<html xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv=Content-Type content="text/html; charset=us-ascii">
<meta name=Generator content="Microsoft Word 11 (filtered medium)">
<style>
<!--
/* Font Definitions */
@font-face
        {font-family:Verdana;
        panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
        {margin:0in;
        margin-bottom:.0001pt;
        font-size:12.0pt;
        font-family:"Times New Roman";}
h1
        {margin-top:12.0pt;
        margin-right:0in;
        margin-bottom:3.0pt;
        margin-left:0in;
        page-break-after:avoid;
        font-size:16.0pt;
        font-family:"Times New Roman";}
a:link, span.MsoHyperlink
        {color:blue;
        text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
        {color:purple;
        text-decoration:underline;}
span.StileMessaggioDiPostaElettronica17
        {mso-style-type:personal-compose;
        font-family:Arial;
        color:windowtext;}
@page Section1
        {size:595.3pt 841.9pt;
        margin:70.85pt 56.7pt 56.7pt 56.7pt;}
div.Section1
        {page:Section1;}
/* List Definitions */
@list l0
        {mso-list-id:1205603647;
        mso-list-type:hybrid;
        mso-list-template-ids:-1757258330 68157457 68157465 68157467 68157455 68157465 68157467 68157455 68157465 68157467;}
@list l0:level1
        {mso-level-text:"%1\)";
        mso-level-tab-stop:.5in;
        mso-level-number-position:left;
        text-indent:-.25in;}
ol
        {margin-bottom:0in;}
ul
        {margin-bottom:0in;}
-->
</style>
</head>
<body lang=IT link=blue vlink=purple>
<div class=Section1>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>Hello Everybody<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>I need help<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>We are trying to make a new SASL mechanism to enable ldap
authentication via third-party password-validation tool.<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>User Authentication is routed to the tool which might
ask the client for a new password to be keyed in.<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>We succeeded handling all the conversation though in
a unseemly fashion for the new password is echoed (which, of course, is not welcome
by the customer).<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>Our 3 main keys have been:<o:p></o:p></span></font></p>
<p class=MsoNormal style='margin-left:.5in;text-indent:-.25in;mso-list:l0 level1 lfo1'><![if !supportLists]><font
size=2 face=Arial><span lang=EN-GB style='font-size:10.0pt;font-family:Arial'><span
style='mso-list:Ignore'>1)<font size=1 face="Times New Roman"><span
style='font:7.0pt "Times New Roman"'> </span></font></span></span></font><![endif]><font
size=2 face=Arial><span lang=EN-GB style='font-size:10.0pt;font-family:Arial'>enabling
SSH interaction with ChallengeResponseAuthentication=yes in sshd_config<o:p></o:p></span></font></p>
<p class=MsoNormal style='margin-left:.5in;text-indent:-.25in;mso-list:l0 level1 lfo1'><![if !supportLists]><font
size=2 face=Arial><span lang=EN-GB style='font-size:10.0pt;font-family:Arial'><span
style='mso-list:Ignore'>2)<font size=1 face="Times New Roman"><span
style='font:7.0pt "Times New Roman"'> </span></font></span></span></font><![endif]><font
size=2 face=Arial><span lang=EN-GB style='font-size:10.0pt;font-family:Arial'>enabling
PAM_LDAP via etc/pam.d/system-auth<o:p></o:p></span></font></p>
<p class=MsoNormal style='margin-left:.5in;text-indent:-.25in;mso-list:l0 level1 lfo1'><![if !supportLists]><font
size=2 face=Arial><span lang=EN-GB style='font-size:10.0pt;font-family:Arial'><span
style='mso-list:Ignore'>3)<font size=1 face="Times New Roman"><span
style='font:7.0pt "Times New Roman"'> </span></font></span></span></font><![endif]><font
size=2 face=Arial><span lang=EN-GB style='font-size:10.0pt;font-family:Arial'>enabling
the pam_conv routine by the following mechanism code:<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=2 face="Courier New"><span
lang=EN-GB style='font-size:10.0pt;font-family:"Courier New"'> echo_result
= _plug_challenge_prompt(params->utils, SASL_CB_ECHOPROMPT,<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=2 face="Courier New"><span
lang=EN-GB style='font-size:10.0pt;font-family:"Courier New"'> NULL,<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=2 face="Courier New"><span
