Skip Menu |

This queue is for tickets about the Authen-SASL CPAN distribution.

Report information
The Basics
Id: 100801
Status: new
Priority: 0/
Queue: Authen-SASL

People
Owner: Nobody in particular
Requestors: shay [...] cpan.org
Cc:
AdminCc:

Bug Information
Severity: (no value)
Broken in: (no value)
Fixed in: (no value)



Subject: authname problem with Auth::SASL::XS
I have had the following problem reported by a user of Net::SMTP: "It sends AUTH PLAIN with a base64 encoded string, which once decoded looks like $username$username$password. While we want \000$username\000$password (the \000 might still be there, that's not the problem)." The reporter found that commenting out the following 'authname' line in the Authen::SASL constructor call in Net::SMTP fixed the problem: https://github.com/steve-m-hay/perl-libnet/blob/master/lib/Net/SMTP.pm#L184 That line was added with the initial introduction of Authen::SASL support, back in 2002: https://github.com/steve-m-hay/perl-libnet/commit/cdf8eb5ea7eb4829c56bea21e1638d1312735826#diff-3f3bd28df588afe9cd91461af774df63R117 It seems to be simply setting all (well, nearly all) of the available callbacks that any mechanism might require, presumably so that the selected mechanism is guaranteed to have whatever callbacks it requires set up(?). Why is it that setting authname causes PLAIN to fail? According to http://search.cpan.org/~gbarr/Authen-SASL-2.16/lib/Authen/SASL/Perl/PLAIN.pm it is indeed not necessary to set authname--only user and pass are required--but I don't see why having authname as well should break it. The reporter has a workaround (construct the Authen::SASL object in their own code and pass that to Net::SMTP::auth()), but it would be nice to fix Net::SMTP::auth() for other users. Is the use of 'authname' in Net::SMTP's call to Authen::SASL's constructor wrong, or is this a bug in Authen::SASL? I wonder if this is also related to: https://rt.cpan.org/Ticket/Display.html?id=42964 which reports the error: Unknown callback: 'authname'. (user|auth|language|pass) at /opt/ActivePerl-5.8/site/lib/Authen/SASL.pm line 75 from Net::SMTP. That ticket notes that only Authen::SASL::XS exhibits the error. Explicitly requesting Authen::SASL::Perl instead makes everything work. I also have another ticket reporting failed authentication (and an infinite loop problem in Net::SMTP, which I have now fixed) using Authen::SASL::XS: https://rt.cpan.org/Ticket/Display.html?id=100235 Again, there is no problem with Authen::SASL::Perl. So I'm wondering if there is a problem with 'authname' in Authen::SASL::XS?