Re: [exim] Again nested LDAP queries...
Mandi! Mike Brudenell via Exim-users In chel di` si favelave... > If you're trying to get to values within a list, try using the *listextract* > expansion item: > https://www.exim.org/exim-html-current/doc/html/spec_html/ch-string_expansions.html#SECTexpansionitems > There's a bit more on it in the *File and database lookups* chapter in > the *Format > of data returned by LDAP* section, which talks about needing to use > *listextract* to parse returned LDAP data as it understands the doubling of > embedded commas within values: > https://www.exim.org/exim-html-current/doc/html/spec_html/ch-file_and_database_lookups.html#SECID71 OK, read both. But still i've no clue how to use that... 'listextract' extract only ONE field, and DN can have a variable set of comma-separated parts, not fixed ones... Eg, i can do: ${listextract{'odd'}{<, CN=sir,,OU=Users,,OU=FVG,,DC=ad,,DC=fvg,,DC=lnf,,DC=it}{$value}} but there's no 'odd' in listextract number field, only a integer... Sorry, but really i don't understood how listextract can help me Thanks. -- La BBS e' come il mio frigorifero... da tanti anni fa in silenzio un ottimo lavoro, al punto tale che mi accorgo della sua utilita' solo quando manca la corrente e tutto quello che contiene diventa inutilizzabile. (E. Margelli) -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Exim 4.90 RC3 uploaded
Frank Elsner(Do 30 Nov 2017 15:42:02 CET): … > exim-4.90_RC3/src/tlscert-openssl.c:#include > exim-4.90_RC3/build-Linux-i386/tlscert-openssl.c:#include > > At this point I'm at the end of my abilities :-( Can you give access to your build machine to Jeremy and or me? As long as we do not need to install anything, no root access is necessary. -- Heiko signature.asc Description: PGP signature -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Exim 4.90 RC3 uploaded
On 30/11/17 14:42, Frank Elsner wrote: > exim-4.90_RC3/src/tlscert-openssl.c:#include > exim-4.90_RC3/build-Linux-i386/tlscert-openssl.c:#include > > At this point I'm at the end of my abilities :-( make FULLECHO='' Grab the full-length compile line for tls.c Dive into the build* directory. Use that compile line, but replace the "-c" with "-E". Grab the stdout to a file. Look through the file for markers of file locations; one is added (among others) for every fresh #include file starting - these have line number 1. Compare what the sequence of #included files should be from the original source code files, with what gets done for that bit of inclusion. -- Cheers, Jeremy -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Exim 4.90 RC3 uploaded
On Thu, 30 Nov 2017 13:37:04 + Jeremy Harris wrote: > On 30/11/17 12:46, Frank Elsner wrote: > > # grep -r X509_check_host /usr/include > > /usr/include/mysql/private/ssl_compat.h:#define HAVE_X509_check_host 1 > > /usr/include/openssl/x509v3.h:int X509_check_host(X509 *x, const char *chk, > > size_t chklen, > > Good. It should be included via the path > tls.c - tlscert-openssl.c - . > > You'll need to work out why that isn't working for you. Maybe that is beyond my ability. In tls.c I find | #ifdef USE_GNUTLS | # include "tls-gnu.c" | # include "tlscert-gnu.c" | | # define ssl_xfer_buffer (state_server.xfer_buffer) | # define ssl_xfer_buffer_lwm (state_server.xfer_buffer_lwm) | # define ssl_xfer_buffer_hwm (state_server.xfer_buffer_hwm) | # define ssl_xfer_eof (state_server.xfer_eof) | # define ssl_xfer_error (state_server.xfer_error) | | #else | # include "tls-openssl.c" | # include "tlscert-openssl.c" | #endif I've checkes Local/Makefile. USE_GNUTLS commented out. openssl/x509v3.h is included exim-4.90_RC3/src/tlscert-openssl.c:#include exim-4.90_RC3/build-Linux-i386/tlscert-openssl.c:#include At this point I'm at the end of my abilities :-( --Frank Elsner -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Exim 4.90 RC3 uploaded
