plain authentication fails if userid and authid differ

Christian Schwamborn list at rechnerpool.com
Sun Dec 22 15:41:00 EST 2013


Hello list,

I recently tried to upgrade the first of my mail systems from debian 
squeeze to wheezy and discovered that something within sasl was broken. 
I tracked down the problem to bug-id 3590 patched the sasl libs (2.1.25 
in wheezy) and it seemed to work.
But before I'm going to continue: Meanwhile I spent some time to rebuilt 
the current sasl release 2.1.26 an all it's dependencies but my problem 
remains.

When doing a "plain" authentication in a setup using saslauthd without 
configured auxprop modules (as described in 
https://bugzilla.cyrusimap.org/show_bug.cgi?id=3590) everything if fine 
as long as userid and authid are the same:

imtest -u test -a test -w Password -v -m plain 127.0.0.1
works just fine.

But if userid and authid differ, sasl will behave similar as before the 
the patch. All this worked fine with sasl 2.1.23 (which was in squeeze). 
Did something changed in the configuration or is there still a bug 
somewhere?

The base64 encoded sting is:
"test\0cyrus\0Password"

telnet localhost 4190
Trying ::1...
Connected to localhost.
Escape character is '^]'.
"IMPLEMENTATION" "Cyrus timsieved v2.4.16-Debian-2.4.16-4+deb7u1"
"SASL" "PLAIN LOGIN"
"SIEVE" "comparator-i;ascii-numeric fileinto reject vacation imapflags 
notify envelope relational regex subaddress copy"
"STARTTLS"
"UNAUTHENTICATE"
OK
AUTHENTICATE "PLAIN" {28+}
dGVzdABjeXJ1cwBQYXNzd29yZA=='
NO "Authentication Error"

syslog:
Dec 21 22:32:40 ourea cyrus/master[17707]: about to exec 
/usr/lib/cyrus/bin/timsieved
Dec 21 22:32:40 ourea cyrus/sieve[17707]: executed
Dec 21 22:32:40 ourea cyrus/sieve[17707]: accepted connection
Dec 21 22:32:40 ourea cyrus/sieve[17707]: badlogin: localhost[127.0.0.1] 
PLAIN no mechanism available

doing the same with:
"test\0test\0Password"
-->
AUTHENTICATE "PLAIN" {24+}
dGVzdAB0ZXN0AFBhc3N3b3Jk
will work

I hope you can help, since the whole ubuntu comunity uses as a 
workaround to revert to 2.1.23 and thats an ugly hack and not applicable 
to debian wheezy unless one spends a lot of time figuring out why it 
doesn't build.

Best regards,
Christian


More information about the Cyrus-sasl mailing list