On 03/07/2012 00:11, Matthias Wimmer wrote:
Hi Alexey,
Alexey Melnikov schrieb am 2012-07-02 11:33:20:
I am currently digging into a problem I have with cyrus sasl since I
upgraded from Ubuntu 11.10 to 12.04.
Which version of SASL is used by Ubuntu 12.04?
Ubuntu 12.04 has Cyrus SASL 2.1.25 - and it seems the same packages are
used as currently in Debian testing.
Ok, this is fairly recent.
I should have also asked for the Cyrus SASL version used by Ubunto 11.10.
I need to check what has changed between these 2 versions of Cyrus SASL
in order to have any meaningful theory.
What does your program do (or more specifically, how does it use
libsasl)? In general, SASL plugins like DIGEST-MD5 can request both
cleartext attribute (userPassword) and a non cleartext one, but
should work if either one of them is present. Hopefully the same
applies to your program.
At the start:
sasl_server_init(<list of callbacks>, "jadc2s")
=> I get SASL_OK
my list of callbacks has three elements:
- SASL_CB_CANON_USER
- SASL_CB_PROXY_POLICY
- SASL_CB_LIST_END
/usr/lib/sasl2/jadc2s.conf contains:
log_level: 7
mech_list: DIGEST-MD5
sql_engine: pgsql
sql_hostnames: breg.amessage.eu
sql_user: sasl
sql_passwd: XXXXXXXX
sql_database: sasl
sql_select: SELECT password FROM system_users WHERE username='%u' AND realm='%r'
the last line had been:
sql_select: SELECT password FROM system_users WHERE '%p'='userPassword' AND username='%u' AND realm='%r'
For any connection, I set:
sasl_server_new("xmpp",<default domain of server>,<default domain of server>,<ip>,<ip>, NULL, 0,&sasl_conn);
sasl_setprop(..., SASL_SEC_PROPS, ...);
min_ssf: 0
max_ssf: -1
maxbufsize: 1024
property_names: NULL
property_values:NULL
security_flags: SASL_SEC_NOANONYMOUS
sasl_setprop(..., SASL_DEFUSERREALM,<domain of the client>);
sasl_setprop(..., SASL_SSF_EXTERNAL,<value from GnuTLS>);
I request:
sasl_listmech(...)
Authentication is done using (client can send initial data):
sasl_server_start(...)
sasl_server_step(...)
After authentication I would do:
sasl_getprop(..., SASL_MAXOUTBUF, ...);
sasl_getprop(..., SASL_USERNAME, ...);
Instead
it tries to read /etc/sasldb2 (which is not used in my setup).
You have SASLDB auxprop plugin installed and enabled. If you don't
want to use it, you should disable it.
that's "auxprop_plugin: sql", right?
Yes.
