Menu
▾
▴
perl-ldap-dev
|
From: Joshua J. E. <jj...@sa...> - 2002-11-07 17:54:06
|
Environment:
perl-ldap-0.26
Authen-SASL-2.02
cyrus-sasl-2.1.7
I am trying to write some perl scripts to manipulate data in my LDAP
directory that authenticates with Cyrus SASL (DIGEST-MD5). Nothing I'm
trying seems to work though. When I try to run my program I get:
No SASL mechanism found
at /usr/lib/perl5/site_perl/5.6.1/Authen/SASL.pm line 62
When I try the EXTERNAL mechanism I get:
SASL(-4): no mechanism available: External SSF not good enough
I've tried installing Authen-SASL-Cyrus-0.05, but it will not even
compile and doesn't seem to support libsasl2. I've hacked it out enough
to make it compile, but I get a segfault when running. I think it just
won't work with sasl2.
Has anyone gotten authentication to work with Cyrus SASL and libsasl2?
Is anything obviously wrong?
#!/usr/bin/perl
use Net::LDAP;
use Authen::SASL;
#use Authen::SASL::Cyrus;
# Initiate LDAP session
$ldap = Net::LDAP->new('ldapserver', onerror => 'die');
$sasl = Authen::SASL->new(
mechanism => 'DIGEST-MD5',
callback => {
pass => \&fetch_password,
user => $user,
}
);
#$conn = $sasl->client_new('ldap', 'ldapserver');
-JE
-----------------------------------------------
Josh England
Sandia National Laboratory, Livermore, CA
Distributed Information Systems
email: jj...@sa...
phone: (925) 294-2076
|
|
From: Quanah Gibson-M. <qu...@st...> - 2002-11-07 18:02:14
|
--On Thursday, November 07, 2002 9:48 AM -0800 "Joshua J. England"
<jj...@sa...> wrote:
> Environment:
> perl-ldap-0.26
> Authen-SASL-2.02
> cyrus-sasl-2.1.7
>
> I am trying to write some perl scripts to manipulate data in my LDAP
> directory that authenticates with Cyrus SASL (DIGEST-MD5). Nothing I'm
> trying seems to work though. When I try to run my program I get:
>
> No SASL mechanism found
> at /usr/lib/perl5/site_perl/5.6.1/Authen/SASL.pm line 62
>
>
> When I try the EXTERNAL mechanism I get:
>
> SASL(-4): no mechanism available: External SSF not good enough
>
>
> I've tried installing Authen-SASL-Cyrus-0.05, but it will not even
> compile and doesn't seem to support libsasl2. I've hacked it out enough
> to make it compile, but I get a segfault when running. I think it just
> won't work with sasl2.
>
> Has anyone gotten authentication to work with Cyrus SASL and libsasl2?
> Is anything obviously wrong?
>
># !/usr/bin/perl
> use Net::LDAP;
> use Authen::SASL;
># use Authen::SASL::Cyrus;
>
># Initiate LDAP session
> $ldap = Net::LDAP->new('ldapserver', onerror => 'die');
> $sasl = Authen::SASL->new(
> mechanism => 'DIGEST-MD5',
> callback => {
> pass => \&fetch_password,
> user => $user,
> }
> );
>
># $conn = $sasl->client_new('ldap', 'ldapserver');
Josh,
I've been working on a similar problem with GSSAPI authentication. From
what I can tell, there is some problem with how the Net::LDAP piece is
setting up the bind to the ldapserver.
--Quanah
--
Quanah Gibson-Mount
Senior Systems Administrator
ITSS/TSS/Computing Systems
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html
|
|
From: Mark A. <ma...@nb...> - 2002-11-07 18:29:34
|
Gents, The problem you're seeing is with the SASL versions. The perl module uses SASL V1 calls into the libsasl, and you're linking with SASL V2 libraries. Another developer has sent me some patches to make the perl module V2 aware; I'll be looking into getting a new module out soon. -Mark |
|
From: Joshua J. E. <jj...@sa...> - 2002-11-07 18:43:33
|
This is great news! Do you have a web page where you'll release the module, or will it be on CPAN? -JE On Thu, 2002-11-07 at 10:29, Mark Adamson wrote: > Gents, > > The problem you're seeing is with the SASL versions. The perl module > uses SASL V1 calls into the libsasl, and you're linking with SASL V2 > libraries. Another developer has sent me some patches to make the perl > module V2 aware; I'll be looking into getting a new module out soon. > > -Mark > > > |
|
From: Mark A. <ad...@an...> - 2002-11-07 19:53:36
|
> This is great news! Do you have a web page where you'll release the
> module, or will it be on CPAN?
