Hey, I worked some more on this issue. Still no luck, but I think I can provide a little more specific info on it.
I did what Jan suggested about the sample-client and sample-server, and was able to authenticate via ANONYMOUS mechanism when I specified the path to the plugins. (i.e. although I had installed plugins at /usr/lib/sasl2, which is the default location) Then, I utilized the callback structure Cyrus SASL provides, which helps us feed the library data such as authname, realm, password, etc. One can basically provide the callback code(e.g. SASL_CB_GETPATH) proc(i.e. callback method) and a context data to have a callback mechanism. Then Cyrus SASL uses that callback to gather information such as the plugin path from one's application. After appropriately migrating over all the callbacks provided in sample-client of Cyrus SASL to my AuthenticatorClient class, I still was unable to authenticate. Not only that, but since I started using callbacks and provided them as input to sasl_client_init(), I started getting SASL_BADPARAM errors as its return value. I decided to dig deeper using GNU Debugger, and noticed something. In Cyrus SASL source, definition of sasl_client_init() is included in lib/client.c . I noticed I was getting the error while SASL tries to load plugins via _sasl_load_plugins() function. In the beginning of the definition of that function, in lib/dlopen.c, the parameters function takes are checked in an if statement. What happens is, as long as I do not specify SASL_CB_VERIFYFILE in my list of callbacks, WITH a callback function (i.e. as opposed to providing NULL as a its proc) the last check(i.e. !verifyfile_cb->proc) in this long if statement returns false value, ending in that function, and sasl_client_init() returning SASL_BADPARAM. Now, I do not know the required signature of thr proc method of SASL_CB_VERIFYFILE callback, but I sill could try to code such a method. Yet, what boggles my mind is, sample-client does not have a SASL_CB_VERIFYFILE callback, either. Yet, a default callback provided for SASL_CB_VERIFYFILE by _sasl_find_verifyfile_callback() to _sasl_load_plugins() seems to work for sample-client, while it does not work for my code, which has been almost the same. It probably is really hard to get this without having a look at the code, but I wanted to be as specific as possible. I will be working on providing a SASL_CB_VERIFYFILE callback, but not a bit sure if that attempt will result in success. Any ideas/suggestions? - İlim 2013/7/29 Jan Schaumann <[email protected]> > ?lim U?ur <[email protected]> wrote: > > > ./sample-server -m ANONYMOUS -i > local=127.0.0.1;5555,remote=127.0.0.1;5555 > > -s http > > ./sample-client -m ANONYMOUS -i > local=127.0.0.1;5555,remote=127.0.0.1;5555 > > -s http > > You have a few semicolons in there, which is likely not what you want. > (The shell will stop parsing your command at the semicolon and attempt > to execute the remainder after the process terminates.) > > Have you tried specifying the path to the directory where the plugins > are installed? > > I just build and installed cyrus-sasl-2.1.26 into a temporary location > and can do the following: > > Server: > $ ./sample-server -p ../../lib/sasl2 > Generating client mechanism list... > Sending list of 8 mechanism(s) > S: > U0NSQU0tU0hBLTEgR1NTLVNQTkVHTyBHU1NBUEkgRElHRVNULU1ENSBPVFAgQ1JBTS1NRDUgUExBSU4gQU5PTllNT1VT > Waiting for client mechanism... > C: QU5PTllNT1VTAGFub255bW91c0BndW1w > got 'ANONYMOUS' > lt-sample-server: SASL Info: ANONYMOUS login: "anonymous@gump" > Negotiation complete > Username: anonymous > Realm: (NULL) > SSF: 0 > sending encrypted message 'srv message 1' > S: c3J2IG1lc3NhZ2UgMQA= > Waiting for encrypted message... > C: Y2xpZW50IG1lc3NhZ2UgMQA= > got 'client message 1' > recieved decoded message 'client message 1' > > > Client: > $ ./sample-client -m ANONYMOUS > Waiting for mechanism list from server... > S: > U0NSQU0tU0hBLTEgR1NTLVNQTkVHTyBHU1NBUEkgRElHRVNULU1ENSBPVFAgQ1JBTS1NRDUgUExBSU4gQU5PTllNT1VT > recieved 69 byte message > Forcing use of mechanism ANONYMOUS > Choosing best mechanism from: ANONYMOUS > Using mechanism ANONYMOUS > Preparing initial. > Sending initial response... > C: QU5PTllNT1VTAGFub255bW91c0BndW1w > Negotiation complete > Username: anonymous > SSF: 0 > Waiting for encoded message... > S: c3J2IG1lc3NhZ2UgMQA= > recieved 14 byte message > recieved decoded message 'srv message 1' > sending encrypted message 'client message 1' > C: Y2xpZW50IG1lc3NhZ2UgMQA= > > > > When I do not specify the pathname for the server, I do get the > 'Starting SASL negotiation: no mechanism available (no mechanism > available)' error. > > -Jan >
