<div dir="ltr"><div><div><div><div>Hi folks,<br></div><div>I've been struggling with this issue for a few days and am hoping I can get some help troubleshooting a confusing problem I'm hitting with the SASL library.<br>
</div><div><br></div>It seems like there is some compatibility problem between stock cyrus-sasl 2.1.26 and the libsasldb.so shipped with RHEL 6. When I run sasl_server_start() with either the anonymous or plain mechanism on RHEL, the auth mechanism loads and seems to be OK until it tries looking for auxprop plugins, when it returns SASL_NOMECH and logs the following message:<br>
<br> could not find auxprop plugin, was searching for '[all]'<br><br></div><div>I don't have the same problem with the same code on my Ubuntu 13.04 dev box... there it works as expected (I'm building cyrus-sasl the same way in both environments).<br>
<br>On the RHEL machine, I am able to see the anonymous and plain mechanisms in the app (via sasl_global_listmech()), as expected, but it seems like it can't find libsasldb.so ... even though it is right there next to the other loaded mechanisms.<br>
<br>$ ls -al /usr/lib64/sasl2<br>total 160<br>drwxr-xr-x. 2 root root 4096 Feb 20 2013 .<br>dr-xr-xr-x. 62 root root 36864 Jul 18 14:53 ..<br>lrwxrwxrwx. 1 root root 22 Feb 20 2013 libanonymous.so -> libanonymous.so.2.0.23<br>
lrwxrwxrwx. 1 root root 22 Feb 20 2013 libanonymous.so.2 -> libanonymous.so.2.0.23<br>-rwxr-xr-x. 1 root root 18776 Dec 7 2011 libanonymous.so.2.0.23<br></div><div>...<br></div><div>lrwxrwxrwx. 1 root root 18 Feb 20 2013 libplain.so -> libplain.so.2.0.23<br>
lrwxrwxrwx. 1 root root 18 Feb 20 2013 libplain.so.2 -> libplain.so.2.0.23<br>-rwxr-xr-x. 1 root root 18808 Dec 7 2011 libplain.so.2.0.23<br>lrwxrwxrwx. 1 root root 19 Feb 20 2013 libsasldb.so -> libsasldb.so.2.0.23<br>
lrwxrwxrwx. 1 root root 19 Feb 20 2013 libsasldb.so.2 -> libsasldb.so.2.0.23<br>-rwxr-xr-x. 1 root root 22784 Dec 7 2011 libsasldb.so.2.0.23<br></div><div><br></div><div>(Note: I'm setting the plugin path to include /usr/lib64/sasl2 via a SASL_CB_GETPATH callback.)<br>
</div><div><br><div>It looks like the library found the plugin modules; they show up in lsof output:<br><br>$ sudo lsof -p 20497 | grep sasl2/<br>sasl_rpc- 20497 mpercy mem REG 8,1 22784 920289 /usr/lib64/sasl2/libsasldb.so.2.0.23<br>
sasl_rpc- 20497 mpercy mem REG 8,1 31256 944275 /usr/lib64/sasl2/libgssapiv2.so.2.0.23<br>sasl_rpc- 20497 mpercy mem REG 8,1 18808 925831 /usr/lib64/sasl2/liblogin.so.2.0.23<br>
sasl_rpc- 20497 mpercy mem REG 8,1 18808 925834 /usr/lib64/sasl2/libplain.so.2.0.23<br>sasl_rpc- 20497 mpercy mem REG 8,1 18776 920286 /usr/lib64/sasl2/libanonymous.so.2.0.23<br>
</div><br></div>In the application, I'm statically linking libsasl2 but not the plugins (I'm relying on the plugins being there from the system packages). I'm using stock cyrus-sasl-2.1.26 and building it like this:<br>
<br> CFLAGS="-DPIC" ./configure --prefix=$PREFIX \<br> --disable-digest --disable-sql --disable-cram --disable-ldap --disable-otp \<br> --enable-static --enable-staticdlopen --without-des<br> make clean<br>
make<br> make install<br><br><div>To make things slightly more complicated, for the plain mech only, this error goes away if I compile without -DPIC. But anonymous authentication continues to fail with the above error code and log message, either with or without -DPIC.<br>
