1 --- ./include/Makefile.in.orig Sat Mar 24 01:48:13 2001
2 +++ ./include/Makefile.in Thu Mar 28 12:56:53 2002
5 LIB_CRYPT = @LIB_CRYPT@
8 +LIB_MYSQL = @LIB_MYSQL@
11 LIB_SOCKET = @LIB_SOCKET@
14 DISTFILES = $(DIST_COMMON) $(SOURCES) $(HEADERS) $(TEXINFOS) $(EXTRA_DIST)
19 SOURCES = $(makemd5_SOURCES)
20 OBJECTS = $(makemd5_OBJECTS)
21 --- ./lib/Makefile.am.orig Sat Mar 10 05:56:41 2001
22 +++ ./lib/Makefile.am Thu Mar 28 12:40:16 2002
24 EXTRA_libsasl_la_SOURCES = db_none.c db_ndbm.c db_gdbm.c db_berkeley.c db_testw32.c
25 libsasl_la_LDFLAGS = -version-info $(sasl_version)
26 libsasl_la_DEPENDENCIES = $(SASL_DB_BACKEND) @LTLIBOBJS@
27 -libsasl_la_LIBADD = @LTLIBOBJS@ $(SASL_DB_BACKEND) $(SASL_DB_LIB) $(SASL_DL_LIB) $(PLAIN_LIBS) $(GSSAPIBASE_LIBS) $(GSSAPI_LIBS) $(LIB_SOCKET)
28 +libsasl_la_LIBADD = @LTLIBOBJS@ $(SASL_DB_BACKEND) $(SASL_DB_LIB) $(SASL_DL_LIB) $(PLAIN_LIBS) ${LIB_LDAP} ${LIB_MYSQL}
29 # PLAIN_LIBS are linked in for sasl_checkpass
30 --- ./lib/Makefile.in.orig Sat Mar 24 01:48:13 2001
31 +++ ./lib/Makefile.in Thu Mar 28 12:57:25 2002
34 LIB_CRYPT = @LIB_CRYPT@
36 +LIB_LDAP = @LIB_LDAP@
37 +LIB_MYSQL = @LIB_MYSQL@
40 LIB_SOCKET = @LIB_SOCKET@
42 EXTRA_libsasl_la_SOURCES = db_none.c db_ndbm.c db_gdbm.c db_berkeley.c db_testw32.c
43 libsasl_la_LDFLAGS = -version-info $(sasl_version)
44 libsasl_la_DEPENDENCIES = $(SASL_DB_BACKEND) @LTLIBOBJS@
45 -libsasl_la_LIBADD = @LTLIBOBJS@ $(SASL_DB_BACKEND) $(SASL_DB_LIB) $(SASL_DL_LIB) $(PLAIN_LIBS) $(GSSAPIBASE_LIBS) $(GSSAPI_LIBS) $(LIB_SOCKET)
46 +libsasl_la_LIBADD = @LTLIBOBJS@ $(SASL_DB_BACKEND) $(SASL_DB_LIB) $(SASL_DL_LIB) $(PLAIN_LIBS) ${LIB_LDAP} ${LIB_MYSQL}
47 mkinstalldirs = $(SHELL) $(top_srcdir)/config/mkinstalldirs
48 CONFIG_HEADER = ../config.h
52 DISTFILES = $(DIST_COMMON) $(SOURCES) $(HEADERS) $(TEXINFOS) $(EXTRA_DIST)
57 SOURCES = $(libsasl_la_SOURCES) $(EXTRA_libsasl_la_SOURCES)
58 OBJECTS = $(libsasl_la_OBJECTS)
59 --- ./lib/checkpw.c.orig Sat Feb 17 05:06:48 2001
60 +++ ./lib/checkpw.c Thu Mar 28 12:47:18 2002
68 +#endif /* HAVE_MYSQL */
74 +#endif /* HAVE_LDAP */
81 memcpy (&temp_key, "kerberos", 8);
82 des_fixup_key_parity (&temp_key);
83 des_key_sched (&temp_key, schedule);
85 + des_cbc_cksum ((const unsigned char *)password, &ivec, passlen, schedule, &ivec);
87 des_cbc_cksum ((des_cblock *)password, &ivec, passlen, schedule, &ivec);
90 memcpy (&temp_key, &ivec, sizeof temp_key);
91 des_fixup_key_parity (&temp_key);
92 des_key_sched (&temp_key, schedule);
93 - des_cbc_cksum ((des_cblock *)password, key, passlen, schedule, &ivec);
95 + des_cbc_cksum ((const unsigned char*)password, key, passlen, schedule, &ivec);
97 + des_cbc_cksum ((des_cblock char*)password, key, passlen, schedule, &ivec);
100 des_fixup_key_parity (key);
102 @@ -211,10 +231,17 @@
107 +static int use_key(const char *user __attribute__((unused)),
108 + char *instance __attribute__((unused)),
109 + const char *realm __attribute__((unused)),
110 + const void *key, des_cblock *returned_key)
112 static int use_key(char *user __attribute__((unused)),
113 char *instance __attribute__((unused)),
114 char *realm __attribute__((unused)),
115 void *key, des_cblock *returned_key)
118 memcpy (returned_key, key, sizeof(des_cblock));
120 @@ -1015,7 +1042,7 @@
123 /* pwcheck daemon-authenticated login */
124 -static int pwcheck_verify_password(sasl_conn_t *conn,
125 +static int pwcheck_verify_password(sasl_conn_t *conn __attribute__((unused)),
128 const char *service __attribute__((unused)),
129 @@ -1030,8 +1057,10 @@
130 static char response[1024];
133 +#if 0 /* Not used */
134 sasl_getopt_t *getopt;
138 if (reply) { *reply = NULL; }
140 @@ -1183,6 +1212,447 @@
145 +/* DMZ mysql auth 12/29/1999
146 + * Updated to 1.5.24 by SWH 09/12/2000
147 + * changed to malloc qbuf Simon Loader 10/21/2000
148 + * Oh look the changelog for it all
150 +#ifdef USE_CRYPT_PASSWORD
151 +#define QUERY_STRING "select %s from %s where %s = '%s' and %s = password('%s')"
153 +#define QUERY_STRING "select %s from %s where %s = '%s' and %s = '%s'"
