Digging into a problem

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi,


I am currently digging into a problem I have with cyrus sasl since I
upgraded from Ubuntu 11.10 to 12.04.

Some of my own programs stopped working since that upgrade. After some
playing with the code, I found out, that I could log in again after I
changed to SQL query string I am using.

What I had until now (and did work in the past) was this:

sql_select: SELECT password FROM system_users WHERE '%p'='userPassword' AND username='%u' AND realm='%r'

I changed now changed this to:

sql_select: SELECT password FROM system_users WHERE AND username='%u' AND realm='%r'

This does now work again.



In my user database I only store the plain text passwords. So with the
original query I tried to make sure, that only the query for the plain
text password does return results.

With the original query, I can see in my logs, that two queries are made
against my postgresql database (some additional logging by me):

Jul  1 22:37:07 eder jadc2s.amessage.eu[24924]: sql plugin create statement from userPassword m tthias.eu
Jul  1 22:37:07 eder jadc2s.amessage.eu[24924]: sql plugin doing query SELECT password FROM system_users WHERE 'userPassword'='userPassword' AND username='m' AND realm='tthias.eu' ;
Jul  1 22:37:07 eder jadc2s.amessage.eu[24924]: PostgreSQL query: SELECT password FROM system_users WHERE 'userPassword'='userPassword' AND username='m' AND realm='tthias.eu';
Jul  1 22:37:07 eder jadc2s.amessage.eu[24924]: PostgreSQL query status: PGRES_TUPLES_OK 
Jul  1 22:37:07 eder jadc2s.amessage.eu[24924]: Row Count: 1
Jul  1 22:37:07 eder jadc2s.amessage.eu[24924]: PostgreSQL result was: XXXXXXXX
Jul  1 22:37:07 eder jadc2s.amessage.eu[24924]: sql plugin create statement from cmusaslsecretDIGEST-MD5 m tthias.eu
Jul  1 22:37:07 eder jadc2s.amessage.eu[24924]: sql plugin doing query SELECT password FROM system_users WHERE 'cmusaslsecretDIGEST-MD5'='userPassword' AND username='m' AND realm= 'tthias.eu';
Jul  1 22:37:07 eder jadc2s.amessage.eu[24924]: PostgreSQL query: SELECT password FROM system_users WHERE 'cmusaslsecretDIGEST-MD5'='userPassword' AND username='m' AND realm='tthi as.eu';
Jul  1 22:37:07 eder jadc2s.amessage.eu[24924]: PostgreSQL query status: PGRES_TUPLES_OK 
Jul  1 22:37:07 eder jadc2s.amessage.eu[24924]: Row Count: 0
Jul  1 22:37:07 eder jadc2s.amessage.eu[24924]: sql plugin: no result found (not row count)
Jul  1 22:37:07 eder jadc2s.amessage.eu[24924]: commit transaction
Jul  1 22:37:07 eder jadc2s.amessage.eu[24924]: PostgreSQL query: COMMIT;
Jul  1 22:37:07 eder jadc2s.amessage.eu[24924]: PostgreSQL query status: PGRES_COMMAND_OK 
Jul  1 22:37:07 eder jadc2s.amessage.eu[24924]: ... so no results
Jul  1 22:37:07 eder jadc2s.amessage.eu[24924]: unable to open Berkeley db /etc/sasldb2: Permission denied
Jul  1 22:37:07 eder jadc2s.amessage.eu[24924]: sql plugin Parse the username m@xxxxxxxxx


So I see cyrus is first trying to read the plain text password (and gets
it from the database. Then it does the query for the hashed password and
does not get one.
Shouldn't Cyrus SASL use the plain text password in my case now? Instead
it tries to read /etc/sasldb2 (which is not used in my setup).


With the changed setup, Cyrus SASL does get the plain text password for
both queries and feels happy with that. I can authenticate and Cyrus is
not trying to access /etc/sasldb2.



Has there something changed in cyrus, that makes my query fail? Did I
understand wrong how the %p variable works? Isn't it a problem if I
return the plain text password in my SQL statement, when Cyrus expects
to get a hashed password for its DIGEST-MD5 query?



Regards,
Matthias

-- 
Matthias Wimmer            USt-IdNr. DE244176643
Contact details:     http://matthias.wimmer.tel/

Attachment: smime.p7s
Description: S/MIME cryptographic signature


[Index of Archives]     [Info Cyrus]     [Squirrel Mail]     [Linux Media]     [Yosemite News]     [gtk]     [KDE]     [Gimp on Windows]     [Steve's Art]

  Powered by Linux