jcgruenhage/void-packages
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

cyrus-sasl; update to 2.1.25 (issue #57).

Browse source
This commit is contained in:
Juan RP 2013-04-09 11:42:41 +02:00
parent c7f65edb49
commit b575962368
28 changed files with 63 additions and 861 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
srcpkgs/cyrus-sasl/cyrus-sasl-modules-gssapi.template
View file

@ -2,11 +2,6 @@
#
depends="cyrus-sasl>=${version}_${revision}"
short_desc="Cyrus SASL - pluggable authentication modules (GSSAPI)"
long_desc="
This is the Cyrus SASL API implementation, version 2.1. See package
libsasl and RFC 2222 for more information.
This package provides the GSSAPI authentication mechanism plugin."
do_install() {
vmove "usr/lib/sasl2/libgssapi*" usr/lib/sasl2

5
srcpkgs/cyrus-sasl/cyrus-sasl-modules-ldap.template
View file

@ -2,11 +2,6 @@
#
depends="cyrus-sasl>=${version}_${revision}"
short_desc="Cyrus SASL - pluggable authentication modules (LDAP)"
long_desc="
This is the Cyrus SASL API implementation, version 2.1. See package
libsasl and RFC 2222 for more information.
This package provides the LDAP plugin."
do_install() {
vmove "usr/lib/sasl2/libldapdb.*" usr/lib/sasl2

5
srcpkgs/cyrus-sasl/cyrus-sasl-modules-sql.template
View file

@ -2,11 +2,6 @@
#
depends="cyrus-sasl>=${version}_${revision}"
short_desc="Cyrus SASL - pluggable authentication modules (SQL)"
long_desc="
This is the Cyrus SASL API implementation, version 2.1. See package
libsasl and RFC 2222 for more information.
This package provides the SQL plugin, which supports MySQL and PostgreSQL."
do_install() {
vmove "usr/lib/sasl2/libsql.*" usr/lib/sasl2

6
srcpkgs/cyrus-sasl/cyrus-sasl-modules.template
View file

@ -2,12 +2,6 @@
#
depends="cyrus-sasl>=${version}_${revision}"
short_desc="Cyrus SASL - pluggable authentication modules"
long_desc="
This is the Cyrus SASL API implementation, version 2.1. See package
libsasl and RFC 2222 for more information.
This package provides the following SASL modules: LOGIN, PLAIN, ANONYMOUS,
NTLM, CRAM-MD5, and DIGEST-MD5 (with DES support)."
do_install() {
vmove usr/lib/sasl2 usr/lib

12
srcpkgs/cyrus-sasl/libsasl-devel.template
View file

@ -1,12 +0,0 @@
# Template file for 'libsasl-devel'.
#
depends="openssl-devel db-devel libsasl>=${version}_${revision}"
short_desc="${sourcepkg} - development files"
long_desc="${long_desc}
This package contains files for development, headers, static libs, etc."
do_install() {
vmove usr/include usr
vmove usr/share/man/man3 usr/share/man
}

11
srcpkgs/cyrus-sasl/libsasl.template
View file

@ -1,11 +0,0 @@
# Template file for 'libsasl'.
#
short_desc="authentication abstraction library"
long_desc="${long_desc}
This package contains the runtime shared libraries."
do_install() {
vmove "usr/lib/*.so*" usr/lib
vmove "usr/lib/sasl2/libsasldb.*" usr/lib/sasl2
}

35
srcpkgs/cyrus-sasl/patches/0003_saslauthd_mdoc.patch
View file

@ -1,35 +0,0 @@
0003_saslauthd_mdoc.dpatch by <fabbe@debian.org>
Use the correct path for the saslauthd.conf file, and use another
date format (cosmetic).
diff -urNad trunk~/saslauthd/saslauthd.mdoc trunk/saslauthd/saslauthd.mdoc
--- trunk~/saslauthd/saslauthd.mdoc 2006-05-29 22:52:42.000000000 +0300
+++ trunk/saslauthd/saslauthd.mdoc 2006-07-12 15:05:25.000000000 +0300
@@ -10,7 +10,7 @@
.\" manpage in saslauthd.8 whenever you change this source
.\" version. Only the pre-formatted manpage is installed.
.\"
-.Dd 10 24 2002
+.Dd October 24 2002
.Dt SASLAUTHD 8
.Os "CMU-SASL"
.Sh NAME
@@ -216,7 +216,7 @@
.Em (All platforms that support OpenLDAP 2.0 or higher)
.Pp
Authenticate against an ldap server. The ldap configuration parameters are
-read from /usr/local/etc/saslauthd.conf. The location of this file can be
+read from /etc/saslauthd.conf. The location of this file can be
changed with the -O parameter. See the LDAP_SASLAUTHD file included with the
distribution for the list of available parameters.
.It Li sia
@@ -249,7 +249,7 @@
.Bl -tag -width "/var/run/saslauthd/mux"
.It Pa /var/run/saslauthd/mux
The default communications socket.
-.It Pa /usr/local/etc/saslauthd.conf
+.It Pa /etc/saslauthd.conf
The default configuration file for ldap support.
.El
.Sh SEE ALSO

19
srcpkgs/cyrus-sasl/patches/0010_maintainer_mode.patch
View file

@ -1,19 +0,0 @@
#! /bin/sh /usr/share/dpatch/dpatch-run
## 0010_maintainer_mode.dpatch by <fabbe@debian.org>
##
## All lines beginning with `## DP:' are a description of the patch.
## DP: Enable maintainer mode to avoid auto* problems.
@DPATCH@
diff -urNad trunk~/configure.in trunk/configure.in
--- trunk~/configure.in 2006-05-29 22:52:46.000000000 +0300
+++ trunk/configure.in 2006-11-01 23:24:55.000000000 +0200
@@ -62,6 +62,8 @@
AM_INIT_AUTOMAKE(cyrus-sasl, 2.1.22)
CMU_INIT_AUTOMAKE
+AM_MAINTAINER_MODE
+
# and include our config dir scripts
ACLOCAL="$ACLOCAL -I \$(top_srcdir)/config"