On 30/11/17 12:46, Frank Elsner wrote: > # grep -r X509_check_host /usr/include > /usr/include/mysql/private/ssl_compat.h:#define HAVE_X509_check_host 1 > /usr/include/openssl/x509v3.h:int X509_check_host(X509 *x, const char *chk, > size_t chklen, Good. It should be included via the path tls.c - tlscert-openssl.c - . You'll need to work out why that isn't working for you. -J -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Exim 4.90 RC3 uploaded
On Thu, 30 Nov 2017 12:21:42 + Jeremy Harris wrote: > On 30/11/17 10:40, Jeremy Harris wrote: > > On 30/11/17 10:19, Frank Elsner wrote: > >> On Thu, 30 Nov 2017 09:44:02 + Jeremy Harris wrote: > >>> [jgh@armadillo ~]$ uname -a > >>> Linux armadillo.vm.dom.ain 4.13.12-200.fc26.aarch64 #1 SMP Wed Nov 8 > >>> 16:31:35 UTC 2017 aarch64 aarch64 aarch64 GNU/Linux > >>> [jgh@armadillo ~]$ grep -r X509_check_host /usr/include > >>> /usr/include/openssl/x509v3.h:int X509_check_host(X509 *x, const char > >>> *chk, size_t chklen, > >>> /usr/include/mysql/private/ssl_compat.h:#define HAVE_X509_check_host 1 > >>> [jgh@armadillo ~]$ > >> > >> I should have scrolled more :-( Sorry. > >> > >> I don't have /usr/include/mysql/private/ssl_compat.h. > > But wait; what does your /usr/include/openssl/x509v3.h have in this > regard? > > The mysql thing may be a red-herring > -J > > -- > ## List details at https://lists.exim.org/mailman/listinfo/exim-users > ## Exim details at http://www.exim.org/ > ## Please use the Wiki with this list - http://wiki.exim.org/ -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Exim 4.90 RC3 uploaded
On Thu, 30 Nov 2017 12:21:42 + Jeremy Harris wrote: > On 30/11/17 10:40, Jeremy Harris wrote: > > On 30/11/17 10:19, Frank Elsner wrote: > >> On Thu, 30 Nov 2017 09:44:02 + Jeremy Harris wrote: > >>> [jgh@armadillo ~]$ uname -a > >>> Linux armadillo.vm.dom.ain 4.13.12-200.fc26.aarch64 #1 SMP Wed Nov 8 > >>> 16:31:35 UTC 2017 aarch64 aarch64 aarch64 GNU/Linux > >>> [jgh@armadillo ~]$ grep -r X509_check_host /usr/include > >>> /usr/include/openssl/x509v3.h:int X509_check_host(X509 *x, const char > >>> *chk, size_t chklen, > >>> /usr/include/mysql/private/ssl_compat.h:#define HAVE_X509_check_host 1 > >>> [jgh@armadillo ~]$ > >> > >> I should have scrolled more :-( Sorry. > >> > >> I don't have /usr/include/mysql/private/ssl_compat.h. > > But wait; what does your /usr/include/openssl/x509v3.h have in this > regard? # grep -r X509_check_host /usr/include /usr/include/mysql/private/ssl_compat.h:#define HAVE_X509_check_host 1 /usr/include/openssl/x509v3.h:int X509_check_host(X509 *x, const char *chk, size_t chklen, [root@siffux exim-4.90_RC3]# --Frank Elsner -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Exim 4.90 RC3 uploaded
On 30/11/17 10:40, Jeremy Harris wrote: > On 30/11/17 10:19, Frank Elsner wrote: >> On Thu, 30 Nov 2017 09:44:02 + Jeremy Harris wrote: >>> [jgh@armadillo ~]$ uname -a >>> Linux armadillo.vm.dom.ain 4.13.12-200.fc26.aarch64 #1 SMP Wed Nov 8 >>> 16:31:35 UTC 2017 aarch64 aarch64 aarch64 GNU/Linux >>> [jgh@armadillo ~]$ grep -r X509_check_host /usr/include >>> /usr/include/openssl/x509v3.h:int X509_check_host(X509 *x, const char *chk, >>> size_t chklen, >>> /usr/include/mysql/private/ssl_compat.h:#define HAVE_X509_check_host 1 >>> [jgh@armadillo ~]$ >> >> I should have scrolled more :-( Sorry. >> >> I don't have /usr/include/mysql/private/ssl_compat.h. But wait; what does your /usr/include/openssl/x509v3.h have in this regard? The mysql thing may be a red-herring -J -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Exim 4.90 RC3 uploaded
On Thu, 30 Nov 2017 12:21:55 +0100 Felix Schwarz via Exim-users wrote: > Am 30.11.2017 um 12:03 schrieb Frank Elsner: > > Can you please tell me to which package > > /usr/include/mysql/private/ssl_compat.h belongs? > > mariadb-devel Thanks. > You can get that info very easily with dnf, e.g.: > sudo dnf info /usr/include/mysql/private/ssl_compat.h Another thanks. --Frank Elsner -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Exim 4.90 RC3 uploaded
