import cyrus-sasl-2.1.27-1.el8

2019-08-02 03:51:14 -04:00 · 2019-08-02 03:51:14 -04:00 · a422f58440
commit a422f58440
14 changed files with 1697 additions and 0 deletions
--- a/.cyrus-sasl.metadata
+++ b/.cyrus-sasl.metadata
@ -0,0 +1 @@
+c9e6848d9cc6f9588e0e7a75423f9a3aed3f10db SOURCES/cyrus-sasl-2.1.27-nodlcompatorsrp.tar.gz
--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1 @@
+SOURCES/cyrus-sasl-2.1.27-nodlcompatorsrp.tar.gz
--- a/SOURCES/autogen.sh
+++ b/SOURCES/autogen.sh
@ -0,0 +1,37 @@
+#!/bin/sh
+# Run this to generate all the initial makefiles, etc.
+test -n "$srcdir" || srcdir=`dirname "$0"`
+test -n "$srcdir" || srcdir=.
+
+olddir=`pwd`
+
+cd $srcdir
+
+(test -f configure.ac) || {
+	echo "*** ERROR: Directory "\`$srcdir\'" does not look like the top-level project directory ***"
+	exit 1
+}
+
+PKG_NAME=`autoconf --trace 'AC_INIT:$1' configure.ac`
+
+if [ "$#" = 0 -a "x$NOCONFIGURE" = "x" ]; then
+	echo "*** WARNING: I am going to run \`configure' with no arguments." >&2
+	echo "*** If you wish to pass any to it, please specify them on the" >&2
+	echo "*** \`$0\' command line." >&2
+	echo "" >&2
+fi
+
+aclocal --install || exit 1
+autoreconf --verbose --force --install -Wno-portability || exit 1
+
+cd $olddir
+if [ "$NOCONFIGURE" = "" ]; then
+	$srcdir/configure "$@" || exit 1
+
+	if [ "$1" = "--help" ]; then exit 0 else
+		echo "Now type \`make\' to compile $PKG_NAME" || exit 1
+	fi
+else
+	echo "Skipping configure process."
+fi
+
--- a/SOURCES/cyrus-sasl-2.1.20-saslauthd.conf-path.patch
+++ b/SOURCES/cyrus-sasl-2.1.20-saslauthd.conf-path.patch
@ -0,0 +1,26 @@
+diff -up cyrus-sasl-2.1.27/saslauthd/saslauthd.mdoc.path cyrus-sasl-2.1.27/saslauthd/saslauthd.mdoc
+--- cyrus-sasl-2.1.27/saslauthd/saslauthd.mdoc.path	2015-10-15 15:44:43.000000000 +0200
+++ cyrus-sasl-2.1.27/saslauthd/saslauthd.mdoc	2015-11-20 15:05:30.421377527 +0100
+@@ -221,7 +221,7 @@ instead.
+ .Em (All platforms that support OpenLDAP 2.0 or higher)
+ .Pp
+ Authenticate against an ldap server.  The ldap configuration parameters are
+-read from /usr/local/etc/saslauthd.conf.  The location of this file can be
+read from /etc/saslauthd.conf.  The location of this file can be
+ changed with the -O parameter. See the LDAP_SASLAUTHD file included with the
+ distribution for the list of available parameters.
+ .It Li sia
+@@ -251,10 +251,10 @@ these ticket files can cause serious per
+ servers. (Kerberos
+ was never intended to be used in this manner, anyway.)
+ .Sh FILES
+-.Bl -tag -width "/var/run/saslauthd/mux"
+-.It Pa /var/run/saslauthd/mux
+.Bl -tag -width "/run/saslauthd/mux"
+.It Pa /run/saslauthd/mux
+ The default communications socket.
+-.It Pa /usr/local/etc/saslauthd.conf
+.It Pa /etc/saslauthd.conf
+ The default configuration file for ldap support.