15
srcpkgs/cyrus-sasl/patches/0011_saslauthd_ac_prog_libtool.patch
View file

@ -1,15 +0,0 @@
0011_saslauthd_ac_prog_libtool.dpatch by <fabbe@debian.org>
Enable libtool use.
diff -urNad trunk~/saslauthd/configure.in trunk/saslauthd/configure.in
--- trunk~/saslauthd/configure.in 2006-05-29 22:52:42.000000000 +0300
+++ trunk/saslauthd/configure.in 2006-11-01 23:41:51.000000000 +0200
@@ -25,6 +25,7 @@
AC_PROG_MAKE_SET
AC_PROG_LN_S
AC_PROG_INSTALL
+AC_PROG_LIBTOOL
dnl Checks for build foo
CMU_C___ATTRIBUTE__

20
srcpkgs/cyrus-sasl/patches/0012_xopen_crypt_prototype.patch
View file

@ -1,20 +0,0 @@
0012_xopen_crypt_prototype.dpatch by <dannf@debian.org>
When _XOPEN_SOURCE is defined, the subsequent #include <unistd.h>
will define a correct function prototype for the crypt function.
This avoids segfaults on architectures where the size of a pointer
is greater than the size of an integer (ia64 and amd64 are examples).
This may be detected by looking for build log lines such as the
following:
auth_shadow.c:183: warning: implicit declaration of function crypt
auth_shadow.c:183: warning: cast to pointer from integer of different
size
diff -urNad trunk~/saslauthd/auth_shadow.c trunk/saslauthd/auth_shadow.c
--- trunk~/saslauthd/auth_shadow.c 2006-05-29 22:52:42.000000000 +0300
+++ trunk/saslauthd/auth_shadow.c 2006-11-08 13:44:23.000000000 +0200
@@ -1,3 +1,4 @@
+#define _XOPEN_SOURCE
#define PWBUFSZ 256 /***SWB***/
/* MODULE: auth_shadow */

27
srcpkgs/cyrus-sasl/patches/0016_pid_file_lock_creation_mask.patch
View file

@ -1,27 +0,0 @@
0016_pid_file_lock_creation_mask.dpatch by Sam Hocevar <sam@zoy.org>
pid_file_lock is created with a mask of 644 instead of 0644.
This patch fixes this octal/decimal confusion as well as the
(harmless) one in the previous umask() call.
diff -urNad trunk~/saslauthd/saslauthd-main.c trunk/saslauthd/saslauthd-main.c
--- trunk~/saslauthd/saslauthd-main.c 2006-05-29 22:52:42.000000000 +0300
+++ trunk/saslauthd/saslauthd-main.c 2007-06-26 12:07:10.000000000 +0300
@@ -276,7 +276,7 @@
exit(1);
}
- umask(077);
+ umask(0077);
pid_file_size = strlen(run_path) + sizeof(PID_FILE_LOCK) + 1;
if ((pid_file_lock = malloc(pid_file_size)) == NULL) {
@@ -287,7 +287,7 @@
strlcpy(pid_file_lock, run_path, pid_file_size);
strlcat(pid_file_lock, PID_FILE_LOCK, pid_file_size);
- if ((pid_file_lock_fd = open(pid_file_lock, O_CREAT|O_TRUNC|O_RDWR, 644)) < 0) {
+ if ((pid_file_lock_fd = open(pid_file_lock, O_CREAT|O_TRUNC|O_RDWR, 0644)) < 0) {
rc = errno;
logger(L_ERR, L_FUNC, "could not open pid lock file: %s", pid_file_lock);
logger(L_ERR, L_FUNC, "open: %s", strerror(rc));

35
srcpkgs/cyrus-sasl/patches/0018_auth_rimap_quotes.patch
View file

@ -1,35 +0,0 @@
0016_auth_rimap_quotes.dpatch by <fabbe@debian.org>
All lines beginning with `## DP:' are a description of the patch.
Avoid infinite loop when username/password has a double quote character.
Upstream change: https://bugzilla.andrew.cmu.edu/cgi-bin/cvsweb.cgi/src/sasl/saslauthd/auth_rimap.c.diff?r1=1.12;r2=1.13
diff -urNad etch~/saslauthd/auth_rimap.c etch/saslauthd/auth_rimap.c
--- etch~/saslauthd/auth_rimap.c 2007-03-29 15:16:20.000000000 +0300
+++ etch/saslauthd/auth_rimap.c 2008-02-13 13:42:53.000000000 +0200
@@ -162,6 +162,7 @@
num_quotes = 0;
p1 = s;
while ((p1 = strchr(p1, '"')) != NULL) {
+ p1++;
num_quotes++;
}
@@ -438,7 +439,7 @@
syslog(LOG_WARNING, "auth_rimap: writev: %m");
memset(qlogin, 0, strlen(qlogin));
free(qlogin);
- memset(qpass, 0, strlen(qlogin));
+ memset(qpass, 0, strlen(qpass));
free(qpass);
(void)close(s);
return strdup(RESP_IERROR);
@@ -447,7 +448,7 @@
/* don't need these any longer */
memset(qlogin, 0, strlen(qlogin));
free(qlogin);
- memset(qpass, 0, strlen(qlogin));
+ memset(qpass, 0, strlen(qpass));
free(qpass);
/* read and parse the LOGIN response */

22
srcpkgs/cyrus-sasl/patches/0019_ldap_deprecated.patch
View file

@ -1,22 +0,0 @@
0019_ldap_deprecated.dpatch by dann frazier <dannf@debian.org>
The function ldap_get_values, used in saslauthd/lak.c, is deprecated.
Therefore, its prototype is not included by default when compiling
against the ldap.h headers. As a result, the compiler cannot know the
return type of the function at compile time, and will implicitly
convert to a pointer. This has implications on 64-bit systems.
This patch sets the deprecation mode on, so that the function prototype
gets included when compiling.
(Description by Fabian Fagerholm <fabbe@debian.org>)
diff -urNad trunk~/saslauthd/lak.c trunk/saslauthd/lak.c
--- trunk~/saslauthd/lak.c 2006-06-04 12:26:20.000000000 +0300
+++ trunk/saslauthd/lak.c 2008-02-15 14:32:11.000000000 +0200
@@ -55,6 +55,7 @@
#include <openssl/des.h>
#endif
+#define LDAP_DEPRECATED 1
#include <ldap.h>
#include <lber.h>
#include <sasl.h>

