Re: [exim] Unable to authenticate at present (set_id=usernam…

Pàgina inicial
Delete this message
Reply to this message
Autor: Thomas Stein
Data:  
A: exim-users
Assumpte: Re: [exim] Unable to authenticate at present (set_id=username): missing or misplaced { or }
On 2016-01-04 19:16, Thomas Stein wrote:
> On Monday 04 January 2016 16:04:48 Jeremy Harris wrote:
>> On 04/01/16 12:53, Thomas Stein wrote:
>> > Am 04.01.16 um 13:40 schrieb Jeremy Harris:
>> >> On 02/01/16 12:14, Thomas Stein wrote:
>> >>> Wrong user:
>> >>>
>> >>> exim # exim -be '${if exists{/etc/exim/passwd}
>> >>> {${lookup{eitadmin}lsearch{/etc/exim/paur sswd} {${if crypteq{test}
>> >>> {\{md5\}${extract{1}{:}{$value}{$value}fail}} {true}{false} }} {${if
>> >>> pam{eitadmin:${sg{MyPassw0rd}{:}{::}} } {true}{false}} } }} {${if
>> >>> pam{eitadmin:${sg{MyPassw0rdaaa}{:}{::}} } {true}{false}} }}'
>> >>> Failed: missing or misplaced { or }
>> >>
>> >> Try laying out that with all the matching brackets carefully
>> >> vertically aligned. Does the layout match the syntax
>> >> and semantics of each component?
>> >
>> > Well, it has to because if i use a user which exists in /etc/exim/passwd
>> > everything works as expected. But i tried your suggestion anyway. Looks
>> > good to me.
>>
>> OK, next add a debug option "-d-all+expand+lookup". This will show
>> the
>> processing flow of the expansion. Where does it first see a problem?
>
> Hi Jeremy.
>
> Thanks for your help. Here the output with "-d-all+expand+lookup".
> Don't
> really know what it means. I shortend the construct a little bit.
> Skipped the
> pam section.
>
> With existing user:
>
> serve ~ # exim -d-all+expand+lookup -be '${if exists{/etc/exim/passwd}
> {${lookup{testuser}lsearch{/etc/exim/passwd} {${if crypteq{test}
> {\{md5\}${extract{1}{:}{$value}{$value}fail}} {true}{false} }} }}}'
> Exim version 4.87_RC2 uid=0 gid=0 pid=15854 D=10100
> Berkeley DB: Berkeley DB 6.0.30: (January 23, 2014)
> Support for: crypteq iconv() PAM Perl TCPwrappers OpenSSL 
> Content_Scanning
> Old_Demime DKIM DNSSEC Event OCSP PRDR Experimental_SPF
> Lookups (built-in): lsearch wildlsearch nwildlsearch iplsearch cdb dbm 
> dbmjz
> dbmnz dnsdb dsearch passwd
> Authenticators: cram_md5 plaintext spa
> Routers: accept dnslookup ipliteral manualroute queryprogram redirect
> Transports: appendfile/maildir/mailstore autoreply pipe smtp
> Fixed never_users: 0
> Size of off_t: 8
> Compiler: GCC [5.3.0]
> Library version: OpenSSL: Compile: OpenSSL 1.0.2d 9 Jul 2015
>                           Runtime: OpenSSL 1.0.2e 3 Dec 2015
>                                  : built on: reproducible build, date
> unspecified
> Library version: PCRE: Compile: 8.35
>                        Runtime: 8.35 2014-04-04
> Total 12 lookups
> WHITELIST_D_MACROS unset
> TRUSTED_CONFIG_LIST unset
> configuration file is /etc/exim/exim.conf
> log selectors = 00000ffc 10332001
> trusted user
> admin user
> expanding: /etc/exim/passwd
>    result: /etc/exim/passwd
> condition: exists{/etc/exim/passwd}
>    result: true
> expanding: testuser
>    result: testuser
> expanding: /etc/exim/passwd
>    result: /etc/exim/passwd
> search_open: lsearch "/etc/exim/passwd"
> search_find: file="/etc/exim/passwd"
>   key="testuser" partial=-1 affix=NULL starflags=0
> LRU list:
>   7/etc/exim/passwd
>   End
> internal_search_find: file="/etc/exim/passwd"
>   type=lsearch key="testuser"
> file lookup required for testuser
>   in /etc/exim/passwd
> lookup yielded: 098f6bcd4621d373cade4e832627b4f6:test
> expanding: test
>    result: test
> expanding: 1
>    result: 1
> expanding: :
>    result: :
> expanding: $value
>    result: 098f6bcd4621d373cade4e832627b4f6:test
> expanding: $value
>    result: 098f6bcd4621d373cade4e832627b4f6
> expanding: \{md5\}${extract{1}{:}{$value}{$value}fail}
>    result: {md5}098f6bcd4621d373cade4e832627b4f6
> condition: crypteq{test}{\{md5\}${extract{1}{:}{$value}{$value}fail}}
>    result: true
> expanding: true
>    result: true
> expanding: false
>    result: false
> skipping: result is not used
> expanding: ${if 
> crypteq{test}{\{md5\}${extract{1}{:}{$value}{$value}fail}}
> {true}{false} }
>    result: true
> expanding: ${lookup{testuser}lsearch{/etc/exim/passwd} {${if 
> crypteq{test}
> {\{md5\}${extract{1}{:}{$value}{$value}fail}} {true}{false} }} }
>    result: true
> expanding: ${if exists{/etc/exim/passwd}
> {${lookup{testuser}lsearch{/etc/exim/passwd} {${if crypteq{test}
> {\{md5\}${extract{1}{:}{$value}{$value}fail}} {true}{false} }} }}}
>    result: true
> true
> search_tidyup called
>>>>>>>>>>>>>>>>> Exim pid=15854 terminating with rc=0 >>>>>>>>>>>>>>>>