On Thu, 30 Nov 2017 11:30:37 + Jeremy Harris wrote: > On 30/11/17 11:03, Frank Elsner wrote: > > On Thu, 30 Nov 2017 10:40:09 + Jeremy Harris wrote: > >> Ouch. Sounds like a dependency on mysql has crept in, which we'd > >> rather not have. I take it you're building without any trace of mysql > >> (which should be supported)? > > > > No msql stuff on this system. > > > > Can you please tell me to which package > > /usr/include/mysql/private/ssl_compat.h belongs? > > > mariadb-devel-3:10.1.26-2.fc26.aarch64 here. You probably have an > x86_64 though. mariadb-devel-10.1.26-2.fc26.i686 installed but error remains. --Frank Elsner -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Exim 4.90 RC3 uploaded
On 30/11/17 11:03, Frank Elsner wrote: > On Thu, 30 Nov 2017 10:40:09 + Jeremy Harris wrote: >> Ouch. Sounds like a dependency on mysql has crept in, which we'd >> rather not have. I take it you're building without any trace of mysql >> (which should be supported)? > > No msql stuff on this system. > > Can you please tell me to which package > /usr/include/mysql/private/ssl_compat.h belongs? mariadb-devel-3:10.1.26-2.fc26.aarch64 here. You probably have an x86_64 though. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Exim 4.90 RC3 uploaded
Am 30.11.2017 um 12:03 schrieb Frank Elsner: > Can you please tell me to which package > /usr/include/mysql/private/ssl_compat.h belongs? mariadb-devel You can get that info very easily with dnf, e.g.: sudo dnf info /usr/include/mysql/private/ssl_compat.h Felix -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Exim 4.90 RC3 uploaded
On Thu, 30 Nov 2017 10:40:09 + Jeremy Harris wrote: > On 30/11/17 10:19, Frank Elsner wrote: > > On Thu, 30 Nov 2017 09:44:02 + Jeremy Harris wrote: > >> [jgh@armadillo ~]$ uname -a > >> Linux armadillo.vm.dom.ain 4.13.12-200.fc26.aarch64 #1 SMP Wed Nov 8 > >> 16:31:35 UTC 2017 aarch64 aarch64 aarch64 GNU/Linux > >> [jgh@armadillo ~]$ grep -r X509_check_host /usr/include > >> /usr/include/openssl/x509v3.h:int X509_check_host(X509 *x, const char > >> *chk, size_t chklen, > >> /usr/include/mysql/private/ssl_compat.h:#define HAVE_X509_check_host 1 > >> [jgh@armadillo ~]$ > > > > I should have scrolled more :-( Sorry. > > > > I don't have /usr/include/mysql/private/ssl_compat.h. > > > > Must I really install msql stuff? > > Ouch. Sounds like a dependency on mysql has crept in, which we'd > rather not have. I take it you're building without any trace of mysql > (which should be supported)? No msql stuff on this system. Can you please tell me to which package /usr/include/mysql/private/ssl_compat.h belongs? --Frank Elsner -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Exim 4.90 RC3 uploaded
On 30/11/17 10:19, Frank Elsner wrote: > On Thu, 30 Nov 2017 09:44:02 + Jeremy Harris wrote: >> [jgh@armadillo ~]$ uname -a >> Linux armadillo.vm.dom.ain 4.13.12-200.fc26.aarch64 #1 SMP Wed Nov 8 >> 16:31:35 UTC 2017 aarch64 aarch64 aarch64 GNU/Linux >> [jgh@armadillo ~]$ grep -r X509_check_host /usr/include >> /usr/include/openssl/x509v3.h:int X509_check_host(X509 *x, const char *chk, >> size_t chklen, >> /usr/include/mysql/private/ssl_compat.h:#define HAVE_X509_check_host 1 >> [jgh@armadillo ~]$ > > I should have scrolled more :-( Sorry. > > I don't have /usr/include/mysql/private/ssl_compat.h. > > Must I really install msql stuff? Ouch. Sounds like a dependency on mysql has crept in, which we'd rather not have. I take it you're building without any trace of mysql (which should be supported)? -- Cheers, Jeremy -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Exim 4.90 RC3 uploaded
On Thu, 30 Nov 2017 09:44:02 + Jeremy Harris wrote: [ ... ] > On my (VM) f26 system: > > [jgh@armadillo ~]$ uname -a > Linux armadillo.vm.dom.ain 4.13.12-200.fc26.aarch64 #1 SMP Wed Nov 8 16:31:35 > UTC 2017 aarch64 aarch64 aarch64 GNU/Linux > [jgh@armadillo ~]$ grep -r X509_check_host /usr/include > /usr/include/openssl/x509v3.h:int X509_check_host(X509 *x, const char *chk, > size_t chklen, > /usr/include/mysql/private/ssl_compat.h:#define HAVE_X509_check_host 1 > [jgh@armadillo ~]$ I should have scrolled more :-( Sorry. I don't have /usr/include/mysql/private/ssl_compat.h. Must I really install msql stuff? --Frank Elsner -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Again nested LDAP queries...
