]>
Commit | Line | Data |
---|---|---|
61256dc4 AF |
1 | diff -ruN --exclude *.orig cyrus-sasl-1.5.27.orig/acconfig.h cyrus-sasl-1.5.27/acconfig.h |
2 | --- cyrus-sasl-1.5.27.orig/acconfig.h Tue Apr 24 17:02:28 2001 | |
3 | +++ cyrus-sasl-1.5.27/acconfig.h Tue Apr 24 17:02:53 2001 | |
4 | @@ -86,6 +86,12 @@ | |
5 | /* do we have PAM for plaintext password checking? */ | |
6 | #undef HAVE_PAM | |
7 | ||
8 | +/* do we have MySQL for plaintext password checking? */ | |
9 | +#undef HAVE_MYSQL | |
10 | + | |
11 | +/* do we have LDAP for plaintext password checking? */ | |
12 | +#undef HAVE_LDAP | |
13 | + | |
14 | /* what flavor of GSSAPI are we using? */ | |
15 | #undef HAVE_GSS_C_NT_HOSTBASED_SERVICE | |
16 | ||
17 | diff -ruN --exclude *.orig cyrus-sasl-1.5.27.orig/configure.in cyrus-sasl-1.5.27/configure.in | |
18 | --- cyrus-sasl-1.5.27.orig/configure.in Tue Apr 24 17:02:28 2001 | |
19 | +++ cyrus-sasl-1.5.27/configure.in Tue Apr 24 17:41:49 2001 | |
20 | @@ -147,13 +147,16 @@ | |
21 | dnl named. arg. | |
22 | berkeley) | |
23 | AC_CHECK_HEADER(db.h, | |
24 | - AC_CHECK_LIB(db-3, db_create, SASL_DB_LIB="-ldb-3"; | |
25 | - dblib="berkeley", | |
26 | - AC_CHECK_LIB(db, db_create, SASL_DB_LIB="-ldb"; | |
27 | - dblib="berkeley", | |
28 | - AC_CHECK_LIB(db, db_open, SASL_DB_LIB="-ldb"; | |
29 | - dblib="berkeley", | |
30 | - dblib="no"))), | |
31 | + for dbname in db-3.1 db-3 db3.1 db3 db | |
32 | + do | |
33 | + AC_CHECK_LIB($dbname, db_create, SASL_DB_LIB="-l$dbname"; | |
34 | + dblib="berkeley"; break, dblib="no") | |
35 | + done | |
36 | + if test "$dblib" = "no"; then | |
37 | + AC_CHECK_LIB(db, db_open, SASL_DB_LIB="-ldb"; | |
38 | + dblib="berkeley"; dbname=db, | |
39 | + dblib="no") | |
40 | + fi, | |
41 | dblib="no") | |
42 | ;; | |
43 | gdbm) | |
44 | @@ -173,13 +176,16 @@ | |
45 | auto_detect) | |
46 | dnl How about berkeley db? | |
47 | AC_CHECK_HEADER(db.h, | |
48 | - AC_CHECK_LIB(db-3, db_create, SASL_DB_LIB="-ldb-3"; | |
49 | - dblib="berkeley", | |
50 | - AC_CHECK_LIB(db, db_create, SASL_DB_LIB="-ldb"; | |
51 | - dblib="berkeley", | |
52 | - AC_CHECK_LIB(db, db_open, SASL_DB_LIB="-ldb"; | |
53 | - dblib="berkeley", | |
54 | - dblib="no"))), | |
55 | + for dbname in db-3.1 db-3 db3.1 db3 db | |
56 | + do | |
57 | + AC_CHECK_LIB($dbname, db_create, SASL_DB_LIB="-l$dbname"; | |
58 | + dblib="berkeley"; break, dblib="no") | |
59 | + done | |
60 | + if test "$dblib" = "no"; then | |
61 | + AC_CHECK_LIB(db, db_open, SASL_DB_LIB="-ldb"; | |
62 | + dblib="berkeley"; dbname=db, | |
63 | + dblib="no") | |
64 | + fi, | |
65 | dblib="no") | |
66 | if test "$dblib" = no; then | |
67 | dnl How about ndbm? | |
68 | @@ -322,6 +328,88 @@ | |
69 | fi | |
70 | AM_CONDITIONAL(PWCHECK, test "$with_pwcheck" != no) | |
71 | ||
72 | +dnl MySQL | |
