From 94949f362e5b57d7b4d9dd209128ff29350bf475 Mon Sep 17 00:00:00 2001 From: cvsdist Date: Thu, 9 Sep 2004 04:06:43 +0000 Subject: [PATCH] auto-import changelog data from cyrus-sasl-2.1.18-2.src.rpm Tue Mar 16 2004 Nalin Dahyabhai 2.1.18-2 - turn on building of libsasl v1 again Fri Mar 12 2004 Nalin Dahyabhai 2.1.18-1 - update to 2.1.18 - saslauthd's ldap code is no longer marked experimental, so we build it Mon Mar 08 2004 Nalin Dahyabhai 2.1.17-4 - rebuild Tue Mar 02 2004 Elliot Lee - rebuilt Fri Feb 13 2004 Elliot Lee - rebuilt Tue Feb 03 2004 Nalin Dahyabhai 2.1.17-2 - include default /etc/sysconfig/saslauthd configuration file for the init script (#114868) Thu Jan 29 2004 Nalin Dahyabhai - drop saslauthd_version patch for libsasl2 Thu Jan 29 2004 Nalin Dahyabhai - add a saslauthd_version option to libsasl's saslauthd client and teach it to do the right thing - enable the saslauthd client code in libsasl version 1 (it's still going away!) - add saslauthd1-checkpass/saslauthd2-checkpass for testing the above change --- .cvsignore | 2 +- cyrus-sasl-2.1.17-saslauthd1.patch | 96 +++++++++++++++ cyrus-sasl.spec | 86 +++++++++++--- sasl-checkpass.c | 185 +++++++++++++++++++++++++++++ saslauthd.sysconfig | 11 ++ sources | 2 +- 6 files changed, 365 insertions(+), 17 deletions(-) create mode 100644 cyrus-sasl-2.1.17-saslauthd1.patch create mode 100644 sasl-checkpass.c create mode 100644 saslauthd.sysconfig diff --git a/.cvsignore b/.cvsignore index cbc6b6d..42986eb 100644 --- a/.cvsignore +++ b/.cvsignore @@ -1,3 +1,3 @@ cyrus-sasl-1.5.28.tar.gz -cyrus-sasl-2.1.17.tar.gz +cyrus-sasl-2.1.18.tar.gz db-4.2.52.tar.gz diff --git a/cyrus-sasl-2.1.17-saslauthd1.patch b/cyrus-sasl-2.1.17-saslauthd1.patch new file mode 100644 index 0000000..62cb37c --- /dev/null +++ b/cyrus-sasl-2.1.17-saslauthd1.patch @@ -0,0 +1,96 @@ +"Speak" the saslauthd version 1 protocol if "saslauthd_version" is "1". I +don't think we'll be using this, but here for the sake of completeness. + +--- cyrus-sasl-2.1.17/lib/checkpw.c 2003-09-09 11:38:13.000000000 -0400 ++++ cyrus-sasl-2.1.17/lib/checkpw.c 2004-01-20 16:57:52.000000000 -0500 +@@ -454,7 +454,7 @@ + sasl_getopt_t *getopt; + void *context; + char pwpath[sizeof(srvaddr.sun_path)]; +- const char *p = NULL; ++ const char *p = NULL, *q = NULL; + char *freeme = NULL; + #ifdef USE_DOORS + door_arg_t arg; +@@ -463,6 +463,7 @@ + /* check to see if the user configured a rundir */ + if (_sasl_getcallback(conn, SASL_CB_GETOPT, &getopt, &context) == SASL_OK) { + getopt(context, NULL, "saslauthd_path", &p, NULL); ++ getopt(context, NULL, "saslauthd_version", &q, NULL); + } + if (p) { + strncpy(pwpath, p, sizeof(pwpath)); +@@ -514,18 +515,22 @@ + memcpy(query_end, &u_len, sizeof(unsigned short)); + query_end += sizeof(unsigned short); + while (*userid) *query_end++ = *userid++; ++ userid -= ntohs(u_len); + + memcpy(query_end, &p_len, sizeof(unsigned short)); + query_end += sizeof(unsigned short); + while (*passwd) *query_end++ = *passwd++; ++ passwd -= ntohs(p_len); + + memcpy(query_end, &s_len, sizeof(unsigned short)); + query_end += sizeof(unsigned