multiple calls to canonuser-plugin?

Dan White dwhite at olp.net
Fri Mar 19 09:27:11 EDT 2010


On 19/03/10 06:03 +0100, Lars Duesing wrote:
>Hi List,
>
>I am programming a sql canonuser-plugin. In short it does a sql-statement
>(SELECT main_account FROM accounts WHERE address='%s')
>
>This plugin is to be used in cyrus-imap. 
>
>All my code works fine. But: the canonuser-plugin is called multiple times
>within the same context.
>
>For instance:
>
>---
>
>DB:
>
>main_account                  address
>
>webmaster at test.local lars at test.local
>
>lars at test.local                  webmaster at anywhere.local
>
> 
>
>my code does (at the moment!) only one select statement, but is called
>twice.
>
>When I ask for webmaster at anywhere.local sasl sends webmaster at t - because the
>length given back is the length from the first select.
>
>My problem is it seems like the code is called twice at the same time.
>
>Is this a problem of sasl or of imap?

Lars,

Without digging into the imapd code, the first thought that comes to mind is
that imapd is possibly performing a canon_user call for both your
authentication and authorization identities.

To see, you could authenticate with an authentication mech that does not
support proxy authentication (and does not pass both an authc and authz).

The LOGIN mech does not support proxy auth, but the PLAIN mech does. If
you're seeing two calls with a PLAIN authentication, but only 1 with a
LOGIN authentication, then that may be why.

-- 
Dan White


More information about the Cyrus-sasl mailing list