73 | +AC_ARG_WITH(mysql, [ --with-mysql=PATH enable authentication from MySQL database [no] ], | |
74 | + with_mysql=$withval, | |
75 | + with_mysql=no) | |
76 | + | |
77 | +mysql_found="" | |
78 | +if test -z "$with_mysql"; then | |
79 | + for mysqlloc in lib/mysql lib ; do | |
80 | + for mysqlprefix in ${prefix} /usr/local /usr ; do | |
81 | + if test -f ${prefix}/${mysqlloc}/libmysqlclient.a; then | |
82 | + with_mysql="${prefix}" | |
83 | + mysql_found="yes" | |
84 | + break | |
85 | + fi | |
86 | + done | |
87 | + if test "$mysql_found"; then | |
88 | + break | |
89 | + fi | |
90 | + done | |
91 | +fi | |
92 | + | |
93 | +LIB_MYSQL="" | |
94 | +case "$with_mysql" in | |
95 | + no) true;; | |
96 | + ""|yes) AC_CHECK_LIB(mysqlclient, mysql_select_db, | |
97 | + AC_DEFINE(HAVE_MYSQL) | |
98 | + LIB_MYSQL="-lmysqlclient", | |
99 | + with_mysql=no);; | |
100 | + *) if test -d ${with_mysql}/include/mysql; then | |
101 | + CPPFLAGS="$CPPFLAGS -I${with_mysql}/include/mysql" | |
102 | + else | |
103 | + CPPFLAGS="$CPPFLAGS -I${with_mysql}/include" | |
104 | + fi | |
105 | + if test -d ${with_mysql}/lib/mysql; then | |
106 | + LDFLAGS="$LDFLAGS -L${with_mysql}/lib/mysql" | |
107 | + fi | |
108 | + AC_DEFINE(HAVE_MYSQL) | |
109 | + LIB_MYSQL="-lmysqlclient";; | |
110 | +esac | |
111 | +AC_SUBST(LIB_MYSQL) | |
112 | + | |
113 | +dnl LDAP | |
114 | +AC_ARG_WITH(ldap, [ --with-ldap=PATH enable authentication from LDAP [no] ], | |
115 | + with_ldap=$withval, | |
116 | + with_ldap=no) | |
117 | + | |
118 | +ldap_found="" | |
119 | +if test -z "$with_ldap"; then | |
120 | + for ldaploc in lib/ldap lib; do | |
121 | + for ldapprefix in ${prefix} /usr/local /usr; do | |
122 | + if test -f ${ldapprefix}/${ldaploc}/libldap.a -o -f ${ldapprefix}/${ldaploc}/libldap.so; then | |
123 | + with_ldap="${ldapprefix}" | |
124 | + ldap_found="yes" | |
125 | + break | |
126 | + fi | |
127 | + done | |
128 | + if test "$ldap_found"; then | |
129 | + break | |
130 | + fi | |
131 | + done | |
132 | +fi | |
133 | + | |
134 | +LIB_LDAP="" | |
135 | +case "$with_ldap" in | |
136 | + no) true;; | |
137 | + ""|yes) AC_CHECK_LIB(ldap, ldap_open, | |
138 | + AC_DEFINE(HAVE_LDAP) | |
139 | + LIB_LDAP="-lldap -llber", | |
140 | + with_ldap=no);; | |
141 | + *) if test -d ${with_ldap}/include/ldap; then | |
142 | + CPPFLAGS="${CPPFLAGS} -I${with_ldap}/include/ldap" | |
143 | + else | |
144 | + CPPFLAGS="${CPPFLAGS} -I${with_ldap}/include" | |
145 | + fi | |
146 | + if test -d ${with_ldap}/lib/ldap; then | |
147 | + LDFLAGS="$LDFLAGS -L${with_ldap}/lib/ldap" | |
148 | + fi | |
149 | + AC_DEFINE(HAVE_LDAP) | |
150 | + LIB_LDAP="-lldap -llber";; | |
151 | +esac | |
152 | +AC_SUBST(LIB_LDAP) | |
153 | + | |
154 | dnl CRAM-MD5 | |
155 | AC_ARG_ENABLE(cram, [ --enable-cram enable CRAM-MD5 authentication [yes] ], | |