lang=EN-GB style='font-size:10.0pt;font-family:"Courier New"'> promptText,<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=2 face="Courier New"><span
lang=EN-GB style='font-size:10.0pt;font-family:"Courier New"'> (<font
color=blue><span style='color:blue'>const</span></font> <font color=blue><span
style='color:blue'>char</span></font>**)&text->echoresponse,
prompt_need);<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=2 face=Arial><span
lang=EN-GB style='font-size:10.0pt;font-family:Arial'> </span></font><font
size=2 face="Courier New"><span style='font-size:10.0pt;font-family:"Courier New"'> </span></font><font
size=2 color=blue face="Courier New"><span lang=EN-GB style='font-size:10.0pt;
font-family:"Courier New";color:blue'>if</span></font><font size=2
face="Courier New"><span lang=EN-GB style='font-size:10.0pt;font-family:"Courier New"'>
((echo_result != SASL_OK) && (echo_result != SASL_INTERACT))<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=2 face="Courier New"><span
lang=EN-GB style='font-size:10.0pt;font-family:"Courier New"'> <font
color=blue><span style='color:blue'>return</span></font> echo_result;<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=2 face="Courier New"><span
lang=EN-GB style='font-size:10.0pt;font-family:"Courier New"'>
<font color=green><span style='color:green'>/* free prompts we got */<o:p></o:p></span></font></span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=2 face="Courier New"><span
lang=EN-GB style='font-size:10.0pt;font-family:"Courier New"'>
<font color=blue><span style='color:blue'>if</span></font> (prompt_need
&& *prompt_need) {<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=2 face=Arial><span
lang=EN-GB style='font-size:10.0pt;font-family:Arial'> </span></font><font
size=2 face="Courier New"><span style='font-size:10.0pt;font-family:"Courier New"'> </span></font><font
size=2 face="Courier New"><span lang=EN-GB style='font-size:10.0pt;font-family:
"Courier New"'>params->utils->free(*prompt_need);<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=2 face="Courier New"><span
lang=EN-GB style='font-size:10.0pt;font-family:"Courier New"'> *prompt_need
= NULL;<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=2 face="Courier New"><span
lang=EN-GB style='font-size:10.0pt;font-family:"Courier New"'>
}<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=2 face=Arial><span
lang=EN-GB style='font-size:10.0pt;font-family:Arial'> </span></font><font
size=2 color=green face="Courier New"><span lang=EN-GB style='font-size:10.0pt;
font-family:"Courier New";color:green'>/* if there are prompts not filled in */<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=2 face="Courier New"><span
lang=EN-GB style='font-size:10.0pt;font-family:"Courier New"'> <font
color=blue><span style='color:blue'>if</span></font> (echo_result ==
SASL_INTERACT) <o:p></o:p></span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=2 face="Courier New"><span
lang=EN-GB style='font-size:10.0pt;font-family:"Courier New"'> {<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=2 face="Courier New"><span
lang=EN-GB style='font-size:10.0pt;font-family:"Courier New"'> <font
color=green><span style='color:green'>/* make the prompt list */<o:p></o:p></span></font></span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=2 face="Courier New"><span
lang=EN-GB style='font-size:10.0pt;font-family:"Courier New"'> result
=<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=2 face="Courier New"><span
lang=EN-GB style='font-size:10.0pt;font-family:"Courier New"'> _plug_make_prompts(params->utils,
prompt_need,<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=2 face="Courier New"><span
lang=EN-GB style='font-size:10.0pt;font-family:"Courier New"'> </span></font><font
size=2 face="Courier New"><span style='font-size:10.0pt;font-family:"Courier New"'>NULL,
NULL,<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=2 face="Courier New"><span
style='font-size:10.0pt;font-family:"Courier New"'> NULL,
NULL,<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=2 face="Courier New"><span
style='font-size:10.0pt;font-family:"Courier New"'> NULL,
NULL,<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=2 face="Courier New"><span
style='font-size:10.0pt;font-family:"Courier New"'> NULL,
promptText,<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=2 face="Courier New"><span
