[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: saslauxprop and libldapdb, auxpropfunc error -7

Howard, Igor, Rob, et. al.,

I've tried applying the changes as Howard suggested below. It has succeeded in preventing the "auxpropfunc error -7" message from showing up when Cyrus IMAP invokes the SASL library to do a user/password verification. However, there is still no bind (or any activity for that matter) with slapd. It just reports an error "SASL(-13): user not found: checkpass failed" in the system log. I guess at this point I'm at least expecting it to query the ldap server, even if it isn't successful. My imap.conf file is as so (per previous recommendations):

configdirectory: /var/imap
partition-default: /var/spool/imap
admins: cyrus root
sasl_pwcheck_method: auxprop
sasl_auxprop_plugin: ldapdb
ldapdb_uri: ldap://127.0.0.1
ldapdb_id:  admin
ldapdb_pw:  password
ldapdb_mech: PLAIN

Another variation tried (upon suggestion) was:

configdirectory: /var/imap
partition-default: /var/spool/imap
admins: cyrus root
sasl_pwcheck_method: auxprop
sasl_auxprop_plugin: ldapdb
sasl_ldapdb_uri: ldap://127.0.0.1
sasl_ ldapdb_id:  admin
sasl_ ldapdb_pw:  password
sasl_ ldapdb_mech: PLAIN


My apologies that I'm not more helpful in the coding suggestions. My programming is limited to two semesters of java. About all I can do is test and report. Please let me know if there is anything further I can do in that regard.

Cheers!
-Joe





On Thursday, March 6, 2003, at 08:55  AM, Howard Chu wrote:

-----Original Message-----
From: Rob Siemborski [mailto:rjs3@andrew.cmu.edu]
Sent: Thursday, March 06, 2003 6:28 AM
To: Howard Chu
Cc: 'Igor Brezac'; 'Joe Rhodes'; OpenLDAP-software@OpenLDAP.org;
cyrus-sasl@lists.andrew.cmu.edu
Subject: RE: saslauxprop and libldapdb, auxpropfunc error -7


On Thu, 6 Mar 2003, Howard Chu wrote:

I take that all back. There's still something broken, I
just haven't found it
yet, and I've been up far too late tonight to say anything
coherent about it
now. 

The library always hands plugins the internal getopt function
because it
performs getopt lookups by calling both the connection-specific getopt
function and the global getopt function (as well as potentially an
application-specific config file).  Handing the getopt
callback directly
to the plugin won't accomplish this.

If you do fingure out what trouble you're having, though, let us know. 

OK, this time for sure: sasl_auxprop_add_plugin invokes the plugin with
sasl_global_utils (lib/auxprop.c:804)
804         result = auxpropfunc(sasl_global_utils,
SASL_AUXPROP_PLUG_VERSION,
805                              &out_version, &plug, plugname);

sasl_global_utils has a NULL context. It is created this way by
_sasl_common_init (lib/common.c:421)
    /* Setup the global utilities */
    if(!sasl_global_utils) {
        sasl_global_utils = _sasl_alloc_utils(NULL, NULL);
        if(sasl_global_utils == NULL) return SASL_NOMEM;
    }

It passes a NULL context to _sasl_alloc_utils; it should be passing
&global_callbacks instead.

  -- Howard Chu
  Chief Architect, Symas Corp.       Director, Highland Sun
  http://www.symas.com               http://highlandsun.com/hyc
  Symas: Premier OpenSource Development and Support



Howard's code refinements to sasl libraries:


This would be better, I think:
Index: client.c
===================================================================
RCS file: /cvs/src/sasl/lib/client.c,v
retrieving revision 1.58
diff -u -r1.58 client.c
--- client.c    13 Feb 2003 19:55:53 -0000      1.58
+++ client.c    6 Mar 2003 15:02:34 -0000
@@ -210,7 +210,7 @@

   sasl_client_add_plugin("EXTERNAL", &external_client_plug_init);

-  ret = _sasl_common_init();
+  ret = _sasl_common_init(&global_callbacks);

   if (ret == SASL_OK)
       ret = _sasl_load_plugins(ep_list,
Index: common.c
===================================================================
RCS file: /cvs/src/sasl/lib/common.c,v
retrieving revision 1.89
diff -u -r1.89 common.c
--- common.c    13 Feb 2003 19:55:54 -0000      1.89
+++ common.c    6 Mar 2003 15:02:35 -0000
@@ -413,13 +413,13 @@
   RETURN(conn, SASL_OK);
 }

-int _sasl_common_init(void)
+int _sasl_common_init(sasl_global_callbacks_t *global_callbacks)
 {
     int result;

     /* Setup the global utilities */
     if(!sasl_global_utils) {
-       sasl_global_utils = _sasl_alloc_utils(NULL, NULL);
+       sasl_global_utils = _sasl_alloc_utils(NULL, global_callbacks);
        if(sasl_global_utils == NULL) return SASL_NOMEM;
     }

Index: saslint.h
===================================================================
RCS file: /cvs/src/sasl/lib/saslint.h,v
retrieving revision 1.46
diff -u -r1.46 saslint.h
--- saslint.h   13 Feb 2003 19:55:54 -0000      1.46
+++ saslint.h   6 Mar 2003 15:02:36 -0000
@@ -358,7 +358,7 @@
 extern const sasl_callback_t *
 _sasl_find_verifyfile_callback(const sasl_callback_t *callbacks);

-extern int _sasl_common_init(void);
+extern int _sasl_common_init(sasl_global_callbacks_t *global_callbacks);

 extern int _sasl_conn_init(sasl_conn_t *conn,
                           const char *service,
Index: server.c
===================================================================
RCS file: /cvs/src/sasl/lib/server.c,v
retrieving revision 1.119
diff -u -r1.119 server.c
--- server.c    13 Feb 2003 19:55:54 -0000      1.119
+++ server.c    6 Mar 2003 15:02:37 -0000
@@ -585,7 +585,7 @@
     /* we require the appname to be non-null */
     if (appname==NULL) return SASL_BADPARAM;

-    ret = _sasl_common_init();
+    ret = _sasl_common_init(&global_callbacks);
     if (ret != SASL_OK)
        return ret;


  -- Howard Chu
  Chief Architect, Symas Corp.       Director, Highland Sun
  http://www.symas.com               http://highlandsun.com/hyc
  Symas: Premier OpenSource Development and Support