156 +static int mysql_verify_password(sasl_conn_t *conn,
157 + const char *userid,
158 + const char *password,
159 + const char *service __attribute__((unused)),
160 + const char *user_realm __attribute__((unused)),
161 + const char **reply)
163 + unsigned int numrows;
164 + MYSQL mysql,*sock = NULL;
175 + *escap_password="",
177 + sasl_getopt_t *getopt;
180 + if (!userid || !password) {
181 + return SASL_BADPARAM;
183 + if (reply) { *reply = NULL; }
185 + /* check to see if the user configured a mysqluser/passwd/host/etc */
186 + if (_sasl_getcallback(conn, SASL_CB_GETOPT, &getopt, &context) == SASL_OK) {
187 + getopt(context, NULL, "mysql_user", (const char **) &db_user, NULL);
188 + if (!db_user) db_user = "";
189 + getopt(context, NULL, "mysql_passwd", (const char **) &db_passwd, NULL);
190 + if (!db_passwd) db_passwd = "";
191 + getopt(context, NULL, "mysql_host", (const char **) &db_host, NULL);
192 + if (!db_host) db_host = "";
193 + getopt(context, NULL, "mysql_database", (const char **) &db_database, NULL);
194 + if (!db_database) db_database = "";
195 + getopt(context, NULL, "mysql_table", (const char **) &db_table, NULL);
196 + if (!db_table) db_table = "";
197 + getopt(context, NULL, "mysql_uidcol", (const char **) &db_uidcol, NULL);
198 + if (!db_uidcol) db_uidcol = "";
199 + getopt(context, NULL, "mysql_pwdcol", (const char **) &db_pwcol, NULL);
200 + if (!db_pwcol) db_pwcol = "";
203 + /* db_host is a list of servers like this
204 + ** server1 , sever2 , server3 etc.
206 + cur_host = db_host;
207 + while ( cur_host != NULL || sock == NULL) {
208 + db_host = strchr(db_host,',');
209 + if ( db_host != NULL ) {
211 + /* loop till we find some text */
212 + while (!isalnum(db_host[0]) )
215 + sock = mysql_connect(&mysql,db_host,db_user,db_passwd);
216 + cur_host = db_host;
218 + if ( sock == NULL ) {
219 + if (reply) { *reply = "cannot connect to MySQL server"; }
223 + if (mysql_select_db(sock,db_database) < 0) {
225 + if (reply) { *reply = "cannot select MySQL database"; }
229 + /* select DB_UIDCOL from DB_TABLE where DB_UIDCOL = 'userid' AND DB_PWCOL = password('password') */
230 + /* first we must escape any strange characters to be inserted into the query string
231 + ** that is userid and password
233 + /* first allocate some memory */
234 + if ( (escap_userid = (char *)malloc(strlen(userid)*2+1))== NULL ||
235 + (escap_password = (char *)malloc(strlen(password)*2+1)) == NULL ) {
237 + *reply = "Cannot malloc memory for escaped chars";
241 + /* these should just work */
242 + mysql_real_escape_string(&mysql,escap_userid,userid,strlen(userid));
243 + mysql_real_escape_string(&mysql,escap_password,password,strlen(password));
245 + if ( (qbuf = (char *)malloc(strlen(QUERY_STRING)+strlen(db_uidcol)
246 + +strlen(db_table)+strlen(db_uidcol)
247 + +strlen(userid)+strlen(db_pwcol)
248 + +strlen(password)+1)) == NULL ) {
250 + *reply = "cannot malloc memory for sql query";
254 + sprintf(qbuf,QUERY_STRING,db_uidcol,db_table,db_uidcol,escap_userid,db_pwcol,escap_password);
255 + if (mysql_query(sock,qbuf) < 0 || !(result=mysql_store_result(sock)))
262 + if (result) //There were some rows found
264 + if ((numrows = mysql_affected_rows(&mysql)) != 1)
266 + mysql_free_result(result);
268 + if ((numrows > 1) && (reply)) { *reply = "Detected duplicate entries for user"; }
270 + return SASL_BADAUTH;
273 + mysql_free_result(result);
279 + mysql_free_result(result);
281 + return SASL_BADAUTH;
283 +#endif /* HAVE_MYSQL */
286 +/* simon@surf.org.uk LDAP auth 07/11/2000
287 + * Updated to 1.5.24 by SWH 09/12/2000
288 + * changed to use malloc and simplify the auth by Simon@surf.org.uk 10/21/2000
289 + * Added LDAP_FILTER, LDAP_DN, and LDAP_PASSWD -- 07/18/2001
290 + * Changed LDAP_DN to LDAP_BIND_DN and LDAP_PASSWD to LDAP_BIND_PW -- 08/08/2001
291 + * Kevin J. Menard, Jr. <kmenard@wpi.edu>
292 + * Added SSL mode and filter mode - simon@surf.org.uk 08/22/2001
293 + (are these USA dates or English ?)