I just now uploaded a 0.06 module. I haven't done heavy testing of it
since there are those anxious to get their hands on it. Appended below is
the patch to Cyrus.xs, and you will need to tell Makefile.PL to grab the
sasl2 library.
-Mark
diff -ur Authen-SASL-Cyrus-0.05/Cyrus.xs Authen-SASL-Cyrus-0.05-sasl2/Cyrus.xs
--- Authen-SASL-Cyrus-0.05/Cyrus.xs Wed Jun 26 17:39:51 2002
+++ Authen-SASL-Cyrus-0.05-sasl2/Cyrus.xs Thu Oct 17 20:18:43 2002
@@ -21,7 +21,11 @@
char *mech;
char *user;
char *initstring;
+#if defined(SASL2)
+ const char *errormsg;
+#else
char *errormsg;
+#endif
};
@@ -186,7 +190,10 @@
-
+#ifdef SASL2
+#define SASL_IP_LOCAL 5
+#define SASL_IP_REMOTE 6
+#endif
static
int PropertyNumber(char *name)
@@ -194,13 +201,30 @@
if (!strcasecmp(name, "user")) return SASL_USERNAME;
else if (!strcasecmp(name, "ssf")) return SASL_SSF;
else if (!strcasecmp(name, "maxout")) return SASL_MAXOUTBUF;
- else if (!strcasecmp(name, "realm")) return SASL_REALM;
else if (!strcasecmp(name, "optctx")) return SASL_GETOPTCTX;
+#if defined(SASL2)
+ else if (!strcasecmp(name, "realm")) return SASL_DEFUSERREALM;
+ else if (!strcasecmp(name, "iplocalport")) return SASL_IPLOCALPORT;
+ else if (!strcasecmp(name, "ipremoteport")) return SASL_IPREMOTEPORT;
+ else if (!strcasecmp(name, "service")) return SASL_SERVICE;
+ else if (!strcasecmp(name, "serverfqdn")) return SASL_SERVERFQDN;
+ else if (!strcasecmp(name, "authsource")) return SASL_AUTHSOURCE;
+ else if (!strcasecmp(name, "mechname")) return SASL_MECHNAME;
+ else if (!strcasecmp(name, "authuser")) return SASL_AUTHUSER;
+ else if (!strcasecmp(name, "sockname")) return SASL_IP_LOCAL;
+ else if (!strcasecmp(name, "peername")) return SASL_IP_REMOTE;
+#else
+ else if (!strcasecmp(name, "realm")) return SASL_REALM;
else if (!strcasecmp(name, "iplocal")) return SASL_IP_LOCAL;
else if (!strcasecmp(name, "sockname")) return SASL_IP_LOCAL;
else if (!strcasecmp(name, "ipremote")) return SASL_IP_REMOTE;
else if (!strcasecmp(name, "peername")) return SASL_IP_REMOTE;
+#endif
+#if defined(SASL2)
+ croak("Unknown SASL property: '%s' (user|ssf|maxout|realm|optctx|iplocalport|ipremoteport|service|serverfqdn|authsource|mechname|authuser)\n", name);
+#else
croak("Unknown SASL property: '%s' (user|ssf|maxout|realm|optctx|sockname|peername)\n", name);
+#endif
return -1;
}
@@ -360,7 +384,11 @@
CODE:
{
const char *mech=NULL;
+#if defined(SASL2)
+ const char *init=NULL;
+#else
char *init=NULL;
+#endif
int rc;
unsigned int initlen=0;
struct authensasl *sasl;
@@ -399,17 +427,28 @@
}
sasl_client_init(NULL);
- rc = sasl_client_new(sasl->service, sasl->server, sasl->callbacks, 1, &sasl->conn);
+ rc = sasl_client_new(sasl->service, sasl->server, 0, 0, sasl->callbacks, 1, &sasl->conn);
if (rc != SASL_OK) {
+#ifdef SASL2
+ if (!sasl->errormsg) sasl->errormsg = sasl_errdetail(sasl->conn);
+#endif
if (!sasl->errormsg) sasl->errormsg = "sasl_client_new failed";
}
else {
+#if defined(SASL2)
+ rc = sasl_client_start(sasl->conn, sasl->mech, NULL, &init, &initlen, &mech);
+#else
rc = sasl_client_start(sasl->conn, sasl->mech, NULL, NULL, &init, &initlen, &mech);
+#endif
if (rc == SASL_NOMECH) {
if (!sasl->errormsg)
sasl->errormsg = "No mechanisms available (did you set all needed callbacks?)";
}
else if ((rc != SASL_OK) && (rc != SASL_CONTINUE)) {
+#ifdef SASL2
+ if (!sasl->errormsg) sasl->errormsg = sasl_errdetail(sasl->conn);
+#endif
+
if (!sasl->errormsg) sasl->errormsg = "sasl_client_start failed";
}
else {
