-diff -ruN --exclude *.orig cyrus-sasl-1.5.27.orig/acconfig.h cyrus-sasl-1.5.27/acconfig.h
---- cyrus-sasl-1.5.27.orig/acconfig.h Tue Apr 24 17:02:28 2001
-+++ cyrus-sasl-1.5.27/acconfig.h Tue Apr 24 17:02:53 2001
-@@ -86,6 +86,12 @@
- /* do we have PAM for plaintext password checking? */
- #undef HAVE_PAM
+--- ./include/Makefile.in.orig Sat Mar 24 01:48:13 2001
++++ ./include/Makefile.in Thu Mar 28 12:56:53 2002
+@@ -119,6 +119,8 @@
+ LIBTOOL = @LIBTOOL@
+ LIB_CRYPT = @LIB_CRYPT@
+ LIB_DES = @LIB_DES@
++LIB_LDAP = @LIB_LDAP@
++LIB_MYSQL = @LIB_MYSQL@
+ LIB_PAM = @LIB_PAM@
+ LIB_SIA = @LIB_SIA@
+ LIB_SOCKET = @LIB_SOCKET@
+@@ -175,7 +177,7 @@
-+/* do we have MySQL for plaintext password checking? */
-+#undef HAVE_MYSQL
-+
-+/* do we have LDAP for plaintext password checking? */
-+#undef HAVE_LDAP
-+
- /* what flavor of GSSAPI are we using? */
- #undef HAVE_GSS_C_NT_HOSTBASED_SERVICE
-
-diff -ruN --exclude *.orig cyrus-sasl-1.5.27.orig/configure.in cyrus-sasl-1.5.27/configure.in
---- cyrus-sasl-1.5.27.orig/configure.in Tue Apr 24 17:02:28 2001
-+++ cyrus-sasl-1.5.27/configure.in Tue Apr 24 17:41:49 2001
-@@ -147,13 +147,16 @@
- dnl named. arg.
- berkeley)
- AC_CHECK_HEADER(db.h,
-- AC_CHECK_LIB(db-3, db_create, SASL_DB_LIB="-ldb-3";
-- dblib="berkeley",
-- AC_CHECK_LIB(db, db_create, SASL_DB_LIB="-ldb";
-- dblib="berkeley",
-- AC_CHECK_LIB(db, db_open, SASL_DB_LIB="-ldb";
-- dblib="berkeley",
-- dblib="no"))),
-+ for dbname in db-3.1 db-3 db3.1 db3 db
-+ do
-+ AC_CHECK_LIB($dbname, db_create, SASL_DB_LIB="-l$dbname";
-+ dblib="berkeley"; break, dblib="no")
-+ done
-+ if test "$dblib" = "no"; then
-+ AC_CHECK_LIB(db, db_open, SASL_DB_LIB="-ldb";
-+ dblib="berkeley"; dbname=db,
-+ dblib="no")
-+ fi,
- dblib="no")
- ;;
- gdbm)
-@@ -173,13 +176,16 @@
- auto_detect)
- dnl How about berkeley db?
- AC_CHECK_HEADER(db.h,
-- AC_CHECK_LIB(db-3, db_create, SASL_DB_LIB="-ldb-3";
-- dblib="berkeley",
-- AC_CHECK_LIB(db, db_create, SASL_DB_LIB="-ldb";
-- dblib="berkeley",
-- AC_CHECK_LIB(db, db_open, SASL_DB_LIB="-ldb";
-- dblib="berkeley",
-- dblib="no"))),
-+ for dbname in db-3.1 db-3 db3.1 db3 db
-+ do
-+ AC_CHECK_LIB($dbname, db_create, SASL_DB_LIB="-l$dbname";
-+ dblib="berkeley"; break, dblib="no")
-+ done
-+ if test "$dblib" = "no"; then
-+ AC_CHECK_LIB(db, db_open, SASL_DB_LIB="-ldb";
-+ dblib="berkeley"; dbname=db,
-+ dblib="no")
-+ fi,
- dblib="no")
- if test "$dblib" = no; then
- dnl How about ndbm?
-@@ -322,6 +328,88 @@
- fi
- AM_CONDITIONAL(PWCHECK, test "$with_pwcheck" != no)
-
-+dnl MySQL
-+AC_ARG_WITH(mysql, [ --with-mysql=PATH enable authentication from MySQL database [no] ],
-+ with_mysql=$withval,
-+ with_mysql=no)
-+
-+mysql_found=""
-+if test -z "$with_mysql"; then
-+ for mysqlloc in lib/mysql lib ; do
-+ for mysqlprefix in ${prefix} /usr/local /usr ; do
-+ if test -f ${prefix}/${mysqlloc}/libmysqlclient.a; then
-+ with_mysql="${prefix}"
-+ mysql_found="yes"
-+ break
-+ fi
-+ done
-+ if test "$mysql_found"; then
-+ break
-+ fi
-+ done
-+fi
-+
-+LIB_MYSQL=""
-+case "$with_mysql" in
-+ no) true;;
-+ ""|yes) AC_CHECK_LIB(mysqlclient, mysql_select_db,
-+ AC_DEFINE(HAVE_MYSQL)
-+ LIB_MYSQL="-lmysqlclient",
-+ with_mysql=no);;
-+ *) if test -d ${with_mysql}/include/mysql; then
-+ CPPFLAGS="$CPPFLAGS -I${with_mysql}/include/mysql"
-+ else
-+ CPPFLAGS="$CPPFLAGS -I${with_mysql}/include"
-+ fi
-+ if test -d ${with_mysql}/lib/mysql; then
-+ LDFLAGS="$LDFLAGS -L${with_mysql}/lib/mysql"
-+ fi
-+ AC_DEFINE(HAVE_MYSQL)
-+ LIB_MYSQL="-lmysqlclient";;
-+esac
-+AC_SUBST(LIB_MYSQL)
-+
-+dnl LDAP
-+AC_ARG_WITH(ldap, [ --with-ldap=PATH enable authentication from LDAP [no] ],
-+ with_ldap=$withval,
-+ with_ldap=no)
-+
-+ldap_found=""
-+if test -z "$with_ldap"; then
-+ for ldaploc in lib/ldap lib; do
-+ for ldapprefix in ${prefix} /usr/local /usr; do
-+ if test -f ${ldapprefix}/${ldaploc}/libldap.a -o -f ${ldapprefix}/${ldaploc}/libldap.so; then
-+ with_ldap="${ldapprefix}"
-+ ldap_found="yes"
-+ break
-+ fi
-+ done
-+ if test "$ldap_found"; then
-+ break
-+ fi
-+ done
-+fi
-+
-+LIB_LDAP=""
-+case "$with_ldap" in
-+ no) true;;
-+ ""|yes) AC_CHECK_LIB(ldap, ldap_open,
-+ AC_DEFINE(HAVE_LDAP)
-+ LIB_LDAP="-lldap -llber",
-+ with_ldap=no);;
-+ *) if test -d ${with_ldap}/include/ldap; then
-+ CPPFLAGS="${CPPFLAGS} -I${with_ldap}/include/ldap"
-+ else
-+ CPPFLAGS="${CPPFLAGS} -I${with_ldap}/include"
-+ fi
-+ if test -d ${with_ldap}/lib/ldap; then
-+ LDFLAGS="$LDFLAGS -L${with_ldap}/lib/ldap"
-+ fi
-+ AC_DEFINE(HAVE_LDAP)
-+ LIB_LDAP="-lldap -llber";;
-+esac
-+AC_SUBST(LIB_LDAP)
-+
- dnl CRAM-MD5
- AC_ARG_ENABLE(cram, [ --enable-cram enable CRAM-MD5 authentication [yes] ],
- cram=$enableval,
-@@ -445,11 +533,15 @@
- fi
-
- if test "$with_des" != no; then
-+ case "$host_os" in
-+ freebsd*)
-+ COM_ERR="-lcom_err"
-+ ;;
-+ esac
- AC_CHECK_HEADER(krb.h,
-- AC_CHECK_LIB(krb, krb_mk_priv, COM_ERR="",
-- AC_CHECK_LIB(krb, krb_mk_priv, COM_ERR="-lcom_err",