297 +#define LDAP_SERVER "localhost"
298 +#define LDAP_BASEDN "o=JOFA, c=UK"
299 +#define LDAP_UIDATTR "uid"
300 +#define LDAP_FILTER ""
301 +#define LDAP_BIND_DN NULL
302 +#define LDAP_BIND_PW NULL
310 +#ifndef LDAP_NO_ATTRS
311 +#define LDAP_NO_ATTRS "1.1"
313 +static int ldap_isdigits(char *value)
318 + for (ptr = value; *ptr != '\0' && num != FALSE; ptr++) {
319 + if (!isdigit(*ptr))
326 +#ifdef LDAP_VENDOR_VERSION
327 +#define SASL_ldap_search_ext_s(ld, base, scope, filter, attrs, attrsonly, serverctrls, clientctrls, timeout, sizelimit, res) \
328 + ldap_search_ext_s(ld, base, scope, filter, attrs, attrsonly, serverctrls, clientctrls, timeout, sizelimit, res)
329 +#define SASL_ldap_memfree(dn) ldap_memfree(dn)
331 +#define SASL_ldap_search_ext_s(ld, base, scope, filter, attrs, attrsonly, serverctrls, clientctrls, timeout, sizelimit, res) \
332 + ldap_search_st(ld, base, scope, filter, attrs, attrsonly, timeout, res)
333 +#define SASL_ldap_memfree(dn) free(dn)
336 +static int ldap_verify_password(sasl_conn_t *conn,
337 + const char *userid,
338 + const char *password,
339 + const char *service __attribute__((unused)),
340 + const char *user_realm __attribute__((unused)),
341 + const char **reply)
345 + char *cur_server = NULL;
354 + *ldap_filter_mode="",
357 + int ldap_deref=LDAP_DEREF_NEVER;
358 + int malloc_size; /* safety net */
359 + int ldap_filter_flag = 0;
360 + int ldap_port = LDAP_PORT;
361 + sasl_getopt_t *getopt;
363 + LDAPMessage *result, *e;
364 + char *attrs[]={LDAP_NO_ATTRS, NULL};
365 +#ifdef LDAP_OPT_X_TLS
367 + int ldap_ssl_flag = 0;
372 + /* If the password is NULL, reject the login...
373 + * Otherwise the bind will succed as a reference bind. Not good...
375 + if (strcmp(password,"") == 0 || strcmp(userid,"") == 0) {
376 + return SASL_BADPARAM;
379 + if (reply) { *reply = NULL; }
381 + /* check to see if the user configured a ldap stuff */
382 + if ( _sasl_getcallback(conn, SASL_CB_GETOPT, &getopt, &context) != SASL_OK) {
383 + *reply = "SASL LDAP Method couldnt find getopt callback";
384 + return(SASL_BADPARAM);
387 + /* basic server infomation */
388 + getopt(context, NULL, "ldap_server", (const char **) &ldap_server, NULL);
389 + if (!ldap_server) ldap_server = LDAP_SERVER;
390 + getopt(context, NULL, "ldap_basedn", (const char **) &ldap_basedn, NULL);
391 + if (!ldap_basedn) {
392 + if (reply) { *reply = "ldap_basedn not defined"; }
393 + return SASL_BADPARAM;
395 + getopt(context, NULL, "ldap_uidattr", (const char **) &ldap_uidattr, NULL);
396 + if (!ldap_uidattr) { ldap_uidattr = LDAP_UIDATTR; }
398 + /* should probabaly do something if in SSL Mode */
399 + getopt(context, NULL, "ldap_port", (const char **) &port_num, NULL);
401 + ldap_port = LDAP_PORT;
402 + } else if (!ldap_isdigits(port_num)) {
403 + if (reply) { *reply = "ldap_port - invalid value"; }
404 + return SASL_BADPARAM;
406 + ldap_port = atoi(port_num);
408 + /* get filter information (if present) */
409 + getopt(context, NULL, "ldap_filter", (const char **) &ldap_filter, NULL);
410 + if (!ldap_filter) { ldap_filter = LDAP_FILTER; }
411 + getopt(context, NULL, "ldap_bind_dn", (const char **) &ldap_bind_dn, NULL);
412 + if (!ldap_bind_dn) { ldap_bind_dn = LDAP_BIND_DN; }
413 + getopt(context, NULL, "ldap_bind_pw", (const char **) &ldap_bind_pw, NULL);
414 + if (!ldap_bind_pw) { ldap_bind_pw = LDAP_BIND_PW; }
415 + getopt(context, NULL, "ldap_alias_deref", (const char **) &alias_deref, NULL);
417 + if (*alias_deref == 'n' || *alias_deref =='N')
418 + { ldap_deref=LDAP_DEREF_NEVER; }
419 + if (*alias_deref == 's' || *alias_deref =='S')
420 + { ldap_deref=LDAP_DEREF_SEARCHING; }
421 + if (*alias_deref == 'f' || *alias_deref =='F')
422 + { ldap_deref=LDAP_DEREF_FINDING; }
423 + if (*alias_deref == 'a' || *alias_deref =='A')
424 + { ldap_deref=LDAP_DEREF_ALWAYS; }
425 + /* test for ssl mode */
426 + /* this will only work with openldap > v2
427 + ** (the other ldap stuff I dont know)
429 +#ifdef LDAP_OPT_X_TLS
430 + getopt(context, NULL, "ldap_ssl", (const char **) &ldap_ssl, NULL);
431 + /* this is taken from the auto transition section */
432 + if (ldap_ssl == NULL ) { ldap_ssl = "n"; }
433 + if (*ldap_ssl == '1' || *ldap_ssl == 'y' ||
434 + (*ldap_ssl == 'o' && ldap_ssl[1] == 'n') || *ldap_ssl == 't') {
435 + /* ok switch on ldap ssl mode */
439 + /* test for filter mode */
440 + getopt(context, NULL, "ldap_filter_mode", (const char **) &ldap_filter_mode, NULL);
441 + /* this is taken from the auto transition section */
442 + if (ldap_filter_mode == NULL ) { ldap_filter_mode = "n"; }
443 + if (*ldap_filter_mode == '1' || *ldap_filter_mode == 'y' ||
444 + (*ldap_filter_mode == 'o' && ldap_filter_mode[1] == 'n')
445 + || *ldap_filter_mode == 't') {
446 + /* ok switch on ldap ssl mode */
447 + ldap_filter_flag = 1;
450 + /* Open the LDAP connection. */
451 + cur_server = ldap_server;
452 + while ( cur_server != NULL && ld == NULL) {
453 + ldap_server = strchr(ldap_server,',');
454 + if ( ldap_server != NULL ) {
455 + ldap_server[0] = 0x00;
456 + /* loop till we find some text */
457 + while (!isalnum(ldap_server[0]) )
460 + ld = ldap_init(cur_server,ldap_port);
461 + cur_server = ldap_server;
464 + if (reply) { *reply = "cannot connect to LDAP server"; }
467 + /* setting dereferensing aliases mode */
468 + if (ldap_set_option(ld, LDAP_OPT_DEREF, (void *) &ldap_deref) != LDAP_OPT_SUCCESS) {
470 + *reply = "cannot set deref options";
474 + /* set ssl mode if needed */
475 +#ifdef LDAP_OPT_X_TLS
476 + if ( ldap_ssl_flag ) {
477 + ldap_set_option(ld, LDAP_OPT_X_TLS, (void *)&tls_option);
481 + /* either run the filter or just bind as them ? */
484 + * Kevin J. Menard, Jr. <kmenard@wpi.edu>. -- 07/18/2001
485 + * Added search code. First search for the UID and filter, then
486 + * attempt to bind with the search result.