156 | cram=$enableval, | |
157 | @@ -445,11 +533,15 @@ | |
158 | fi | |
159 | ||
160 | if test "$with_des" != no; then | |
161 | + case "$host_os" in | |
162 | + freebsd*) | |
163 | + COM_ERR="-lcom_err" | |
164 | + ;; | |
165 | + esac | |
166 | AC_CHECK_HEADER(krb.h, | |
167 | - AC_CHECK_LIB(krb, krb_mk_priv, COM_ERR="", | |
168 | - AC_CHECK_LIB(krb, krb_mk_priv, COM_ERR="-lcom_err", | |
169 | - AC_WARN(No Kerberos V4 found); krb4=no, -ldes -lcom_err), | |
170 | - -ldes), | |
171 | + AC_CHECK_LIB(krb, krb_mk_priv,:, | |
172 | + AC_WARN(No Kerberos V4 found); krb4=no, | |
173 | + -ldes $COM_ERR), | |
174 | AC_WARN(No Kerberos V4 found); krb4=no) | |
175 | else | |
176 | AC_WARN(No DES library found for Kerberos V4 support) | |
177 | diff -ruN --exclude *.orig cyrus-sasl-1.5.27.orig/doc/sysadmin.html cyrus-sasl-1.5.27/doc/sysadmin.html | |
178 | --- cyrus-sasl-1.5.27.orig/doc/sysadmin.html Sat Feb 17 06:06:33 2001 | |
179 | +++ cyrus-sasl-1.5.27/doc/sysadmin.html Tue Apr 24 17:02:53 2001 | |
180 | @@ -171,6 +171,43 @@ | |
181 | <dt><i>pwcheck</i><dd> checks passwords with the use of a seperate, | |
182 | helper daemon. <b>needs to be documented.</b><p> | |
183 | ||
184 | +<dt><i>mysql</i><dd> A MySQL database can be used for plaintext | |
185 | + password checking by setting "pwcheck_method" to "mysql".<p> | |
186 | + | |
187 | + <p>The following SASL options are used for MySQL Authentication:<p> | |
188 | + | |
189 | + <dl> | |
190 | + <dd>mysql_user: <user></dd> | |
191 | + <dd>mysql_passwd: <cleartext pw></dd> | |
192 | + <dd>mysql_host: <host></dd> | |
193 | + <dd>mysql_database: <database></dd> | |
194 | + <dd>mysql_table: <table></dd> | |
195 | + <dd>mysql_uidcol: <username col></dd> | |
196 | + <dd>mysql_pwdcol: <password col></dd> | |
197 | + </dl> | |
198 | + | |
199 | + <p>MySQL pwcheck_method created by <a href="mailto:dmz@dmzs.com">David Matthew Zendzian</a> | |
200 | + the original patch may be found at <a href="http://www.dmzs.com/~dmz/projects/cyrus/">http://www.dmzs.com/~dmz/projects/cyrus/</a>.<p> | |
201 | + | |
202 | +<dt><i>ldap</i><dd> A LDAP server can be used for plaintext password | |
203 | + checking by setting "pwcheck_method" to "ldap".<p> | |
204 | + | |
205 | + <p>The following SASL options are used for LDAP Authentication:<p> | |
206 | + | |
207 | + <dl> | |
208 | + <dd>ldap_server: <LDAP Server [localhost]> | |
209 | + <dd>ldap_basedn: <LDAP base dn> | |
210 | + <dd>ldap_uidattr: <LDAP uid attribute [uid]> | |
211 | + <dd>ldap_port: <LDAP port [389]> | |
212 | + </dl> | |
213 | + | |
214 | + <p>It is a requirement that "ldap_basedn" be set to the appropriate | |
215 | + value for your site<br> | |
216 | + (ex. ldap_basedn: o=surf, c=UK)<p> | |
217 | + | |