>
> With not existing user:
>
> serve ~ # exim -d-all+expand+lookup -be '${if exists{/etc/exim/passwd}
> {${lookup{test}lsearch{/etc/exim/passwd} {${if crypteq{test}
> {\{md5\}${extract{1}{:}{$value}{$value}fail}} {true}{false} }} }}}'
> Exim version 4.87_RC2 uid=0 gid=0 pid=15952 D=10100
> Berkeley DB: Berkeley DB 6.0.30: (January 23, 2014)
> Support for: crypteq iconv() PAM Perl TCPwrappers OpenSSL 
> Content_Scanning
> Old_Demime DKIM DNSSEC Event OCSP PRDR Experimental_SPF
> Lookups (built-in): lsearch wildlsearch nwildlsearch iplsearch cdb dbm 
> dbmjz
> dbmnz dnsdb dsearch passwd
> Authenticators: cram_md5 plaintext spa
> Routers: accept dnslookup ipliteral manualroute queryprogram redirect
> Transports: appendfile/maildir/mailstore autoreply pipe smtp
> Fixed never_users: 0
> Size of off_t: 8
> Compiler: GCC [5.3.0]
> Library version: OpenSSL: Compile: OpenSSL 1.0.2d 9 Jul 2015
>                           Runtime: OpenSSL 1.0.2e 3 Dec 2015
>                                  : built on: reproducible build, date
> unspecified
> Library version: PCRE: Compile: 8.35
>                        Runtime: 8.35 2014-04-04
> Total 12 lookups
> WHITELIST_D_MACROS unset
> TRUSTED_CONFIG_LIST unset
> configuration file is /etc/exim/exim.conf
> log selectors = 00000ffc 10332001
> trusted user
> admin user
> expanding: /etc/exim/passwd
>    result: /etc/exim/passwd
> condition: exists{/etc/exim/passwd}
>    result: true
> expanding: test
>    result: test
> expanding: /etc/exim/passwd
>    result: /etc/exim/passwd
> search_open: lsearch "/etc/exim/passwd"
> search_find: file="/etc/exim/passwd"
>   key="test" partial=-1 affix=NULL starflags=0
> LRU list:
>   7/etc/exim/passwd
>   End
> internal_search_find: file="/etc/exim/passwd"
>   type=lsearch key="test"
> file lookup required for test
>   in /etc/exim/passwd
> lookup failed
> expanding: test
>    result: test
> skipping: result is not used
> expanding: 1
>    result: 1
> skipping: result is not used
> expanding: :
>    result: :
> skipping: result is not used
> expanding: $value
>    result:
> skipping: result is not used
> expanding: $value
>    result:
> skipping: result is not used
> failed to expand: \{md5\}${extract{1}{:}{$value}{$value}fail}} 
> {true}{false}
> }} }}}
>    error message: missing or misplaced { or }
> failed to expand: ${if crypteq{test}{\{md5\}${extract{1}{:}{$value}
> {$value}fail}} {true}{false} }} }}}
>    error message: missing or misplaced { or }
> failed to expand: ${lookup{test}lsearch{/etc/exim/passwd} {${if 
> crypteq{test}
> {\{md5\}${extract{1}{:}{$value}{$value}fail}} {true}{false} }} }}}
>    error message: missing or misplaced { or }
> failed to expand: ${if exists{/etc/exim/passwd}
> {${lookup{test}lsearch{/etc/exim/passwd} {${if crypteq{test}
> {\{md5\}${extract{1}{:}{$value}{$value}fail}} {true}{false} }} }}}
>    error message: missing or misplaced { or }
> Failed: missing or misplaced { or }
> search_tidyup called
>>>>>>>>>>>>>>>>> Exim pid=15952 terminating with rc=0 >>>>>>>>>>>>>>>>

>
> It seems to me that "\{md5\}${extract{1}" does not expand if the user
> does not
> exist in /etc/exim/passwd.
>
> (fyi, i changed the password already)
>
> cheers
> t.


Any chance of getting this sorted out?

thanks and best regards
t.