+ .El
+ .Sh SEE ALSO
--- a/SOURCES/cyrus-sasl-2.1.21-sizes.patch
+++ b/SOURCES/cyrus-sasl-2.1.21-sizes.patch
@ -0,0 +1,119 @@
+diff -up cyrus-sasl-2.1.27/configure.ac.sizes cyrus-sasl-2.1.27/configure.ac
+--- cyrus-sasl-2.1.27/configure.ac.sizes	2015-11-18 09:46:24.000000000 +0100
+++ cyrus-sasl-2.1.27/configure.ac	2015-11-20 15:11:20.474588247 +0100
+@@ -1312,6 +1312,10 @@ AC_HEADER_STDC
+ AC_HEADER_DIRENT
+ AC_HEADER_SYS_WAIT
+ AC_CHECK_HEADERS(crypt.h des.h dlfcn.h fcntl.h limits.h malloc.h paths.h strings.h sys/file.h sys/time.h syslog.h unistd.h inttypes.h sys/uio.h sys/param.h sysexits.h stdarg.h varargs.h krb5.h)
+AC_CHECK_TYPES([long long, int8_t, uint8_t, int16_t, uint16_t, int32_t, uint32_t, int64_t, uint64_t],,,[
+#ifdef HAVE_INTTYPES_H
+#include <inttypes.h>
+#endif])
+ 
+ IPv6_CHECK_SS_FAMILY()
+ IPv6_CHECK_SA_LEN()
+diff -up cyrus-sasl-2.1.27/include/makemd5.c.sizes cyrus-sasl-2.1.27/include/makemd5.c
+--- cyrus-sasl-2.1.27/include/makemd5.c.sizes	2015-10-15 15:44:43.000000000 +0200
+++ cyrus-sasl-2.1.27/include/makemd5.c	2015-11-20 15:11:20.477588240 +0100
+@@ -82,12 +82,19 @@
+  */
+ 
+ 
+#ifdef HAVE_CONFIG_H
+#include "../config.h"
+#endif
+ 
+ #include <stdio.h>
+ #include <string.h>
+ #include <stdlib.h>
+ #include <ctype.h>
+ 
+#ifdef HAVE_INTTYPES_H
+#include <inttypes.h>
+#endif
+
+ 
+ static void
+ my_strupr(char *s)
+@@ -122,6 +129,18 @@ my_strupr(char *s)
+ static void
+ try_signed(FILE *f, int len)
+ {
+#ifdef HAVE_INT8_T
+    BITSIZE(int8_t);
+#endif
+#ifdef HAVE_INT16_T
+    BITSIZE(int16_t);
+#endif
+#ifdef HAVE_INT32_T
+    BITSIZE(int32_t);
+#endif
+#ifdef HAVE_INT64_T
+    BITSIZE(int64_t);
+#endif
+     BITSIZE(signed char);
+     BITSIZE(short);
+     BITSIZE(int);
+@@ -135,6 +154,18 @@ try_signed(FILE *f, int len)
+ static void
+ try_unsigned(FILE *f, int len)
+ {
+#ifdef HAVE_UINT8_T
+    BITSIZE(uint8_t);
+#endif
+#ifdef HAVE_UINT16_T
+    BITSIZE(uint16_t);
+#endif
+#ifdef HAVE_UINT32_T
+    BITSIZE(uint32_t);
+#endif
+#ifdef HAVE_UINT64_T
+    BITSIZE(uint64_t);
+#endif
+     BITSIZE(unsigned char);
+     BITSIZE(unsigned short);
+     BITSIZE(unsigned int);
+@@ -165,6 +196,11 @@ static int print_pre(FILE *f)
+ 	  "/* POINTER defines a generic pointer type */\n"
+ 	  "typedef unsigned char *POINTER;\n"
+ 	  "\n"
+#ifdef HAVE_INTTYPES_H
+	  "/* We try to define integer types for our use */\n"
+	  "#include <inttypes.h>\n"
+	  "\n"
+#endif
+ 	  );
+   return 1;
+ }
+@@ -212,31 +248,15 @@ int main(int argc, char **argv)
+ 
+   print_pre(f);
+ 
+-#ifndef HAVE_INT8_T
+     try_signed (f, 8);
+-#endif /* HAVE_INT8_T */
+-#ifndef HAVE_INT16_T
+     try_signed (f, 16);
+-#endif /* HAVE_INT16_T */
+-#ifndef HAVE_INT32_T
+     try_signed (f, 32);
+-#endif /* HAVE_INT32_T */
+-#ifndef HAVE_INT64_T
+     try_signed (f, 64);
+-#endif /* HAVE_INT64_T */
+ 
+-#ifndef HAVE_U_INT8_T