@@ -424,6 +463,8 @@
+
+
char *
client_start(sasl)
struct authensasl *sasl
@@ -442,7 +483,11 @@
char *instring
PPCODE:
{
+#if defined(SASL2)
+ const char *outstring=NULL;
+#else
char *outstring=NULL;
+#endif
int rc;
unsigned int inlen, outlen=0;
@@ -457,7 +502,10 @@
sasl->errormsg = "OK";
}
else if (rc != SASL_CONTINUE) {
- sasl->errormsg = "sasl_client_step failed";
+#ifdef SASL2
+ if (!sasl->errormsg) sasl->errormsg = sasl_errdetail(sasl->conn);
+#endif
+ if (!sasl->errormsg) sasl->errormsg = "sasl_client_step failed";
XSRETURN_UNDEF;
}
XPUSHp(outstring, outlen);
@@ -472,7 +520,11 @@
char *instring
PPCODE:
{
+#if defined(SASL2)
+ const char *outstring=NULL;
+#else
char *outstring=NULL;
+#endif
int rc;
unsigned int inlen, outlen=0;
@@ -484,7 +536,10 @@
rc = sasl_encode(sasl->conn, instring, inlen, &outstring, &outlen);
if (rc != SASL_OK) {
- sasl->errormsg = "sasl_encode failed";
+#ifdef SASL2
+ if (!sasl->errormsg) sasl->errormsg = sasl_errdetail(sasl->conn);
+#endif
+ if (!sasl->errormsg) sasl->errormsg = "sasl_encode failed";
XSRETURN_UNDEF;
}
XPUSHp(outstring, outlen);
@@ -499,7 +554,11 @@
char *instring
PPCODE:
{
+#if defined(SASL2)
+ const char *outstring=NULL;
+#else
char *outstring=NULL;
+#endif
int rc;
unsigned int inlen, outlen=0;
@@ -511,7 +570,10 @@
rc = sasl_decode(sasl->conn, instring, inlen, &outstring, &outlen);
if (rc != SASL_OK) {
- sasl->errormsg = "sasl_decode failed";
+#ifdef SASL2
+ if (!sasl->errormsg) sasl->errormsg = sasl_errdetail(sasl->conn);
+#endif
+ if (!sasl->errormsg) sasl->errormsg = "sasl_decode failed";
XSRETURN_UNDEF;
}
XPUSHp(outstring, outlen);
@@ -595,7 +657,7 @@
error(sasl)
struct authensasl *sasl
CODE:
- RETVAL = sasl->errormsg;
+ RETVAL = (char *)sasl->errormsg;
sasl->errormsg = NULL;
OUTPUT:
RETVAL
@@ -671,7 +733,11 @@
struct authensasl *sasl
PPCODE:
{
+#if defined(SASL2)
+ const void *value=NULL;
+#else
void *value=NULL;
+#endif
char *name;
int rc, x, propnum=-1;
SV *prop;
@@ -693,17 +759,42 @@
if (rc != SASL_OK) XSRETURN_UNDEF;
switch(propnum){
case SASL_USERNAME:
+#if defined(SASL2)
+ case SASL_DEFUSERREALM:
+#else
case SASL_REALM:
+#endif
XPUSHp( (char *)value, strlen((char *)value));
break;
case SASL_SSF:
case SASL_MAXOUTBUF:
XPUSHi((int *)value);
break;
+#if defined(SASL2)
+ case SASL_IPLOCALPORT:
+ case SASL_IPREMOTEPORT:
+ XPUSHp( (char *)value, strlen((char *)value));
+ break;
+ case SASL_IP_LOCAL:
+ propnum = SASL_IPLOCALPORT;
+ {
+ char *addr = inet_ntoa( (*(struct in_addr *)value));
+ XPUSHp( addr, strlen(addr));
+ }
+ break;
+ case SASL_IP_REMOTE:
+ propnum = SASL_IPREMOTEPORT;
+ {
+ char *addr = inet_ntoa( (*(struct in_addr *)value));
+ XPUSHp( addr, strlen(addr));
+ }
+ break;
+#else
case SASL_IP_LOCAL:
case SASL_IP_REMOTE:
XPUSHp( (char *)value, sizeof(struct sockaddr_in));
break;
+#endif
default:
XPUSHi(-1);
}
@@ -725,6 +816,9 @@
}
rc = sasl_setprop(sasl->conn, propnum, value);
if (rc != SASL_OK) {
+#ifdef SASL2
+ if (!sasl->errormsg) sasl->errormsg = sasl_errdetail(sasl->conn);
+#endif
if (!sasl->errormsg) sasl->errormsg="sasl_setprop failed";
RETVAL = 1;
}
@@ -746,7 +840,9 @@
}
if (sasl->service) free(sasl->service);
if (sasl->mech) free(sasl->mech);
+#ifndef SASL2
if (sasl->errormsg) free(sasl->errormsg);
+#endif
if (sasl->initstring)free(sasl->initstring);
free(sasl);
|
|
From: Quanah Gibson-M. <qu...@st...> - 2002-11-07 21:10:38
|
