auto-import changelog data from cyrus-sasl-2.1.18-2.src.rpm

Tue Mar 16 2004 Nalin Dahyabhai <nalin@redhat.com> 2.1.18-2
- turn on building of libsasl v1 again
Fri Mar 12 2004 Nalin Dahyabhai <nalin@redhat.com> 2.1.18-1
- update to 2.1.18
- saslauthd's ldap code is no longer marked experimental, so we build it
Mon Mar 08 2004 Nalin Dahyabhai <nalin@redhat.com> 2.1.17-4
- rebuild
Tue Mar 02 2004 Elliot Lee <sopwith@redhat.com>
- rebuilt
Fri Feb 13 2004 Elliot Lee <sopwith@redhat.com>
- rebuilt
Tue Feb 03 2004 Nalin Dahyabhai <nalin@redhat.com> 2.1.17-2
- include default /etc/sysconfig/saslauthd configuration file for the init
    script (#114868)
Thu Jan 29 2004 Nalin Dahyabhai <nalin@redhat.com>
- drop saslauthd_version patch for libsasl2
Thu Jan 29 2004 Nalin Dahyabhai <nalin@redhat.com>
- add a saslauthd_version option to libsasl's saslauthd client and teach it
    to do the right thing
- enable the saslauthd client code in libsasl version 1 (it's still going
    away!)
- add saslauthd1-checkpass/saslauthd2-checkpass for testing the above
    change

.cvsignore

@@ -1,3 +1,3 @@
 cyrus-sasl-1.5.28.tar.gz
-cyrus-sasl-2.1.17.tar.gz
+cyrus-sasl-2.1.18.tar.gz
 db-4.2.52.tar.gz

cyrus-sasl-2.1.17-saslauthd1.patch

@@ -0,0 +1,96 @@
+"Speak" the saslauthd version 1 protocol if "saslauthd_version" is "1".  I
+don't think we'll be using this, but here for the sake of completeness.
+
+--- cyrus-sasl-2.1.17/lib/checkpw.c	2003-09-09 11:38:13.000000000 -0400
++++ cyrus-sasl-2.1.17/lib/checkpw.c	2004-01-20 16:57:52.000000000 -0500
+@@ -454,7 +454,7 @@
+     sasl_getopt_t *getopt;
+     void *context;
+     char pwpath[sizeof(srvaddr.sun_path)];
+-    const char *p = NULL;
++    const char *p = NULL, *q = NULL;
+     char *freeme = NULL;
+ #ifdef USE_DOORS
+     door_arg_t arg;
+@@ -463,6 +463,7 @@
+     /* check to see if the user configured a rundir */
+     if (_sasl_getcallback(conn, SASL_CB_GETOPT, &getopt, &context) == SASL_OK) {
+ 	getopt(context, NULL, "saslauthd_path", &p, NULL);
++	getopt(context, NULL, "saslauthd_version", &q, NULL);
+     }
+     if (p) {
+ 	strncpy(pwpath, p, sizeof(pwpath));
+@@ -514,18 +515,22 @@
+ 	memcpy(query_end, &u_len, sizeof(unsigned short));
+ 	query_end += sizeof(unsigned short);
+ 	while (*userid) *query_end++ = *userid++;
++	userid -= ntohs(u_len);
+ 
+ 	memcpy(query_end, &p_len, sizeof(unsigned short));
+ 	query_end += sizeof(unsigned short);
+ 	while (*passwd) *query_end++ = *passwd++;
++	passwd -= ntohs(p_len);
+ 
+ 	memcpy(query_end, &s_len, sizeof(unsigned short));
+ 	query_end += sizeof(unsigned short);
+ 	while (*service) *query_end++ = *service++;
++	service -= ntohs(s_len);
+ 
+ 	memcpy(query_end, &r_len, sizeof(unsigned short));
+ 	query_end += sizeof(unsigned short);
+ 	if (user_realm) while (*user_realm) *query_end++ = *user_realm++;
++	user_realm -= ntohs(r_len);
+     }
+ 
+ #ifdef USE_DOORS
+@@ -578,6 +583,50 @@
+ 	}
+     }
+ 
++    if (q && (*q == '1')) {
++ 	struct iovec iov[8];
++	unsigned int u_length, p_length;
++	char buffer[1024];
++
++	u_length = strlen(userid ? userid : "") + 1;
++	p_length = strlen(passwd ? passwd : "") + 1;
++	if (u_length + p_length >= sizeof(query)) {
++	    close(s);
++	    sasl_seterror(conn, 0, "out of memory");
++	    goto fail;
++	}
++
++	memset(buffer, '\0', sizeof(buffer));
++	if (userid != NULL)
++	    memcpy(buffer, userid, u_length);
++	if (passwd != NULL)
++	    memcpy(buffer + u_length, passwd, p_length);        
++
++	iov[0].iov_len = u_length + p_length;
++	iov[0].iov_base = buffer;
++
++	if (retry_writev(s, iov, 1) == -1) {
++	    close(s);
++	    sasl_seterror(conn, 0, "write failed");
++	    goto fail;
++  	}
++
++	if (retry_read(s, buffer, 2) != 2) {
++	    close(s);
++	    sasl_seterror(conn, 0, "read failed");
++	    goto fail;
++	}
++
++	close(s);
++
++	if (strncmp(buffer, "OK", 2) == 0) {
++	    return SASL_OK;
++	}
++  
++	sasl_seterror(conn, SASL_NOLOG, "authentication failed");
++	return SASL_BADAUTH;
++    }
++
+     {
+  	struct iovec iov[8];
+  