218 | + <p>LDAP pwcheck_method created by <a href="mailto:simon@surf.org.uk">Simon@surf.org.uk</a> | |
219 | + the original patch may be found at <a href="http://www.surf.org.uk/">http://www.surf.org.uk/</a>.<p> | |
220 | + | |
221 | <dt><i>write your own</i><dd> Last, but not least, the most flexible | |
222 | method of authentication for PLAIN is to write your own. If you do | |
223 | so, any application that calls the "<tt>sasl_checkpass()</tt>" | |
224 | diff -ruN --exclude *.orig cyrus-sasl-1.5.27.orig/lib/Makefile.am cyrus-sasl-1.5.27/lib/Makefile.am | |
225 | --- cyrus-sasl-1.5.27.orig/lib/Makefile.am Sat Mar 10 06:56:41 2001 | |
226 | +++ cyrus-sasl-1.5.27/lib/Makefile.am Tue Apr 24 17:06:04 2001 | |
227 | @@ -53,5 +53,5 @@ | |
228 | EXTRA_libsasl_la_SOURCES = db_none.c db_ndbm.c db_gdbm.c db_berkeley.c db_testw32.c | |
229 | libsasl_la_LDFLAGS = -version-info $(sasl_version) | |
230 | libsasl_la_DEPENDENCIES = $(SASL_DB_BACKEND) @LTLIBOBJS@ | |
231 | -libsasl_la_LIBADD = @LTLIBOBJS@ $(SASL_DB_BACKEND) $(SASL_DB_LIB) $(SASL_DL_LIB) $(PLAIN_LIBS) $(GSSAPIBASE_LIBS) $(GSSAPI_LIBS) $(LIB_SOCKET) | |
232 | +libsasl_la_LIBADD = @LTLIBOBJS@ $(SASL_DB_BACKEND) $(SASL_DB_LIB) $(SASL_DL_LIB) $(PLAIN_LIBS) $(GSSAPIBASE_LIBS) $(GSSAPI_LIBS) $(LIB_SOCKET) $(LIB_LDAP) $(LIB_MYSQL) | |
233 | # PLAIN_LIBS are linked in for sasl_checkpass | |
234 | diff -ruN --exclude *.orig cyrus-sasl-1.5.27.orig/lib/checkpw.c cyrus-sasl-1.5.27/lib/checkpw.c | |
235 | --- cyrus-sasl-1.5.27.orig/lib/checkpw.c Sat Feb 17 06:06:48 2001 | |
236 | +++ cyrus-sasl-1.5.27/lib/checkpw.c Tue Apr 24 17:09:32 2001 | |
237 | @@ -51,11 +51,11 @@ | |
238 | #include <assert.h> | |
239 | #ifdef HAVE_UNISTD_H | |
240 | #include <unistd.h> | |
241 | -#endif | |
242 | +#endif /* HAVE_UNISTD_H */ | |
243 | ||
244 | #ifdef HAVE_KRB | |
245 | #include <krb.h> | |
246 | -#endif | |
247 | +#endif /* HAVE_KRB */ | |
248 | ||
249 | #include <stdlib.h> | |
250 | ||
251 | @@ -96,10 +96,19 @@ | |
252 | # include <sys/un.h> | |
253 | # ifdef HAVE_UNISTD_H | |
254 | # include <unistd.h> | |
255 | -# endif | |
256 | +# endif /* HAVE_UNISTD_H */ | |
257 | ||
258 | extern int errno; | |
259 | -#endif | |
260 | +#endif /* HAVE_PWCHECK || HAVE_SASLAUTHD */ | |
261 | + | |
262 | +#ifdef HAVE_MYSQL | |
263 | +#include <mysql.h> | |
264 | +#endif /* HAVE_MYSQL */ | |
265 | + | |
266 | +#ifdef HAVE_LDAP | |
267 | +#include <lber.h> | |
268 | +#include <ldap.h> | |
269 | +#endif /* HAVE_LDAP */ | |
270 | ||
271 | #ifdef HAVE_KRB | |
272 | ||
273 | @@ -171,7 +180,11 @@ | |
274 | memcpy (&temp_key, "kerberos", 8); | |
275 | des_fixup_key_parity (&temp_key); | |
276 | des_key_sched (&temp_key, schedule); | |
277 | +#ifdef __FreeBSD__ | |
278 | + des_cbc_cksum ((const unsigned char *)password, &ivec, passlen, schedule, &ivec); | |