--On Thursday, November 07, 2002 2:53 PM -0500 Mark Adamson <ad...@an...> wrote: > > >> This is great news! Do you have a web page where you'll release the >> module, or will it be on CPAN? > > > I just now uploaded a 0.06 module. I haven't done heavy testing of it > since there are those anxious to get their hands on it. Appended below is > the patch to Cyrus.xs, and you will need to tell Makefile.PL to grab the > sasl2 library. Patches applied, compiled against sasl2, SASL2 defined, and fixed the include for sasl.h. I still get the same exact error as before. --Quanah -- Quanah Gibson-Mount Senior Systems Administrator ITSS/TSS/Computing Systems Stanford University GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html |
|
From: Joshua J. E. <jj...@sa...> - 2002-11-07 21:16:56
|
Same here. Downloaded the 0.06 module -- it compiles with sasl2, but
segfaults at runtime when I call the client_new constructor:
#!/usr/bin/perl
use Net::LDAP;
use Authen::SASL;
use Authen::SASL::Cyrus;
$ldap = Net::LDAP->new('cplant-son', onerror => 'die');
$sasl = Authen::SASL->new();
$conn = $sasl->client_new("ldap", "ldapserver");
-JE
-----------------------------------------------
Josh England
Sandia National Laboratory, Livermore, CA
Distributed Information Systems
email: jj...@sa...
phone: (925) 294-2076
On Thu, 2002-11-07 at 13:10, Quanah Gibson-Mount wrote:
>
>
> --On Thursday, November 07, 2002 2:53 PM -0500 Mark Adamson
> <ad...@an...> wrote:
>
> >
> >
> >> This is great news! Do you have a web page where you'll release the
> >> module, or will it be on CPAN?
> >
> >
> > I just now uploaded a 0.06 module. I haven't done heavy testing of it
> > since there are those anxious to get their hands on it. Appended below is
> > the patch to Cyrus.xs, and you will need to tell Makefile.PL to grab the
> > sasl2 library.
>
> Patches applied, compiled against sasl2, SASL2 defined, and fixed the
> include for sasl.h.
>
> I still get the same exact error as before.
>
> --Quanah
>
>
> --
> Quanah Gibson-Mount
> Senior Systems Administrator
> ITSS/TSS/Computing Systems
> Stanford University
> GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html
|
|
From: Quanah Gibson-M. <qu...@st...> - 2002-11-07 22:37:04
|
--On Thursday, November 07, 2002 2:53 PM -0500 Mark Adamson
<ad...@an...> wrote:
> I just now uploaded a 0.06 module. I haven't done heavy testing of it
> since there are those anxious to get their hands on it. Appended below is
> the patch to Cyrus.xs, and you will need to tell Makefile.PL to grab the
> sasl2 library.
Okay,
A little bit further investigation reveals that I'm getting a result code
in Bind.pm of 49 (invalid credentials), not LDAP_SUCCESS, so it never
creates the securesocket. There is something simply wrong in the manner in
which it is binding to the ldap machine for this to be occurring, since I
can do an ldapsearch with my credentials without problem.
more sasl2.pl
#!/usr/local/bin/perl -w
use Net::LDAP;
use Authen::SASL;
my $ldap = Net::LDAP->new('ldap.stanford.edu', version=>3) || die "$@";
my $joe = Authen::SASL->new(mechanism=> 'GSSAPI',
host=>'ldap.stanford.edu', user=>'quanah', service=>'ldap');
my $mesg = $ldap->bind('', sasl=> $joe);
$mesg->code && die $mesg->error;
SASL(-13): authentication failure: GSSAPI Failure: gss_accept_sec context
at ./sasl2.pl line 11.
--Quanah
--
Quanah Gibson-Mount
Senior Systems Administrator
ITSS/TSS/Computing Systems
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html
|
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.
Thanks for helping keep SourceForge clean.
X