-- AC_WARN(No Kerberos V4 found); krb4=no, -ldes -lcom_err),
-- -ldes),
-+ AC_CHECK_LIB(krb, krb_mk_priv,:,
-+ AC_WARN(No Kerberos V4 found); krb4=no,
-+ -ldes $COM_ERR),
- AC_WARN(No Kerberos V4 found); krb4=no)
- else
- AC_WARN(No DES library found for Kerberos V4 support)
-diff -ruN --exclude *.orig cyrus-sasl-1.5.27.orig/doc/sysadmin.html cyrus-sasl-1.5.27/doc/sysadmin.html
---- cyrus-sasl-1.5.27.orig/doc/sysadmin.html Sat Feb 17 06:06:33 2001
-+++ cyrus-sasl-1.5.27/doc/sysadmin.html Tue Apr 24 17:02:53 2001
-@@ -171,6 +171,43 @@
- <dt><i>pwcheck</i><dd> checks passwords with the use of a seperate,
- helper daemon. <b>needs to be documented.</b><p>
+ DISTFILES = $(DIST_COMMON) $(SOURCES) $(HEADERS) $(TEXINFOS) $(EXTRA_DIST)
-+<dt><i>mysql</i><dd> A MySQL database can be used for plaintext
-+ password checking by setting "pwcheck_method" to "mysql".<p>
-+
-+ <p>The following SASL options are used for MySQL Authentication:<p>
-+
-+ <dl>
-+ <dd>mysql_user: <user></dd>
-+ <dd>mysql_passwd: <cleartext pw></dd>
-+ <dd>mysql_host: <host></dd>
-+ <dd>mysql_database: <database></dd>
-+ <dd>mysql_table: <table></dd>
-+ <dd>mysql_uidcol: <username col></dd>
-+ <dd>mysql_pwdcol: <password col></dd>
-+ </dl>
-+
-+ <p>MySQL pwcheck_method created by <a href="mailto:dmz@dmzs.com">David Matthew Zendzian</a>
-+ the original patch may be found at <a href="http://www.dmzs.com/~dmz/projects/cyrus/">http://www.dmzs.com/~dmz/projects/cyrus/</a>.<p>
-+
-+<dt><i>ldap</i><dd> A LDAP server can be used for plaintext password
-+ checking by setting "pwcheck_method" to "ldap".<p>
-+
-+ <p>The following SASL options are used for LDAP Authentication:<p>
-+
-+ <dl>
-+ <dd>ldap_server: <LDAP Server [localhost]>
-+ <dd>ldap_basedn: <LDAP base dn>
-+ <dd>ldap_uidattr: <LDAP uid attribute [uid]>
-+ <dd>ldap_port: <LDAP port [389]>
-+ </dl>
-+
-+ <p>It is a requirement that "ldap_basedn" be set to the appropriate
-+ value for your site<br>
-+ (ex. ldap_basedn: o=surf, c=UK)<p>
-+
-+ <p>LDAP pwcheck_method created by <a href="mailto:simon@surf.org.uk">Simon@surf.org.uk</a>
-+ the original patch may be found at <a href="http://www.surf.org.uk/">http://www.surf.org.uk/</a>.<p>
-+
- <dt><i>write your own</i><dd> Last, but not least, the most flexible
- method of authentication for PLAIN is to write your own. If you do
- so, any application that calls the "<tt>sasl_checkpass()</tt>"
-diff -ruN --exclude *.orig cyrus-sasl-1.5.27.orig/lib/Makefile.am cyrus-sasl-1.5.27/lib/Makefile.am
---- cyrus-sasl-1.5.27.orig/lib/Makefile.am Sat Mar 10 06:56:41 2001
-+++ cyrus-sasl-1.5.27/lib/Makefile.am Tue Apr 24 17:06:04 2001
+-TAR = gtar
++TAR = tar
+ GZIP_ENV = --best
+ SOURCES = $(makemd5_SOURCES)
+ OBJECTS = $(makemd5_OBJECTS)
+--- ./lib/Makefile.am.orig Sat Mar 10 05:56:41 2001
++++ ./lib/Makefile.am Thu Mar 28 12:40:16 2002
@@ -53,5 +53,5 @@
EXTRA_libsasl_la_SOURCES = db_none.c db_ndbm.c db_gdbm.c db_berkeley.c db_testw32.c
libsasl_la_LDFLAGS = -version-info $(sasl_version)
libsasl_la_DEPENDENCIES = $(SASL_DB_BACKEND) @LTLIBOBJS@
-libsasl_la_LIBADD = @LTLIBOBJS@ $(SASL_DB_BACKEND) $(SASL_DB_LIB) $(SASL_DL_LIB) $(PLAIN_LIBS) $(GSSAPIBASE_LIBS) $(GSSAPI_LIBS) $(LIB_SOCKET)
-+libsasl_la_LIBADD = @LTLIBOBJS@ $(SASL_DB_BACKEND) $(SASL_DB_LIB) $(SASL_DL_LIB) $(PLAIN_LIBS) $(GSSAPIBASE_LIBS) $(GSSAPI_LIBS) $(LIB_SOCKET) $(LIB_LDAP) $(LIB_MYSQL)
++libsasl_la_LIBADD = @LTLIBOBJS@ $(SASL_DB_BACKEND) $(SASL_DB_LIB) $(SASL_DL_LIB) $(PLAIN_LIBS) ${LIB_LDAP} ${LIB_MYSQL}
# PLAIN_LIBS are linked in for sasl_checkpass
-diff -ruN --exclude *.orig cyrus-sasl-1.5.27.orig/lib/checkpw.c cyrus-sasl-1.5.27/lib/checkpw.c
---- cyrus-sasl-1.5.27.orig/lib/checkpw.c Sat Feb 17 06:06:48 2001
-+++ cyrus-sasl-1.5.27/lib/checkpw.c Tue Apr 24 17:09:32 2001
-@@ -51,11 +51,11 @@
- #include <assert.h>
- #ifdef HAVE_UNISTD_H
- #include <unistd.h>
--#endif
-+#endif /* HAVE_UNISTD_H */
-
- #ifdef HAVE_KRB
- #include <krb.h>
--#endif
-+#endif /* HAVE_KRB */
+--- ./lib/Makefile.in.orig Sat Mar 24 01:48:13 2001
++++ ./lib/Makefile.in Thu Mar 28 12:57:25 2002
+@@ -119,6 +119,8 @@
+ LIBTOOL = @LIBTOOL@
+ LIB_CRYPT = @LIB_CRYPT@
+ LIB_DES = @LIB_DES@
++LIB_LDAP = @LIB_LDAP@
++LIB_MYSQL = @LIB_MYSQL@
+ LIB_PAM = @LIB_PAM@
+ LIB_SIA = @LIB_SIA@
+ LIB_SOCKET = @LIB_SOCKET@
+@@ -156,7 +158,7 @@
+ EXTRA_libsasl_la_SOURCES = db_none.c db_ndbm.c db_gdbm.c db_berkeley.c db_testw32.c
+ libsasl_la_LDFLAGS = -version-info $(sasl_version)
+ libsasl_la_DEPENDENCIES = $(SASL_DB_BACKEND) @LTLIBOBJS@
+-libsasl_la_LIBADD = @LTLIBOBJS@ $(SASL_DB_BACKEND) $(SASL_DB_LIB) $(SASL_DL_LIB) $(PLAIN_LIBS) $(GSSAPIBASE_LIBS) $(GSSAPI_LIBS) $(LIB_SOCKET)
++libsasl_la_LIBADD = @LTLIBOBJS@ $(SASL_DB_BACKEND) $(SASL_DB_LIB) $(SASL_DL_LIB) $(PLAIN_LIBS) ${LIB_LDAP} ${LIB_MYSQL}
+ mkinstalldirs = $(SHELL) $(top_srcdir)/config/mkinstalldirs
+ CONFIG_HEADER = ../config.h
+ CONFIG_CLEAN_FILES =
+@@ -179,7 +181,7 @@
- #include <stdlib.h>