cyrus-sasl.spec

@@ -9,8 +9,8 @@
 
 Summary: The Cyrus SASL library.
 Name: cyrus-sasl
-Version: 2.1.17
-Release: 1
+Version: 2.1.18
+Release: 2
 License: Freely Distributable
 Group: System Environment/Libraries
 Source0: ftp://ftp.andrew.cmu.edu/pub/cyrus-mail/cyrus-sasl-%{version}.tar.gz
@@ -23,17 +23,21 @@ Source4: saslauthd.init
 Source5: README.RPM
 Source6: http://www.sleepycat.com/download/snapshot/db-%{db_version}.tar.gz
 Source7: sasl-mechlist.c
+Source8: sasl-checkpass.c
+Source9: saslauthd.sysconfig
 URL: http://asg.web.cmu.edu/sasl/sasl-library.html
 %if %{includev1}
 Patch0: cyrus-sasl-1.5.24-rpath.patch
 Patch1: cyrus-sasl-1.5.28-autoconf25.patch
 Patch2: cyrus-sasl-1.5.28-automake17.patch
 Patch3: cyrus-sasl-1.5.28-automake18.patch
+Patch4: cyrus-sasl-1.5.28-saslauthd2.patch
 %endif
-Patch4: cyrus-sasl-2.1.7-gdbm.patch
-Patch5: cyrus-sasl-2.1.10-des.patch
-Patch6: cyrus-sasl-2.1.17-gssapi-dynamic.patch
-Patch7: cyrus-sasl-2.1.17-db42.patch
+Patch5: cyrus-sasl-2.1.7-gdbm.patch
+Patch6: cyrus-sasl-2.1.10-des.patch
+Patch7: cyrus-sasl-2.1.17-gssapi-dynamic.patch
+Patch9: cyrus-sasl-2.1.17-saslauthd1.patch
+Patch10: cyrus-sasl-2.1.18-db_bundle.patch
 Buildroot: %{_tmppath}/%{name}-root
 %if %{includev1}
 BuildPrereq: gdbm-devel
@@ -97,6 +101,7 @@ pushd cyrus-sasl-%{cs1_version}
 %patch1 -p1 -b .autoconf25
 %patch2 -p1 -b .automake17
 %patch3 -p1 -b .automake18
+%patch4 -p1 -b .saslauthd2
 rm config/ltconfig
 libtoolize -f -c
 aclocal -I config -I cmulocal
@@ -111,12 +116,13 @@ for buildtype in static shared ; do
 	mkdir build-${buildtype}
 	ln -s ../configure build-${buildtype}
 done
-%patch4 -p1 -b .gdbm
-%patch5 -p1 -b .des
-%patch6 -p1 -b .gssapi-dynamic
-%patch7 -p1 -b .db42
+%patch5 -p1 -b .gdbm
+%patch6 -p1 -b .des
+%patch7 -p1 -b .gssapi-dynamic
+#%patch9 -p1 -b .saslauthd1
+%patch10 -p1 -b .db_bundle
 # FIXME - this is just weird
-rm config/ltconfig acinclude.m4
+rm config/ltconfig config/libtool.m4
 libtoolize -f -c
 aclocal -I config -I cmulocal
 automake -a -c -f
@@ -154,12 +160,12 @@ popd
 %build
 CFLAGS="$RPM_OPT_FLAGS -fPIC"; export CFLAGS
 
