On 2024-05-16 Jeremy Harris via Exim-users <exim-users@lists.exim.org> wrote: > On 16/05/2024 18:03, Andreas Metzler via Exim-users wrote: >> On 2024-05-16 Slavko via Exim-users <exim-users@lists.exim.org> wrote: >> [...] >>> Anyway, would be great, if exim can use system's crypto library, >>> to support all system's password hash formats. >> crypteq should already do that.
> Unfortunately it does not. There is specific code handling > {md5} / {sha1} / {crypt} / {crypt16} spotted in the already-crypted > (second) argument, deciding what sort of encryption to apply to > the cleartext (first) argument before comparison. > Calling a ${perl } expansion in an authenticator's server_condition option > (thanks, Kai!) sounds like the best bet. Looks like you need > both Crypt::Blocwfish and Crypt::CBC though. Hello, I think you are mistaken or misunderstood me. Yes, if the hashed string has a specific prefix like {md5} then there is handling for a limited set of prefixes, however for the normal format as used in /etc/passwd or /etc/shadow that does not happen and the string is simply passed to on crypt(). Basic test: mkpasswd --method=descrypt blah /t3tzhUtpOFYY ametzler@argenau:~$ /usr/sbin/exim -be "\${if crypteq {blah}{\N$(mkpasswd --method=descrypt blah)\N}{yes}{no}}" yes ametzler@argenau:~$ /usr/sbin/exim -be "\${if crypteq {blah}{\N$(mkpasswd --method=descrypt wrongpasswd)\N}{yes}{no}}" no But this also works for newer methods: ametzler@argenau:~$ mkpasswd --method=sha512crypt blah $6$p0SCmfDuLuHN3LQh$tr5MOXU48Ye4c7LjLgXHO2Yi.NlhlRbOebfMj0dk/sUQmkyl6EcrF2i/wRbnGQ7jhZ/ihy7BqNqzQj.lqHOVt/ ametzler@argenau:~$ /usr/sbin/exim -be "\${if crypteq {blah}{\N$(mkpasswd --method=sha512crypt blah)\N}{yes}{no}}" yes ametzler@argenau:~$ /usr/sbin/exim -be "\${if crypteq {blah}{\N$(mkpasswd --method=bcrypt blah)\N}{yes}{no}}" yes ametzler@argenau:~$ /usr/sbin/exim -be "\${if crypteq {blah}{\N$(mkpasswd --method=gost-yescrypt blah)\N}{yes}{no}}" yes cu Andreas -- `What a good friend you are to him, Dr. Maturin. His other friends are so grateful to you.' `I sew his ears on from time to time, sure' -- ## subscription configuration (requires account): ## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/ ## unsubscribe (doesn't require an account): ## exim-users-unsubscr...@lists.exim.org ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/