[exim] expansion error in OAuth2 client authenticator

Top Page
Delete this message
Reply to this message
Author: Victor Ustugov
Date:  
To: exim-users
Subject: [exim] expansion error in OAuth2 client authenticator
Hello.

# uname -sr
FreeBSD 13.1-RELEASE-p6

# pkg info -E exim
exim-4.96

exim compiled with all the patches from exim4_4.96-14
https://packages.debian.org/source/sid/exim4


I try to setup OAuth2 client authenticator:

 client_oauth2:
  driver      = plaintext
  public_name = XOAUTH2
  client_send = ${lookup{$host<@>$sender_address<@>oauth2}\
   lsearch*{CONFDIR/smtpauthdb}{${expand:$value}}fail}



When I sent a test message, I got an error message in the
/var/log/exim/mainlog:

2023-03-11 23:03:13 [2340] 1pb6Mz-0000bk-0v <= v.corvax.test@???
U=root P=local S=610
2023-03-11 23:03:13 [2341] 1pb6Mz-0000bk-0v == oauth2-test@???
R=mailertable_smtp T=remote_smtp defer (-48): expansion of "${expand"
failed in client_oauth2 authenticator: "${expand" is not a known
operator (or a } is missing in a variable reference)


But value of client_send is correct. I checked it with exim -be.

without ${expand:

# exim -be
'${lookup{smtp.gmail.com<@>v.corvax.test@???<@>oauth2}lsearch*{/usr/local/etc/exim/smtpauthdb}{$value}fail}'
${run{/bin/sh -c
/usr/local/bin/get_oauth2_access_token-v.corvax.test@???}{$value}{$value}}


with ${expand:

# exim -be
'${lookup{smtp.gmail.com<@>v.corvax.test@???<@>oauth2}lsearch*{/usr/local/etc/exim/smtpauthdb}{${expand:$value}}fail}'
user=v.corvax.test@???=Bearer ya29..............FQ0166


I obfuscated part of the result for obvious reasons.

If I replace ${lookup directly with ${run, then everything works properly.

 client_oauth2:
  driver      = plaintext
  public_name = XOAUTH2
  client_send = ${run{/bin/sh -c
/usr/local/bin/get_oauth2_access_token-v.corvax.test@???}{$value}{$value}}



/var/log/exim/mainlog:

2023-03-11 23:20:52 [11092] 1pb6e4-0002su-2w <= v.corvax.test@???
U=root P=local S=610
2023-03-11 23:20:54 [11093] 1pb6e4-0002su-2w => corvax@???
R=mailertable_smtp T=remote_smtp H=smtp.gmail.com [172.253.116.109]
I=[185.187.81.20] X=TLS1.3:TLS_AES_256_GCM_SHA384:256 CV=yes
A=client_oauth2 C="250 2.0.0 OK 1678569654
f4-20020a5d4dc4000000b002c56179d39esm3317181wru.44 - gsmtp"
2023-03-11 23:20:54 [11093] 1pb6e4-0002su-2w Completed QT=1s


So I think it's a bug.


--
Best wishes Victor Ustugov
mailto:victor@corvax.kiev.ua