SASL Encrpytion Not Working
TomDeWord
TortoiseSVN 1.5.x.
I logged a problem here, on the July 15th but without any success:
http://subversion.open.collab.net/ds/viewMessage.do?dsForumId=3&dsMessageId=100218
In summary; I have SASL authentication up and running on Windows using
both Tigris & Collabnet Win32 distributions of SVN 1.5.0 server.
However when I enable encryption by setting the following in
svnserve.conf:
min-encryption = 128
max-encryption = 256
I get the following error in the Tortoise repro browser 1.5.0:
SASL(-1): generic failure: Unable to find a callback: 2
If I change the 128 to 1 (so it just uses integrity checks) it works
fine (but I assume without encryption).
I'm using the following in svn.conf:
pwcheck_method: auxprop
auxprop_plugin: sasldb
mech_list: DIGEST-MD5
sasldb_path: c:\repro
I see from the change log in TortoiseSVN 1.5.1 the following entry:
- CHG: The saslDIGESTMD5.dll has now encryption enabled. (Stefan)
I've upgraded the Tortoise client to 1.5.1 but still have the same
problem, is it possible that I need to upgrade the server to 1.5.1 as
well - although there is no official binary yet.
Has anyone got SASL Encrpytion working on Windows? Is there a log file
for SASL? Any help would be greatly appreciated.
Regards,
Tom
---------------------------------------------------------------------
To unsubscribe, e-mail: users-un...@tortoisesvn.tigris.org
For additional commands, e-mail: users...@tortoisesvn.tigris.org
Stefan Küng
I just tested this with the opencollab.net server which is build from
svn 1.5.0. It works fine with TSVN 1.5.1.
I only got the same error as you when I didn't pass the correct
username, or when I first forgot to create the password without
specifying the repository realm.
Please have a look at the Subversion book on how to configure your
server correctly.
Stefan
--
___
oo // \\ "De Chelonian Mobile"
(_,\/ \_/ \ TortoiseSVN
\ \_/_\_/> The coolest Interface to (Sub)Version Control
/_/ \_\ http://tortoisesvn.net
TomDeWord
> I just tested this with the opencollab.net server which is build from
> svn 1.5.0. It works fine with TSVN 1.5.1.
> I only got the same error as you when I didn't pass the correct
> username, or when I first forgot to create the password without
> specifying the repository realm.
> Please have a look at the Subversion book on how to configure your
> server correctly.
>
> Stefan
>
Thanks for taking the time to check this Stefan; as you've confirmed
that it does work I retried the following:
I created a repository from scratch and setup it up as a service:
sc create svnserve binpath= "d:\svn\bin\svnserve.exe --service --root
D:\svn\testRepro" displayname= "Subversion" depend= tcpip start= auto
svnserve.conf (in D:\svn\testRepro\conf) contains:
[general]
realm=home
I created a new user:
saslpasswd2.exe -c -f "D:\svn\testRepro\sasldb" -u home jonus
sasldblistusers2 -f "D:\svn\testRepro\sasldb"
gives:
jonus@home: userPassword
I have the following in the registry:
[HKEY_LOCAL_MACHINE\SOFTWARE\Carnegie Mellon\Project Cyrus\SASL
Library]
"SearchPath"="D:\\svn\\bin"
"ConfFile"="D:\\svn\\testRepro"
svn.conf (in D:\svn\testRepro) contains:
pwcheck_method: auxprop
auxprop_plugin: sasldb
mech_list: DIGEST-MD5
sasldb_path: D:\svn\testRepro\sasldb
I then enter svn://localhost into the repro browser:
if I set use-sasl to false I get an expected 'No access allowed to
this repository' message as anon-access is set to none.
if I set use-sasl to true with min-encryption set to 1 I get an
authentication diaglog: <svn://localhost:3690> home
I enter the username of jonus@home & the password, check save
authentication and hit ok; this accesses the repository fine.
As far as I can see the username, password & realm are setup fine and
I must be using SASL authentication as the user jonus only exists in
the sasldb and anon-access is set to none. If seesm to only be a
problem with the encrpytion not the authentication.
If I change min-encryption to 128 I get the error: SASL(-1): generic
failure: Unable to find a callback: 2
I've gone over the instructions multiple times and can see nothing to
change, can you see anything I've missed? Thanks for you help.
