Re: Postfix & cyrus-sasl 2.1.25 issues

2012-01-11 Thread Quanah Gibson-Mount 
--On Wednesday, January 11, 2012 1:13 PM -0800 Quanah Gibson-Mount 
 wrote:



--On Friday, January 06, 2012 11:05 AM +0200 Eray Aslan
 wrote:


There are reports of broken PLAIN and LOGIN mechs with cyrus-sasl
2.1.25.  But I can't reproduce it.


If you compile any auxprop plugins (like you have), you will never see
it. It's a bug in the auxprop loader rewrite that is only triggered if
one elects to have no auxprop plugins.




Better fix in:



--Quanah


--

Quanah Gibson-Mount
Sr. Member of Technical Staff
Zimbra, Inc
A Division of VMware, Inc.

Zimbra ::  the leader in open source messaging and collaboration

Re: Postfix & cyrus-sasl 2.1.25 issues

2012-01-11 Thread Quanah Gibson-Mount 
--On Friday, January 06, 2012 11:05 AM +0200 Eray Aslan 
 wrote:



There are reports of broken PLAIN and LOGIN mechs with cyrus-sasl
2.1.25.  But I can't reproduce it.


If you compile any auxprop plugins (like you have), you will never see it. 
It's a bug in the auxprop loader rewrite that is only triggered if one 
elects to have no auxprop plugins.




--Quanah

--

Quanah Gibson-Mount
Sr. Member of Technical Staff
Zimbra, Inc
A Division of VMware, Inc.

Zimbra ::  the leader in open source messaging and collaboration

Re: Postfix & cyrus-sasl 2.1.25 issues

2012-01-06 Thread Quanah Gibson-Mount 
--On Friday, January 06, 2012 10:19 PM +0200 Eray Aslan 
 wrote:



On Fri, Jan 06, 2012 at 09:23:02AM -0800, Quanah Gibson-Mount wrote:

--On Friday, January 06, 2012 11:05 AM +0200 Eray Aslan
 wrote:
> There are reports of broken PLAIN and LOGIN mechs with cyrus-sasl
> 2.1.25.  But I can't reproduce it.

That is what I'm seeing. :/  Where else did you see these reports?


https://bugs.gentoo.org/show_bug.cgi?id=392761
https://bugs.launchpad.net/ubuntu/+source/cyrus-sasl2/+bug/875440


Thanks, that is very useful information.

I can now reproduce this using the cyrus-sasl sample client/server, so I am 
going to chalk this up to being a cyrus-sasl bug.  Once I have a solution, 
I'll follow up with the postfix list so anyone who hits it here can know 
what to do. ;)


--Quanah

--

Quanah Gibson-Mount
Sr. Member of Technical Staff
Zimbra, Inc
A Division of VMware, Inc.

Zimbra ::  the leader in open source messaging and collaboration

Re: Postfix & cyrus-sasl 2.1.25 issues

2012-01-06 Thread Eray Aslan 
On Fri, Jan 06, 2012 at 09:23:02AM -0800, Quanah Gibson-Mount wrote:
> --On Friday, January 06, 2012 11:05 AM +0200 Eray Aslan 
>  wrote:
> > There are reports of broken PLAIN and LOGIN mechs with cyrus-sasl
> > 2.1.25.  But I can't reproduce it.
> 
> That is what I'm seeing. :/  Where else did you see these reports?

https://bugs.gentoo.org/show_bug.cgi?id=392761
https://bugs.launchpad.net/ubuntu/+source/cyrus-sasl2/+bug/875440

-- 
Eray Aslan

Re: Postfix & cyrus-sasl 2.1.25 issues

2012-01-06 Thread Quanah Gibson-Mount 
--On Friday, January 06, 2012 9:23 AM -0800 Quanah Gibson-Mount 
 wrote:



There are reports of broken PLAIN and LOGIN mechs with cyrus-sasl
2.1.25.  But I can't reproduce it.


That is what I'm seeing. :/  Where else did you see these reports?


Ok, found that one on the cyrus-sasl list.  Doesn't look like it ever got 
resolved either. :/


--Quanah

--

Quanah Gibson-Mount
Sr. Member of Technical Staff
Zimbra, Inc
A Division of VMware, Inc.