style='font-size:10.0pt;font-family:"Courier New"'> NULL,
NULL, NULL, NULL);<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=2 face=Arial><span
style='font-size:10.0pt;font-family:Arial'> </span></font><font size=2
face="Courier New"><span style='font-size:10.0pt;font-family:"Courier New"'> </span></font><font
size=2 color=blue face="Courier New"><span lang=EN-GB style='font-size:10.0pt;
font-family:"Courier New";color:blue'>if</span></font><font size=2
face="Courier New"><span lang=EN-GB style='font-size:10.0pt;font-family:"Courier New"'>
(result != SASL_OK) <font color=blue><span style='color:blue'>return</span></font>
result;<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=2 face="Courier New"><span
lang=EN-GB style='font-size:10.0pt;font-family:"Courier New"'> <font
color=blue><span style='color:blue'>return</span></font> SASL_INTERACT;<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=2 face="Courier New"><span
lang=EN-GB style='font-size:10.0pt;font-family:"Courier New"'> }<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=2 face="Courier New"><span
lang=EN-GB style='font-size:10.0pt;font-family:"Courier New"'>
<font color=green><span style='color:green'>/* the application provided
us with a new password so use it */<o:p></o:p></span></font></span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=2 face="Courier New"><span
lang=EN-GB style='font-size:10.0pt;font-family:"Courier New"'>
<font color=blue><span style='color:blue'>if</span></font>
(text->echoresponse) {<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=2 face="Courier New"><span
lang=EN-GB style='font-size:10.0pt;font-family:"Courier New"'> *clientout
= text->echoresponse;<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=2 face="Courier New"><span
lang=EN-GB style='font-size:10.0pt;font-family:"Courier New"'> </span></font><font
size=2 face="Courier New"><span style='font-size:10.0pt;font-family:"Courier New"'>*clientoutlen
= strlen(text->echoresponse);<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=2 face="Courier New"><span
style='font-size:10.0pt;font-family:"Courier New"'> </span></font><font
size=2 face="Courier New"><span lang=EN-GB style='font-size:10.0pt;font-family:
"Courier New"'>}<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>Now what we expected was just to turn </span></font><font
size=2 face="Courier New"><span lang=EN-GB style='font-size:10.0pt;font-family:
"Courier New"'>SASL_CB_ECHOPROMPT to SASL_CB_NOECHOPROMPT to reach our goal</span></font><font
size=2 face=Arial><span lang=EN-GB style='font-size:10.0pt;font-family:Arial'><o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>The result is the pam_conv routine returns empty
response to sasl and the mech_client_step function keeps being called (looping)
by the glue code. In human terms the client keeps giving his new password
and still in clear (echoprompted) .<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>Do you have any idea on what I’m missing?<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>Is it available any reference about</span></font><font
face=Verdana><span lang=EN-GB style='font-family:Verdana'> </span></font><font
size=2 face="Courier New"><span lang=EN-GB style='font-size:10.0pt;font-family:
"Courier New"'>chalprompt_cb </span></font><font size=2 face=Arial><span
lang=EN-GB style='font-size:10.0pt;font-family:Arial'>function and its
parameters used by</span></font><font size=2 face="Courier New"><span
lang=EN-GB style='font-size:10.0pt;font-family:"Courier New"'> _plug_challenge_prompt?</span></font><font
face=Verdana><span lang=EN-GB style='font-family:Verdana'><o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>We also tried with _plug_get_password without any outcome<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=3 face=Verdana><span lang=EN-GB style='font-size:
12.0pt;font-family:Verdana'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>Any help would be appreciated<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>Many many thanks<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>Francesco Grossi<o:p></o:p></span></font></p>
<p class=MsoNormal><u><font size=2 face=Arial><span lang=EN-GB
style='font-size:10.0pt;font-family:Arial'><o:p><span style='text-decoration:
none'> </span></o:p></span></font></u></p>
</div>
</body>
</html>