488 + if ( ldap_filter_flag ) {
489 + /* Bind as the user given (or anonymous) */
490 + if (ldap_simple_bind_s(ld,ldap_bind_dn,ldap_bind_pw) != LDAP_SUCCESS) {
492 + return SASL_BADAUTH;
495 + malloc_size = strlen(ldap_uidattr)+strlen(userid)+strlen(ldap_filter)+8;
496 + /* allocate memory to filter */
497 + if ( (filter = (char *)malloc(malloc_size)) == NULL ) {
499 + *reply = "cannot allocate memory for ldap search filter";
505 + /* Create the search filter */
506 + snprintf(filter,malloc_size-1,"(&(%s=%s)%s)", ldap_uidattr, userid, ldap_filter);
508 + /* Now do the search */
509 + if (SASL_ldap_search_ext_s(ld, ldap_basedn, LDAP_SCOPE_SUBTREE, filter,
510 + attrs, 0, NULL, NULL, LDAP_NO_LIMIT, 1, &result) !=
514 + return SASL_BADAUTH;
517 + /* Now get the entry from the search results */
518 + if ( (e = ldap_first_entry(ld, result)) ==NULL) {
520 + ldap_msgfree(result);
522 + *reply = "entry not found";
526 +// return SASL_BADAUTH;
529 + /* Now extract the dn */
530 + if ( (dn = ldap_get_dn(ld, e)) == NULL) {
532 + ldap_msgfree(result);
534 + *reply = "Cannot get DN";
538 +// return SASL_BADAUTH;
540 + if (ldap_simple_bind_s(ld,dn,(char *)password) != LDAP_SUCCESS) {
543 + SASL_ldap_memfree(dn);
544 + ldap_msgfree(result);
546 + return SASL_BADAUTH;
550 + SASL_ldap_memfree(dn);
551 + ldap_msgfree(result);
554 + malloc_size = strlen(ldap_uidattr)+strlen(userid)+strlen(ldap_basedn)+3;
555 + if ( (dn = (char *)malloc(malloc_size)) == NULL ) {
557 + *reply = "cannnot allocate memory for ldap dn";
561 + /* Generate a dn that we will try and login with */
562 + snprintf(dn,malloc_size,"%s=%s,%s", ldap_uidattr,userid,ldap_basedn);
565 + * Just try and bind with the dn we have been given
566 + * In most cases the basedn is correct.