-# Bundling copy of Berkeley DB, for sasldb.
+# Bundling copy of Berkeley DB, for sasldb support.
 topdir=`pwd`
 pushd db-%{db_version}/build_unix
 ../dist/configure \
 	--with-mutex=UNIX/fcntl --disable-shared --enable-static --with-pic \
-	--with-uniquename=_cyrus_sasl_sasldb_rhl \
+	--with-uniquename=_cyrus_sasl_sasldb_rh \
 	--prefix=${topdir}/db-instroot \
 	--includedir=${topdir}/db-instroot/include \
 	--libdir=${topdir}/db-instroot/lib
@@ -186,12 +192,14 @@ pushd cyrus-sasl-%{cs1_version}
 	--enable-gssapi${krb5_prefix:+=${krb5_prefix}} \
 	--with-rc4 \
 	--with-dblib=gdbm \
+	--with-saslauthd=/var/run/saslauthd --without-pwcheck \
 	--enable-anon \
 	--enable-cram \
 	--enable-digest \
 	--enable-plain \
 	--enable-login
 make sasldir=%{_plugindir}
+tagname=CC libtool --mode=link %{__cc} -o saslauthd1-checkpass -I./include $CFLAGS $RPM_SOURCE_DIR/sasl-checkpass.c $LDFLAGS ./lib/libsasl.la
 popd
 %endif
 
@@ -219,6 +227,7 @@ export ac_cv_can_build_shared
 	--with-bdb-incdir=${topdir}/db-instroot/include \
 	--with-bdb-libdir=${topdir}/db-instroot/lib \
 	--with-saslauthd=/var/run/saslauthd --without-pwcheck \
+	--with-ldap \
 	--with-devrandom=/dev/urandom \
 	--enable-anon \
 	--enable-cram \
@@ -244,6 +253,9 @@ popd
 pushd cyrus-sasl-%{version}/build-shared/lib
 tagname=CC ../libtool --mode=link %{__cc} -o sasl2-shared-mechlist -I../../include $CFLAGS $RPM_SOURCE_DIR/sasl-mechlist.c $LDFLAGS ./libsasl2.la
 popd
+pushd cyrus-sasl-%{version}/build-shared
+#tagname=CC ./libtool --mode=link %{__cc} -o saslauthd2-checkpass -DSASL2 -I../include $CFLAGS $RPM_SOURCE_DIR/sasl-checkpass.c $LDFLAGS ./lib/libsasl2.la
+popd
 
 %install
 test "$RPM_BUILD_ROOT" != "/" && rm -rf $RPM_BUILD_ROOT
@@ -285,11 +297,22 @@ install -m644 ../saslauthd/saslauthd.mdoc $RPM_BUILD_ROOT%{_mandir}/man8/saslaut
 install -m755 -d $RPM_BUILD_ROOT/var/run/saslauthd
 
 # Install the init script.
-install -m755 -d $RPM_BUILD_ROOT/etc/rc.d/init.d
+install -m755 -d $RPM_BUILD_ROOT/etc/rc.d/init.d $RPM_BUILD_ROOT/etc/sysconfig
 install -m755 $RPM_SOURCE_DIR/saslauthd.init $RPM_BUILD_ROOT/etc/rc.d/init.d/saslauthd
+install -m644 $RPM_SOURCE_DIR/saslauthd.sysconfig $RPM_BUILD_ROOT/etc/sysconfig/saslauthd
 
 popd
 
+# Figure out an easy way to test various saslauthd clients.
+%if %{includev1}
+libtool --mode=install \
+install -m755 cyrus-sasl-%{cs1_version}/saslauthd1-checkpass \
+$RPM_BUILD_ROOT%{_sbindir}/
+%endif
+#libtool --mode=install \
+#install -m755 cyrus-sasl-%{version}/build-shared/saslauthd2-checkpass \
+#$RPM_BUILD_ROOT%{_sbindir}/
+
 # Figure out an easy way to query the list of available mechanisms.
 libtool --mode=install \
 install -m755 cyrus-sasl-%{version}/build-shared/lib/sasl2-shared-mechlist \
@@ -350,6 +373,7 @@ fi
 %{_sbindir}/sasldblistusers2
 %{_sbindir}/saslauthd
 %{_sbindir}/testsaslauthd
+%config(noreplace) /etc/sysconfig/saslauthd
 %config /etc/rc.d/init.d/saslauthd
 /var/run/saslauthd
 