If you're trying to get to values within a list, try using the *listextract* expansion item: https://www.exim.org/exim-html-current/doc/html/spec_html/ch-string_expansions.html#SECTexpansionitems There's a bit more on it in the *File and database lookups* chapter in the *Format of data returned by LDAP* section, which talks about needing to use *listextract* to parse returned LDAP data as it understands the doubling of embedded commas within values: https://www.exim.org/exim-html-current/doc/html/spec_html/ch-file_and_database_lookups.html#SECID71 (And in passing, there's also the *extract* expansion item which parses space-separated *keyword=value* pairs, although this isn't what you need for this situation.) Cheers, Mike B-) On 29 November 2017 at 14:58, Marco Gaiarinwrote: > > >>> What i'm missing?! > >> quote_ldap_dn ? > > No, seems no. Same result. > > Boh. I've done some more tests, but insted of using: > > exim -be > > i've used: > > exim -d+deliver -v -bt test@domain > > and my LDAP query, as expected, work. The query finally is: > > ${lookup ldapm {user=LOCAL_AD_BIND_DN pass=LOCAL_AD_PASS > ldap:///LOCAL_AD_BASE_DN?uid?sub?(&(|(objectClass=user)( > objectClass=group))(memberOf=\ > ${quote_ldap:${sg {${lookup ldap {user=LOCAL_AD_BIND_DN > pass=LOCAL_AD_PASS ldap:///LOCAL_AD_BASE_DN?distinguishedName?sub?(&( > objectClass=group)(mail=${quote_ldap:${local_part}}@${quote_ldap:${domain}}))}}} > {,,} {,}}}\ > ))}} > > and using '|(objectClass=user)(objectClass=group)' i can also ''expand'' > correctly nested group memberships; clearly exim do some loops, but finally > get the result. > > > >> Also, your sg's are problematic in the face of fields containing commas. > > Some more hint? Thanks. > > Still i'm seeking feedback on 'sg', i don't see alternatives > > > Thanks. > > -- > Errare è umano, ma per fare veramente casino > ci vuole la password di root (Zio Budda) > > > > -- > ## List details at https://lists.exim.org/mailman/listinfo/exim-users > ## Exim details at http://www.exim.org/ > ## Please use the Wiki with this list - http://wiki.exim.org/ > -- Systems Administrator & Change Manager IT Services, University of York, Heslington, York YO10 5DD, UK Tel: +44-(0)1904-323811 Web: www.york.ac.uk/it-services Disclaimer: www.york.ac.uk/docs/disclaimer/email.htm -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Exim 4.90 RC3 uploaded
On Thu, 30 Nov 2017 04:29:37 -0500 Phil Pennock wrote: > On 2017-11-30 at 08:35 +0100, Frank Elsner wrote: > > On Wed, 29 Nov 2017 20:21:47 + Jeremy Harris wrote: > > > -BEGIN PGP SIGNED MESSAGE- > > > Hash: SHA256 > > > > > > I have built, signed and uploaded RC3 of Exim 4.90 to the ftp site: > > > > Hi, > > > > I've still problems to compile on an actual Fedora 26 system: > > Which version of OpenSSL is this? openssl-1.1.0g-1.fc26.i686 > Try: > yum -y install --allowerasing compat-openssl10-devel > to replace openssl-devel (OpenSSL 1.1.x) with OpenSSL 1.0 stuff. Sorry, didn't help: Removed: openssl-devel.i686 1:1.1.0g-1.fc26 Installed: compat-openssl10-devel.i686 1:1.0.2m-1.fc26 A different error comes up: gcc tls.c In file included from tls.c:122:0: tls-openssl.c: In function ‘verify_callback’: tls-openssl.c:444:17: warning: implicit declaration of function ‘X509_check_host’; did you