567 + * If this is not so I have a version or that too
568 + * Simon@surf.org.uk
570 + if (ldap_simple_bind_s(ld,dn,(char *)password) != LDAP_SUCCESS) {
573 + return SASL_BADAUTH;
583 +#endif /* HAVE_LDAP */
585 struct sasl_verify_password_s _sasl_verify_password[] = {
586 { "sasldb", &sasldb_verify_password },
588 @@ -1205,6 +1675,12 @@
591 { "pwcheck", &pwcheck_verify_password },
594 + { "mysql", &mysql_verify_password },
597 + { "ldap", &ldap_verify_password },
599 #ifdef HAVE_SASLAUTHD
600 { "saslauthd", &saslauthd_verify_password },
601 --- ./plugins/Makefile.in.orig Sat Mar 24 01:48:13 2001
602 +++ ./plugins/Makefile.in Thu Mar 28 13:01:27 2002
605 LIB_CRYPT = @LIB_CRYPT@
607 +LIB_LDAP = @LIB_LDAP@
608 +LIB_MYSQL = @LIB_MYSQL@
611 LIB_SOCKET = @LIB_SOCKET@
614 DISTFILES = $(DIST_COMMON) $(SOURCES) $(HEADERS) $(TEXINFOS) $(EXTRA_DIST)
619 SOURCES = $(libplain_la_SOURCES) $(libanonymous_la_SOURCES) $(libkerberos4_la_SOURCES) $(libcrammd5_la_SOURCES) $(libscrammd5_la_SOURCES) $(libgssapiv2_la_SOURCES) $(libdigestmd5_la_SOURCES) $(liblogin_la_SOURCES) $(libsrp_la_SOURCES)
620 OBJECTS = $(libplain_la_OBJECTS) $(libanonymous_la_OBJECTS) $(libkerberos4_la_OBJECTS) $(libcrammd5_la_OBJECTS) $(libscrammd5_la_OBJECTS) $(libgssapiv2_la_OBJECTS) $(libdigestmd5_la_OBJECTS) $(liblogin_la_OBJECTS) $(libsrp_la_OBJECTS)
621 --- ./plugins/kerberos4.c.orig Sat Mar 10 05:56:46 2001
622 +++ ./plugins/kerberos4.c Thu Mar 28 12:40:17 2002
625 /* decrypt; verify checksum */
628 + des_pcbc_encrypt((const unsigned char *)in,
629 + (unsigned char *)in,
631 des_pcbc_encrypt((des_cblock *)in,
637 @@ -1220,9 +1225,14 @@
642 + des_pcbc_encrypt((const unsigned char *)sout,
643 + (unsigned char *)sout,
646 des_pcbc_encrypt((des_cblock *)sout,
651 (des_cblock *)text->session,
652 --- ./utils/Makefile.in.orig Sat Mar 24 01:48:13 2001
653 +++ ./utils/Makefile.in Thu Mar 28 13:03:28 2002
656 LIB_CRYPT = @LIB_CRYPT@
658 +LIB_LDAP = @LIB_LDAP@
659 +LIB_MYSQL = @LIB_MYSQL@
662 LIB_SOCKET = @LIB_SOCKET@
665 DISTFILES = $(DIST_COMMON) $(SOURCES) $(HEADERS) $(TEXINFOS) $(EXTRA_DIST)
670 SOURCES = $(libsfsasl_la_SOURCES) testsuite.c dbconverter-1.5.9.c saslpasswd.c sasldblistusers.c
671 OBJECTS = $(libsfsasl_la_OBJECTS) testsuite.o dbconverter-1.5.9.o saslpasswd.o sasldblistusers.o
672 --- ./doc/Makefile.in.orig Sat Mar 24 01:48:13 2001
673 +++ ./doc/Makefile.in Thu Mar 28 13:03:42 2002
676 LIB_CRYPT = @LIB_CRYPT@
678 +LIB_LDAP = @LIB_LDAP@
679 +LIB_MYSQL = @LIB_MYSQL@
682 LIB_SOCKET = @LIB_SOCKET@
685 DISTFILES = $(DIST_COMMON) $(SOURCES) $(HEADERS) $(TEXINFOS) $(EXTRA_DIST)
692 --- ./doc/sysadmin.html.orig Sat Feb 17 05:06:33 2001
693 +++ ./doc/sysadmin.html Thu Mar 28 12:40:18 2002
695 <dt><i>pwcheck</i><dd> checks passwords with the use of a seperate,
696 helper daemon. <b>needs to be documented.</b><p>
698 +<dt><i>mysql</i><dd> A MySQL database can be used for plaintext
699 + password checking by setting "pwcheck_method" to "mysql".<p>
701 + <p>The following SASL options are used for MySQL Authentication:<p>
704 + <dd>mysql_user: <user></dd>
705 + <dd>mysql_passwd: <cleartext pw></dd>
706 + <dd>mysql_host: <hosts separated by ,></dd>
707 + <dd>mysql_database: <database></dd>
708 + <dd>mysql_table: <table></dd>
709 + <dd>mysql_uidcol: <username col></dd>
710 + <dd>mysql_pwdcol: <password col></dd>
713 + <p>MySQL pwcheck_method created by <a href="mailto:dmz@dmzs.com">David Matthew Zendzian</a>
714 + the original patch may be found at <a href="http://www.dmzs.com/~dmz/projects/cyrus/">http://www.dmzs.com/~dmz/projects/cyrus/</a>.<p>
716 +<dt><i>ldap</i><dd> A LDAP server can be used for plaintext password
717 + checking by setting "pwcheck_method" to "ldap".<p>
719 + <p>The following SASL options are used for LDAP Authentication:<p>
722 + <dd>ldap_server: <LDAP Servers separated by , [localhost]>
723 + <dd>ldap_basedn: <LDAP base dn>
724 + <dd>ldap_uidattr: <LDAP uid attribute [uid]>
725 + <dd>ldap_port: <LDAP port [389]>
726 + <dd>ldap_ssl: <yes/no/true/fasle> Use ssl (untested)
727 + <dd>ldap_filter_mode: <yes/no/true/fasle> Use the filter below
728 + <dd>ldap_filter: <Additional search filter
729 +[(objectClass=posixAccount)]>
730 + <dd>ldap_bind_dn: <DN to bind with [NULL]>
731 + <dd>ldap_bind_pw: <Password for DN to bind with [NULL]>
