Can't authorize as different user in cyradm and sieveshell

Michael Ulitskiy mulitskiy at acedsl.com
Mon Nov 21 18:44:19 EST 2016


Dan,

You nailed it. Mere presence of sasldb plugin makes it work.
The code doesn't look kosher to me though.

In sasl_server_new() there's a line:
serverconn->sparams->canon_user = &_sasl_canon_user_lookup;

which unconditionally set canon_user callback to the function that performs both
canonicalization and auxprop lookup. In case there's no auxprop plugins it
results in SASL_NOMECH.

I guess it should check whether auxprop plugins are available in the system and either
set it to _sasl_canon_user_lookup() or _sasl_canon_user().

Anyway installing sasldb plugin is easy enough workaround.

Thanks everybody,

Michael


On Monday, November 21, 2016 04:36:01 PM Dan White wrote:
> In the absence of an [sasl_]auxprop_plugins statement, all plugins will be
> queried. For example, running pluginviewer (or saslpluginviewer on debian)
> should typically list sasldb if it's installed on your system.
> 
> The canon_user plugins and auxprop plugins are coded within the same code,
> and so are tied together somewhat, although I haven't dug into the code to
> explain the error Michael is experiencing.
> 
> Michael,
> 
> I'd suggest installing the sasldb auxprop to see if that clears up the
> issue. That may not even require a configuration change.
> 
> On 11/21/16 13:43 -0800, Andrew Morgan via Info-cyrus wrote:
> >I'm using Debian packages for sasl.  Here is what libsasl2-modules 
> >includes:
> >
> >/usr/lib/x86_64-linux-gnu/sasl2/libplain.so.2.0.25
> >/usr/lib/x86_64-linux-gnu/sasl2/libcrammd5.so.2.0.25
> >/usr/lib/x86_64-linux-gnu/sasl2/libdigestmd5.so.2.0.25
> >/usr/lib/x86_64-linux-gnu/sasl2/liblogin.so.2.0.25
> >/usr/lib/x86_64-linux-gnu/sasl2/libanonymous.so.2.0.25
> >/usr/lib/x86_64-linux-gnu/sasl2/libntlm.so.2.0.25
> >
> >But in my imapd.conf, I'm not specifying an auxprop plugins:
> >
> ># grep sasl /etc/imapd.conf
> >sasl_mech_list: PLAIN
> >sasl_minimum_layer: 0
> >#sasl_maximum_layer: 256
> >sasl_pwcheck_method: saslauthd
> >
> >Since we are using saslauthd, we don't use auxprop plugins, I think...
> >
> >	Andy
> >
> >On Mon, 21 Nov 2016, Michael Ulitskiy wrote:
> >
> >>I'm trying to read the code and it seems that it tries to lookup authorization id
> >>in auxprop plugin. since I don't have any auxprop plugins that returns SASL_NOMECH and results
> >>in the error I'm seeing.
> >>
> >>By any chance do you have any auxprop plugin defined?
> 
> 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.andrew.cmu.edu/pipermail/info-cyrus/attachments/20161121/e667243f/attachment-0001.html>


More information about the Info-cyrus mailing list