279 | +#else | |
280 | des_cbc_cksum ((des_cblock *)password, &ivec, passlen, schedule, &ivec); | |
281 | +#endif | |
282 | ||
283 | memcpy (&temp_key, &ivec, sizeof temp_key); | |
284 | des_fixup_key_parity (&temp_key); | |
285 | @@ -211,10 +224,17 @@ | |
286 | return (str); | |
287 | } | |
288 | ||
289 | +#ifdef __FreeBSD__ | |
290 | +static int use_key(const char *user __attribute__((unused)), | |
291 | + char *instance __attribute__((unused)), | |
292 | + const char *realm __attribute__((unused)), | |
293 | + const void *key, des_cblock *returned_key) | |
294 | +#else | |
295 | static int use_key(char *user __attribute__((unused)), | |
296 | char *instance __attribute__((unused)), | |
297 | char *realm __attribute__((unused)), | |
298 | void *key, des_cblock *returned_key) | |
299 | +#endif | |
300 | { | |
301 | memcpy (returned_key, key, sizeof(des_cblock)); | |
302 | return 0; | |
303 | @@ -1015,7 +1035,7 @@ | |
304 | ||
305 | ||
306 | /* pwcheck daemon-authenticated login */ | |
307 | -static int pwcheck_verify_password(sasl_conn_t *conn, | |
308 | +static int pwcheck_verify_password(sasl_conn_t *conn __attribute__((unused)), | |
309 | const char *userid, | |
310 | const char *passwd, | |
311 | const char *service __attribute__((unused)), | |
312 | @@ -1030,8 +1050,10 @@ | |
313 | static char response[1024]; | |
314 | int start, n; | |
315 | char pwpath[1024]; | |
316 | +#if 0 /* Not used */ | |
317 | sasl_getopt_t *getopt; | |
318 | void *context; | |
319 | +#endif | |
320 | ||
321 | if (reply) { *reply = NULL; } | |
322 | ||
323 | @@ -1183,6 +1205,225 @@ | |
324 | ||
325 | #endif | |
326 | ||
327 | +#ifdef HAVE_MYSQL | |
328 | +/* DMZ mysql auth 12/29/1999 | |
329 | + * Updated to 1.5.24 by SWH 09/12/2000 | |
330 | + * changed to malloc qbuf Simon Loader 10/21/2000 | |
331 | + */ | |
332 | +#ifdef USE_CRYPT_PASSWORD | |
333 | +#define QUERY_STRING "select %s from %s where %s = '%s' and %s = password('%s')" | |
334 | +#else | |
335 | +#define QUERY_STRING "select %s from %s where %s = '%s' and %s = '%s'" | |
336 | +#endif | |
337 | + | |
338 | +static int mysql_verify_password(sasl_conn_t *conn, | |
339 | + const char *userid, | |
340 | + const char *password, | |
341 | + const char *service __attribute__((unused)), | |
342 | + const char *user_realm __attribute__((unused)), | |
343 | + const char **reply) | |
344 | +{ | |
345 | + unsigned int numrows; | |
346 | + MYSQL mysql,*sock; | |
347 | + MYSQL_RES *result; | |
348 | + char *qbuf; | |
349 | + char *db_user="", | |
350 | + *db_passwd="", | |
351 | + *db_host="", | |
352 | + *db_uidcol="", | |
353 | + *db_pwcol="", | |
354 | + *db_database="", | |
355 | + *db_table=""; | |
356 | + sasl_getopt_t *getopt; | |
357 | + void *context; | |
358 | + | |
359 | + if (!userid || !password) { | |