short); + while (*service) *query_end++ = *service++; ++ service -= ntohs(s_len); + + memcpy(query_end, &r_len, sizeof(unsigned short)); + query_end += sizeof(unsigned short); + if (user_realm) while (*user_realm) *query_end++ = *user_realm++; ++ user_realm -= ntohs(r_len); + } + + #ifdef USE_DOORS +@@ -578,6 +583,50 @@ + } + } + ++ if (q && (*q == '1')) { ++ struct iovec iov[8]; ++ unsigned int u_length, p_length; ++ char buffer[1024]; ++ ++ u_length = strlen(userid ? userid : "") + 1; ++ p_length = strlen(passwd ? passwd : "") + 1; ++ if (u_length + p_length >= sizeof(query)) { ++ close(s); ++ sasl_seterror(conn, 0, "out of memory"); ++ goto fail; ++ } ++ ++ memset(buffer, '\0', sizeof(buffer)); ++ if (userid != NULL) ++ memcpy(buffer, userid, u_length); ++ if (passwd != NULL) ++ memcpy(buffer + u_length, passwd, p_length); ++ ++ iov[0].iov_len = u_length + p_length; ++ iov[0].iov_base = buffer; ++ ++ if (retry_writev(s, iov, 1) == -1) { ++ close(s); ++ sasl_seterror(conn, 0, "write failed"); ++ goto fail; ++ } ++ ++ if (retry_read(s, buffer, 2) != 2) { ++ close(s); ++ sasl_seterror(conn, 0, "read failed"); ++ goto fail; ++ } ++ ++ close(s); ++ ++ if (strncmp(buffer, "OK", 2) == 0) { ++ return SASL_OK; ++ } ++ ++ sasl_seterror(conn, SASL_NOLOG, "authentication failed"); ++ return SASL_BADAUTH; ++ } ++ + { + struct iovec iov[8]; + diff --git a/cyrus-sasl.spec b/cyrus-sasl.spec index 40acb0b..8a0add0 100644 --- a/cyrus-sasl.spec +++ b/cyrus-sasl.spec @@ -9,8 +9,8 @@ Summary: The Cyrus SASL library. Name: cyrus-sasl -Version: 2.1.17 -Release: 1 +Version: 2.1.18 +Release: 2 License: Freely Distributable Group: System Environment/Libraries Source0: ftp://ftp.andrew.cmu.edu/pub/cyrus-mail/cyrus-sasl-%{version}.tar.gz @@ -23,17 +23,21 @@ Source4: saslauthd.init Source5: README.RPM Source6: http://www.sleepycat.com/download/snapshot/db-%{db_version}.tar.gz Source7: sasl-mechlist.c +Source8: sasl-checkpass.c +Source9: saslauthd.sysconfig URL: http://asg.web.cmu.edu/sasl/sasl-library.html %if %{includev1} Patch0: cyrus-sasl-1.5.24-rpath.patch Patch1: cyrus-sasl-1.5.28-autoconf25.patch Patch2: cyrus-sasl-1.5.28-automake17.patch Patch3: cyrus-sasl-1.5.28-automake18.patch +Patch4: cyrus-sasl-1.5.28-saslauthd2.patch %endif -Patch4: cyrus-sasl-2.1.7-gdbm.patch -Patch5: cyrus-sasl-2.1.10-des.patch -Patch6: cyrus-sasl-2.1.17-gssapi-dynamic.patch -Patch7: cyrus-sasl-2.1.17-db42.patch +Patch5: cyrus-sasl-2.1.7-gdbm.patch +Patch6: cyrus-sasl-2.1.10-des.patch +Patch7: cyrus-sasl-2.1.17-gssapi-dynamic.patch +Patch9: cyrus-sasl-2.1.17-saslauthd1.patch +Patch10: cyrus-sasl-2.1.18-db_bundle.patch Buildroot: %{_tmppath}/%{name}-root %if %{includev1} BuildPrereq: gdbm-devel @@ -97,6 +101,7 @@ pushd cyrus-sasl-%{cs1_version} %patch1 -p1 -b .autoconf25 %patch2 -p1 -b .automake17 %patch3 -p1 -b .automake18 +%patch4 -p1 -b .saslauthd2 rm config/ltconfig libtoolize -f -c aclocal -I config -I cmulocal @@ -111,12 +116,13 @@ for buildtype in static shared ; do mkdir build-${buildtype} ln -s ../configure build-${buildtype} done -%patch4 -p1 -b .gdbm -%patch5 -p1 -b .des -%patch6 -p1 -b .gssapi-dynamic -%patch7 -p1 -b .db42 +%patch5 -p1 -b .gdbm +%patch6 -p1 -b .des +%patch7 -p1 -b .gssapi-dynamic +#%patch9 -p1 -b .saslauthd1 +%patch10 -p1 -b .db_bundle # FIXME - this is just weird -rm config/ltconfig acinclude.m4 +rm config/ltconfig config/libtool.m4 libtoolize -f -c aclocal -I config -I cmulocal automake -a -c -f @@ -154,12 +160,12 @@ popd %build CFLAGS="$RPM_OPT_FLAGS -fPIC"; export CFLAGS -# Bundling copy of Berkeley DB, for sasldb. +# Bundling copy of Berkeley DB, for sasldb support. topdir=`pwd` pushd db-%{db_version}/build_unix ../dist/configure \ --with-mutex=UNIX/fcntl --disable-shared --enable-static --with-pic \ - --with-uniquename=_cyrus_sasl_sasldb_rhl \ + --with-uniquename=_cyrus_sasl_sasldb_rh \ --prefix=${topdir}/db-instroot \ --includedir=${topdir}/db-instroot/include \ --libdir=${topdir}/db-instroot/lib @@ -186,12 +192,14 @@ pushd cyrus-sasl-%{cs1_version} --enable-gssapi${krb5_prefix:+=${krb5_prefix}} \ --with-rc4 \ --with-dblib=gdbm \ + --with-saslauthd=/var/run/saslauthd --without-pwcheck \ --enable-anon \ --enable-cram \ --enable-digest \ --enable-plain \ --enable-login make sasldir=%{_plugindir} +tagname=CC libtool --mode=link %{__cc} -o saslauthd1-checkpass -I./include $CFLAGS $RPM_SOURCE_DIR/sasl-checkpass.c $LDFLAGS ./lib/libsasl.la popd %endif @@ -219,6 +227,7 @@ export ac_cv_can_build_shared --with-bdb-incdir=${topdir}/db-instroot/include \ --with-bdb-libdir=${topdir}/db-instroot/lib \ --with-saslauthd=/var/run/saslauthd --without-pwcheck \ + --with-ldap \ --with-devrandom=/dev/urandom \ --enable-anon \ --enable-cram \ @@ -244,6 +253,9 @@ popd pushd cyrus-sasl-%{version}/build-shared/lib tagname=CC ../libtool --mode=link %{__cc} -o sasl2-shared-mechlist -I../../include $CFLAGS $RPM_SOURCE_DIR/sasl-mechlist.c $LDFLAGS ./libsasl2.la popd +pushd cyrus-sasl-%{version}/build-shared +#tagname=CC ./libtool --mode=link %{__cc} -o saslauthd2-checkpass -DSASL2 -I../include $CFLAGS $RPM_SOURCE_DIR/sasl-checkpass.c $LDFLAGS ./lib/libsasl2.la +popd %install test "$RPM_BUILD_ROOT" != "/" && rm -rf $RPM_BUILD_ROOT @@ -285,11 +297,22 @@ install -m644 ../saslauthd/saslauthd.mdoc $RPM_BUILD_ROOT%{_mandir}/man8/saslaut install -m755 -d $RPM_BUILD_ROOT/var/run/saslauthd # Install the init script. -install -m755 -d $RPM_BUILD_ROOT/etc/rc.d/init.d +install -m755 -d $RPM_BUILD_ROOT/etc/rc.d/init.d $RPM_BUILD_ROOT/etc/sysconfig install -m755 $RPM_SOURCE_DIR/saslauthd.init $RPM_BUILD_ROOT/etc/rc.d/init.d/saslauthd +install -m644 $RPM_SOURCE_DIR/saslauthd.sysconfig $RPM_BUILD_ROOT/etc/sysconfig/saslauthd popd +# Figure out an easy way to test various saslauthd clients. +%if %{includev1} +libtool --mode=install \ +install -m755 cyrus-sasl-%{cs1_version}/saslauthd1-checkpass \ +$RPM_BUILD_ROOT%{_sbindir}/ +%endif +#libtool --mode=install \ +#install -m755 cyrus-sasl-%{version}/build-shared/saslauthd2-checkpass \ +#$RPM_BUILD_ROOT%{_sbindir}/ + # Figure out an easy way to query the list of available mechanisms. libtool --mode=install \ install -m755 cyrus-sasl-%{version}/build-shared/lib/sasl2-shared-mechlist \ @@ -350,6 +373,7 @@ fi %{_sbindir}/sasldblistusers2 %{_sbindir}/saslauthd %{_sbindir}/testsaslauthd +%config(noreplace) /etc/sysconfig/saslauthd %config /etc/rc.d/init.d/saslauthd /var/run/saslauthd @@ -423,13 +447,45 @@ fi %{_mandir}/man3/* %{_sbindir}/sasl2-static-mechlist %{_sbindir}/sasl2-shared-mechlist +%if %{includev1} +%{_sbindir}/saslauthd1-checkpass +%endif +#%{_sbindir}/saslauthd2-checkpass # -# TODO: enable ldap for saslauthd once it moves out of experimental status # TODO: enable ntlm if it ever moves out of unsupported status, maybe sooner # TODO: enable sql if the time comes when the soname doesn't change too often # %changelog +* Tue Mar 16 2004 Nalin Dahyabhai 2.1.18-2 +- turn on building of libsasl v1 again + +* Fri Mar 12 2004 Nalin Dahyabhai 2.1.18-1 +- update to 2.1.18 +- saslauthd's ldap code is no longer marked experimental, so we build it + +* Mon Mar 8 2004 Nalin Dahyabhai 2.1.17-4 +- rebuild + +* Tue Mar 02 2004 Elliot Lee +- rebuilt + +* Fri Feb 13 2004 Elliot Lee +- rebuilt + +* Tue Feb 3 2004 Nalin Dahyabhai 2.1.17-2 +- include default /etc/sysconfig/saslauthd configuration file for the init + script (#114868) + +* Thu Jan 29 2004 Nalin Dahyabhai +- drop saslauthd_version patch for libsasl2 + +* Thu Jan 29 2004 Nalin Dahyabhai +- add a saslauthd_version option to libsasl's saslauthd client and teach it to + do the right thing +- enable the saslauthd client code in libsasl version 1 (it's still going away!) +- add saslauthd1-checkpass/saslauthd2-checkpass for testing the above change + * Wed Jan 7 2004 Nalin Dahyabhai 2.1.17-1 - forcibly disable otp and sql plugins at compile-time diff --git a/sasl-checkpass.c b/sasl-checkpass.c new file mode 100644 index 0000000..27a0b94 --- /dev/null +++ b/sasl-checkpass.c @@ -0,0 +1,185 @@ +#include +#include +#include +#include + +#include "sasl.h" +#ifdef SASL2 +static int main_requested_sasl_version = 2; +#else +static int main_requested_sasl_version = 1; +#endif + +static int main_verbose = 0; + +static int +my_getopt(void *context, const char *plugin_name, + const char *option, const char **result, unsigned *len) +{ + if (result) { + *result = NULL; + if (strcmp(option, "pwcheck_method") == 0) { + *result = "saslauthd"; + } + if (strcmp(option, "saslauthd_version") == 0) { + switch (main_requested_sasl_version) { + case 1: + *result = "1"; + break; + case 2: + *result = "2"; + break; + default: +#ifdef SASL2 + *result = "2"; +#else + *result = "1"; +#endif + break; + } + } + if (main_verbose) { + fprintf(stderr, "Getopt plugin=%s%s%s/option=%s%s%s -> ", + plugin_name ? "\"" : "", + plugin_name ? plugin_name : "(null)", + plugin_name ? "\"" : "", + option ? "\"" : "", + option ? option : "(null)", + option ? "\"" : ""); + fprintf(stderr, "'%s'.