Bug#728339: plain/login authentication failure - no mechanism available

Christian Schwamborn cs at imap.architektur.tu-darmstadt.de
Tue Nov 5 11:29:26 UTC 2013 

I must apologize, the upstream patch I sent you, fixes some of the 
problems, but not all of them. If username and authname differs, for 
example if you want to authenticate with an admin user against timesievd 
to change some users sieve script, the autentication process will still 
fail.

To reproduce this:

current wheezy installation, cyrus+saslauthd

Try some plain auth against cyrus and it will all fail with some syslog 
entry like this:
badlogin: localhost [127.0.0.1] PLAIN [SASL(-4): no mechanism available: ]

With the patch applied to cyrus-sasl, normal plain authentication 
against cyrus will work, but doing something like this will fail:

the base64 encoded sting is:
"test\0cyrus\0Password"

telnet localhost 4190
Trying ::1...
Connected to localhost.
Escape character is '^]'.
"IMPLEMENTATION" "Cyrus timsieved v2.4.16-Debian-2.4.16-4+deb7u1"
"SASL" "PLAIN LOGIN"
"SIEVE" "comparator-i;ascii-numeric fileinto reject vacation imapflags 
notify envelope relational regex subaddress copy"
"STARTTLS"
"UNAUTHENTICATE"
OK
AUTHENTICATE "PLAIN" {28+}
dGVzdABjeXJ1cwBQYXNzd29yZA=='
NO "Authentication Error"

syslog:
Oct 30 22:32:40 ourea cyrus/master[17707]: about to exec 
/usr/lib/cyrus/bin/timsieved
Oct 30 22:32:40 ourea cyrus/sieve[17707]: executed
Oct 30 22:32:40 ourea cyrus/sieve[17707]: accepted connection
Oct 30 22:32:40 ourea cyrus/sieve[17707]: badlogin: localhost[127.0.0.1] 
PLAIN no mechanism available

doing the same with:
"test\0test\0Password"
-->
AUTHENTICATE "PLAIN" {24+}
dGVzdAB0ZXN0AFBhc3N3b3Jk
will work

An other test with imtest will also fail:
imtest -u test -a cyrus -w Password -v -m plain 127.0.0.1

syslog:
Nov  5 12:23:20 ourea cyrus/imap[3671]: accepted connection
Nov  5 12:23:20 ourea cyrus/imap[3671]: badlogin: localhost [127.0.0.1] 
PLAIN [SASL(-4): no mechanism available: Unable to find a callback: 32773]

while this will work:
imtest -u muman -a muman -w muman -v -m plain 127.0.0.1

something in the patch is still missing

More information about the Pkg-cyrus-sasl2-debian-devel mailing list