26
srcpkgs/cyrus-sasl/patches/0022_gcc4.4_preprocessor_syntax.patch
View file

@ -1,26 +0,0 @@
0022_gcc4.4_preprocessor_syntax.dpatch by <fabbe@paniq.net>
The #elif preprocessor directive requires a test condition.
GCC 4.4 enforces this rule.
diff -urNad trunk~/plugins/digestmd5.c trunk/plugins/digestmd5.c
--- trunk~/plugins/digestmd5.c 2006-06-04 12:26:19.000000000 +0300
+++ trunk/plugins/digestmd5.c 2009-01-26 13:29:40.000000000 +0200
@@ -2715,7 +2715,7 @@
"DIGEST-MD5", /* mech_name */
#ifdef WITH_RC4
128, /* max_ssf */
-#elif WITH_DES
+#elif defined(WITH_DES)
112,
#else
1,
@@ -4034,7 +4034,7 @@
"DIGEST-MD5",
#ifdef WITH_RC4 /* mech_name */
128, /* max ssf */
-#elif WITH_DES
+#elif defined(WITH_DES)
112,
#else
1,

27
srcpkgs/cyrus-sasl/patches/0025_ld_as_needed.patch
View file

@ -1,27 +0,0 @@
Author: Matthias Klose <doko@ubuntu.com>
Desription: Fix FTBFS, add $(SASL_DB_LIB) as dependency to libsasldb, and use
it.
--- a/saslauthd/Makefile.am
+++ b/saslauthd/Makefile.am
@@ -16,7 +16,7 @@ EXTRA_saslauthd_sources = getaddrinfo.c
saslauthd_DEPENDENCIES = saslauthd-main.o @LTLIBOBJS@
saslauthd_LDADD = @SASL_KRB_LIB@ \
@GSSAPIBASE_LIBS@ @GSSAPI_LIBS@ @LIB_CRYPT@ @LIB_SIA@ \
- @LIB_SOCKET@ @SASL_DB_LIB@ @LIB_PAM@ @LDAP_LIBS@ @LTLIBOBJS@
+ @LIB_SOCKET@ ../sasldb/libsasldb.la @LIB_PAM@ @LDAP_LIBS@ @LTLIBOBJS@
testsaslauthd_SOURCES = testsaslauthd.c utils.c
testsaslauthd_LDADD = @LIB_SOCKET@
--- a/sasldb/Makefile.am
+++ b/sasldb/Makefile.am
@@ -55,8 +55,8 @@ noinst_LIBRARIES = libsasldb.a
libsasldb_la_SOURCES = allockey.c sasldb.h
EXTRA_libsasldb_la_SOURCES = $(extra_common_sources)
-libsasldb_la_DEPENDENCIES = $(SASL_DB_BACKEND)
-libsasldb_la_LIBADD = $(SASL_DB_BACKEND)
+libsasldb_la_DEPENDENCIES = $(SASL_DB_BACKEND) $(SASL_DB_LIB)
+libsasldb_la_LIBADD = $(SASL_DB_BACKEND) $(SASL_DB_LIB)
# Prevent make dist stupidity
libsasldb_a_SOURCES =

14
srcpkgs/cyrus-sasl/patches/0026_drop_krb5support_dependency.patch
View file

@ -1,14 +0,0 @@
Author: Roberto C. Sanchez <roberto@connexer.com>
Description: Drop gratuitous dependency on krb5support
--- a/cmulocal/sasl2.m4
+++ b/cmulocal/sasl2.m4
@@ -112,9 +112,6 @@ if test "$gssapi" != no; then
fi
if test "$gss_impl" = "auto" -o "$gss_impl" = "mit"; then
- # check for libkrb5support first
- AC_CHECK_LIB(krb5support,krb5int_getspecific,K5SUP=-lkrb5support K5SUPSTATIC=$gssapi_dir/libkrb5support.a,,${LIB_SOCKET})
-
gss_failed=0
AC_CHECK_LIB(gssapi_krb5,gss_unwrap,gss_impl="mit",gss_failed=1,
${GSSAPIBASE_LIBS} -lgssapi_krb5 -lkrb5 -lk5crypto -lcom_err ${K5SUP} ${LIB_SOCKET})

24
srcpkgs/cyrus-sasl/patches/0027_db5_support.patch
View file

@ -1,24 +0,0 @@
Author: Ondřej Surý <ondrej@debian.org>
Description: Support newer Berkeley DB versions
--- a/sasldb/db_berkeley.c
+++ b/sasldb/db_berkeley.c
@@ -101,7 +101,7 @@ static int berkeleydb_open(const sasl_ut
ret = db_create(mbdb, NULL, 0);
if (ret == 0 && *mbdb != NULL)
{
-#if DB_VERSION_MAJOR == 4 && DB_VERSION_MINOR >= 1
+#if (DB_VERSION_MAJOR > 4) || ((DB_VERSION_MAJOR == 4) && (DB_VERSION_MINOR >= 1))
ret = (*mbdb)->open(*mbdb, NULL, path, NULL, DB_HASH, flags, 0660);
#else
ret = (*mbdb)->open(*mbdb, path, NULL, DB_HASH, flags, 0660);
--- a/utils/dbconverter-2.c
+++ b/utils/dbconverter-2.c
@@ -214,7 +214,7 @@ static int berkeleydb_open(const char *p
ret = db_create(mbdb, NULL, 0);
if (ret == 0 && *mbdb != NULL)
{
-#if DB_VERSION_MAJOR == 4 && DB_VERSION_MINOR >= 1
+#if (DB_VERSION_MAJOR > 4) || ((DB_VERSION_MAJOR == 4) && (DB_VERSION_MINOR >= 1))
ret = (*mbdb)->open(*mbdb, NULL, path, NULL, DB_HASH, DB_CREATE, 0664);
#else
ret = (*mbdb)->open(*mbdb, path, NULL, DB_HASH, DB_CREATE, 0664);