360 | + return SASL_BADPARAM; | |
361 | + } | |
362 | + if (reply) { *reply = NULL; } | |
363 | + | |
364 | + /* check to see if the user configured a mysqluser/passwd/host/etc */ | |
365 | + if (_sasl_getcallback(conn, SASL_CB_GETOPT, &getopt, &context) == SASL_OK) { | |
366 | + getopt(context, NULL, "mysql_user", (const char **) &db_user, NULL); | |
367 | + if (!db_user) db_user = ""; | |
368 | + getopt(context, NULL, "mysql_passwd", (const char **) &db_passwd, NULL); | |
369 | + if (!db_passwd) db_passwd = ""; | |
370 | + getopt(context, NULL, "mysql_host", (const char **) &db_host, NULL); | |
371 | + if (!db_host) db_host = ""; | |
372 | + getopt(context, NULL, "mysql_database", (const char **) &db_database, NULL); | |
373 | + if (!db_database) db_database = ""; | |
374 | + getopt(context, NULL, "mysql_table", (const char **) &db_table, NULL); | |
375 | + if (!db_table) db_table = ""; | |
376 | + getopt(context, NULL, "mysql_uidcol", (const char **) &db_uidcol, NULL); | |
377 | + if (!db_uidcol) db_uidcol = ""; | |
378 | + getopt(context, NULL, "mysql_pwdcol", (const char **) &db_pwcol, NULL); | |
379 | + if (!db_pwcol) db_pwcol = ""; | |
380 | + } | |
381 | + | |
382 | + if (!(sock = mysql_connect(&mysql,db_host,db_user,db_passwd))) | |
383 | + { | |
384 | + if (reply) { *reply = "cannot connect to MySQL server"; } | |
385 | + return SASL_FAIL; | |
386 | + } | |
387 | + | |
388 | + if (mysql_select_db(sock,db_database) < 0) | |
389 | + { | |
390 | + mysql_close(sock); | |
391 | + if (reply) { *reply = "cannot select MySQL database"; } | |
392 | + return SASL_FAIL; | |
393 | + } | |
394 | + /* select DB_UIDCOL from DB_TABLE where DB_UIDCOL = 'userid' AND DB_PWCOL = password('password') */ | |
395 | + if ( (qbuf = (char *)malloc(strlen(QUERY_STRING)+strlen(db_uidcol) | |
396 | + +strlen(db_table)+strlen(db_uidcol) | |
397 | + +strlen(userid)+strlen(db_pwcol) | |
398 | + +strlen(password)+1)) == NULL ) { | |
399 | + if (reply) { | |
400 | + *reply = "cannot malloc memory for sql query"; | |
401 | + } | |
402 | + return SASL_FAIL; | |
403 | + } | |
404 | + sprintf(qbuf,QUERY_STRING,db_uidcol,db_table,db_uidcol,userid,db_pwcol,password); | |
405 | + if (mysql_query(sock,qbuf) < 0 || !(result=mysql_store_result(sock))) | |
406 | + { | |
407 | + free(qbuf); | |
408 | + mysql_close(sock); | |
409 | + return SASL_FAIL; | |
410 | + } | |
411 | + | |
412 | + if (result) //There were some rows found | |
413 | + { | |
414 | + if ((numrows = mysql_affected_rows(&mysql)) != 1) | |
415 | + { | |
416 | + mysql_free_result(result); | |
417 | + mysql_close(sock); | |
418 | + if ((numrows > 1) && (reply)) { *reply = "Detected duplicate entries for user"; } | |
419 | + free(qbuf); | |
420 | + return SASL_BADAUTH; | |
421 | + } else { | |
422 | + free(qbuf); | |