+     try_unsigned (f, 8);
+-#endif /* HAVE_INT8_T */
+-#ifndef HAVE_U_INT16_T
+     try_unsigned (f, 16);
+-#endif /* HAVE_U_INT16_T */
+-#ifndef HAVE_U_INT32_T
+     try_unsigned (f, 32);
+-#endif /* HAVE_U_INT32_T */
+-#ifndef HAVE_U_INT64_T
+     try_unsigned (f, 64);
+-#endif /* HAVE_U_INT64_T */
+ 
+     print_post(f);
+   
--- a/SOURCES/cyrus-sasl-2.1.23-man.patch
+++ b/SOURCES/cyrus-sasl-2.1.23-man.patch
@ -0,0 +1,24 @@
+diff -up cyrus-sasl-2.1.26/saslauthd/testsaslauthd.8.man cyrus-sasl-2.1.26/saslauthd/testsaslauthd.8
+--- cyrus-sasl-2.1.26/saslauthd/testsaslauthd.8.man	2013-09-03 15:25:26.818042047 +0200
+++ cyrus-sasl-2.1.26/saslauthd/testsaslauthd.8	2013-09-03 15:25:26.818042047 +0200
+@@ -0,0 +1,20 @@
+.\"                                      Hey, EMACS: -*- nroff -*-
+.TH TESTSASLAUTHD 8 "14 October 2006"
+.SH NAME
+testsaslauthd \- test utility for the SASL authentication server
+.SH SYNOPSIS
+.B testsaslauthd
+.RI "[ " \(hyr " " realm " ] [ " \(hys " " servicename " ] [ " \(hyf " " socket " " path " ] [ " \(hyR " " repeatnum " ]"
+.SH DESCRIPTION
+This manual page documents briefly the
+.B testsaslauthd
+command.
+.PP
+.SH SEE ALSO
+.BR saslauthd (8).
+.br
+.SH AUTHOR
+testsaslauthd was written by Carnegie Mellon University.
+.PP
+This manual page was written by Roberto C. Sanchez <roberto@connexer.com>,
+for the Debian project (but may be used by others).
--- a/SOURCES/cyrus-sasl-2.1.25-no_rpath.patch
+++ b/SOURCES/cyrus-sasl-2.1.25-no_rpath.patch
@ -0,0 +1,20 @@
+diff -up cyrus-sasl-2.1.25/m4/cyrus.m4.no_rpath cyrus-sasl-2.1.25/m4/cyrus.m4
+--- cyrus-sasl-2.1.25/m4/cyrus.m4.no_rpath	2010-01-22 16:12:01.000000000 +0100
+++ cyrus-sasl-2.1.25/m4/cyrus.m4	2012-12-06 14:59:47.956102057 +0100
+@@ -32,14 +32,5 @@ AC_DEFUN([CMU_ADD_LIBPATH_TO], [
+ dnl runpath initialization
+ AC_DEFUN([CMU_GUESS_RUNPATH_SWITCH], [
+    # CMU GUESS RUNPATH SWITCH
+-  AC_CACHE_CHECK(for runpath switch, andrew_cv_runpath_switch, [
+-    # first, try -R
+-    SAVE_LDFLAGS="${LDFLAGS}"
+-    LDFLAGS="-R /usr/lib"
+-    AC_TRY_LINK([],[],[andrew_cv_runpath_switch="-R"], [
+-  	LDFLAGS="-Wl,-rpath,/usr/lib"
+-    AC_TRY_LINK([],[],[andrew_cv_runpath_switch="-Wl,-rpath,"],
+-    [andrew_cv_runpath_switch="none"])
+-    ])
+-  LDFLAGS="${SAVE_LDFLAGS}"
+-  ])])
+    andrew_runpath_switch="none"
+  ])
--- a/SOURCES/cyrus-sasl-2.1.26-md5global.patch
+++ b/SOURCES/cyrus-sasl-2.1.26-md5global.patch
@ -0,0 +1,24 @@
+diff -up cyrus-sasl-2.1.27/include/Makefile.am.md5global.h cyrus-sasl-2.1.27/include/Makefile.am
+--- cyrus-sasl-2.1.27/include/Makefile.am.md5global.h	2018-05-17 13:33:49.588368350 +0200
+++ cyrus-sasl-2.1.27/include/Makefile.am	2018-05-17 13:38:19.377316869 +0200
+@@ -49,20 +49,7 @@ saslinclude_HEADERS = hmac-md5.h md5.h m
+ 
+ noinst_PROGRAMS = makemd5
+ 
+-makemd5_SOURCES = makemd5.c
+-