+ DISTFILES = $(DIST_COMMON) $(SOURCES) $(HEADERS) $(TEXINFOS) $(EXTRA_DIST)
-@@ -96,10 +96,19 @@
- # include <sys/un.h>
- # ifdef HAVE_UNISTD_H
- # include <unistd.h>
--# endif
-+# endif /* HAVE_UNISTD_H */
+-TAR = gtar
++TAR = tar
+ GZIP_ENV = --best
+ SOURCES = $(libsasl_la_SOURCES) $(EXTRA_libsasl_la_SOURCES)
+ OBJECTS = $(libsasl_la_OBJECTS)
+--- ./lib/checkpw.c.orig Sat Feb 17 05:06:48 2001
++++ ./lib/checkpw.c Thu Mar 28 12:47:18 2002
+@@ -53,6 +53,18 @@
+ #include <unistd.h>
+ #endif
- extern int errno;
--#endif
-+#endif /* HAVE_PWCHECK || HAVE_SASLAUTHD */
-+
+#ifdef HAVE_MYSQL
+#include <mysql.h>
++#include <ctype.h>
+#endif /* HAVE_MYSQL */
-+
++
+#ifdef HAVE_LDAP
+#include <lber.h>
+#include <ldap.h>
++#include <ctype.h>
+#endif /* HAVE_LDAP */
-
++
++
#ifdef HAVE_KRB
-
-@@ -171,7 +180,11 @@
+ #include <krb.h>
+ #endif
+@@ -171,12 +183,20 @@
memcpy (&temp_key, "kerberos", 8);
des_fixup_key_parity (&temp_key);
des_key_sched (&temp_key, schedule);
memcpy (&temp_key, &ivec, sizeof temp_key);
des_fixup_key_parity (&temp_key);
-@@ -211,10 +224,17 @@
+ des_key_sched (&temp_key, schedule);
+- des_cbc_cksum ((des_cblock *)password, key, passlen, schedule, &ivec);
++#ifdef __FreeBSD__
++ des_cbc_cksum ((const unsigned char*)password, key, passlen, schedule, &ivec);
++#else
++ des_cbc_cksum ((des_cblock char*)password, key, passlen, schedule, &ivec);
++#endif
+
+ des_fixup_key_parity (key);
+
+@@ -211,10 +231,17 @@
return (str);
}
{
memcpy (returned_key, key, sizeof(des_cblock));
return 0;
-@@ -1015,7 +1035,7 @@
+@@ -1015,7 +1042,7 @@
/* pwcheck daemon-authenticated login */
const char *userid,
const char *passwd,
const char *service __attribute__((unused)),
-@@ -1030,8 +1050,10 @@
+@@ -1030,8 +1057,10 @@
static char response[1024];
int start, n;
char pwpath[1024];
if (reply) { *reply = NULL; }
-@@ -1183,6 +1205,225 @@
+@@ -1183,6 +1212,447 @@
#endif
+/* DMZ mysql auth 12/29/1999
+ * Updated to 1.5.24 by SWH 09/12/2000
+ * changed to malloc qbuf Simon Loader 10/21/2000
++ * Oh look the changelog for it all
+ */
+#ifdef USE_CRYPT_PASSWORD
+#define QUERY_STRING "select %s from %s where %s = '%s' and %s = password('%s')"
+ const char **reply)
+{
+ unsigned int numrows;
-+ MYSQL mysql,*sock;
++ MYSQL mysql,*sock = NULL;
+ MYSQL_RES *result;
+ char *qbuf;
++ char *cur_host;
+ char *db_user="",
+ *db_passwd="",
+ *db_host="",
+ *db_uidcol="",
+ *db_pwcol="",
+ *db_database="",
++ *escap_userid="",
++ *escap_password="",
+ *db_table="";
+ sasl_getopt_t *getopt;
+ void *context;
+ if (!db_pwcol) db_pwcol = "";
+ }
+
-+ if (!(sock = mysql_connect(&mysql,db_host,db_user,db_passwd)))
-+ {
++ /* db_host is a list of servers like this
++ ** server1 , sever2 , server3 etc.
++ */
++ cur_host = db_host;
++ while ( cur_host != NULL || sock == NULL) {
++ db_host = strchr(db_host,',');
++ if ( db_host != NULL ) {
++ db_host[0] = 0x00;
++ /* loop till we find some text */
++ while (!isalnum(db_host[0]) )
++ db_host++;
++ }
++ sock = mysql_connect(&mysql,db_host,db_user,db_passwd);
++ cur_host = db_host;
++ }
++ if ( sock == NULL ) {
+ if (reply) { *reply = "cannot connect to MySQL server"; }
+ return SASL_FAIL;
+ }
+
-+ if (mysql_select_db(sock,db_database) < 0)
-+ {
++ if (mysql_select_db(sock,db_database) < 0) {
+ mysql_close(sock);
+ if (reply) { *reply = "cannot select MySQL database"; }
+ return SASL_FAIL;
+ }
++
+ /* select DB_UIDCOL from DB_TABLE where DB_UIDCOL = 'userid' AND DB_PWCOL = password('password') */
++ /* first we must escape any strange characters to be inserted into the query string
++ ** that is userid and password
++ */
++ /* first allocate some memory */
++ if ( (escap_userid = (char *)malloc(strlen(userid)*2+1))== NULL ||
++ (escap_password = (char *)malloc(strlen(password)*2+1)) == NULL ) {
++ if (reply) {
++ *reply = "Cannot malloc memory for escaped chars";
++ }
++ return SASL_FAIL;
++ }
++ /* these should just work */
++ mysql_real_escape_string(&mysql,escap_userid,userid,strlen(userid));
++ mysql_real_escape_string(&mysql,escap_password,password,strlen(password));
++
+ if ( (qbuf = (char *)malloc(strlen(QUERY_STRING)+strlen(db_uidcol)
+ +strlen(db_table)+strlen(db_uidcol)
+ +strlen(userid)+strlen(db_pwcol)
+ }
+ return SASL_FAIL;
+ }
-+ sprintf(qbuf,QUERY_STRING,db_uidcol,db_table,db_uidcol,userid,db_pwcol,password);
++ sprintf(qbuf,QUERY_STRING,db_uidcol,db_table,db_uidcol,escap_userid,db_pwcol,escap_password);
+ if (mysql_query(sock,qbuf) < 0 || !(result=mysql_store_result(sock)))
+ {
+ free(qbuf);
+/* simon@surf.org.uk LDAP auth 07/11/2000
+ * Updated to 1.5.24 by SWH 09/12/2000
+ * changed to use malloc and simplify the auth by Simon@surf.org.uk 10/21/2000
-+ */
++ * Added LDAP_FILTER, LDAP_DN, and LDAP_PASSWD -- 07/18/2001
++ * Changed LDAP_DN to LDAP_BIND_DN and LDAP_PASSWD to LDAP_BIND_PW -- 08/08/2001
++ * Kevin J. Menard, Jr. <kmenard@wpi.edu>
++ * Added SSL mode and filter mode - simon@surf.org.uk 08/22/2001
++ (are these USA dates or English ?)