423 | + mysql_free_result(result); | |
424 | + mysql_close(sock); | |
425 | + return SASL_OK; | |
426 | + } | |
427 | + } | |
428 | + free(qbuf); | |
429 | + mysql_free_result(result); | |
430 | + mysql_close(sock); | |
431 | + return SASL_BADAUTH; | |
432 | +} | |
433 | +#endif /* HAVE_MYSQL */ | |
434 | + | |
435 | +#ifdef HAVE_LDAP | |
436 | +/* simon@surf.org.uk LDAP auth 07/11/2000 | |
437 | + * Updated to 1.5.24 by SWH 09/12/2000 | |
438 | + * changed to use malloc and simplify the auth by Simon@surf.org.uk 10/21/2000 | |
439 | + */ | |
440 | + | |
441 | +#define LDAP_SERVER "localhost" | |
442 | +#define LDAP_BASEDN "o=JOFA, c=UK" | |
443 | +#define LDAP_UIDATTR "uid" | |
444 | + | |
445 | +#ifndef TRUE | |
446 | +# define TRUE 1 | |
447 | +# define FALSE 0 | |
448 | +#endif | |
449 | + | |
450 | +static int ldap_isdigits(char *value) | |
451 | +{ | |
452 | + char *ptr; | |
453 | + int num = TRUE; | |
454 | + | |
455 | + for (ptr = value; *ptr != '\0' && num != FALSE; ptr++) { | |
456 | + if (!isdigit(*ptr)) | |
457 | + num = FALSE; | |
458 | + } | |
459 | + | |
460 | + return num; | |
461 | +} | |
462 | + | |
463 | +static int ldap_verify_password(sasl_conn_t *conn, | |
464 | + const char *userid, | |
465 | + const char *password, | |
466 | + const char *service __attribute__((unused)), | |
467 | + const char *user_realm __attribute__((unused)), | |
468 | + const char **reply) | |
469 | +{ | |
470 | + | |
471 | + LDAP *ld; | |
472 | + char *dn, | |
473 | + *ldap_server="", | |
474 | + *ldap_basedn="", | |
475 | + *ldap_uidattr="", | |
476 | + *port_num=""; | |
477 | + int ldap_port = LDAP_PORT; | |
478 | + sasl_getopt_t *getopt; | |
479 | + void *context; | |
480 | + | |
481 | + /* If the password is NULL, reject the login... | |
482 | + * Otherwise the bind will succed as a reference bind. Not good... | |
483 | + */ | |
484 | + if (strcmp(password,"") == 0 || strcmp(userid,"") == 0) { | |
485 | + return SASL_BADPARAM; | |
486 | + } | |
487 | + | |
488 | + if (reply) { *reply = NULL; } | |
489 | + | |
490 | + /* check to see if the user configured a mysqluser/passwd/host/etc */ | |
491 | + if (_sasl_getcallback(conn, SASL_CB_GETOPT, &getopt, &context) == SASL_OK) { | |
492 | + getopt(context, NULL, "ldap_server", (const char **) &ldap_server, NULL); | |
493 | + if (!ldap_server) ldap_server = LDAP_SERVER; | |
494 | + getopt(context, NULL, "ldap_basedn", (const char **) &ldap_basedn, NULL); | |
495 | + if (!ldap_basedn) { | |
496 | + if (reply) { *reply = "ldap_basedn not defined"; } | |
497 | + return SASL_BADPARAM; | |
498 | + } | |
499 | + getopt(context, NULL, "ldap_uidattr", (const char **) &ldap_uidattr, NULL); | |
500 | + if (!ldap_uidattr) ldap_uidattr = LDAP_UIDATTR; | |
501 | + getopt(context, NULL, "ldap_port", (const char **) &port_num, NULL); | |