+-makemd5$(BUILD_EXEEXT) $(makemd5_OBJECTS): CC=$(CC_FOR_BUILD)
+-makemd5$(BUILD_EXEEXT) $(makemd5_OBJECTS): CFLAGS=$(CFLAGS_FOR_BUILD)
+-makemd5$(BUILD_EXEEXT): LDFLAGS=$(LDFLAGS_FOR_BUILD)
+-
+-md5global.h: makemd5$(BUILD_EXEEXT) Makefile
+-	-rm -f $@
+-	./$< $@
+-
+-BUILT_SOURCES = md5global.h
+-
+ EXTRA_DIST = NTMakefile
+-DISTCLEANFILES = md5global.h
+ 
+ if MACOSX
+ framedir = /Library/Frameworks/SASL2.framework
--- a/SOURCES/cyrus-sasl-pr559-RC4-openssl.patch
+++ b/SOURCES/cyrus-sasl-pr559-RC4-openssl.patch
@ -0,0 +1,155 @@
+From 8aa9ae816ddf66921b4a8a0f422517e6f2e55ac6 Mon Sep 17 00:00:00 2001
+From: Simo Sorce <simo@redhat.com>
+Date: Wed, 27 Mar 2019 14:29:08 -0400
+Subject: [PATCH] Use Openssl RC4 when available
+
+Signed-off-by: Simo Sorce <simo@redhat.com>
+---
+ configure.ac        |   5 +--
+ plugins/digestmd5.c | 107 +++++++++++++++++++++++++++++++++++++++++++-
+ 2 files changed, 108 insertions(+), 4 deletions(-)
+
+diff --git a/configure.ac b/configure.ac
+index 388f5d02..cfdee4a2 100644
+--- a/configure.ac
+++ b/configure.ac
+@@ -1102,12 +1102,11 @@ AC_ARG_WITH(configdir, [   --with-configdir=DIR    set the directory where confi
+ AC_SUBST(configdir)
+ 
+-dnl look for rc4 libraries. we accept the CMU one or one from openSSL
+-AC_ARG_WITH(rc4, [  --with-rc4              use internal rc4 routines [[yes]] ],
+AC_ARG_WITH(rc4, [  --with-rc4              use rc4 routines [[yes]] ],
+ 	with_rc4=$withval,
+ 	with_rc4=yes)
+ 
+ if test "$with_rc4" != no; then
+-    AC_DEFINE(WITH_RC4,[],[Use internal RC4 implementation?])
+    AC_DEFINE(WITH_RC4,[],[Use RC4])
+ fi
+ 
+ building_for_macosx=no
+diff --git a/plugins/digestmd5.c b/plugins/digestmd5.c
+index df35093d..c6b54317 100644
+--- a/plugins/digestmd5.c
+++ b/plugins/digestmd5.c
+@@ -1117,6 +1117,111 @@ static void free_des(context_t *text)
+ #endif /* WITH_DES */
+ 
+ #ifdef WITH_RC4
+#ifdef HAVE_OPENSSL
+#include <openssl/evp.h>
+
+static void free_rc4(context_t *text)
+{
+    if (text->cipher_enc_context) {
+        EVP_CIPHER_CTX_free((EVP_CIPHER_CTX *)text->cipher_enc_context);
+        text->cipher_enc_context = NULL;
+    }
+    if (text->cipher_dec_context) {
+        EVP_CIPHER_CTX_free((EVP_CIPHER_CTX *)text->cipher_dec_context);
+        text->cipher_dec_context = NULL;
+    }
+}
+
+static int init_rc4(context_t *text,
+		    unsigned char enckey[16],
+		    unsigned char deckey[16])
+{
+    EVP_CIPHER_CTX *ctx;
+    int rc;
+
+    ctx = EVP_CIPHER_CTX_new();
+    if (ctx == NULL) return SASL_NOMEM;
+
+    rc = EVP_EncryptInit_ex(ctx, EVP_rc4(), NULL, enckey, NULL);
+    if (rc != 1) return SASL_FAIL;
+
+    text->cipher_enc_context = (void *)ctx;
+
+    ctx = EVP_CIPHER_CTX_new();
+    if (ctx == NULL) return SASL_NOMEM;
+
+    rc = EVP_DecryptInit_ex(ctx, EVP_rc4(), NULL, deckey, NULL);
+    if (rc != 1) return SASL_FAIL;
+