134
srcpkgs/cyrus-sasl/patches/0030-dont_use_la_files_for_opening_plugins.patch
View file

@ -1,134 +0,0 @@
--- a/lib/dlopen.c
+++ b/lib/dlopen.c
@@ -247,105 +247,6 @@ static int _sasl_plugin_load(char *plugi
return result;
}
-/* this returns the file to actually open.
- * out should be a buffer of size PATH_MAX
- * and may be the same as in. */
-
-/* We'll use a static buffer for speed unless someone complains */
-#define MAX_LINE 2048
-
-static int _parse_la(const char *prefix, const char *in, char *out)
-{
- FILE *file;
- size_t length;
- char line[MAX_LINE];
- char *ntmp = NULL;
-
- if(!in || !out || !prefix || out == in) return SASL_BADPARAM;
-
- /* Set this so we can detect failure */
- *out = '\0';
-
- length = strlen(in);
-
- if (strcmp(in + (length - strlen(LA_SUFFIX)), LA_SUFFIX)) {
- if(!strcmp(in + (length - strlen(SO_SUFFIX)),SO_SUFFIX)) {
- /* check for a .la file */
- strcpy(line, prefix);
- strcat(line, in);
- length = strlen(line);
- *(line + (length - strlen(SO_SUFFIX))) = '\0';
- strcat(line, LA_SUFFIX);
- file = fopen(line, "r");
- if(file) {
- /* We'll get it on the .la open */
- fclose(file);
- return SASL_FAIL;
- }
- }
- strcpy(out, prefix);
- strcat(out, in);
- return SASL_OK;
- }
-
- strcpy(line, prefix);
- strcat(line, in);
-
- file = fopen(line, "r");
- if(!file) {
- _sasl_log(NULL, SASL_LOG_WARN,
- "unable to open LA file: %s", line);
- return SASL_FAIL;
- }
-
- while(!feof(file)) {
- if(!fgets(line, MAX_LINE, file)) break;
- if(line[strlen(line) - 1] != '\n') {
- _sasl_log(NULL, SASL_LOG_WARN,
- "LA file has too long of a line: %s", in);
- return SASL_BUFOVER;
- }
- if(line[0] == '\n' || line[0] == '#') continue;
- if(!strncmp(line, "dlname=", sizeof("dlname=") - 1)) {
- /* We found the line with the name in it */
- char *end;
- char *start;
- size_t len;
- end = strrchr(line, '\'');
- if(!end) continue;
- start = &line[sizeof("dlname=")-1];
- len = strlen(start);
- if(len > 3 && start[0] == '\'') {
- ntmp=&start[1];
- *end='\0';
- /* Do we have dlname="" ? */
- if(ntmp == end) {
- _sasl_log(NULL, SASL_LOG_DEBUG,
- "dlname is empty in .la file: %s", in);
- return SASL_FAIL;
- }
- strcpy(out, prefix);
- strcat(out, ntmp);
- }
- break;
- }
- }
- if(ferror(file) || feof(file)) {
- _sasl_log(NULL, SASL_LOG_WARN,
- "Error reading .la: %s\n", in);
- fclose(file);
- return SASL_FAIL;
- }
- fclose(file);
-
- if(!(*out)) {
- _sasl_log(NULL, SASL_LOG_WARN,
- "Could not find a dlname line in .la file: %s", in);
- return SASL_FAIL;
- }
-
- return SASL_OK;
-}
#endif /* DO_DLOPEN */
/* loads a plugin library */
@@ -499,18 +400,18 @@ int _sasl_load_plugins(const add_plugin_
if (length + pos>=PATH_MAX) continue; /* too big */
if (strcmp(dir->d_name + (length - strlen(SO_SUFFIX)),
- SO_SUFFIX)
- && strcmp(dir->d_name + (length - strlen(LA_SUFFIX)),
- LA_SUFFIX))
+ SO_SUFFIX))
continue;
+ /* We only use .so files for loading plugins */
+
memcpy(name,dir->d_name,length);
name[length]='\0';
- result = _parse_la(prefix, name, tmp);
- if(result != SASL_OK)
- continue;
-
+ /* Create full name with path */
+ strncpy(tmp, prefix, PATH_MAX);
+ strncat(tmp, name, PATH_MAX);
+
/* skip "lib" and cut off suffix --
this only need be approximate */
strcpy(plugname, name + 3);