Zimbra ::  the leader in open source messaging and collaboration

Re: Postfix & cyrus-sasl 2.1.25 issues

2012-01-06 Thread Quanah Gibson-Mount 
--On Friday, January 06, 2012 11:05 AM +0200 Eray Aslan 
 wrote:



On Thu, Jan 05, 2012 at 04:46:08PM -0800, Quanah Gibson-Mount wrote:

Thus my question as to whether or
not anyone has gotten 2.1.25 to work with Postfix at all.  If someone
can  confirm they have SMTP auth working with a Cyrus-SASL 2.1.25 linked
Postfix, then it gives me other avenues to examine.


$ telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 london0.caf.com.tr ESMTP Postfix
ehlo localhost
250-london0.caf.com.tr
250-PIPELINING
250-SIZE 1024
250-VRFY
250-ETRN
250-AUTH PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
AUTH PLAIN 
235 2.7.0 Authentication successful
quit
221 2.0.0 Bye
Connection closed by foreign host.

# saslauthd -v
saslauthd 2.1.25
authentication mechanisms: sasldb getpwent pam rimap shadow


zimbra@zqa-062:~$ /opt/zimbra/cyrus-sasl/sbin/saslauthd -v
saslauthd 2.1.25
authentication mechanisms: getpwent kerberos5 rimap shadow zimbra



# postconf mail_version
mail_version = 2.8.7


zimbra@zqa-062:~$ postconf mail_version
mail_version = 2.8.7



There are reports of broken PLAIN and LOGIN mechs with cyrus-sasl
2.1.25.  But I can't reproduce it.


That is what I'm seeing. :/  Where else did you see these reports?

testsaslauthd works like a charm, which I forgot to mention in my original 
report:


zimbra@zqa-062:~$ /opt/zimbra/cyrus-sasl/sbin/testsaslauthd -u admin -p 
xxx

0: OK "Success."

--Quanah

--

Quanah Gibson-Mount
Sr. Member of Technical Staff
Zimbra, Inc
A Division of VMware, Inc.

Zimbra ::  the leader in open source messaging and collaboration

Re: Postfix & cyrus-sasl 2.1.25 issues

2012-01-06 Thread Eray Aslan 
On Thu, Jan 05, 2012 at 04:46:08PM -0800, Quanah Gibson-Mount wrote:
> Thus my question as to whether or 
> not anyone has gotten 2.1.25 to work with Postfix at all.  If someone can 
> confirm they have SMTP auth working with a Cyrus-SASL 2.1.25 linked 
> Postfix, then it gives me other avenues to examine.

$ telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 london0.caf.com.tr ESMTP Postfix
ehlo localhost
250-london0.caf.com.tr
250-PIPELINING
250-SIZE 1024
250-VRFY
250-ETRN
250-AUTH PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
AUTH PLAIN 
235 2.7.0 Authentication successful
quit
221 2.0.0 Bye
Connection closed by foreign host.

# saslauthd -v
saslauthd 2.1.25
authentication mechanisms: sasldb getpwent pam rimap shadow

# postconf mail_version
mail_version = 2.8.7

Tested with ldap as well.  Also no problem.

FWIW, here is with cyrus-imap:

# imtest -a eras localhost
S: * OK [CAPABILITY IMAP4rev1 LITERAL+ ID ENABLE STARTTLS AUTH=PLAIN
AUTH=LOGIN
SASL-IR] london0.caf.com.tr Cyrus IMAP v2.4.12 server ready
Please enter your password: 
C: A01 AUTHENTICATE PLAIN 
S: A01 OK [CAPABILITY IMAP4rev1 LITERAL+ ID ENABLE ACL RIGHTS=kxte QUOTA
MAILBOX-REFERRALS NAMESPACE UIDPLUS NO_ATOMIC_RENAME UNSELECT CHILDREN
MULTIAPPEND BINARY CATENATE CONDSTORE ESEARCH SORT SORT=MODSEQ
SORT=DISPLAY
THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE LIST-EXTENDED
WITHIN
QRESYNC SCAN XLIST URLAUTH URLAUTH=BINARY X-NETSCAPE LOGINDISABLED
COMPRESS=DEFLATE IDLE] Success (no protection)
Authenticated.
Security strength factor: 0
a logout
* BYE LOGOUT received
a OK Completed
Connection closed.