+    text->cipher_dec_context = (void *)ctx;
+
+    return SASL_OK;
+}
+
+static int dec_rc4(context_t *text,
+		   const char *input,
+		   unsigned inputlen,
+		   unsigned char digest[16] __attribute__((unused)),
+		   char *output,
+		   unsigned *outputlen)
+{
+    int len;
+    int rc;
+
+    /* decrypt the text part & HMAC */
+    rc = EVP_DecryptUpdate((EVP_CIPHER_CTX *)text->cipher_dec_context,
+                           (unsigned char *)output, &len,
+                           (const unsigned char *)input, inputlen);
+    if (rc != 1) return SASL_FAIL;
+
+    *outputlen = len;
+
+    rc = EVP_DecryptFinal_ex((EVP_CIPHER_CTX *)text->cipher_dec_context,
+                             (unsigned char *)output + len, &len);
+    if (rc != 1) return SASL_FAIL;
+
+    *outputlen += len;
+
+    /* subtract the HMAC to get the text length */
+    *outputlen -= 10;
+
+    return SASL_OK;
+}
+
+static int enc_rc4(context_t *text,
+		   const char *input,
+		   unsigned inputlen,
+		   unsigned char digest[16],
+		   char *output,
+		   unsigned *outputlen)
+{
+    int len;
+    int rc;
+    /* encrypt the text part */
+    rc = EVP_EncryptUpdate((EVP_CIPHER_CTX *)text->cipher_enc_context,
+                           (unsigned char *)output, &len,
+                           (const unsigned char *)input, inputlen);
+    if (rc != 1) return SASL_FAIL;
+
+    *outputlen = len;
+
+    /* encrypt the `MAC part */
+    rc = EVP_EncryptUpdate((EVP_CIPHER_CTX *)text->cipher_enc_context,
+                           (unsigned char *)output + *outputlen, &len,
+                           digest, 10);
+    if (rc != 1) return SASL_FAIL;
+
+    *outputlen += len;
+
+    rc = EVP_EncryptFinal_ex((EVP_CIPHER_CTX *)text->cipher_enc_context,
+                             (unsigned char *)output + *outputlen, &len);
+    if (rc != 1) return SASL_FAIL;
+
+    *outputlen += len;
+
+    return SASL_OK;
+}
+#else
+ /* quick generic implementation of RC4 */
+ struct rc4_context_s {
+     unsigned char sbox[256];
+@@ -1296,7 +1401,7 @@ static int enc_rc4(context_t *text,
+     
+     return SASL_OK;
+ }
+-
+#endif /* HAVE_OPENSSL */
+ #endif /* WITH_RC4 */
+ 
+ struct digest_cipher available_ciphers[] =
--- a/SOURCES/make-no-dlcompatorsrp-tarball.sh
+++ b/SOURCES/make-no-dlcompatorsrp-tarball.sh
@ -0,0 +1,41 @@
+#!/bin/bash -e
+#
+#  See ftp://ftp.andrew.cmu.edu/pub/cyrus-mail/ for unmodified sources.
+#
+
+tmppath=`mktemp -d ${TMPDIR:-/tmp}/make-no-dlcompat-tarball-XXXXXX`
+if test -z "$tmppath" ; then
+	echo Error creating temporary directory.
+	exit 1
+fi
+trap "rm -fr $tmppath" EXIT
+
+initialdir=`pwd`
+
+for tarball in ${initialdir}/cyrus-sasl-*.tar.{gz,bz2} ; do
+	if ! test -s "$tarball" ; then
+		continue
+	fi
+	rm -fr $tmppath/*
+	pushd $tmppath > /dev/null
+	case "$tarball" in
+	*nodlcompat*)
+		: Do nothing.