++*/
++
+
+#define LDAP_SERVER "localhost"
+#define LDAP_BASEDN "o=JOFA, c=UK"
+#define LDAP_UIDATTR "uid"
++#define LDAP_FILTER ""
++#define LDAP_BIND_DN NULL
++#define LDAP_BIND_PW NULL
++
+
+#ifndef TRUE
+# define TRUE 1
+# define FALSE 0
+#endif
+
++#ifndef LDAP_NO_ATTRS
++#define LDAP_NO_ATTRS "1.1"
++#endif
+static int ldap_isdigits(char *value)
+{
-+ char *ptr;
-+ int num = TRUE;
-+
-+ for (ptr = value; *ptr != '\0' && num != FALSE; ptr++) {
-+ if (!isdigit(*ptr))
-+ num = FALSE;
-+ }
-+
-+ return num;
++ char *ptr;
++ int num = TRUE;
++
++ for (ptr = value; *ptr != '\0' && num != FALSE; ptr++) {
++ if (!isdigit(*ptr))
++ num = FALSE;
++ }
++
++ return num;
+}
+
++#ifdef LDAP_VENDOR_VERSION
++#define SASL_ldap_search_ext_s(ld, base, scope, filter, attrs, attrsonly, serverctrls, clientctrls, timeout, sizelimit, res) \
++ ldap_search_ext_s(ld, base, scope, filter, attrs, attrsonly, serverctrls, clientctrls, timeout, sizelimit, res)
++#define SASL_ldap_memfree(dn) ldap_memfree(dn)
++#else
++#define SASL_ldap_search_ext_s(ld, base, scope, filter, attrs, attrsonly, serverctrls, clientctrls, timeout, sizelimit, res) \
++ ldap_search_st(ld, base, scope, filter, attrs, attrsonly, timeout, res)
++#define SASL_ldap_memfree(dn) free(dn)
++#endif
++
+static int ldap_verify_password(sasl_conn_t *conn,
+ const char *userid,
+ const char *password,
+ const char *user_realm __attribute__((unused)),
+ const char **reply)
+{
++
++ LDAP *ld = NULL;
++ char *cur_server = NULL;
++ char *dn,
++ *filter="",
++ *ldap_server="",
++ *ldap_basedn="",
++ *ldap_uidattr="",
++ *ldap_filter="",
++ *ldap_bind_dn="",
++ *ldap_bind_pw="",
++ *ldap_filter_mode="",
++ *port_num="",
++ *alias_deref="";
++ int ldap_deref=LDAP_DEREF_NEVER;
++ int malloc_size; /* safety net */
++ int ldap_filter_flag = 0;
++ int ldap_port = LDAP_PORT;
++ sasl_getopt_t *getopt;
++ void *context;
++ LDAPMessage *result, *e;
++ char *attrs[]={LDAP_NO_ATTRS, NULL};
++#ifdef LDAP_OPT_X_TLS
++ char *ldap_ssl="";
++ int ldap_ssl_flag = 0;
++ int tls_option;
++#endif
++
++
++ /* If the password is NULL, reject the login...
++ * Otherwise the bind will succed as a reference bind. Not good...
++ */
++ if (strcmp(password,"") == 0 || strcmp(userid,"") == 0) {
++ return SASL_BADPARAM;
++ }
++
++ if (reply) { *reply = NULL; }
++
++ /* check to see if the user configured a ldap stuff */
++ if ( _sasl_getcallback(conn, SASL_CB_GETOPT, &getopt, &context) != SASL_OK) {
++ *reply = "SASL LDAP Method couldnt find getopt callback";
++ return(SASL_BADPARAM);
++ }
+
-+ LDAP *ld;
-+ char *dn,
-+ *ldap_server="",
-+ *ldap_basedn="",
-+ *ldap_uidattr="",
-+ *port_num="";
-+ int ldap_port = LDAP_PORT;
-+ sasl_getopt_t *getopt;
-+ void *context;
-+
-+ /* If the password is NULL, reject the login...
-+ * Otherwise the bind will succed as a reference bind. Not good...
-+ */
-+ if (strcmp(password,"") == 0 || strcmp(userid,"") == 0) {
-+ return SASL_BADPARAM;
-+ }
++ /* basic server infomation */
++ getopt(context, NULL, "ldap_server", (const char **) &ldap_server, NULL);
++ if (!ldap_server) ldap_server = LDAP_SERVER;
++ getopt(context, NULL, "ldap_basedn", (const char **) &ldap_basedn, NULL);
++ if (!ldap_basedn) {
++ if (reply) { *reply = "ldap_basedn not defined"; }
++ return SASL_BADPARAM;
++ }
++ getopt(context, NULL, "ldap_uidattr", (const char **) &ldap_uidattr, NULL);
++ if (!ldap_uidattr) { ldap_uidattr = LDAP_UIDATTR; }
+
-+ if (reply) { *reply = NULL; }
++ /* should probabaly do something if in SSL Mode */
++ getopt(context, NULL, "ldap_port", (const char **) &port_num, NULL);
++ if (!port_num) {
++ ldap_port = LDAP_PORT;
++ } else if (!ldap_isdigits(port_num)) {
++ if (reply) { *reply = "ldap_port - invalid value"; }
++ return SASL_BADPARAM;
++ } else {
++ ldap_port = atoi(port_num);
++ }
++ /* get filter information (if present) */
++ getopt(context, NULL, "ldap_filter", (const char **) &ldap_filter, NULL);
++ if (!ldap_filter) { ldap_filter = LDAP_FILTER; }
++ getopt(context, NULL, "ldap_bind_dn", (const char **) &ldap_bind_dn, NULL);
++ if (!ldap_bind_dn) { ldap_bind_dn = LDAP_BIND_DN; }
++ getopt(context, NULL, "ldap_bind_pw", (const char **) &ldap_bind_pw, NULL);
++ if (!ldap_bind_pw) { ldap_bind_pw = LDAP_BIND_PW; }
++ getopt(context, NULL, "ldap_alias_deref", (const char **) &alias_deref, NULL);
++
++ if (*alias_deref == 'n' || *alias_deref =='N')
++ { ldap_deref=LDAP_DEREF_NEVER; }
++ if (*alias_deref == 's' || *alias_deref =='S')
++ { ldap_deref=LDAP_DEREF_SEARCHING; }
++ if (*alias_deref == 'f' || *alias_deref =='F')
++ { ldap_deref=LDAP_DEREF_FINDING; }
++ if (*alias_deref == 'a' || *alias_deref =='A')
++ { ldap_deref=LDAP_DEREF_ALWAYS; }
++ /* test for ssl mode */
++ /* this will only work with openldap > v2
++ ** (the other ldap stuff I dont know)
++ */
++#ifdef LDAP_OPT_X_TLS
++ getopt(context, NULL, "ldap_ssl", (const char **) &ldap_ssl, NULL);
++ /* this is taken from the auto transition section */
++ if (ldap_ssl == NULL ) { ldap_ssl = "n"; }
++ if (*ldap_ssl == '1' || *ldap_ssl == 'y' ||
++ (*ldap_ssl == 'o' && ldap_ssl[1] == 'n') || *ldap_ssl == 't') {
++ /* ok switch on ldap ssl mode */
++ ldap_ssl_flag = 1;
++ }
++#endif
++ /* test for filter mode */
++ getopt(context, NULL, "ldap_filter_mode", (const char **) &ldap_filter_mode, NULL);
++ /* this is taken from the auto transition section */
++ if (ldap_filter_mode == NULL ) { ldap_filter_mode = "n"; }
++ if (*ldap_filter_mode == '1' || *ldap_filter_mode == 'y' ||
++ (*ldap_filter_mode == 'o' && ldap_filter_mode[1] == 'n')
++ || *ldap_filter_mode == 't') {
++ /* ok switch on ldap ssl mode */
++ ldap_filter_flag = 1;
++ }
++
++ /* Open the LDAP connection. */
++ cur_server = ldap_server;
++ while ( cur_server != NULL && ld == NULL) {
++ ldap_server = strchr(ldap_server,',');
++ if ( ldap_server != NULL ) {
++ ldap_server[0] = 0x00;
++ /* loop till we find some text */
++ while (!isalnum(ldap_server[0]) )
++ ldap_server++;
++ }
++ ld = ldap_init(cur_server,ldap_port);
++ cur_server = ldap_server;
++ }
++ if (ld == NULL) {
++ if (reply) { *reply = "cannot connect to LDAP server"; }
++ return SASL_FAIL;
++ }
++ /* setting dereferensing aliases mode */
++ if (ldap_set_option(ld, LDAP_OPT_DEREF, (void *) &ldap_deref) != LDAP_OPT_SUCCESS) {
++ if (reply) {
++ *reply = "cannot set deref options";
++ }
++ return SASL_FAIL;
++ }
++ /* set ssl mode if needed */
++#ifdef LDAP_OPT_X_TLS
++ if ( ldap_ssl_flag ) {
++ ldap_set_option(ld, LDAP_OPT_X_TLS, (void *)&tls_option);
++ }
++#endif
++
++ /* either run the filter or just bind as them ? */
++
++ /*
++ * Kevin J. Menard, Jr. <kmenard@wpi.edu>. -- 07/18/2001
++ * Added search code. First search for the UID and filter, then
++ * attempt to bind with the search result.
