Digging into a problem

Matthias Wimmer m at tthias.eu
Mon Jul 2 19:11:15 EDT 2012


Hi Alexey,


Alexey Melnikov schrieb am 2012-07-02 11:33:20:
> >I am currently digging into a problem I have with cyrus sasl since I
> >upgraded from Ubuntu 11.10 to 12.04.
> 
> Which version of SASL is used by Ubuntu 12.04?

Ubuntu 12.04 has Cyrus SASL 2.1.25 - and it seems the same packages are
used as currently in Debian testing.

> What does your program do (or more specifically, how does it use
> libsasl)? In general, SASL plugins like DIGEST-MD5 can request both
> cleartext attribute (userPassword) and a non cleartext one, but
> should work if either one of them is present. Hopefully the same
> applies to your program.

At the start:

sasl_server_init(<list of callbacks>, "jadc2s")
=> I get SASL_OK

my list of callbacks has three elements:
- SASL_CB_CANON_USER
- SASL_CB_PROXY_POLICY
- SASL_CB_LIST_END


/usr/lib/sasl2/jadc2s.conf contains:

log_level: 7
mech_list: DIGEST-MD5

sql_engine: pgsql
sql_hostnames: breg.amessage.eu
sql_user: sasl
sql_passwd: XXXXXXXX
sql_database: sasl
sql_select: SELECT password FROM system_users WHERE username='%u' AND realm='%r'

the last line had been:

sql_select: SELECT password FROM system_users WHERE '%p'='userPassword' AND username='%u' AND realm='%r'


For any connection, I set:

sasl_server_new("xmpp", <default domain of server>, <default domain of server>, <ip>, <ip>, NULL, 0, &sasl_conn);
sasl_setprop(..., SASL_SEC_PROPS, ...);
	min_ssf:	0
	max_ssf:	-1
	maxbufsize:	1024
	property_names:	NULL
	property_values:NULL
	security_flags:	SASL_SEC_NOANONYMOUS
sasl_setprop(..., SASL_DEFUSERREALM, <domain of the client>);
sasl_setprop(..., SASL_SSF_EXTERNAL, <value from GnuTLS>);

I request:

sasl_listmech(...)

Authentication is done using (client can send initial data):

sasl_server_start(...)
sasl_server_step(...)

After authentication I would do:

sasl_getprop(..., SASL_MAXOUTBUF, ...);
sasl_getprop(..., SASL_USERNAME, ...);


> >Instead
> >it tries to read /etc/sasldb2 (which is not used in my setup).
> 
> You have SASLDB auxprop plugin installed and enabled. If you don't
> want to use it, you should disable it.

that's "auxprop_plugin: sql", right?


Matthias

-- 
Matthias Wimmer            USt-IdNr. DE244176643
Contact details:     http://matthias.wimmer.tel/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 4083 bytes
Desc: not available
Url : http://lists.andrew.cmu.edu/pipermail/cyrus-sasl/attachments/20120702/28cb29bd/attachment.bin 


More information about the Cyrus-sasl mailing list