Bug#728339: plain/login authentication failure - no mechanism available

Tue, 05 Nov 2013 03:43:20 -0800

I must apologize, the upstream patch I sent you, fixes some of the problems, but not all of them. If username and authname differs, for example if you want to authenticate with an admin user against timesievd to change some users sieve script, the autentication process will still fail. 

To reproduce this:

current wheezy installation, cyrus+saslauthd
Try some plain auth against cyrus and it will all fail with some syslog entry like this: 
badlogin: localhost [127.0.0.1] PLAIN [SASL(-4): no mechanism available: ]
With the patch applied to cyrus-sasl, normal plain authentication against cyrus will work, but doing something like this will fail: 

the base64 encoded sting is:
"test\0cyrus\0Password"

telnet localhost 4190
Trying ::1...
Connected to localhost.
Escape character is '^]'.
"IMPLEMENTATION" "Cyrus timsieved v2.4.16-Debian-2.4.16-4+deb7u1"
"SASL" "PLAIN LOGIN"
"SIEVE" "comparator-i;ascii-numeric fileinto reject vacation imapflags notify envelope relational regex subaddress copy" 
"STARTTLS"
"UNAUTHENTICATE"
OK
AUTHENTICATE "PLAIN" {28+}
dGVzdABjeXJ1cwBQYXNzd29yZA=='
NO "Authentication Error"

syslog:
Oct 30 22:32:40 ourea cyrus/master[17707]: about to exec /usr/lib/cyrus/bin/timsieved 
Oct 30 22:32:40 ourea cyrus/sieve[17707]: executed
Oct 30 22:32:40 ourea cyrus/sieve[17707]: accepted connection
Oct 30 22:32:40 ourea cyrus/sieve[17707]: badlogin: localhost[127.0.0.1] PLAIN no mechanism available 

doing the same with:
"test\0test\0Password"
-->
AUTHENTICATE "PLAIN" {24+}
dGVzdAB0ZXN0AFBhc3N3b3Jk
will work

An other test with imtest will also fail:
imtest -u test -a cyrus -w Password -v -m plain 127.0.0.1

syslog:
Nov  5 12:23:20 ourea cyrus/imap[3671]: accepted connection
Nov 5 12:23:20 ourea cyrus/imap[3671]: badlogin: localhost [127.0.0.1] PLAIN [SASL(-4): no mechanism available: Unable to find a callback: 32773] 

while this will work:
imtest -u muman -a muman -w muman -v -m plain 127.0.0.1

something in the patch is still missing


--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Reply via email to