++ */
++ if ( ldap_filter_flag ) {
++ /* Bind as the user given (or anonymous) */
++ if (ldap_simple_bind_s(ld,ldap_bind_dn,ldap_bind_pw) != LDAP_SUCCESS) {
++ ldap_unbind(ld);
++ return SASL_BADAUTH;
++ }
+
-+ /* check to see if the user configured a mysqluser/passwd/host/etc */
-+ if (_sasl_getcallback(conn, SASL_CB_GETOPT, &getopt, &context) == SASL_OK) {
-+ getopt(context, NULL, "ldap_server", (const char **) &ldap_server, NULL);
-+ if (!ldap_server) ldap_server = LDAP_SERVER;
-+ getopt(context, NULL, "ldap_basedn", (const char **) &ldap_basedn, NULL);
-+ if (!ldap_basedn) {
-+ if (reply) { *reply = "ldap_basedn not defined"; }
-+ return SASL_BADPARAM;
++ malloc_size = strlen(ldap_uidattr)+strlen(userid)+strlen(ldap_filter)+8;
++ /* allocate memory to filter */
++ if ( (filter = (char *)malloc(malloc_size)) == NULL ) {
++ if (reply) {
++ *reply = "cannot allocate memory for ldap search filter";
+ }
-+ getopt(context, NULL, "ldap_uidattr", (const char **) &ldap_uidattr, NULL);
-+ if (!ldap_uidattr) ldap_uidattr = LDAP_UIDATTR;
-+ getopt(context, NULL, "ldap_port", (const char **) &port_num, NULL);
-+ if (!port_num) {
-+ ldap_port = LDAP_PORT;
-+ } else if (!ldap_isdigits(port_num)) {
-+ if (reply) { *reply = "ldap_port - invalid value"; }
-+ return SASL_BADPARAM;
-+ } else {
-+ ldap_port = atoi(port_num);
++ ldap_unbind(ld);
++ return SASL_FAIL;
++ }
++
++ /* Create the search filter */
++ snprintf(filter,malloc_size-1,"(&(%s=%s)%s)", ldap_uidattr, userid, ldap_filter);
++
++ /* Now do the search */
++ if (SASL_ldap_search_ext_s(ld, ldap_basedn, LDAP_SCOPE_SUBTREE, filter,
++ attrs, 0, NULL, NULL, LDAP_NO_LIMIT, 1, &result) !=
++ LDAP_SUCCESS) {
++ free(filter);
++ ldap_unbind(ld);
++ return SASL_BADAUTH;
++ }
++
++ /* Now get the entry from the search results */
++ if ( (e = ldap_first_entry(ld, result)) ==NULL) {
++ free(filter);
++ ldap_msgfree(result);
++ if (reply) {
++ *reply = "entry not found";
+ }
++ ldap_unbind(ld);
++ return SASL_FAIL;
++// return SASL_BADAUTH;
+ }
-+
-+ /* Open the LDAP connection. */
-+ if ((ld = ldap_open(ldap_server, ldap_port)) == NULL) {
-+ if (reply) { *reply = "cannot connect to LDAP server"; }
++
++ /* Now extract the dn */
++ if ( (dn = ldap_get_dn(ld, e)) == NULL) {
++ free(filter);
++ ldap_msgfree(result);
++ if (reply) {
++ *reply = "Cannot get DN";
++ }
++ ldap_unbind(ld);
+ return SASL_FAIL;
++// return SASL_BADAUTH;
+ }
-+
-+ if ( (dn =
-+ (char *)malloc(strlen(ldap_uidattr)+strlen(userid)+strlen(ldap_basedn)+3)) == NULL ) {
++ if (ldap_simple_bind_s(ld,dn,(char *)password) != LDAP_SUCCESS) {
++ e = NULL;
++ free(filter);
++ SASL_ldap_memfree(dn);
++ ldap_msgfree(result);
++ ldap_unbind(ld);
++ return SASL_BADAUTH;
++ }
++ e = NULL;
++ free(filter);
++ SASL_ldap_memfree(dn);
++ ldap_msgfree(result);
++
++ } else {
++ malloc_size = strlen(ldap_uidattr)+strlen(userid)+strlen(ldap_basedn)+3;
++ if ( (dn = (char *)malloc(malloc_size)) == NULL ) {
+ if (reply) {
+ *reply = "cannnot allocate memory for ldap dn";
+ }
+ return SASL_FAIL;
+ }
+ /* Generate a dn that we will try and login with */
-+ sprintf(dn,"%s=%s,%s", ldap_uidattr,userid,ldap_basedn);
++ snprintf(dn,malloc_size,"%s=%s,%s", ldap_uidattr,userid,ldap_basedn);
+
+ /*
-+ * Just try and bind with the dn we have been given
-+ * In most cases the basedn is correct.
-+ * If this is not so I have a version or that too
-+ * Simon@surf.org.uk
-+ */
-+ if (ldap_simple_bind_s(ld,dn,password) != LDAP_SUCCESS) {
++ * Just try and bind with the dn we have been given
++ * In most cases the basedn is correct.