@@ -423,13 +447,45 @@ fi
 %{_mandir}/man3/*
 %{_sbindir}/sasl2-static-mechlist
 %{_sbindir}/sasl2-shared-mechlist
+%if %{includev1}
+%{_sbindir}/saslauthd1-checkpass
+%endif
+#%{_sbindir}/saslauthd2-checkpass
 
 #
-#  TODO: enable ldap for saslauthd once it moves out of experimental status
 #  TODO: enable ntlm if it ever moves out of unsupported status, maybe sooner
 #  TODO: enable sql if the time comes when the soname doesn't change too often
 #
 %changelog
+* Tue Mar 16 2004 Nalin Dahyabhai <nalin@redhat.com> 2.1.18-2
+- turn on building of libsasl v1 again
+
+* Fri Mar 12 2004 Nalin Dahyabhai <nalin@redhat.com> 2.1.18-1
+- update to 2.1.18
+- saslauthd's ldap code is no longer marked experimental, so we build it
+
+* Mon Mar  8 2004 Nalin Dahyabhai <nalin@redhat.com> 2.1.17-4
+- rebuild
+
+* Tue Mar 02 2004 Elliot Lee <sopwith@redhat.com>
+- rebuilt
+
+* Fri Feb 13 2004 Elliot Lee <sopwith@redhat.com>
+- rebuilt
+
+* Tue Feb  3 2004 Nalin Dahyabhai <nalin@redhat.com> 2.1.17-2
+- include default /etc/sysconfig/saslauthd configuration file for the init
+  script (#114868)
+
+* Thu Jan 29 2004 Nalin Dahyabhai <nalin@redhat.com>
+- drop saslauthd_version patch for libsasl2
+
+* Thu Jan 29 2004 Nalin Dahyabhai <nalin@redhat.com>
+- add a saslauthd_version option to libsasl's saslauthd client and teach it to
+  do the right thing
+- enable the saslauthd client code in libsasl version 1 (it's still going away!)
+- add saslauthd1-checkpass/saslauthd2-checkpass for testing the above change
+
 * Wed Jan  7 2004 Nalin Dahyabhai <nalin@redhat.com> 2.1.17-1
 - forcibly disable otp and sql plugins at compile-time
 