502 | + if (!port_num) { | |
503 | + ldap_port = LDAP_PORT; | |
504 | + } else if (!ldap_isdigits(port_num)) { | |
505 | + if (reply) { *reply = "ldap_port - invalid value"; } | |
506 | + return SASL_BADPARAM; | |
507 | + } else { | |
508 | + ldap_port = atoi(port_num); | |
509 | + } | |
510 | + } | |
511 | + | |
512 | + /* Open the LDAP connection. */ | |
513 | + if ((ld = ldap_open(ldap_server, ldap_port)) == NULL) { | |
514 | + if (reply) { *reply = "cannot connect to LDAP server"; } | |
515 | + return SASL_FAIL; | |
516 | + } | |
517 | + | |
518 | + if ( (dn = | |
519 | + (char *)malloc(strlen(ldap_uidattr)+strlen(userid)+strlen(ldap_basedn)+3)) == NULL ) { | |
520 | + if (reply) { | |
521 | + *reply = "cannnot allocate memory for ldap dn"; | |
522 | + } | |
523 | + return SASL_FAIL; | |
524 | + } | |
525 | + /* Generate a dn that we will try and login with */ | |
526 | + sprintf(dn,"%s=%s,%s", ldap_uidattr,userid,ldap_basedn); | |
527 | + | |
528 | + /* | |
529 | + * Just try and bind with the dn we have been given | |
530 | + * In most cases the basedn is correct. | |
531 | + * If this is not so I have a version or that too | |
532 | + * Simon@surf.org.uk | |
533 | + */ | |
534 | + if (ldap_simple_bind_s(ld,dn,password) != LDAP_SUCCESS) { | |
535 | + free(dn); | |
536 | + ldap_unbind(ld); | |
537 | + return SASL_BADAUTH; | |
538 | + } | |
539 | + free(dn); | |
540 | + ldap_unbind(ld); | |
541 | + return SASL_OK; | |
542 | +} | |
543 | + | |
544 | +#endif /* HAVE_LDAP */ | |
545 | + | |
546 | struct sasl_verify_password_s _sasl_verify_password[] = { | |
547 | { "sasldb", &sasldb_verify_password }, | |
548 | #ifdef HAVE_KRB | |
549 | @@ -1205,6 +1446,12 @@ | |
550 | #endif | |
551 | #ifdef HAVE_PWCHECK | |
552 | { "pwcheck", &pwcheck_verify_password }, | |
553 | +#endif | |
554 | +#ifdef HAVE_MYSQL | |
555 | + { "mysql", &mysql_verify_password }, | |
556 | +#endif | |
557 | +#ifdef HAVE_LDAP | |
558 | + { "ldap", &ldap_verify_password }, | |
559 | #endif | |
560 | #ifdef HAVE_SASLAUTHD | |
561 | { "saslauthd", &saslauthd_verify_password }, | |
562 | diff -ruN --exclude *.orig cyrus-sasl-1.5.27.orig/plugins/kerberos4.c cyrus-sasl-1.5.27/plugins/kerberos4.c | |
563 | --- cyrus-sasl-1.5.27.orig/plugins/kerberos4.c Sat Mar 10 06:56:46 2001 | |
564 | +++ cyrus-sasl-1.5.27/plugins/kerberos4.c Tue Apr 24 17:02:53 2001 | |
565 | @@ -698,8 +698,13 @@ | |
566 | ||
567 | /* decrypt; verify checksum */ | |
568 | ||
569 | +#ifdef __FreeBSD__ | |
570 | + des_pcbc_encrypt((const unsigned char *)in, | |
571 | + (unsigned char *)in, | |
572 | +#else | |
573 | des_pcbc_encrypt((des_cblock *)in, | |
574 | (des_cblock *)in, | |
575 | +#endif | |
576 | clientinlen, | |
577 | text->init_keysched, | |
578 | &text->session, |