++ * If this is not so I have a version or that too
++ * Simon@surf.org.uk
++ */
++ if (ldap_simple_bind_s(ld,dn,(char *)password) != LDAP_SUCCESS) {
+ free(dn);
+ ldap_unbind(ld);
+ return SASL_BADAUTH;
+ }
+ free(dn);
-+ ldap_unbind(ld);
-+ return SASL_OK;
++ }
++
++
++ ldap_unbind(ld);
++ return SASL_OK;
+}
+
+#endif /* HAVE_LDAP */
struct sasl_verify_password_s _sasl_verify_password[] = {
{ "sasldb", &sasldb_verify_password },
#ifdef HAVE_KRB
-@@ -1205,6 +1446,12 @@
+@@ -1205,6 +1675,12 @@
#endif
#ifdef HAVE_PWCHECK
{ "pwcheck", &pwcheck_verify_password },
#endif
#ifdef HAVE_SASLAUTHD
{ "saslauthd", &saslauthd_verify_password },
-diff -ruN --exclude *.orig cyrus-sasl-1.5.27.orig/plugins/kerberos4.c cyrus-sasl-1.5.27/plugins/kerberos4.c
---- cyrus-sasl-1.5.27.orig/plugins/kerberos4.c Sat Mar 10 06:56:46 2001
-+++ cyrus-sasl-1.5.27/plugins/kerberos4.c Tue Apr 24 17:02:53 2001
+--- ./plugins/Makefile.in.orig Sat Mar 24 01:48:13 2001
++++ ./plugins/Makefile.in Thu Mar 28 13:01:27 2002
+@@ -123,6 +123,8 @@
+ LIBTOOL = @LIBTOOL@
+ LIB_CRYPT = @LIB_CRYPT@
+ LIB_DES = @LIB_DES@
++LIB_LDAP = @LIB_LDAP@
++LIB_MYSQL = @LIB_MYSQL@
+ LIB_PAM = @LIB_PAM@
+ LIB_SIA = @LIB_SIA@
+ LIB_SOCKET = @LIB_SOCKET@
+@@ -237,7 +239,7 @@
+
+ DISTFILES = $(DIST_COMMON) $(SOURCES) $(HEADERS) $(TEXINFOS) $(EXTRA_DIST)
+
+-TAR = gtar
++TAR = tar
+ GZIP_ENV = --best
+ SOURCES = $(libplain_la_SOURCES) $(libanonymous_la_SOURCES) $(libkerberos4_la_SOURCES) $(libcrammd5_la_SOURCES) $(libscrammd5_la_SOURCES) $(libgssapiv2_la_SOURCES) $(libdigestmd5_la_SOURCES) $(liblogin_la_SOURCES) $(libsrp_la_SOURCES)
+ OBJECTS = $(libplain_la_OBJECTS) $(libanonymous_la_OBJECTS) $(libkerberos4_la_OBJECTS) $(libcrammd5_la_OBJECTS) $(libscrammd5_la_OBJECTS) $(libgssapiv2_la_OBJECTS) $(libdigestmd5_la_OBJECTS) $(liblogin_la_OBJECTS) $(libsrp_la_OBJECTS)
+--- ./plugins/kerberos4.c.orig Sat Mar 10 05:56:46 2001
++++ ./plugins/kerberos4.c Thu Mar 28 12:40:17 2002
@@ -698,8 +698,13 @@
/* decrypt; verify checksum */
clientinlen,
text->init_keysched,
&text->session,
+@@ -1220,9 +1225,14 @@
+ len++;
+ }
+ sout[len]=0;
++#ifdef __FreeBSD__
++ des_pcbc_encrypt((const unsigned char *)sout,
++ (unsigned char *)sout,
++#else
+
+ des_pcbc_encrypt((des_cblock *)sout,
+ (des_cblock *)sout,
++#endif
+ len,
+ text->init_keysched,
+ (des_cblock *)text->session,
+--- ./utils/Makefile.in.orig Sat Mar 24 01:48:13 2001
++++ ./utils/Makefile.in Thu Mar 28 13:03:28 2002
+@@ -119,6 +119,8 @@
+ LIBTOOL = @LIBTOOL@
+ LIB_CRYPT = @LIB_CRYPT@
+ LIB_DES = @LIB_DES@
++LIB_LDAP = @LIB_LDAP@
++LIB_MYSQL = @LIB_MYSQL@
+ LIB_PAM = @LIB_PAM@
+ LIB_SIA = @LIB_SIA@
+ LIB_SOCKET = @LIB_SOCKET@
+@@ -211,7 +213,7 @@
+
+ DISTFILES = $(DIST_COMMON) $(SOURCES) $(HEADERS) $(TEXINFOS) $(EXTRA_DIST)
+
+-TAR = gtar
++TAR = tar
+ GZIP_ENV = --best
+ SOURCES = $(libsfsasl_la_SOURCES) testsuite.c dbconverter-1.5.9.c saslpasswd.c sasldblistusers.c
+ OBJECTS = $(libsfsasl_la_OBJECTS) testsuite.o dbconverter-1.5.9.o saslpasswd.o sasldblistusers.o
+--- ./doc/Makefile.in.orig Sat Mar 24 01:48:13 2001
++++ ./doc/Makefile.in Thu Mar 28 13:03:42 2002
+@@ -120,6 +120,8 @@
+ LIBTOOL = @LIBTOOL@
+ LIB_CRYPT = @LIB_CRYPT@
+ LIB_DES = @LIB_DES@
++LIB_LDAP = @LIB_LDAP@
++LIB_MYSQL = @LIB_MYSQL@
+ LIB_PAM = @LIB_PAM@
+ LIB_SIA = @LIB_SIA@
+ LIB_SOCKET = @LIB_SOCKET@
+@@ -155,7 +157,7 @@
+
+ DISTFILES = $(DIST_COMMON) $(SOURCES) $(HEADERS) $(TEXINFOS) $(EXTRA_DIST)
+
+-TAR = gtar
++TAR = tar
+ GZIP_ENV = --best
+ all: all-redirect
+ .SUFFIXES:
+--- ./doc/sysadmin.html.orig Sat Feb 17 05:06:33 2001
++++ ./doc/sysadmin.html Thu Mar 28 12:40:18 2002
+@@ -171,6 +171,66 @@
+ <dt><i>pwcheck</i><dd> checks passwords with the use of a seperate,
+ helper daemon. <b>needs to be documented.</b><p>
+
++<dt><i>mysql</i><dd> A MySQL database can be used for plaintext
++ password checking by setting "pwcheck_method" to "mysql".<p>
++
++ <p>The following SASL options are used for MySQL Authentication:<p>
++
++ <dl>
++ <dd>mysql_user: <user></dd>
++ <dd>mysql_passwd: <cleartext pw></dd>
++ <dd>mysql_host: <hosts separated by ,></dd>
++ <dd>mysql_database: <database></dd>
++ <dd>mysql_table: <table></dd>
++ <dd>mysql_uidcol: <username col></dd>
++ <dd>mysql_pwdcol: <password col></dd>
++ </dl>
++
++ <p>MySQL pwcheck_method created by <a href="mailto:dmz@dmzs.com">David Matthew Zendzian</a>
++ the original patch may be found at <a href="http://www.dmzs.com/~dmz/projects/cyrus/">http://www.dmzs.com/~dmz/projects/cyrus/</a>.<p>
++
++<dt><i>ldap</i><dd> A LDAP server can be used for plaintext password
++ checking by setting "pwcheck_method" to "ldap".<p>
++
++ <p>The following SASL options are used for LDAP Authentication:<p>
++
++ <dl>
++ <dd>ldap_server: <LDAP Servers separated by , [localhost]>
++ <dd>ldap_basedn: <LDAP base dn>
++ <dd>ldap_uidattr: <LDAP uid attribute [uid]>
++ <dd>ldap_port: <LDAP port [389]>
++ <dd>ldap_ssl: <yes/no/true/fasle> Use ssl (untested)
++ <dd>ldap_filter_mode: <yes/no/true/fasle> Use the filter below
++ <dd>ldap_filter: <Additional search filter
++[(objectClass=posixAccount)]>
++ <dd>ldap_bind_dn: <DN to bind with [NULL]>