170
srcpkgs/cyrus-sasl/patches/cyrus-sasl-2.1.19-checkpw.c.patch
View file

@ -1,170 +0,0 @@
diff -ur ../cyrus-sasl-2.1.19.orig/lib/Makefile.in ./lib/Makefile.in
--- ../cyrus-sasl-2.1.19.orig/lib/Makefile.in 2004-07-02 21:40:15.000000000 +0200
+++ ./lib/Makefile.in 2004-09-07 13:21:22.746680576 +0200
@@ -120,7 +120,7 @@
JAVA_TRUE = @JAVA_TRUE@
LDFLAGS = @LDFLAGS@
LIBOBJS = @LIBOBJS@
-LIBS = @LIBS@
+LIBS = -lcrypt @LIBS@
LIBTOOL = @LIBTOOL@
LIB_CRYPT = @LIB_CRYPT@
LIB_DES = @LIB_DES@
diff -ur ../cyrus-sasl-2.1.19.orig/lib/checkpw.c ./lib/checkpw.c
--- ../cyrus-sasl-2.1.19.orig/lib/checkpw.c 2004-03-17 14:58:13.000000000 +0100
+++ ./lib/checkpw.c 2004-09-07 13:21:12.645916147 +0200
@@ -94,6 +94,23 @@
# endif
#endif
+/******************************
+ * crypt(3) patch start *
+ ******************************/
+char *crypt(const char *key, const char *salt);
+
+/* cleartext password formats */
+#define PASSWORD_FORMAT_CLEARTEXT 1
+#define PASSWORD_FORMAT_CRYPT 2
+#define PASSWORD_FORMAT_CRYPTTRAD 3
+#define PASSWORD_SALT_BUF_LEN 22
+
+/* weeds out crypt(3) password's salt */
+int _sasl_get_salt (char *dest, char *src, int format);
+
+/******************************
+ * crypt(3) patch stop *
+ ******************************/
/* we store the following secret to check plaintext passwords:
*
@@ -143,7 +160,51 @@
"*cmusaslsecretPLAIN",
NULL };
struct propval auxprop_values[3];
-
+
+ /******************************
+ * crypt(3) patch start *
+ * for password format check *
+ ******************************/
+ sasl_getopt_t *getopt;
+ void *context;
+ const char *p = NULL;
+ /**
+ * MD5: 12 char salt
+ * BLOWFISH: 16 char salt
+ */
+ char salt[PASSWORD_SALT_BUF_LEN];
+ int password_format;
+
+ /* get password format from auxprop configuration */
+ if (_sasl_getcallback(conn, SASL_CB_GETOPT, &getopt, &context) == SASL_OK) {
+ getopt(context, NULL, "password_format", &p, NULL);
+ }
+
+ /* set password format */
+ if (p) {
+ /*
+ memset(pass_format_str, '\0', PASSWORD_FORMAT_STR_LEN);
+ strncpy(pass_format_str, p, (PASSWORD_FORMAT_STR_LEN - 1));
+ */
+ /* modern, modular crypt(3) */
+ if (strncmp(p, "crypt", 11) == 0)
+ password_format = PASSWORD_FORMAT_CRYPT;
+ /* traditional crypt(3) */
+ else if (strncmp(p, "crypt_trad", 11) == 0)
+ password_format = PASSWORD_FORMAT_CRYPTTRAD;
+ /* cleartext password */
+ else
+ password_format = PASSWORD_FORMAT_CLEARTEXT;
+ } else {
+ /* cleartext password */
+ password_format = PASSWORD_FORMAT_CLEARTEXT;
+ }
+
+ /******************************
+ * crypt(3) patch stop *
+ * for password format check *
+ ******************************/
+
if (!conn || !userstr)
return SASL_BADPARAM;
@@ -180,14 +241,31 @@
goto done;
}
- /* At the point this has been called, the username has been canonified
- * and we've done the auxprop lookup. This should be easy. */
- if(auxprop_values[0].name
- && auxprop_values[0].values
- && auxprop_values[0].values[0]
- && !strcmp(auxprop_values[0].values[0], passwd)) {
- /* We have a plaintext version and it matched! */
- return SASL_OK;
+
+ /******************************
+ * crypt(3) patch start *
+ ******************************/
+
+ /* get salt */
+ _sasl_get_salt(salt, (char *) auxprop_values[0].values[0], password_format);
+
+ /* crypt(3)-ed password? */
+ if (password_format != PASSWORD_FORMAT_CLEARTEXT) {
+ /* compare password */
+ if (auxprop_values[0].name && auxprop_values[0].values && auxprop_values[0].values[0] && strcmp(crypt(passwd, salt), auxprop_values[0].values[0]) == 0)
+ return SASL_OK;
+ else
+ ret = SASL_BADAUTH;
+ }
+ else if (password_format == PASSWORD_FORMAT_CLEARTEXT) {
+ /* compare passwords */
+ if (auxprop_values[0].name && auxprop_values[0].values && auxprop_values[0].values[0] && strcmp(auxprop_values[0].values[0], passwd) == 0)
+ return SASL_OK;
+ else
+ ret = SASL_BADAUTH;
+ /******************************
+ * crypt(3) patch stop *
+ ******************************/
} else if(auxprop_values[1].name
&& auxprop_values[1].values
&& auxprop_values[1].values[0]) {
@@ -975,3 +1053,37 @@
#endif
{ NULL, NULL }
};
+
+/* weeds out crypt(3) password's salt */
+int _sasl_get_salt (char *dest, char *src, int format) {
+ int num; /* how many characters is salt long? */
+ switch (format) {
+ case PASSWORD_FORMAT_CRYPT:
+ /* md5 crypt */
+ if (src[1] == '1')
+ num = 12;
+ /* blowfish crypt */
+ else if (src[1] == '2')
+ num = (src[1] == '2' && src[2] == 'a') ? 17 : 16;
+ /* traditional crypt */
+ else
+ num = 2;
+ break;
+
+ case PASSWORD_FORMAT_CRYPTTRAD:
+ num = 2;
+ break;
+
+ default:
+ return 1;
+ }
+
+ /* destroy destination */
+ memset(dest, '\0', (num + 1));
+
+ /* copy salt to destination */
+ strncpy(dest, src, num);
+
+ return 1;
+}
+