732 + <dd>ldap_alias_deref: <n|s|f|a> n is default
735 + <p>It is a requirement that "ldap_basedn" be set to the appropriate
736 + value for your site<br>
737 + (ex. ldap_basedn: o=surf, c=UK)<p>
739 + <p>ldap_alias_deref: n = LDAP_DEREF_NEVER<br>
740 + s = LDAP_DEREF_SEARCHING<br>
741 + f = LDAP_DEREF_FINDING<br>
742 + a = LDAP_DEREF_ALWAYS<br>
743 + If you dont know what ldap alias is just leave this alone.<br>
745 + <p>NULL values for ldap_dn and ldap_passwd mean do an anonymous bind
748 + <p>LDAP pwcheck_method created by <a href="mailto:simon@surf.org.uk">Simon@su
750 + the original patch may be found at <a href="http://www.surf.org.uk/">http://w
751 +ww.surf.org.uk/</a>.<p>
753 + <p>Search and filter ability for LDAP was added by <a href="mailto:kmenard@wp.edu">Kevin J. Menard, Jr.</a>.<p>
754 + <p>Ldap alias support by mailer@cbsd.donetsk.ua<br>
758 <dt><i>write your own</i><dd> Last, but not least, the most flexible
759 method of authentication for PLAIN is to write your own. If you do
760 so, any application that calls the "<tt>sasl_checkpass()</tt>"
761 --- ./man/Makefile.in.orig Sat Mar 24 01:48:14 2001
762 +++ ./man/Makefile.in Thu Mar 28 13:03:47 2002
765 LIB_CRYPT = @LIB_CRYPT@
767 +LIB_LDAP = @LIB_LDAP@
768 +LIB_MYSQL = @LIB_MYSQL@
771 LIB_SOCKET = @LIB_SOCKET@
774 DISTFILES = $(DIST_COMMON) $(SOURCES) $(HEADERS) $(TEXINFOS) $(EXTRA_DIST)
781 --- ./pwcheck/Makefile.in.orig Sat Mar 24 01:48:14 2001
782 +++ ./pwcheck/Makefile.in Thu Mar 28 12:40:19 2002
785 LIB_CRYPT = @LIB_CRYPT@
787 +LIB_LDAP = @LIB_LDAP@
788 +LIB_MYSQL = @LIB_MYSQL@
791 LIB_SOCKET = @LIB_SOCKET@
794 DISTFILES = $(DIST_COMMON) $(SOURCES) $(HEADERS) $(TEXINFOS) $(EXTRA_DIST)
799 SOURCES = $(pwcheck_SOURCES) $(EXTRA_pwcheck_SOURCES)
800 OBJECTS = $(pwcheck_OBJECTS)
801 --- ./sample/Makefile.in.orig Sat Mar 24 01:48:13 2001
802 +++ ./sample/Makefile.in Thu Mar 28 13:03:53 2002
805 LIB_CRYPT = @LIB_CRYPT@
807 +LIB_LDAP = @LIB_LDAP@
808 +LIB_MYSQL = @LIB_MYSQL@
811 LIB_SOCKET = @LIB_SOCKET@
814 DISTFILES = $(DIST_COMMON) $(SOURCES) $(HEADERS) $(TEXINFOS) $(EXTRA_DIST)
819 SOURCES = $(sample_client_SOURCES) $(sample_server_SOURCES) $(client_SOURCES) $(server_SOURCES)
820 OBJECTS = $(sample_client_OBJECTS) $(sample_server_OBJECTS) $(client_OBJECTS) $(server_OBJECTS)
821 --- ./java/CyrusSasl/Makefile.in.orig Sat Mar 24 01:48:14 2001
822 +++ ./java/CyrusSasl/Makefile.in Thu Mar 28 12:40:20 2002
825 LIB_CRYPT = @LIB_CRYPT@
827 +LIB_LDAP = @LIB_LDAP@
828 +LIB_MYSQL = @LIB_MYSQL@
831 LIB_SOCKET = @LIB_SOCKET@
834 DISTFILES = $(DIST_COMMON) $(SOURCES) $(HEADERS) $(TEXINFOS) $(EXTRA_DIST)
839 SOURCES = $(libjavasasl_la_SOURCES)
840 OBJECTS = $(libjavasasl_la_OBJECTS)
841 --- ./java/javax/security/auth/callback/Makefile.in.orig Sat Mar 24 01:48:14 2001
842 +++ ./java/javax/security/auth/callback/Makefile.in Thu Mar 28 12:40:20 2002
845 LIB_CRYPT = @LIB_CRYPT@
847 +LIB_LDAP = @LIB_LDAP@
848 +LIB_MYSQL = @LIB_MYSQL@
851 LIB_SOCKET = @LIB_SOCKET@
854 DISTFILES = $(DIST_COMMON) $(SOURCES) $(HEADERS) $(TEXINFOS) $(EXTRA_DIST)
861 --- ./java/javax/security/auth/Makefile.in.orig Sat Mar 24 01:48:14 2001
862 +++ ./java/javax/security/auth/Makefile.in Thu Mar 28 12:40:20 2002
865 LIB_CRYPT = @LIB_CRYPT@
867 +LIB_LDAP = @LIB_LDAP@
868 +LIB_MYSQL = @LIB_MYSQL@
871 LIB_SOCKET = @LIB_SOCKET@
874 DISTFILES = $(DIST_COMMON) $(SOURCES) $(HEADERS) $(TEXINFOS) $(EXTRA_DIST)
881 --- ./java/javax/security/Makefile.in.orig Sat Mar 24 01:48:14 2001
882 +++ ./java/javax/security/Makefile.in Thu Mar 28 12:40:21 2002
885 LIB_CRYPT = @LIB_CRYPT@
887 +LIB_LDAP = @LIB_LDAP@
888 +LIB_MYSQL = @LIB_MYSQL@
891 LIB_SOCKET = @LIB_SOCKET@
894 DISTFILES = $(DIST_COMMON) $(SOURCES) $(HEADERS) $(TEXINFOS) $(EXTRA_DIST)
901 --- ./java/javax/Makefile.in.orig Sat Mar 24 01:48:14 2001
902 +++ ./java/javax/Makefile.in Thu Mar 28 12:40:21 2002
905 LIB_CRYPT = @LIB_CRYPT@
907 +LIB_LDAP = @LIB_LDAP@
908 +LIB_MYSQL = @LIB_MYSQL@
911 LIB_SOCKET = @LIB_SOCKET@
914 DISTFILES = $(DIST_COMMON) $(SOURCES) $(HEADERS) $(TEXINFOS) $(EXTRA_DIST)
921 --- ./java/Makefile.in.orig Sat Mar 24 01:48:14 2001
922 +++ ./java/Makefile.in Thu Mar 28 12:40:21 2002
925 LIB_CRYPT = @LIB_CRYPT@
927 +LIB_LDAP = @LIB_LDAP@
928 +LIB_MYSQL = @LIB_MYSQL@
931 LIB_SOCKET = @LIB_SOCKET@
934 DISTFILES = $(DIST_COMMON) $(SOURCES) $(HEADERS) $(TEXINFOS) $(EXTRA_DIST)
