch cdb dbm dbmjz 
dbmnz dnsdb dsearch passwd
Authenticators: cram_md5 plaintext spa
Routers: accept dnslookup ipliteral manualroute queryprogram redirect
Transports: appendfile/maildir/mailstore autoreply pipe smtp
Fixed never_users: 0
Size of off_t: 8
Compiler: GCC [5.3.0]
Library version: OpenSSL: Compile: OpenSSL 1.0.2d 9 Jul 2015
                          Runtime: OpenSSL 1.0.2e 3 Dec 2015
                                 : built on: reproducible build, date 
unspecified
Library version: PCRE: Compile: 8.35
                       Runtime: 8.35 2014-04-04
Total 12 lookups
WHITELIST_D_MACROS unset
TRUSTED_CONFIG_LIST unset
configuration file is /etc/exim/exim.conf
log selectors = 00000ffc 10332001
trusted user
admin user
expanding: /etc/exim/passwd
   result: /etc/exim/passwd
condition: exists{/etc/exim/passwd}
   result: true
expanding: testuser
   result: testuser
expanding: /etc/exim/passwd
   result: /etc/exim/passwd
search_open: lsearch "/etc/exim/passwd"
search_find: file="/etc/exim/passwd"
  key="testuser" partial=-1 affix=NULL starflags=0
LRU list:
  7/etc/exim/passwd
  End
internal_search_find: file="/etc/exim/passwd"
  type=lsearch key="testuser"
file lookup required for testuser
  in /etc/exim/passwd
lookup yielded: 098f6bcd4621d373cade4e832627b4f6:test
expanding: test
   result: test
expanding: 1
   result: 1
expanding: :
   result: :
expanding: $value
   result: 098f6bcd4621d373cade4e832627b4f6:test
expanding: $value
   result: 098f6bcd4621d373cade4e832627b4f6
expanding: \{md5\}${extract{1}{:}{$value}{$value}fail}
   result: {md5}098f6bcd4621d373cade4e832627b4f6
condition: crypteq{test}{\{md5\}${extract{1}{:}{$value}{$value}fail}}
   result: true
expanding: true
   result: true
expanding: false
   result: false
skipping: result is not used
expanding: ${if crypteq{test}{\{md5\}${extract{1}{:}{$value}{$value}fail}} 
{true}{false} }
   result: true
expanding: ${lookup{testuser}lsearch{/etc/exim/passwd} {${if crypteq{test}
{\{md5\}${extract{1}{:}{$value}{$value}fail}} {true}{false} }} }
   result: true
expanding: ${if exists{/etc/exim/passwd} 
{${lookup{testuser}lsearch{/etc/exim/passwd} {${if crypteq{test}
{\{md5\}${extract{1}{:}{$value}{$value}fail}} {true}{false} }} }}}
   result: true
true
search_tidyup called

>>>>>>>>>>>>>>>> Exim pid=15854 terminating with rc=0 >>>>>>>>>>>>>>>>


With not existing user:

serve ~ # exim -d-all+expand+lookup -be '${if exists{/etc/exim/passwd} 
{${lookup{test}lsearch{/etc/exim/passwd} {${if crypteq{test}
{\{md5\}${extract{1}{:}{$value}{$value}fail}} {true}{false} }} }}}'
Exim version 4.87_RC2 uid=0 gid=0 pid=15952 D=10100
Berkeley DB: Berkeley DB 6.0.30: (January 23, 2014)
Support for: crypteq iconv() PAM Perl TCPwrappers OpenSSL Content_Scanning 
Old_Demime DKIM DNSSEC Event OCSP PRDR Experimental_SPF
Lookups (built-in): lsearch wildlsearch nwildlsearch iplsearch cdb dbm dbmjz 
dbmnz dnsdb dsearch passwd
Authenticators: cram_md5 plaintext spa
Routers: accept dnslookup ipliteral manualroute queryprogram redirect
Transports: appendfile/maildir/mailstore autoreply pipe smtp
Fixed never_users: 0
Size of off_t: 8
Compiler: GCC [5.3.0]
Library version: OpenSSL: Compile: OpenSSL 1.0.2d 9 Jul 2015
                          Runtime: OpenSSL 1.0.2e 3 Dec 2015
                                 : built on: reproducible build, date 
unspecified
Library version: PCRE: Compile: 8.35
                       Runtime: 8.35 2014-04-04
Total 12 lookups
WHITELIST_D_MACROS unset
TRUSTED_CONFIG_LIST unset
configuration file is /etc/exim/exim.conf
log selectors = 00000ffc 10332001
trusted user
admin user
expanding: /etc/exim/passwd
   result: /etc/exim/passwd
condition: exists{/etc/exim/passwd}
   result: true
expanding: test
   result: test
expanding: /etc/exim/passwd
   result: /etc/exim/passwd
search_open: lsearch "/etc/exim/passwd"
search_find: file="/etc/exim/passwd"
  key="test" partial=-1 affix=NULL starflags=0
LRU list:
  7/etc/exim/passwd
  End
internal_search_find: file="/etc/exim/passwd"
  type=lsearch key="test"
file lookup required for test
  in /etc/exim/passwd
lookup failed
expanding: test
   result: test
skipping: result is not used
expanding: 1
   result: 1
skipping: result is not used
expanding: :
   result: :
skipping: result is not used
expanding: $value
   result: 
skipping: result is not used
expanding: $value
   result: 
skipping: result is not used
failed to expand: \{md5\}${extract{1}{:}{$value}{$value}fail}} {true}{false} 
}} }}}
   error message: missing or misplaced { or }
failed to expand: ${if crypteq{test}{\{md5\}${extract{1}{:}{$value}
{$value}fail}} {true}{false} }} }}}
   error message: missing or misplaced { or }
failed to expand: ${lookup{test}lsearch{/etc/exim/passwd} {${if crypteq{test}
{\{md5\}${extract{1}{:}{$value}{$value}fail}} {true}{false} }} }}}
   error message: missing or misplaced { or }
failed to expand: ${if exists{/etc/exim/passwd} 
{${lookup{test}lsearch{/etc/exim/passwd} {${if crypteq{test}
{\{md5\}${extract{1}{:}{$value}{$value}fail}} {true}{false} }} }}}
   error message: missing or misplaced { or }
Failed: missing or misplaced { or }
search_tidyup called

>>>>>>>>>>>>>>>> Exim pid=15952 terminating with rc=0 >>>>>>>>>>>>>>>>


It seems to me that "\{md5\}${extract{1}" does not expand if the user does not
exist in /etc/exim/passwd.

(fyi, i changed the password already)

cheers
t.