++ <dd>ldap_bind_pw: <Password for DN to bind with [NULL]>
++ <dd>ldap_alias_deref: <n|s|f|a> n is default
++ </dl>
++
++ <p>It is a requirement that "ldap_basedn" be set to the appropriate
++ value for your site<br>
++ (ex. ldap_basedn: o=surf, c=UK)<p>
++
++ <p>ldap_alias_deref: n = LDAP_DEREF_NEVER<br>
++ s = LDAP_DEREF_SEARCHING<br>
++ f = LDAP_DEREF_FINDING<br>
++ a = LDAP_DEREF_ALWAYS<br>
++ If you dont know what ldap alias is just leave this alone.<br>
++
++ <p>NULL values for ldap_dn and ldap_passwd mean do an anonymous bind
++and search.<p>
++
++ <p>LDAP pwcheck_method created by <a href="mailto:simon@surf.org.uk">Simon@su
++rf.org.uk</a>
++ the original patch may be found at <a href="http://www.surf.org.uk/">http://w
++ww.surf.org.uk/</a>.<p>
++
++ <p>Search and filter ability for LDAP was added by <a href="mailto:kmenard@wp.edu">Kevin J. Menard, Jr.</a>.<p>
++ <p>Ldap alias support by mailer@cbsd.donetsk.ua<br>
++
++
++
+ <dt><i>write your own</i><dd> Last, but not least, the most flexible
+ method of authentication for PLAIN is to write your own. If you do
+ so, any application that calls the "<tt>sasl_checkpass()</tt>"
+--- ./man/Makefile.in.orig Sat Mar 24 01:48:14 2001
++++ ./man/Makefile.in Thu Mar 28 13:03:47 2002
+@@ -119,6 +119,8 @@
+ LIBTOOL = @LIBTOOL@
+ LIB_CRYPT = @LIB_CRYPT@
+ LIB_DES = @LIB_DES@
++LIB_LDAP = @LIB_LDAP@
++LIB_MYSQL = @LIB_MYSQL@
+ LIB_PAM = @LIB_PAM@
+ LIB_SIA = @LIB_SIA@
+ LIB_SOCKET = @LIB_SOCKET@
+@@ -160,7 +162,7 @@
+
+ DISTFILES = $(DIST_COMMON) $(SOURCES) $(HEADERS) $(TEXINFOS) $(EXTRA_DIST)
+
+-TAR = gtar
++TAR = tar
+ GZIP_ENV = --best
+ all: all-redirect
+ .SUFFIXES:
+--- ./pwcheck/Makefile.in.orig Sat Mar 24 01:48:14 2001
++++ ./pwcheck/Makefile.in Thu Mar 28 12:40:19 2002
+@@ -99,6 +99,8 @@
+ LIBTOOL = @LIBTOOL@
+ LIB_CRYPT = @LIB_CRYPT@
+ LIB_DES = @LIB_DES@
++LIB_LDAP = @LIB_LDAP@
++LIB_MYSQL = @LIB_MYSQL@
+ LIB_PAM = @LIB_PAM@
+ LIB_SIA = @LIB_SIA@
+ LIB_SOCKET = @LIB_SOCKET@
+@@ -153,7 +155,7 @@
+
+ DISTFILES = $(DIST_COMMON) $(SOURCES) $(HEADERS) $(TEXINFOS) $(EXTRA_DIST)
+
+-TAR = gtar
++TAR = tar
+ GZIP_ENV = --best
+ SOURCES = $(pwcheck_SOURCES) $(EXTRA_pwcheck_SOURCES)
+ OBJECTS = $(pwcheck_OBJECTS)
+--- ./sample/Makefile.in.orig Sat Mar 24 01:48:13 2001
++++ ./sample/Makefile.in Thu Mar 28 13:03:53 2002
+@@ -119,6 +119,8 @@
+ LIBTOOL = @LIBTOOL@
+ LIB_CRYPT = @LIB_CRYPT@
+ LIB_DES = @LIB_DES@
++LIB_LDAP = @LIB_LDAP@
++LIB_MYSQL = @LIB_MYSQL@
+ LIB_PAM = @LIB_PAM@
+ LIB_SIA = @LIB_SIA@
+ LIB_SOCKET = @LIB_SOCKET@
+@@ -192,7 +194,7 @@
+
+ DISTFILES = $(DIST_COMMON) $(SOURCES) $(HEADERS) $(TEXINFOS) $(EXTRA_DIST)
+
+-TAR = gtar
++TAR = tar
+ GZIP_ENV = --best
+ SOURCES = $(sample_client_SOURCES) $(sample_server_SOURCES) $(client_SOURCES) $(server_SOURCES)
+ OBJECTS = $(sample_client_OBJECTS) $(sample_server_OBJECTS) $(client_OBJECTS) $(server_OBJECTS)
+--- ./java/CyrusSasl/Makefile.in.orig Sat Mar 24 01:48:14 2001
++++ ./java/CyrusSasl/Makefile.in Thu Mar 28 12:40:20 2002
+@@ -100,6 +100,8 @@
+ LIBTOOL = @LIBTOOL@
+ LIB_CRYPT = @LIB_CRYPT@
+ LIB_DES = @LIB_DES@
++LIB_LDAP = @LIB_LDAP@
++LIB_MYSQL = @LIB_MYSQL@
+ LIB_PAM = @LIB_PAM@
+ LIB_SIA = @LIB_SIA@
+ LIB_SOCKET = @LIB_SOCKET@
+@@ -165,7 +167,7 @@
+
+ DISTFILES = $(DIST_COMMON) $(SOURCES) $(HEADERS) $(TEXINFOS) $(EXTRA_DIST)
+
+-TAR = gtar
++TAR = tar
+ GZIP_ENV = --best
+ SOURCES = $(libjavasasl_la_SOURCES)
+ OBJECTS = $(libjavasasl_la_OBJECTS)
+--- ./java/javax/security/auth/callback/Makefile.in.orig Sat Mar 24 01:48:14 2001
++++ ./java/javax/security/auth/callback/Makefile.in Thu Mar 28 12:40:20 2002
+@@ -116,6 +116,8 @@
+ LIBTOOL = @LIBTOOL@
+ LIB_CRYPT = @LIB_CRYPT@
+ LIB_DES = @LIB_DES@
++LIB_LDAP = @LIB_LDAP@
++LIB_MYSQL = @LIB_MYSQL@
+ LIB_PAM = @LIB_PAM@
+ LIB_SIA = @LIB_SIA@
+ LIB_SOCKET = @LIB_SOCKET@
+@@ -158,7 +160,7 @@
+
+ DISTFILES = $(DIST_COMMON) $(SOURCES) $(HEADERS) $(TEXINFOS) $(EXTRA_DIST)
+
+-TAR = gtar
++TAR = tar
+ GZIP_ENV = --best
+ all: all-redirect
+ .SUFFIXES:
+--- ./java/javax/security/auth/Makefile.in.orig Sat Mar 24 01:48:14 2001
++++ ./java/javax/security/auth/Makefile.in Thu Mar 28 12:40:20 2002
+@@ -116,6 +116,8 @@
+ LIBTOOL = @LIBTOOL@
+ LIB_CRYPT = @LIB_CRYPT@
+ LIB_DES = @LIB_DES@
++LIB_LDAP = @LIB_LDAP@
++LIB_MYSQL = @LIB_MYSQL@
+ LIB_PAM = @LIB_PAM@
+ LIB_SIA = @LIB_SIA@
+ LIB_SOCKET = @LIB_SOCKET@
+@@ -150,7 +152,7 @@
+
+ DISTFILES = $(DIST_COMMON) $(SOURCES) $(HEADERS) $(TEXINFOS) $(EXTRA_DIST)
+
+-TAR = gtar
++TAR = tar
+ GZIP_ENV = --best
+ all: all-redirect
+ .SUFFIXES:
+--- ./java/javax/security/Makefile.in.orig Sat Mar 24 01:48:14 2001
++++ ./java/javax/security/Makefile.in Thu Mar 28 12:40:21 2002
+@@ -116,6 +116,8 @@
+ LIBTOOL = @LIBTOOL@
+ LIB_CRYPT = @LIB_CRYPT@
+ LIB_DES = @LIB_DES@
++LIB_LDAP = @LIB_LDAP@
++LIB_MYSQL = @LIB_MYSQL@
+ LIB_PAM = @LIB_PAM@
+ LIB_SIA = @LIB_SIA@
+ LIB_SOCKET = @LIB_SOCKET@
+@@ -150,7 +152,7 @@
+
+ DISTFILES = $(DIST_COMMON) $(SOURCES) $(HEADERS) $(TEXINFOS) $(EXTRA_DIST)
+
+-TAR = gtar
++TAR = tar
+ GZIP_ENV = --best
+ all: all-redirect
+ .SUFFIXES:
+--- ./java/javax/Makefile.in.orig Sat Mar 24 01:48:14 2001