94
srcpkgs/cyrus-sasl/patches/cyrus-sasl-2.1.22-automake-1.10.patch
View file

@ -1,94 +0,0 @@
Re-merged patch by Robert Scheck <redhat@linuxnetz.de> for cyrus-sasl >= 2.1.22, which was
originally written by Jacek Konieczny <jajcus@pld-linux.org> and makes cyrus-sasl building
using automake 1.10.
--- cyrus-sasl-2.1.22/plugins/Makefile.am 2006-05-17 18:46:16.000000000 +0200
+++ cyrus-sasl-2.1.22/plugins/Makefile.am.am110 2007-02-16 15:42:07.000000000 +0100
@@ -82,73 +82,73 @@
libntlm.la libpassdss.la libsasldb.la libsql.la libldapdb.la
libplain_la_SOURCES = plain.c plain_init.c $(common_sources)
-libplain_la_LDFLAGS = -version-info $(plain_version)
+libplain_la_LDFLAGS = $(AM_LDFLAGS) -version-info $(plain_version)
libplain_la_DEPENDENCIES = $(COMPAT_OBJS)
libplain_la_LIBADD = $(PLAIN_LIBS) $(COMPAT_OBJS)
libanonymous_la_SOURCES = anonymous.c anonymous_init.c $(common_sources)
-libanonymous_la_LDFLAGS = -version-info $(anonymous_version)
+libanonymous_la_LDFLAGS = $(AM_LDFLAGS) -version-info $(anonymous_version)
libanonymous_la_DEPENDENCIES = $(COMPAT_OBJS)
libanonymous_la_LIBADD = $(COMPAT_OBJS)
libkerberos4_la_SOURCES = kerberos4.c kerberos4_init.c $(common_sources)
-libkerberos4_la_LDFLAGS = -version-info $(kerberos4_version)
+libkerberos4_la_LDFLAGS = $(AM_LDFLAGS) -version-info $(kerberos4_version)
libkerberos4_la_DEPENDENCIES = $(COMPAT_OBJS)
libkerberos4_la_LIBADD = $(SASL_KRB_LIB) $(LIB_SOCKET) $(COMPAT_OBJS)
libgssapiv2_la_SOURCES = gssapi.c gssapiv2_init.c $(common_sources)
-libgssapiv2_la_LDFLAGS = -version-info $(gssapiv2_version)
+libgssapiv2_la_LDFLAGS = $(AM_LDFLAGS) -version-info $(gssapiv2_version)
libgssapiv2_la_DEPENDENCIES = $(COMPAT_OBJS)
libgssapiv2_la_LIBADD = $(GSSAPIBASE_LIBS) $(GSSAPI_LIBS) $(LIB_SOCKET) $(COMPAT_OBJS)
libcrammd5_la_SOURCES = cram.c crammd5_init.c $(common_sources)
-libcrammd5_la_LDFLAGS = -version-info $(crammd5_version)
+libcrammd5_la_LDFLAGS = $(AM_LDFLAGS) -version-info $(crammd5_version)
libcrammd5_la_DEPENDENCIES = $(COMPAT_OBJS)
libcrammd5_la_LIBADD = $(COMPAT_OBJS)
libdigestmd5_la_SOURCES = digestmd5.c digestmd5_init.c $(common_sources)
-libdigestmd5_la_LDFLAGS = -version-info $(digestmd5_version)
+libdigestmd5_la_LDFLAGS = $(AM_LDFLAGS) -version-info $(digestmd5_version)
libdigestmd5_la_DEPENDENCIES = $(COMPAT_OBJS)
libdigestmd5_la_LIBADD = $(LIB_DES) $(LIB_SOCKET) $(COMPAT_OBJS)
liblogin_la_SOURCES = login.c login_init.c $(common_sources)
-liblogin_la_LDFLAGS = -version-info $(login_version)
+liblogin_la_LDFLAGS = $(AM_LDFLAGS) -version-info $(login_version)
liblogin_la_DEPENDENCIES = $(COMPAT_OBJS)
liblogin_la_LIBADD = $(PLAIN_LIBS) $(COMPAT_OBJS)
libsrp_la_SOURCES = srp.c srp_init.c $(common_sources)
-libsrp_la_LDFLAGS = -version-info $(srp_version)
+libsrp_la_LDFLAGS = $(AM_LDFLAGS) -version-info $(srp_version)
libsrp_la_DEPENDENCIES = $(COMPAT_OBJS)
libsrp_la_LIBADD = $(SRP_LIBS) $(COMPAT_OBJS)
libotp_la_SOURCES = otp.c otp_init.c otp.h $(common_sources)
-libotp_la_LDFLAGS = -version-info $(otp_version)
+libotp_la_LDFLAGS = $(AM_LDFLAGS) -version-info $(otp_version)
libotp_la_DEPENDENCIES = $(COMPAT_OBJS)
libotp_la_LIBADD = $(OTP_LIBS) $(COMPAT_OBJS)
libntlm_la_SOURCES = ntlm.c ntlm_init.c $(common_sources)
-libntlm_la_LDFLAGS = -version-info $(ntlm_version)
+libntlm_la_LDFLAGS = $(AM_LDFLAGS) -version-info $(ntlm_version)
libntlm_la_DEPENDENCIES = $(COMPAT_OBJS)
libntlm_la_LIBADD = $(NTLM_LIBS) $(COMPAT_OBJS)
libpassdss_la_SOURCES = passdss.c passdss_init.c $(common_sources)
-libpassdss_la_LDFLAGS = -version-info $(passdss_version)
+libpassdss_la_LDFLAGS = $(AM_LDFLAGS) -version-info $(passdss_version)
libpassdss_la_DEPENDENCIES = $(COMPAT_OBJS)
libpassdss_la_LIBADD = $(PASSDSS_LIBS) $(COMPAT_OBJS)
# Auxprop Plugins
libsasldb_la_SOURCES = sasldb.c sasldb_init.c $(common_sources)
-libsasldb_la_LDFLAGS = -version-info $(sasldb_version)
+libsasldb_la_LDFLAGS = $(AM_LDFLAGS) -version-info $(sasldb_version)
libsasldb_la_DEPENDENCIES = $(COMPAT_OBJS)
libsasldb_la_LIBADD = ../sasldb/libsasldb.la $(SASL_DB_LIB) $(COMPAT_OBJS)
libldapdb_la_SOURCES = ldapdb.c ldapdb_init.c $(common_sources)
-libldapdb_la_LDFLAGS = $(LIB_LDAP) -version-info $(ldapdb_version)
+libldapdb_la_LDFLAGS = $(AM_LDFLAGS) $(LIB_LDAP) -version-info $(ldapdb_version)
libldapdb_la_DEPENDENCIES = $(COMPAT_OBJS)
libldapdb_la_LIBADD = $(COMPAT_OBJS)
libsql_la_SOURCES = sql.c sql_init.c $(common_sources)
-libsql_la_LDFLAGS = $(LIB_MYSQL) $(LIB_PGSQL) $(LIB_SQLITE) -version-info $(sql_version)
+libsql_la_LDFLAGS = $(AM_LDFLAGS) $(LIB_MYSQL) $(LIB_PGSQL) $(LIB_SQLITE) -version-info $(sql_version)
libsql_la_DEPENDENCIES = $(COMPAT_OBJS)
libsql_la_LIBADD = $(COMPAT_OBJS)

