AW: sasl-canonuser-plugin via sql

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Thank you Dan,

I documented all deprecated options, added a documentation part for
sql_canon added for clarification sql_auxprop_insert and sql_auxprop_update,
put in the correction I mentioned in the mail about ldap-plugin (stringsize
not checked before memcpy in [ldapdb,sql]canon_client )

The full patch is now under bugzilla:
https://bugzilla.andrew.cmu.edu/show_bug.cgi?id=3219

Thanks again, and I hope I did not code too weird ... :)

Lars

-----Ursprüngliche Nachricht-----
Von: Dan White [mailto:dwhite@xxxxxxx] 
Gesendet: Donnerstag, 13. Mai 2010 17:11
An: Lars Duesing
Cc: cyrus-sasl@xxxxxxxxxxxxxxxxxxxx
Betreff: Re: sasl-canonuser-plugin via sql

On 13/05/10 08:49 +0200, Lars Duesing wrote:
>Hi Dan, Hi List,
>
>I've done the whole canonuser into the auxprop-plugin.
>This time it is against cyrus-sasl-2.1.24rc1 plain. No other dependencies.
>
>Would you please have another look at it?
>
>Thanks a lot,
>
>Lars

Lars,

I was able to get it to work - notes are below.

One minor issue is that you might want to still document sql_select and mark
it as deprecated, and then update the 'Notes' and 'Examples' (in
options.html) for the sql plugin to reflect the changes, or maybe just stick
with 'sql_select' for auxprop retrieval.

Please submit your patch to the Cyrus Bugzilla:

https://bugzilla.andrew.cmu.edu/

** Notes **

#> sqlite3 cyrus.db
SQLite version 3.5.9
Enter ".help" for instructions
sqlite> create table users (user TEXT, userPassword TEXT); create table 
sqlite> canon (login TEXT, user TEXT); insert into users values 
sqlite> ('dwhite_04927', 'mysecret'); insert into users values 
sqlite> ('dwhite_12345', 'mysecret'); insert into users values 
sqlite> ('dwhite', 'mysecret'); insert into canon values 
sqlite> ('dwhite_04927', 'dwhite'); insert into canon values 
sqlite> ('dwhite_12345', 'dwhite'); select * from users;
dwhite_04927|mysecret
dwhite_12345|mysecret
dwhite|mysecret
sqlite> select * from canon;
dwhite_04927|dwhite
dwhite_12345|dwhite
sqlite> .quit
#> chown cyrus:mail cyrus.db
#> chmod 640 cyrus.db

#> grep 'sasl\|plaintext' /etc/imapd.conf
sasl_pwcheck_method: auxprop
sasl_auxprop_plugin: sql
sasl_canon_user_plugin: sql
sasl_sql_engine: sqlite3
sasl_sql_database: /usr/lib/sasl2/cyrus.db
sasl_sql_auxprop_select: select userPassword from users where user='%u'
sasl_sql_canon_select: select user from canon where login='%u'
allowplaintext: yes
sasl_minimum_layer: 0
sasl_log_level: 7

#> imtest -m LOGIN -a dwhite_04927 -w mysecret localhost

Some snippets from /var/log/auth.log:

May 13 14:30:55 zek imap[4258]: sql_canon_plugin using sqlite3 engine with
select: select user from canon where login='%u'
May 13 14:30:55 zek imap[4258]: sql_auxprop_plugin using sqlite3 engine with
select: select userPassword from users where user='%u'
May 13 14:30:55 zek imap[4258]: sql_canon_server May 13 14:30:55 zek
imap[4258]: sql_canon_server Parse the username dwhite_04927 May 13 14:30:55
zek imap[4258]: sql plugin try and connect to a host May 13 14:30:55 zek
imap[4258]: sql plugin trying to open db '/usr/lib/sasl2/cyrus.db' on host
''
May 13 14:30:55 zek imap[4258]: sql_canon plugin create statement from
dwhite_04927 zek May 13 14:30:55 zek imap[4258]: sql_canon plugin doing
query select user from canon where login='dwhite_04927'; May 13 14:30:55 zek
imap[4258]: sql_canon plugin create statement from dwhite zek May 13
14:30:55 zek imap[4258]: sql_canon plugin doing query select user from canon
where login='dwhite'; May 13 14:30:55 zek imap[4258]: sql plugin: no result
found May 13 14:30:55 zek imap[4258]: sql_canon_server May 13 14:30:55 zek
imap[4258]: sql_canon_server Parse the username dwhite May 13 14:30:55 zek
imap[4258]: sql plugin try and connect to a host May 13 14:30:55 zek
imap[4258]: sql plugin trying to open db '/usr/lib/sasl2/cyrus.db' on host
''
May 13 14:30:55 zek imap[4258]: sql_canon plugin create statement from
dwhite zek May 13 14:30:55 zek imap[4258]: sql_canon plugin doing query
select user from canon where login='dwhite'; May 13 14:30:55 zek imap[4258]:
sql plugin: no result found May 13 14:30:55 zek imap[4258]: sql_auxprop
plugin Parse the username dwhite May 13 14:30:55 zek imap[4258]: sql plugin
try and connect to a host May 13 14:30:55 zek imap[4258]: sql plugin trying
to open db '/usr/lib/sasl2/cyrus.db' on host ''
May 13 14:30:55 zek imap[4258]: begin transaction May 13 14:30:55 zek
imap[4258]: sql_auxprop plugin create statement from userPassword dwhite zek
May 13 14:30:55 zek imap[4258]: sql_auxprop plugin doing query select
userPassword from users where user='dwhite'; May 13 14:30:55 zek imap[4258]:
sql_auxprop plugin create statement from cmusaslsecretPLAIN dwhite zek May
13 14:30:55 zek imap[4258]: sql_auxprop plugin doing query select
userPassword from users where user='dwhite'; May 13 14:30:55 zek imap[4258]:
commit transaction May 13 14:30:55 zek imap[4258]: sql_auxprop plugin Parse
the username dwhite May 13 14:30:55 zek imap[4258]: sql plugin try and
connect to a host May 13 14:30:55 zek imap[4258]: sql plugin trying to open
db '/usr/lib/sasl2/cyrus.db' on host ''

#> tail -20 /var/log/syslog (from an earlier attempt)

May 13 14:17:55 zek master[2467]: process 2470 exited, status 0 May 13
14:18:00 zek master[2474]: about to exec /usr/bin/imapd May 13 14:18:00 zek
imap[2474]: executed May 13 14:18:00 zek imap[2474]: accepted connection May
13 14:18:00 zek imap[2474]: IOERROR: opening /var/lib/imap/user_deny.db: No
such file or directory May 13 14:18:00 zek imap[2474]: login: zek.olp.net
[127.0.0.1] dwhite plaintext User logged in May 13 14:18:00 zek imap[2474]:
IOERROR: opening /var/lib/imap/user_deny.db: No such file or directory May
13 14:18:02 zek imap[2474]: IOERROR: opening /var/lib/imap/user_deny.db: No
such file or directory

which indicates that dwhite_04927 was canonicalized to dwhite.

--
Dan White




[Index of Archives]     [Info Cyrus]     [Squirrel Mail]     [Linux Media]     [Yosemite News]     [gtk]     [KDE]     [Gimp on Windows]     [Steve's Art]

  Powered by Linux