\n", *result ? *result : ""); + } + } + if (len) { + *len = 0; + } + return 0; +} + +int +main(int argc, char **argv) +{ + const char *user, *realm, *passwd, *service, *mechs, **globals, *err; + int c, ret; + sasl_callback_t callbacks[] = { + {SASL_CB_GETOPT, my_getopt, NULL}, + {SASL_CB_LIST_END}, + }; + sasl_conn_t *connection; + char hostname[512]; + char fulluser[512]; /* XXX: may overflow */ + + user = realm = passwd = service = ""; + strcpy(hostname, "localhost"); + gethostname(hostname, sizeof(hostname)); + + while ((c = getopt(argc, argv, "u:r:p:s:h:12v")) != -1) { + switch (c) { + case 'u': + user = optarg; + break; + case 'r': + realm = optarg; + break; + case 'p': + passwd = optarg; + break; + case 's': + service = optarg; + break; + case 'h': + strncpy(hostname, optarg, sizeof(hostname) - 1); + hostname[sizeof(hostname) - 1] = '\0'; + break; + case '1': + main_requested_sasl_version = 1; + break; + case '2': + main_requested_sasl_version = 2; + break; + case 'v': + main_verbose++; + break; + default: + printf("Usage: %s [-v] [-1] [-2] " + "[-h hostname] " + "[-u user] " + "[-r realm] " + "[-p password] " + "[-s service] " + "\n", argv[0]); + return 2; + break; + } + } + if ((strlen(user) == 0) || (strlen(passwd) == 0)) { + printf("Usage: %s [-v] [-1] [-2] " + "[-h hostname] " + "[-u user] " + "[-r realm] " + "[-p password] " + "[-s service] " + "\n", argv[0]); + return 2; + } + if (realm && (strlen(realm) > 0)) { + sprintf(fulluser, "%s@%s", user, realm); + } else { + sprintf(fulluser, "%s", user); + } + + ret = sasl_server_init(callbacks, + strlen(service) ? service : "sasl-checkpass"); + if (ret != SASL_OK) { + fprintf(stderr, "Error in sasl_server_init(): %s\n", + sasl_errstring(ret, NULL, NULL)); + } + + connection = NULL; + ret = sasl_server_new(strlen(service) ? service : "sasl-checkpass", + hostname, + NULL, +#ifdef SASL2 + NULL, + NULL, +#endif + callbacks, + 0, + &connection); + if (ret != SASL_OK) { + fprintf(stderr, "Error in sasl_server_new(): %s\n", + sasl_errstring(ret, NULL, NULL)); + } + + err = NULL; + ret = sasl_checkpass(connection, + fulluser, strlen(fulluser), + passwd, strlen(passwd) +#ifndef SASL2 + , &err +#endif + ); + switch (ret) { + case SASL_OK: + printf("OK\n"); + break; + default: + printf("NO: %d", ret); + switch (ret) { + case SASL_FAIL: + err = "generic failure"; + break; + case SASL_BADAUTH: + err = "authentication failure"; + break; + default: + err = NULL; + break; + } + if (err) { + printf(" (%s)", err); + } + printf("\n"); + break; + } + return ret; +} diff --git a/saslauthd.sysconfig b/saslauthd.sysconfig new file mode 100644 index 0000000..8bbbd98 --- /dev/null +++ b/saslauthd.sysconfig @@ -0,0 +1,11 @@ +# Directory in which to place saslauthd's listening socket, pid file, and so +# on. This directory must already exist. +SOCKETDIR=/var/run/saslauthd + +# Mechanism to use when checking passwords. Run "saslauthd -v" to get a list +# of which mechanism your installation was compiled to use. +MECH=shadow + +# Additional flags to pass to saslauthd on the command line. See saslauthd(8) +# for the list of accepted flags. +FLAGS= diff --git a/sources b/sources index 2c700d8..c1517ee 100644 --- a/sources +++ b/sources @@ -1,3 +1,3 @@ 60710be040801e9aff7353563b636518 cyrus-sasl-1.5.28.tar.gz -4add6be2f194dc51aafc64193a1dd77b cyrus-sasl-2.1.17.tar.gz +1eafae95f0289c10f187d8b2bc4032cf cyrus-sasl-2.1.18.tar.gz cbc77517c9278cdb47613ce8cb55779f db-4.2.52.tar.gz