mean ‘X509_check_trust’? [-Wimplicit-function-declaration] if ((rc = X509_check_host(cert, CCS name, 0, ^~~ X509_check_trust tls-openssl.c: In function ‘tls_expand_session_files’: tls-openssl.c:1072:14: error: ‘tls_ext_ctx_cb {aka struct tls_ext_ctx_cb}’ has no member named ‘is_server’ if (!cbinfo->is_server) /* client */ ^~ tls-openssl.c:1092:15: error: ‘tls_ext_ctx_cb {aka struct tls_ext_ctx_cb}’ has no member named ‘is_server’ if (cbinfo->is_server) ^~ tls-openssl.c:1115:15: error: ‘tls_ext_ctx_cb {aka struct tls_ext_ctx_cb}’ has no member named ‘is_server’ if (cbinfo->is_server) ^~ make[1]: *** [Makefile:797: tls.o] Error 1 --Frank Elsner -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Exim 4.90 RC3 uploaded
On 30/11/17 07:35, Frank Elsner wrote: > On Wed, 29 Nov 2017 20:21:47 + Jeremy Harris wrote: >> -BEGIN PGP SIGNED MESSAGE- >> Hash: SHA256 >> >> I have built, signed and uploaded RC3 of Exim 4.90 to the ftp site: > > Hi, > > I've still problems to compile on an actual Fedora 26 system: > > gcc tls.c > In file included from tls.c:122:0: > tls-openssl.c: In function ‘verify_callback’: > tls-openssl.c:444:17: warning: implicit declaration of function > ‘X509_check_host’; did you mean ‘X509_check_trust’? > [-Wimplicit-function-declaration] >if ((rc = X509_check_host(cert, CCS name, 0, > ^~~ > X509_check_trust On my f27 system, X509_check_host is defined in include/openssl/x509v3.h :- File FunctionLine 0 include/openssl/x509v3.h 702 int X509_check_host(X509 *x, const char *chk, size_t chklen, 1 src/tls-openssl.cverify_callback 444 if ((rc = X509_check_host(cert, CCS name, 0, On my (VM) f26 system: [jgh@armadillo ~]$ uname -a Linux armadillo.vm.dom.ain 4.13.12-200.fc26.aarch64 #1 SMP Wed Nov 8 16:31:35 UTC 2017 aarch64 aarch64 aarch64 GNU/Linux [jgh@armadillo ~]$ grep -r X509_check_host /usr/include /usr/include/openssl/x509v3.h:int X509_check_host(X509 *x, const char *chk, size_t chklen, /usr/include/mysql/private/ssl_compat.h:#define HAVE_X509_check_host 1 [jgh@armadillo ~]$ > tls-openssl.c: In function ‘tls_expand_session_files’: > tls-openssl.c:1072:14: error: ‘tls_ext_ctx_cb {aka struct tls_ext_ctx_cb}’ > has no member named ‘is_server’ >if (!cbinfo->is_server) /* client */ You must have a mismatched set of build-interim files for that. Try "make distclean && make". -- Cheers, Jeremy -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Exim 4.90 RC3 uploaded
On 2017-11-30 at 08:35 +0100, Frank Elsner wrote: > On Wed, 29 Nov 2017 20:21:47 + Jeremy Harris wrote: > > -BEGIN PGP SIGNED MESSAGE- > > Hash: SHA256 > > > > I have built, signed and uploaded RC3 of Exim 4.90 to the ftp site: > > Hi, > > I've still problems to compile on an actual Fedora 26 system: Which version of OpenSSL is this? Try: yum -y install --allowerasing compat-openssl10-devel to replace openssl-devel (OpenSSL 1.1.x) with OpenSSL 1.0 stuff. We still haven't actually moved to a newer OpenSSL API, although we keep threatening to, so we probably still build with upstream-unsupported releases of OpenSSL. But part of the reason for moving to "only support the versions which upstream supports" is that it will let us switch APIs (at some point) to use stuff which works with OpenSSL 1.1 too. -Phil -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/