Bug 8389 - Enable "alwaystrue" in cyrus-sasl
Summary: Enable "alwaystrue" in cyrus-sasl
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: RPM Packages (show other bugs)
Version: Cauldron
Hardware: All Linux
Priority: Normal enhancement
Target Milestone: ---
Assignee: Mageia Bug Squad
QA Contact:
URL:
Whiteboard:
Keywords: Junior_job
Depends on:
Blocks:
 
Reported: 2012-12-14 21:13 CET by Romain MARIADASSOU
Modified: 2012-12-26 14:51 CET (History)
4 users (show)

See Also:
Source RPM: cyrus-sasl
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Romain MARIADASSOU 2012-12-14 21:13:54 CET 
Description of problem:
Enable option "--enable-alwaystrue" in cyrus-sasl package.

This option make possible to bypass auth and enable login with any password using the saslauthd with cyrus imapd.
For example, it make possible to configure SOGo + OpenChange to use Cyrus as IMAP Backend.

This option is enabled in Debien since 2002 (see : http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=170495)

Thank you for your understanding.

How reproducible:
Always

Steps to correct the problem :
- Edit cyrus-sasl.spec and change "configure" line with :
%configure      --enable-static --enable-shared \
                --with-plugindir=%{_libdir}/sasl2 \
                --with-configdir=%{_sysconfdir}/sasl2:%{_libdir}/sasl2 \
                --disable-krb4 \
                --enable-login \
                --enable-alwaystrue \
- Rebuild the package
Manuel Hiebel 2012-12-25 14:14:32 CET

Keywords: (none) => Junior_job
CC: (none) => guillomovitch, luigiwalser, thierry.vignaud

David Walser 2012-12-25 14:44:57 CET

CC: (none) => oe

Comment 1 Guillaume Rousse 2012-12-26 13:49:14 CET 
I just submitted cyrus-sasl-2.1.25-8.mga3 with the requested change.
Comment 2 David Walser 2012-12-26 14:51:09 CET 
Fixed by Guillaume.

Status: NEW => RESOLVED
Resolution: (none) => FIXED
Note You need to log in before you can comment on or make changes to this bug.