71
srcpkgs/cyrus-sasl/patches/cyrus-sasl-2.1.22-crypt.patch
View file

@ -1,71 +0,0 @@
http://bugs.gentoo.org/152544
--- cyrus-sasl-2.1.22/lib/Makefile.am
+++ cyrus-sasl-2.1.22/lib/Makefile.am
@@ -45,6 +45,7 @@ sasl_version = 2:22:0
INCLUDES=-I$(top_srcdir)/include -I$(top_srcdir)/plugins -I$(top_builddir)/include -I$(top_srcdir)/sasldb
+AM_CFLAGS = -fPIC
EXTRA_DIST = windlopen.c staticopen.h NTMakefile
EXTRA_LIBRARIES = libsasl2.a
noinst_LIBRARIES = @SASL_STATIC_LIBS@
--- cyrus-sasl-2.1.22/plugins/Makefile.am
+++ cyrus-sasl-2.1.22/plugins/Makefile.am
@@ -63,6 +63,7 @@ srp_version = 2:22:0
INCLUDES=-I$(top_srcdir)/include -I$(top_srcdir)/lib -I$(top_srcdir)/sasldb -I$(top_builddir)/include
AM_LDFLAGS = -module -export-dynamic -rpath $(plugindir)
+AM_CFLAGS = -fPIC
COMPAT_OBJS = @LTGETADDRINFOOBJS@ @LTGETNAMEINFOOBJS@ @LTSNPRINTFOBJS@
--- cyrus-sasl-2.1.22/sasldb/Makefile.am
+++ cyrus-sasl-2.1.22/sasldb/Makefile.am
@@ -48,6 +48,7 @@ INCLUDES=-I$(top_srcdir)/include -I$(top
extra_common_sources = db_none.c db_ndbm.c db_gdbm.c db_berkeley.c
+AM_CFLAGS = -fPIC
EXTRA_DIST = NTMakefile
noinst_LTLIBRARIES = libsasldb.la
--- cyrus-sasl-2.1.22/utils/Makefile.am
+++ cyrus-sasl-2.1.22/utils/Makefile.am
@@ -42,7 +42,7 @@
#
################################################################
-all_sasl_libs = ../lib/libsasl2.la $(SASL_DB_LIB) $(LIB_SOCKET)
+all_sasl_libs = ../lib/libsasl2.la $(SASL_DB_LIB) $(LIB_SOCKET) $(LIB_CRYPT)
all_sasl_static_libs = ../lib/.libs/libsasl2.a $(SASL_DB_LIB) $(LIB_SOCKET) $(GSSAPIBASE_LIBS) $(GSSAPI_LIBS) $(SASL_KRB_LIB) $(LIB_DES) $(PLAIN_LIBS) $(SRP_LIBS) $(LIB_MYSQL) $(LIB_PGSQL) $(LIB_SQLITE)
sbin_PROGRAMS = @SASL_DB_UTILS@ @SMTPTEST_PROGRAM@ pluginviewer
--- cyrus-sasl-2.1.22/sample/Makefile.am
+++ cyrus-sasl-2.1.22/sample/Makefile.am
@@ -54,10 +54,10 @@ sample_server_SOURCES = sample-server.c
server_SOURCES = server.c common.c common.h
client_SOURCES = client.c common.c common.h
-server_LDADD = ../lib/libsasl2.la $(LIB_SOCKET)
-client_LDADD = ../lib/libsasl2.la $(LIB_SOCKET)
+server_LDADD = ../lib/libsasl2.la $(LIB_SOCKET) $(LIB_CRYPT)
+client_LDADD = ../lib/libsasl2.la $(LIB_SOCKET) $(LIB_CRYPT)
-sample_client_LDADD = ../lib/libsasl2.la $(LIB_SOCKET)
-sample_server_LDADD = ../lib/libsasl2.la $(LIB_SOCKET)
+sample_client_LDADD = ../lib/libsasl2.la $(LIB_SOCKET) $(LIB_CRYPT)
+sample_server_LDADD = ../lib/libsasl2.la $(LIB_SOCKET) $(LIB_CRYPT)
EXTRA_DIST = NTMakefile
--- cyrus-sasl-2.1.22/lib/Makefile.am
+++ cyrus-sasl-2.1.22/lib/Makefile.am
@@ -63,7 +63,7 @@ lib_LTLIBRARIES = libsasl2.la
libsasl2_la_SOURCES = $(common_sources) $(common_headers)
libsasl2_la_LDFLAGS = -version-info $(sasl_version)
libsasl2_la_DEPENDENCIES = $(LTLIBOBJS)
-libsasl2_la_LIBADD = $(LTLIBOBJS) $(SASL_DL_LIB) $(LIB_SOCKET) $(LIB_DOOR)
+libsasl2_la_LIBADD = $(LTLIBOBJS) $(SASL_DL_LIB) $(LIB_SOCKET) $(LIB_DOOR) $(LIB_CRYPT)
if MACOSX
framedir = /Library/Frameworks/SASL2.framework

22
srcpkgs/cyrus-sasl/patches/cyrus-sasl-2.1.22-qa.patch
View file

@ -1,22 +0,0 @@
fix missing prototype warnings
--- cyrus-sasl-2.1.22/lib/auxprop.c
+++ cyrus-sasl-2.1.22/lib/auxprop.c
@@ -43,6 +43,7 @@
*/
#include <config.h>
+#include <stdio.h>
#include <sasl.h>
#include <prop.h>
#include <ctype.h>
--- cyrus-sasl-2.1.22/pwcheck/pwcheck_getspnam.c
+++ cyrus-sasl-2.1.22/pwcheck/pwcheck_getspnam.c
@@ -24,6 +24,7 @@ OF OR IN CONNECTION WITH THE USE OR PERF
******************************************************************/
#include <shadow.h>
+#include <string.h>
extern char *crypt();

28
srcpkgs/cyrus-sasl/patches/cyrus-sasl-2.1.23-authd-fix.patch
View file

@ -1,28 +0,0 @@
fix warnings:
auth_sasldb.c: In function auth_sasldb:
auth_sasldb.c:144: warning: implicit declaration of function gethostname
auth_sasldb.c:153: warning: passing argument 8 of _sasldb_getdata from incompatible pointer type
../sasldb/sasldb.h:60: note: expected size_t * but argument is of type int *
--- a/saslauthd/auth_sasldb.c
+++ b/saslauthd/auth_sasldb.c
@@ -41,6 +41,7 @@
#include <string.h>
#include <stdlib.h>
#include <pwd.h>
+#include <unistd.h>
/* END PUBLIC DEPENDENCIES */
#define RETURN(x) return strdup(x)
@@ -131,7 +132,8 @@
/* VARIABLES */
char pw[1024]; /* pointer to passwd file entry */
sasl_utils_t utils;
- int ret, outsize;
+ int ret;
+ size_t outsize;
const char *use_realm;
char realm_buf[MAXHOSTNAMELEN];
/* END VARIABLES */