941 --- ./saslauthd/Makefile.in.orig Sat Mar 24 01:48:14 2001
942 +++ ./saslauthd/Makefile.in Thu Mar 28 12:40:22 2002
945 LIB_CRYPT = @LIB_CRYPT@
947 +LIB_LDAP = @LIB_LDAP@
948 +LIB_MYSQL = @LIB_MYSQL@
951 LIB_SOCKET = @LIB_SOCKET@
954 DISTFILES = $(DIST_COMMON) $(SOURCES) $(HEADERS) $(TEXINFOS) $(EXTRA_DIST)
959 SOURCES = $(saslauthd_SOURCES)
960 OBJECTS = $(saslauthd_OBJECTS)
961 --- ./Makefile.in.orig Sat Mar 24 01:48:13 2001
962 +++ ./Makefile.in Thu Mar 28 13:04:13 2002
965 LIB_CRYPT = @LIB_CRYPT@
967 +LIB_LDAP = @LIB_LDAP@
968 +LIB_MYSQL = @LIB_MYSQL@
971 LIB_SOCKET = @LIB_SOCKET@
974 DISTFILES = $(DIST_COMMON) $(SOURCES) $(HEADERS) $(TEXINFOS) $(EXTRA_DIST)
979 DIST_SUBDIRS = include lib plugins utils doc man pwcheck sample java \
981 --- ./acconfig.h.orig Sat Feb 17 05:06:28 2001
982 +++ ./acconfig.h Thu Mar 28 12:40:22 2002
984 /* do we have PAM for plaintext password checking? */
987 +/* do we have MySQL for plaintext password checking? */
990 +/* do we have LDAP for plaintext password checking? */
993 /* what flavor of GSSAPI are we using? */
994 #undef HAVE_GSS_C_NT_HOSTBASED_SERVICE
996 --- ./aclocal.m4.orig Sat Mar 24 01:48:12 2001
997 +++ ./aclocal.m4 Thu Mar 28 12:56:14 2002
1001 # Check for any special flags to pass to ltconfig.
1003 -# the following will cause an existing older ltconfig to fail, so
1004 -# we ignore this at the expense of the cache file... Checking this
1005 -# will just take longer ... bummer!
1006 -#libtool_flags="--cache-file=$cache_file"
1008 +libtool_flags="--cache-file=$cache_file"
1009 test "$enable_shared" = no && libtool_flags="$libtool_flags --disable-shared"
1010 test "$enable_static" = no && libtool_flags="$libtool_flags --disable-static"
1011 test "$enable_fast_install" = no && libtool_flags="$libtool_flags --disable-fast-install"
1012 @@ -566,35 +561,31 @@
1015 # AC_LIBLTDL_CONVENIENCE[(dir)] - sets LIBLTDL to the link flags for
1016 -# the libltdl convenience library and INCLTDL to the include flags for
1017 -# the libltdl header and adds --enable-ltdl-convenience to the
1018 -# configure arguments. Note that LIBLTDL and INCLTDL are not
1019 -# AC_SUBSTed, nor is AC_CONFIG_SUBDIRS called. If DIR is not
1020 -# provided, it is assumed to be `libltdl'. LIBLTDL will be prefixed
1021 -# with '${top_builddir}/' and INCLTDL will be prefixed with
1022 -# '${top_srcdir}/' (note the single quotes!). If your package is not
1023 -# flat and you're not using automake, define top_builddir and
1024 -# top_srcdir appropriately in the Makefiles.
1025 +# the libltdl convenience library, adds --enable-ltdl-convenience to
1026 +# the configure arguments. Note that LIBLTDL is not AC_SUBSTed, nor
1027 +# is AC_CONFIG_SUBDIRS called. If DIR is not provided, it is assumed
1028 +# to be `${top_builddir}/libltdl'. Make sure you start DIR with
1029 +# '${top_builddir}/' (note the single quotes!) if your package is not
1030 +# flat, and, if you're not using automake, define top_builddir as
1031 +# appropriate in the Makefiles.
1032 AC_DEFUN(AC_LIBLTDL_CONVENIENCE, [AC_BEFORE([$0],[AC_LIBTOOL_SETUP])dnl
1033 case "$enable_ltdl_convenience" in
1034 no) AC_MSG_ERROR([this package needs a convenience libltdl]) ;;
1035 "") enable_ltdl_convenience=yes
1036 ac_configure_args="$ac_configure_args --enable-ltdl-convenience" ;;
1038 - LIBLTDL='${top_builddir}/'ifelse($#,1,[$1],['libltdl'])/libltdlc.la
1039 - INCLTDL='-I${top_srcdir}/'ifelse($#,1,[$1],['libltdl'])
1040 + LIBLTDL=ifelse($#,1,$1,['${top_builddir}/libltdl'])/libltdlc.la
1041 + INCLTDL=ifelse($#,1,-I$1,['-I${top_builddir}/libltdl'])
1044 # AC_LIBLTDL_INSTALLABLE[(dir)] - sets LIBLTDL to the link flags for
1045 -# the libltdl installable library and INCLTDL to the include flags for
1046 -# the libltdl header and adds --enable-ltdl-install to the configure
1047 -# arguments. Note that LIBLTDL and INCLTDL are not AC_SUBSTed, nor is
1048 -# AC_CONFIG_SUBDIRS called. If DIR is not provided and an installed
1049 -# libltdl is not found, it is assumed to be `libltdl'. LIBLTDL will
1050 -# be prefixed with '${top_builddir}/' and INCLTDL will be prefixed
1051 -# with '${top_srcdir}/' (note the single quotes!). If your package is
1052 -# not flat and you're not using automake, define top_builddir and
1053 -# top_srcdir appropriately in the Makefiles.