</div><div><br></div>It's worth mentioning that I don't really need sasldb... not using it at all AFAIK (I'm hooking into SASL_CB_SERVER_USERDB_CHECKPASS for plain auth on the server). But it seems that _sasl_canon_user_lookup() requires that an auxprop plugin (any plugin) to be present. Here's the backtrace from the above log message:<br>
<br>#0 _sasl_log (conn=<value optimized out>, level=5, fmt=0x6302f0 "could not find auxprop plugin, was searching for '%s'") at common.c:1988<br>#1 0x0000000000562118 in _sasl_auxprop_lookup (sparams=0x1164000, flags=0, user=0x1145fa1 "anonymous", ulen=9) at auxprop.c:973<br>
#2 0x0000000000563ab5 in _sasl_auxprop_lookup_user_props (conn=0x1145200, user=<value optimized out>, ulen=<value optimized out>, flags=3, oparams=0x1145a70) at canonusr.c:220<br>#3 _sasl_canon_user_lookup (conn=0x1145200, user=<value optimized out>, ulen=<value optimized out>, flags=3, oparams=0x1145a70) at canonusr.c:281<br>
#4 0x0000000000561860 in anonymous_server_mech_step (conn_context=<value optimized out>, sparams=0x1164000, clientin=0x10d9b18 "anonymous@localhost", clientinlen=34, <br> serverout=<value optimized out>, serveroutlen=<value optimized out>, oparams=0x1145a70) at anonymous.c:135<br>
#5 0x000000000055c1db in sasl_server_step (conn=0x1145200, clientin=<value optimized out>, clientinlen=<value optimized out>, serverout=0x7ffff6d67478, serveroutlen=<value optimized out>)<br> at server.c:1618<br>
#6 0x000000000055c6e4 in sasl_server_start (conn=0x1145200, mech=<value optimized out>, clientin=0x10d9b18 "anonymous@localhost", clientinlen=34, serverout=0x7ffff6d67478, <br> serveroutlen=<value optimized out>) at server.c:1533<br>
<br>Any ideas about what the problem could be here? Or suggestions for debugging this further?<br><br></div>Thanks in advance!<br></div><br>Mike<br><br><br><div><div><div><div>PS: <br><div>I've included some more details from the problematic environment below.<br>
</div><div><br></div></div><div><div><div><div>$ pluginviewer -a<br>Installed auxprop mechanisms are:<br>sasldb<br>List of auxprop plugins follows<br>Plugin "sasldb" , API version: 4<br> supports store: yes<br>
<br>$ pluginviewer -s<br>Installed SASL (server side) mechanisms are:<br>ANONYMOUS GSSAPI PLAIN LOGIN EXTERNAL<br>List of server plugins follows<br>Plugin "anonymous" [loaded], API version: 4<br> SASL mechanism: ANONYMOUS, best SSF: 0, supports setpass: no<br>
security flags: NO_PLAINTEXT<br> features: WANT_CLIENT_FIRST<br>Plugin "gssapiv2" [loaded], API version: 4<br> SASL mechanism: GSSAPI, best SSF: 56, supports setpass: no<br> security flags: NO_ANONYMOUS|NO_PLAINTEXT|NO_ACTIVE|PASS_CREDENTIALS|MUTUAL_AUTH<br>
features: WANT_CLIENT_FIRST|PROXY_AUTHENTICATION<br>Plugin "plain" [loaded], API version: 4<br> SASL mechanism: PLAIN, best SSF: 0, supports setpass: no<br> security flags: NO_ANONYMOUS<br> features: WANT_CLIENT_FIRST|PROXY_AUTHENTICATION<br>
Plugin "login" [loaded], API version: 4<br> SASL mechanism: LOGIN, best SSF: 0, supports setpass: no<br> security flags: NO_ANONYMOUS<br> features:<br><br>$ rpm -qa | grep sasl<br>cyrus-sasl-plain-2.1.23-13.el6.x86_64<br>
cyrus-sasl-devel-2.1.23-13.el6.x86_64<br>cyrus-sasl-2.1.23-13.el6.x86_64<br>cyrus-sasl-gssapi-2.1.23-13.el6.x86_64<br>cyrus-sasl-lib-2.1.23-13.el6.x86_64<br><br>$ lsb_release -a<br>LSB Version: :core-4.0-amd64:core-4.0-noarch:graphics-4.0-amd64:graphics-4.0-noarch:printing-4.0-amd64:printing-4.0-noarch<br>
Distributor ID: CentOS<br>Description: CentOS release 6.2 (Final)<br>Release: 6.2<br>Codename: Final<br><br></div></div></div></div></div></div></div></div>