53
srcpkgs/cyrus-sasl/template
View file

@ -1,18 +1,13 @@
# Template file for 'cyrus-sasl'
pkgname=cyrus-sasl
version=2.1.23
revision=11
wrksrc="cyrus-sasl-${version}"
patch_args="-Np1"
makedepends="automake libldap-devel mit-krb5-devel e2fsprogs-devel pam-devel
openssl-devel postgresql-libs-devel libmysqlclient-devel>=5.5.27 db-devel
sqlite-devel groff"
version=2.1.25
revision=1
short_desc="Cyrus SASL - auth daemon and administration tools"
maintainer="Juan RP <xtraeme@gmail.com>"
homepage="http://cyrusimap.web.cmu.edu/"
license="BSD"
distfiles="ftp://ftp.andrew.cmu.edu/pub/cyrus-mail/cyrus-sasl-$version.tar.gz"
checksum=20efcc4040cbab6e89a636a07dcf5720ee07b5c62359a4e7bf2500ef6020b136
checksum=418c16e6240a4f9b637cbe3d62937b9675627bad27c622191d47de8686fe24fe
long_desc="
SASL is the Simple Authentication and Security Layer, a method for adding
authentication support to connection-based protocols. To use SASL, a protocol
@ -26,31 +21,20 @@ long_desc="
server that provides SASL authentication, then you must install some of the
cyrus-sasl-modules* packages."
subpackages="libsasl libsasl-devel ${pkgname}-modules-ldap
${pkgname}-modules-sql ${pkgname}-modules-gssapi ${pkgname}-modules"
disable_parallel_build=yes
depends="libsasl>=${version}"
hostmakedepends="groff"
makedepends="openssl-devel db-devel libldap-devel mit-krb5-devel pam-devel
postgresql-libs-devel libmysqlclient-devel>=5.5.27 sqlite-devel"
subpackages="${pkgname}-modules-ldap ${pkgname}-modules-sql
${pkgname}-modules-gssapi ${pkgname}-modules"
systemd_services="saslauthd.service on"
pre_configure() {
rm -f config/config.guess config/config.sub
rm -f config/ltconfig config/ltmain.sh config/libtool.m4
rm -fr autom4te.cache
libtoolize -c
aclocal -I config -I cmulocal
automake -a -c
autoheader
autoconf
cd saslauthd
rm -f config/config.guess config/config.sub
rm -f config/ltconfig config/ltmain.sh config/libtool.m4
rm -fr autom4te.cache
libtoolize -c
aclocal -I config -I ../cmulocal -I ../config
automake -a -c
autoheader
autoconf
}
do_configure() {
./configure ${CONFIGURE_SHARED_ARGS} --disable-static --enable-shared \
--enable-alwaystrue --enable-checkapop --enable-cram \
@ -61,7 +45,7 @@ do_configure() {
--enable-ldapdb --disable-macos-framework --with-pam \
--with-saslauthd=/var/run/saslauthd --with-ldap \
--with-configdir=/etc/sasl2:/etc/sasl:/usr/lib/sasl2 \
--with-devrandom=/dev/urandom
--with-devrandom=/dev/urandom LDFLAGS=-ldb
}
do_build() {
@ -71,6 +55,11 @@ do_build() {
do_install() {
make DESTDIR=${DESTDIR} install
# Remove libsasl{,-devel} files.
rm -rf ${DESTDIR}/usr/include
rm -f ${DESTDIR}/usr/lib/libsasl*
rm -rf ${DESTDIR}/usr/share/man/man3
# systemd
vinstall ${FILESDIR}/saslauthd.service 644 usr/lib/systemd/system
vinstall ${FILESDIR}/saslauthd.tmpfiles.d 644 \

1
srcpkgs/libsasl
View file

@ -1 +0,0 @@
cyrus-sasl

2
srcpkgs/libsasl-devel
View file

@ -1 +1 @@
cyrus-sasl
libsasl

8
srcpkgs/libsasl/libsasl-devel.template Normal file
View file

@ -0,0 +1,8 @@
# Template file for 'libsasl-devel'.
#
depends="db-devel libsasl>=${version}_${revision}"
short_desc="${short_desc} - development files"
do_install() {
vmove usr/include usr
}

33
srcpkgs/libsasl/template Normal file
View file

@ -0,0 +1,33 @@
# Template file for 'libsasl'
pkgname=libsasl
version=2.1.25
revision=1
build_style=gnu-configure
subpackages="${pkgname}-devel"
makedepends="openssl-devel"
wrksrc="cyrus-sasl-${version}"
short_desc="Cyrus SASL - runtime shared libraries"
maintainer="Juan RP <xtraeme@gmail.com>"
homepage="http://cyrusimap.web.cmu.edu/"
license="BSD"
distfiles="ftp://ftp.andrew.cmu.edu/pub/cyrus-mail/cyrus-sasl-$version.tar.gz"
checksum=418c16e6240a4f9b637cbe3d62937b9675627bad27c622191d47de8686fe24fe
long_desc="
SASL is the Simple Authentication and Security Layer, a method for adding
authentication support to connection-based protocols. To use SASL, a protocol
includes a command for identifying and authenticating a user to a server and
for optionally negotiating protection of subsequent protocol interactions.
If its use is negotiated, a security layer is inserted between the protocol
and the connection. See RFC 2222 for more information.
Any of: ANONYMOUS, CRAM-MD5, DIGEST-MD5, GSSAPI (MIT or Heimdal Kerberos 5),
NTLM, OTP, PLAIN, or LOGIN can be used. If you intend to use this package on a
server that provides SASL authentication, then you must install some of the
cyrus-sasl-modules* packages."
disable_parallel_build=yes
post_install() {
# We are only interested in libsasl.
rm -rf ${DESTDIR}/usr/{sbin,share,lib/sasl2}
}