+		;;
+	*.gz)
+		gzip  -dc "$tarball" | tar xf -
+		rm -fr cyrus-sasl-*/dlcompat*
+		rm -fr cyrus-sasl-*/plugins/srp*
+		tar cf - * | gzip  -9c > \
+		$initialdir/`basename $tarball .tar.gz`-nodlcompatorsrp.tar.gz
+		;;
+	*.bz2)
+		bzip2 -dc "$tarball" | tar xf -
+		rm -fr cyrus-sasl-*/dlcompat*
+		rm -fr cyrus-sasl-*/plugins/srp*
+		tar cf - * | bzip2 -9c > \
+		$initialdir/`basename $tarball .tar.bz2`-nodlcompatorsrp.tar.bz2
+		;;
+	esac
+	popd > /dev/null
+done
--- a/SOURCES/sasl-mechlist.c
+++ b/SOURCES/sasl-mechlist.c
@ -0,0 +1,99 @@
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+
+#include "sasl.h"
+
+static int
+my_getopt(void *context, const char *plugin_name,
+	  const char *option, const char **result, unsigned *len)
+{
+	if (result) {
+		*result = NULL;
+#if 0
+		fprintf(stderr, "Getopt plugin=%s%s%s/option=%s%s%s -> ",
+			plugin_name ? "\"" : "",
+			plugin_name ? plugin_name : "(null)",
+			plugin_name ? "\"" : "",
+			option ? "\"" : "",
+			option ? option : "(null)",
+			option ? "\"" : "");
+		fprintf(stderr, "'%s'.\n", *result ? *result : "");
+#endif
+	}
+	if (len) {
+		*len = 0;
+	}
+	return 0;
+}
+
+int
+main(int argc, char **argv)
+{
+	int ret, i;
+	const char *mechs, **globals;
+	sasl_callback_t callbacks[] = {
+		{SASL_CB_GETOPT, my_getopt, NULL},
+		{SASL_CB_LIST_END},
+	};
+	sasl_conn_t *connection;
+	char hostname[512];
+
+	if ((argc > 1) && (argv[1][0] == '-')) {
+		fprintf(stderr, "Usage: %s [appname [hostname] ]\n", argv[0]);
+		return 0;
+	}
+
+	ret = sasl_server_init(callbacks, argc > 1 ? argv[1] : "sasl-mechlist");
+	if (ret != SASL_OK) {
+		fprintf(stderr, "Error in sasl_server_init(): %s\n",
+			sasl_errstring(ret, NULL, NULL));
+	}
+
+	connection = NULL;
+	strcpy(hostname, "localhost");
+	gethostname(hostname, sizeof(hostname));
+	ret = sasl_server_new(argc > 2 ? argv[2] : "host",
+			      hostname,
+			      NULL,
+			      NULL,
+			      NULL,
+			      callbacks,
+			      0,
+			      &connection);
+	if (ret != SASL_OK) {
+		fprintf(stderr, "Error in sasl_server_new(): %s\n",
+			sasl_errstring(ret, NULL, NULL));
+	}
+
+	ret = sasl_listmech(connection,
+			    getenv("USER") ? getenv("USER") : "root",
+			    "Available mechanisms: ",
+			    ",",
+			    "\n",
+			    &mechs,
+			    NULL,
+			    NULL);
+	if (ret != SASL_OK) {
+		fprintf(stderr, "Error in sasl_listmechs(): %s\n",
+			sasl_errstring(ret, NULL, NULL));
+	} else {
+		fprintf(stdout, "%s", mechs);
+	}
+
+	globals = sasl_global_listmech();
+	for (i = 0; (globals != NULL) && (globals[i] != NULL); i++) {
+		if (i == 0) {
+			fprintf(stdout, "Library supports: ");
+		}
+		fprintf(stdout, "%s", globals[i]);
+		if (globals[i + 1] != NULL) {
+			fprintf(stdout, ",");
+		} else {
+			fprintf(stdout, "\n");
+		}
+	}
+
+	return 0;
+}
--- a/SOURCES/saslauthd.service
+++ b/SOURCES/saslauthd.service
@ -0,0 +1,12 @@
+[Unit]
+Description=SASL authentication daemon.
+
+[Service]
+Type=forking
+PIDFile=/run/saslauthd/saslauthd.pid
+EnvironmentFile=/etc/sysconfig/saslauthd
+ExecStart=/usr/sbin/saslauthd -m $SOCKETDIR -a $MECH $FLAGS
+RuntimeDirectory=saslauthd
+
+[Install]
+WantedBy=multi-user.target
--- a/SOURCES/saslauthd.sysconfig
+++ b/SOURCES/saslauthd.sysconfig
@ -0,0 +1,11 @@
+# Directory in which to place saslauthd's listening socket, pid file, and so
+# on.  This directory must already exist.
+SOCKETDIR=/run/saslauthd
+
+# Mechanism to use when checking passwords.  Run "saslauthd -v" to get a list
+# of which mechanism your installation was compiled with the ablity to use.
+MECH=pam
+
+# Additional flags to pass to saslauthd on the command line.  See saslauthd(8)
+# for the list of accepted flags.
+FLAGS=
--- a/SPECS/cyrus-sasl.spec
+++ b/SPECS/cyrus-sasl.spec
				`@ -0,0 +1 @@`
				`c9e6848d9cc6f9588e0e7a75423f9a3aed3f10db SOURCES/cyrus-sasl-2.1.27-nodlcompatorsrp.tar.gz`
				`@ -0,0 +1 @@`
				`SOURCES/cyrus-sasl-2.1.27-nodlcompatorsrp.tar.gz`