Regards
Stefan Küng
> On Jul 30, 9:36 pm, Stefan Küng <tortoise...@gmail.com> wrote:
>> I just tested this with the opencollab.net server which is build from
>> svn 1.5.0. It works fine with TSVN 1.5.1.
>> I only got the same error as you when I didn't pass the correct
>> username, or when I first forgot to create the password without
>> specifying the repository realm.
>> Please have a look at the Subversion book on how to configure your
>> server correctly.
>>
>> Stefan
>>
>
> Thanks for taking the time to check this Stefan; as you've confirmed
> that it does work I retried the following:
>
> I created a repository from scratch and setup it up as a service:
[snip]
> If I change min-encryption to 128 I get the error: SASL(-1): generic
> failure: Unable to find a callback: 2
That error only tells that HAVE_SYSLOG was not defined when compiling
sasl - really stupid: it rather should return the real error
(HAVE_SYSLOG can't be defined on Windows because it doesn't have syslog.h).
> I've gone over the instructions multiple times and can see nothing to
> change, can you see anything I've missed? Thanks for you help.
I got to reproduce the problem and while it took me quite a while to
figure out the problem, I got it now:
the reason it does not work is because your server is configured to
provide encryption with RC4, but our dlls are compiled only to use DES
encryption (which is a *lot* better).
I've now enabled RC4 in our sasl dlls too, so it should work with your
configuration too.
I'm currently running some more tests before I commit that change. You
can expect a new 1.5.x nightly in a few hours...
TomDeWord
currently nightly build (TortoiseSVN 1.5.2, Build 13608 - 32 Bit -dev,
2008/08/01 18:41:21) and all seems to be working well with min/max-
encryption set to 128/256 (although I've not snooped the svn traffic
to confirm that it's actually encrypted!); did a simple commit &
compare with no corruption.
Is there a way to change the server to use DES over RC4 or does this
require a rebuild of the core SVN distro?
Tom
On Aug 1, 5:19 pm, Stefan Küng <tortoise...@gmail.com> wrote:
> I got to reproduce the problem and while it took me quite a while to
> figure out the problem, I got it now:
> the reason it does not work is because your server is configured to
> provide encryption with RC4, but our dlls are compiled only to use DES
> encryption (which is a *lot* better).
> I've now enabled RC4 in our sasl dlls too, so it should work with your
> configuration too.
>
> I'm currently running some more tests before I commit that change. You
> can expect a new 1.5.x nightly in a few hours...
>
> Stefan
>
---------------------------------------------------------------------
Stefan Küng
> Excellent detective work Stefan, I've downloaded and tried the
> currently nightly build (TortoiseSVN 1.5.2, Build 13608 - 32 Bit -dev,
> 2008/08/01 18:41:21) and all seems to be working well with min/max-
> encryption set to 128/256 (although I've not snooped the svn traffic
> to confirm that it's actually encrypted!); did a simple commit &
> compare with no corruption.
>
> Is there a way to change the server to use DES over RC4 or does this
> require a rebuild of the core SVN distro?
I don't know if you can configure the official svn build to use DES. I
thought that it would use DES by default, but apparently DES only worked
with TSVN when I used the svnserve I built myself (which had RC4 not
built in).
Since TSVN does not work with the collab.net build, I have to assume
that they didn't build DES support into their binaries. If they had, I
would assume that server and client would negotiate about what
encryption type to use.
Sparrow Hawk
I compiled the tarball of the svn-1.5.1 r32289 under slackware 12
I downloaded the latest :
TortoiseSVN 1.5.2, Build 13595 - 32 Bit , 2008/07/31 17:04:57
I set up the svnserve.conf like:
use-sasl = true
min-encryption = 128
max-encryption = 256
/usr/lib/sasl2/subversion.conf:
pwcheck_method: auxprop
auxprop_plugin: sasldb
mech_list: CRAM-MD5 #DIGEST_MD5 is the same
the CollabNet's svn command-line client (svn.exe) could work with this
configuration,
but the TortoiseSVN could not.
I can't figure out the problem.
> signature.asc
> 1K下载
TomDeWord
Build 13608 (available from the nightly builds) which includes support
for RC4 encryption - you've installed build 13595 which doesn't have
the fix (maybe it will officially arrive in 1.5.3).
Regards
Tom
> To unsubscribe, e-mail: users-unsubscr...@tortoisesvn.tigris.org
> For additional commands, e-mail: users-h...@tortoisesvn.tigris.org- Hide quoted text -
>
> - Show quoted text -