sasl-checkpass.c

@@ -0,0 +1,185 @@
+#include <errno.h>
+#include <getopt.h>
+#include <stdio.h>
+#include <stdlib.h>
+
+#include "sasl.h"
+#ifdef SASL2
+static int main_requested_sasl_version = 2;
+#else
+static int main_requested_sasl_version = 1;
+#endif
+
+static int main_verbose = 0;
+
+static int
+my_getopt(void *context, const char *plugin_name,
+	  const char *option, const char **result, unsigned *len)
+{
+	if (result) {
+		*result = NULL;
+		if (strcmp(option, "pwcheck_method") == 0) {
+			*result = "saslauthd";
+		}
+		if (strcmp(option, "saslauthd_version") == 0) {
+			switch (main_requested_sasl_version) {
+			case 1:
+				*result = "1";
+				break;
+			case 2:
+				*result = "2";
+				break;
+			default:
+#ifdef SASL2
+				*result = "2";
+#else
+				*result = "1";
+#endif
+				break;
+			}
+		}
+		if (main_verbose) {
+			fprintf(stderr, "Getopt plugin=%s%s%s/option=%s%s%s -> ",
+				plugin_name ? "\"" : "",
+				plugin_name ? plugin_name : "(null)",
+				plugin_name ? "\"" : "",
+				option ? "\"" : "",
+				option ? option : "(null)",
+				option ? "\"" : "");
+			fprintf(stderr, "'%s'.\n", *result ? *result : "");
+		}
+	}
+	if (len) {
+		*len = 0;
+	}
+	return 0;
+}
+
+int
+main(int argc, char **argv)
+{
+	const char *user, *realm, *passwd, *service, *mechs, **globals, *err;
+	int c, ret;
+	sasl_callback_t callbacks[] = {
+		{SASL_CB_GETOPT, my_getopt, NULL},
+		{SASL_CB_LIST_END},
+	};
+	sasl_conn_t *connection;
+	char hostname[512];
+	char fulluser[512]; /* XXX: may overflow */
+
+	user = realm = passwd = service = "";
+	strcpy(hostname, "localhost");
+	gethostname(hostname, sizeof(hostname));
+
+	while ((c = getopt(argc, argv, "u:r:p:s:h:12v")) != -1) {
+		switch (c) {
+		case 'u':
+			user = optarg;
+			break;
+		case 'r':
+			realm = optarg;
+			break;
+		case 'p':
+			passwd = optarg;
+			break;
+		case 's':
+			service = optarg;
+			break;
+		case 'h':
+			strncpy(hostname, optarg, sizeof(hostname) - 1);
+			hostname[sizeof(hostname) - 1] = '\0';
+			break;
+		case '1':
+			main_requested_sasl_version = 1;
+			break;
+		case '2':
+			main_requested_sasl_version = 2;
+			break;
+		case 'v':
+			main_verbose++;
+			break;
+		default:
+			printf("Usage: %s [-v] [-1] [-2] "
+			       "[-h hostname] "
+			       "[-u user] "
+			       "[-r realm] "
+			       "[-p password] "
+			       "[-s service] "
+			       "\n", argv[0]);
+			return 2;
+			break;
+		}
+	}
+	if ((strlen(user) == 0) || (strlen(passwd) == 0)) {
+		printf("Usage: %s [-v] [-1] [-2] "
+		       "[-h hostname] "
+		       "[-u user] "
+		       "[-r realm] "
+		       "[-p password] "
+		       "[-s service] "
+		       "\n", argv[0]);
+		return 2;
+	}
+	if (realm && (strlen(realm) > 0)) {
+		sprintf(fulluser, "%s@%s", user, realm);
+	} else {
+		sprintf(fulluser, "%s", user);
+	}
+
+	ret = sasl_server_init(callbacks,
+			       strlen(service) ? service : "sasl-checkpass");
+	if (ret != SASL_OK) {
+		fprintf(stderr, "Error in sasl_server_init(): %s\n",
+			sasl_errstring(ret, NULL, NULL));
+	}
+
+	connection = NULL;
+	ret = sasl_server_new(strlen(service) ? service : "sasl-checkpass",
+			      hostname,
+			      NULL,
+#ifdef SASL2
+			      NULL,
+			      NULL,
+#endif
+			      callbacks,
+			      0,
+			      &connection);
+	if (ret != SASL_OK) {
+		fprintf(stderr, "Error in sasl_server_new(): %s\n",
+			sasl_errstring(ret, NULL, NULL));
+	}
+
+	err = NULL;
+	ret = sasl_checkpass(connection,
+			     fulluser, strlen(fulluser),
+			     passwd, strlen(passwd)
+#ifndef SASL2
+			     , &err
+#endif
+			     );
+	switch (ret) {
+	case SASL_OK:
+		printf("OK\n");
+		break;
+	default:
+		printf("NO: %d", ret);
+		switch (ret) {
+		case SASL_FAIL:
+			err = "generic failure";
+			break;
+		case SASL_BADAUTH:
+			err = "authentication failure";
+			break;
+		default:
+			err = NULL;
+			break;
+		}
+		if (err) {
+			printf(" (%s)", err);
+		}
+		printf("\n");
+		break;
+	}
+	return ret;
+}

saslauthd.sysconfig

@@ -0,0 +1,11 @@
+# Directory in which to place saslauthd's listening socket, pid file, and so
+# on.  This directory must already exist.
+SOCKETDIR=/var/run/saslauthd
+
+# Mechanism to use when checking passwords.  Run "saslauthd -v" to get a list
+# of which mechanism your installation was compiled to use.
+MECH=shadow
+
+# Additional flags to pass to saslauthd on the command line.  See saslauthd(8)
+# for the list of accepted flags.
+FLAGS=

sources

@@ -1,3 +1,3 @@
 60710be040801e9aff7353563b636518  cyrus-sasl-1.5.28.tar.gz
-4add6be2f194dc51aafc64193a1dd77b  cyrus-sasl-2.1.17.tar.gz
+1eafae95f0289c10f187d8b2bc4032cf  cyrus-sasl-2.1.18.tar.gz
 cbc77517c9278cdb47613ce8cb55779f  db-4.2.52.tar.gz