1054 +# the libltdl installable library, and adds --enable-ltdl-install to
1055 +# the configure arguments. Note that LIBLTDL is not AC_SUBSTed, nor
1056 +# is AC_CONFIG_SUBDIRS called. If DIR is not provided, it is assumed
1057 +# to be `${top_builddir}/libltdl'. Make sure you start DIR with
1058 +# '${top_builddir}/' (note the single quotes!) if your package is not
1059 +# flat, and, if you're not using automake, define top_builddir as
1060 +# appropriate in the Makefiles.
1061 # In the future, this macro may have to be called after AC_PROG_LIBTOOL.
1062 AC_DEFUN(AC_LIBLTDL_INSTALLABLE, [AC_BEFORE([$0],[AC_LIBTOOL_SETUP])dnl
1063 AC_CHECK_LIB(ltdl, main,
1066 if test x"$enable_ltdl_install" = x"yes"; then
1067 ac_configure_args="$ac_configure_args --enable-ltdl-install"
1068 - LIBLTDL='${top_builddir}/'ifelse($#,1,[$1],['libltdl'])/libltdl.la
1069 - INCLTDL='-I${top_srcdir}/'ifelse($#,1,[$1],['libltdl'])
1070 + LIBLTDL=ifelse($#,1,$1,['${top_builddir}/libltdl'])/libltdl.la
1071 + INCLTDL=ifelse($#,1,-I$1,['-I${top_builddir}/libltdl'])
1073 ac_configure_args="$ac_configure_args --enable-ltdl-install=no"
1075 --- ./config.h.in.orig Wed Mar 14 04:49:33 2001
1076 +++ ./config.h.in Thu Mar 28 12:40:23 2002
1078 /* do we have PAM for plaintext password checking? */
1081 +/* do we have MySQL for plaintext password checking? */
1084 +/* do we have LDAP for plaintext password checking? */
1087 /* what flavor of GSSAPI are we using? */
1088 #undef HAVE_GSS_C_NT_HOSTBASED_SERVICE
1090 --- ./configure.in.orig Sat Mar 24 01:47:27 2001
1091 +++ ./configure.in Thu Mar 28 12:40:23 2002
1092 @@ -322,6 +322,94 @@
1094 AM_CONDITIONAL(PWCHECK, test "$with_pwcheck" != no)
1097 +############################################################################
1098 +# Simon Loader tries to do auto conf
1100 +AC_ARG_WITH(mysql, [ --with-mysql=PATH enable authentication from MySQL database [no] ],
1101 + with_mysql=$withval,
1104 +# fine location of library
1105 +# prsumesing if one given then correct
1106 +if test "${with_mysql}" = "yes"; then
1107 + for mysqlloc in lib/mysql lib
1109 + if test -f ${prefix}/${mysqlloc}/libmysqlclient.a; then
1110 + with_mysql="${prefix}"
1112 + elif test -f /usr/local/${mysqlloc}/libmysqlclient.a; then
1113 + with_mysql="/usr/local"
1115 + elif test -f /usr/${mysqlloc}/libmysqlclient.a; then
1122 +case "$with_mysql" in
1125 + if test -d ${with_mysql}/include/mysql; then
1126 + CPPFLAGS="${CPPFLAGS} -I${with_mysql}/include/mysql"
1127 + LDFLAGS="$LDFLAGS -L${with_mysql}/lib/mysql"
1129 + CPPFLAGS="${CPPFLAGS} -I${with_mysql}/include"
1130 + LDFLAGS="$LDFLAGS -L${with_mysql}/lib"
1132 + AC_CHECK_LIB(mysqlclient, mysql_select_db,[
1133 + LIB_MYSQL="-lmysqlclient"
1134 + AC_DEFINE(HAVE_MYSQL)],
1135 + [AC_ERROR([MYSQL libarary mysqlclient not found])]);;
1138 +AC_SUBST(LIB_MYSQL)
1141 +AC_ARG_WITH(ldap, [ --with-ldap=PATH enable authentication from LDAP [no] ],
1142 + with_ldap=$withval,
1145 +if test "$with_ldap" = "yes"; then
1146 + for ldaploc in lib/ldap lib
1148 + if test -f ${prefix}/${ldaploc}/libldap.a; then
1149 + with_ldap="${prefix}"
1151 + elif test -f /usr/local/${ldaploc}/libldap.a; then
1152 + with_ldap="/usr/local"
1154 + elif test -f /usr/${ldaploc}/libldap.a; then
1161 +case "$with_ldap" in
1164 + if test -d ${with_ldap}/include/ldap; then
1165 + CPPFLAGS="${CPPFLAGS} -I${with_ldap}/include/ldap"
1166 + LDFLAGS="$LDFLAGS -L${with_ldap}/lib/ldap"
1168 + CPPFLAGS="${CPPFLAGS} -I${with_ldap}/include"
1169 + LDFLAGS="$LDFLAGS -L${with_ldap}/lib"
1171 + AC_CHECK_LIB(ldap, ldap_open,[
1172 + LIB_LDAP="-lldap -llber"
1173 + AC_DEFINE(HAVE_LDAP)],
1174 + [AC_ERROR([LDAP libarary ldap and lber not found])],
1181 +#######################################################################
1185 AC_ARG_ENABLE(cram, [ --enable-cram enable CRAM-MD5 authentication [yes] ],