There are reports of broken PLAIN and LOGIN mechs with cyrus-sasl
2.1.25.  But I can't reproduce it.

-- 
Eray Aslan

Re: Postfix & cyrus-sasl 2.1.25 issues

2012-01-05 Thread Wietse Venema 
Quanah Gibson-Mount:
> --On Thursday, January 05, 2012 7:39 PM -0500 Wietse Venema 
>  wrote:
> 
> Hi Wieste,
> 
> >> A 2.1.25 linked Postfix always complains about no available mechanism:
> >
> > I recall that OpenLDAP also links with Cyrus SASL. Perhaps Postfix
> > and OpenLDAP were built with different Cyrus SASL versions?
> 
> No, that is not the case.  We build all of our software from the ground up, 

Unfortunately I don't have the time to grab the latest Cyrus SASL
library and build Postfix with it. If someone wants to give it a
try I suggest building without LDAP to avoid cross-dependencies.

Wietse

Re: Postfix & cyrus-sasl 2.1.25 issues

2012-01-05 Thread Quanah Gibson-Mount 
--On Thursday, January 05, 2012 7:39 PM -0500 Wietse Venema 
 wrote:


Hi Wieste,


A 2.1.25 linked Postfix always complains about no available mechanism:


I recall that OpenLDAP also links with Cyrus SASL. Perhaps Postfix
and OpenLDAP were built with different Cyrus SASL versions?


No, that is not the case.  We build all of our software from the ground up, 
and OpenLDAP is linked to the same cyrus-sasl version.  Also, our smtp auth 
isn't using LDAP for the authentication.



In that case, you can expect to experience all kinds of memory
corruption, resulting in mysterious failures.


I'd expect a lot of odd behavior from the LDAP server in that case as well, 
which we aren't seeing.



Maybe you can run smtpd under valgrind. Instructions are below.


I'll give this a shot, just in case.  Thanks for the information.

However, I've found a variety of other bugs in Cyrus SASL 2.1.25 already 
that I've filed upstream with them, so it wouldn't surprise me in the least 
that this is yet another one of those.  Thus my question as to whether or 
not anyone has gotten 2.1.25 to work with Postfix at all.  If someone can 
confirm they have SMTP auth working with a Cyrus-SASL 2.1.25 linked 
Postfix, then it gives me other avenues to examine.


Regards,
Quanah

--

Quanah Gibson-Mount
Sr. Member of Technical Staff
Zimbra, Inc
A Division of VMware, Inc.

Zimbra ::  the leader in open source messaging and collaboration

Re: Postfix & cyrus-sasl 2.1.25 issues

2012-01-05 Thread Wietse Venema 
Quanah Gibson-Mount:
> I'm curious if anyone has tested Postfix SMTP auth in conjunction with 
> Cyrus-SASL 2.1.25.  My testing shows that when used linked to Cyrus-SASL 
> 2.1.25, SMTP auth fails with an unknown mechanism error.  Downgrading to 
> Cyrus-SASL 2.1.23 with the exact same configuration and build parameters 
> works as expected.
> 
> My guess is this is an bug with Cyrus-SASL 2.1.25, however it is entirely 
> possible there are API changes in 2.1.25 that Postfix needs to be adjusted 
> for.  I guess consider this a general heads up, and if anyone has gotten it 
> to work, I'd love to know that. ;)
> 
> A 2.1.25 linked Postfix always complains about no available mechanism:

I recall that OpenLDAP also links with Cyrus SASL. Perhaps Postfix
and OpenLDAP were built with different Cyrus SASL versions?

In that case, you can expect to experience all kinds of memory
corruption, resulting in mysterious failures. 

Maybe you can run smtpd under valgrind. Instructions are below.

Wietse

1 - Put these lines in /usr/libexec/postfix/smtpd.valgrind:

#!/bin/sh
CMD=`basename $0 .valgrind`
/usr/local/bin/valgrind --tool=memcheck /usr/libexec/postfix/$CMD "$@"

2 - Make the file executable:

# chmod 755 /usr/libexec/postfix/smtpd.valgrind

3 - Edit master.cf to invoke smtpd.valgrind instead of smtpd.

4 - Stop Postfix and run the master daemon by hand:

# postfix stop
# /usr/libexec/postfix/master -d

That will send valgrind's output to your terminal.

5 - Connect to the SMTP port and watch das blinkenlicht.