++++ ./java/javax/Makefile.in Thu Mar 28 12:40:21 2002
+@@ -116,6 +116,8 @@
+ LIBTOOL = @LIBTOOL@
+ LIB_CRYPT = @LIB_CRYPT@
+ LIB_DES = @LIB_DES@
++LIB_LDAP = @LIB_LDAP@
++LIB_MYSQL = @LIB_MYSQL@
+ LIB_PAM = @LIB_PAM@
+ LIB_SIA = @LIB_SIA@
+ LIB_SOCKET = @LIB_SOCKET@
+@@ -150,7 +152,7 @@
+
+ DISTFILES = $(DIST_COMMON) $(SOURCES) $(HEADERS) $(TEXINFOS) $(EXTRA_DIST)
+
+-TAR = gtar
++TAR = tar
+ GZIP_ENV = --best
+ all: all-redirect
+ .SUFFIXES:
+--- ./java/Makefile.in.orig Sat Mar 24 01:48:14 2001
++++ ./java/Makefile.in Thu Mar 28 12:40:21 2002
+@@ -100,6 +100,8 @@
+ LIBTOOL = @LIBTOOL@
+ LIB_CRYPT = @LIB_CRYPT@
+ LIB_DES = @LIB_DES@
++LIB_LDAP = @LIB_LDAP@
++LIB_MYSQL = @LIB_MYSQL@
+ LIB_PAM = @LIB_PAM@
+ LIB_SIA = @LIB_SIA@
+ LIB_SOCKET = @LIB_SOCKET@
+@@ -135,7 +137,7 @@
+
+ DISTFILES = $(DIST_COMMON) $(SOURCES) $(HEADERS) $(TEXINFOS) $(EXTRA_DIST)
+
+-TAR = gtar
++TAR = tar
+ GZIP_ENV = --best
+ all: all-redirect
+ .SUFFIXES:
+--- ./saslauthd/Makefile.in.orig Sat Mar 24 01:48:14 2001
++++ ./saslauthd/Makefile.in Thu Mar 28 12:40:22 2002
+@@ -75,6 +75,8 @@
+ LIBTOOL = @LIBTOOL@
+ LIB_CRYPT = @LIB_CRYPT@
+ LIB_DES = @LIB_DES@
++LIB_LDAP = @LIB_LDAP@
++LIB_MYSQL = @LIB_MYSQL@
+ LIB_PAM = @LIB_PAM@
+ LIB_SIA = @LIB_SIA@
+ LIB_SOCKET = @LIB_SOCKET@
+@@ -136,7 +138,7 @@
+
+ DISTFILES = $(DIST_COMMON) $(SOURCES) $(HEADERS) $(TEXINFOS) $(EXTRA_DIST)
+
+-TAR = gtar
++TAR = tar
+ GZIP_ENV = --best
+ SOURCES = $(saslauthd_SOURCES)
+ OBJECTS = $(saslauthd_OBJECTS)
+--- ./Makefile.in.orig Sat Mar 24 01:48:13 2001
++++ ./Makefile.in Thu Mar 28 13:04:13 2002
+@@ -119,6 +119,8 @@
+ LIBTOOL = @LIBTOOL@
+ LIB_CRYPT = @LIB_CRYPT@
+ LIB_DES = @LIB_DES@
++LIB_LDAP = @LIB_LDAP@
++LIB_MYSQL = @LIB_MYSQL@
+ LIB_PAM = @LIB_PAM@
+ LIB_SIA = @LIB_SIA@
+ LIB_SOCKET = @LIB_SOCKET@
+@@ -165,7 +167,7 @@
+
+ DISTFILES = $(DIST_COMMON) $(SOURCES) $(HEADERS) $(TEXINFOS) $(EXTRA_DIST)
+
+-TAR = gtar
++TAR = tar
+ GZIP_ENV = --best
+ DIST_SUBDIRS = include lib plugins utils doc man pwcheck sample java \
+ saslauthd
+--- ./acconfig.h.orig Sat Feb 17 05:06:28 2001
++++ ./acconfig.h Thu Mar 28 12:40:22 2002
+@@ -83,6 +83,12 @@
+ /* do we have PAM for plaintext password checking? */
+ #undef HAVE_PAM
+
++/* do we have MySQL for plaintext password checking? */
++#undef HAVE_MYSQL
++
++/* do we have LDAP for plaintext password checking? */
++#undef HAVE_LDAP
++
+ /* what flavor of GSSAPI are we using? */
+ #undef HAVE_GSS_C_NT_HOSTBASED_SERVICE
+
+--- ./aclocal.m4.orig Sat Mar 24 01:48:12 2001
++++ ./aclocal.m4 Thu Mar 28 12:56:14 2002
+@@ -262,12 +262,7 @@
+ esac
+
+ # Check for any special flags to pass to ltconfig.
+-#
+-# the following will cause an existing older ltconfig to fail, so
+-# we ignore this at the expense of the cache file... Checking this
+-# will just take longer ... bummer!
+-#libtool_flags="--cache-file=$cache_file"
+-#
++libtool_flags="--cache-file=$cache_file"
+ test "$enable_shared" = no && libtool_flags="$libtool_flags --disable-shared"
+ test "$enable_static" = no && libtool_flags="$libtool_flags --disable-static"
+ test "$enable_fast_install" = no && libtool_flags="$libtool_flags --disable-fast-install"
+@@ -566,35 +561,31 @@
+ ])
+
+ # AC_LIBLTDL_CONVENIENCE[(dir)] - sets LIBLTDL to the link flags for
+-# the libltdl convenience library and INCLTDL to the include flags for
+-# the libltdl header and adds --enable-ltdl-convenience to the
+-# configure arguments. Note that LIBLTDL and INCLTDL are not
+-# AC_SUBSTed, nor is AC_CONFIG_SUBDIRS called. If DIR is not
+-# provided, it is assumed to be `libltdl'. LIBLTDL will be prefixed
+-# with '${top_builddir}/' and INCLTDL will be prefixed with
+-# '${top_srcdir}/' (note the single quotes!). If your package is not
+-# flat and you're not using automake, define top_builddir and
+-# top_srcdir appropriately in the Makefiles.
++# the libltdl convenience library, adds --enable-ltdl-convenience to
++# the configure arguments. Note that LIBLTDL is not AC_SUBSTed, nor
++# is AC_CONFIG_SUBDIRS called. If DIR is not provided, it is assumed
++# to be `${top_builddir}/libltdl'. Make sure you start DIR with
++# '${top_builddir}/' (note the single quotes!) if your package is not
++# flat, and, if you're not using automake, define top_builddir as
++# appropriate in the Makefiles.
+ AC_DEFUN(AC_LIBLTDL_CONVENIENCE, [AC_BEFORE([$0],[AC_LIBTOOL_SETUP])dnl
+ case "$enable_ltdl_convenience" in
+ no) AC_MSG_ERROR([this package needs a convenience libltdl]) ;;
+ "") enable_ltdl_convenience=yes
+ ac_configure_args="$ac_configure_args --enable-ltdl-convenience" ;;
+ esac
+- LIBLTDL='${top_builddir}/'ifelse($#,1,[$1],['libltdl'])/libltdlc.la
+- INCLTDL='-I${top_srcdir}/'ifelse($#,1,[$1],['libltdl'])
++ LIBLTDL=ifelse($#,1,$1,['${top_builddir}/libltdl'])/libltdlc.la
++ INCLTDL=ifelse($#,1,-I$1,['-I${top_builddir}/libltdl'])
+ ])
+
+ # AC_LIBLTDL_INSTALLABLE[(dir)] - sets LIBLTDL to the link flags for
+-# the libltdl installable library and INCLTDL to the include flags for
+-# the libltdl header and adds --enable-ltdl-install to the configure
+-# arguments. Note that LIBLTDL and INCLTDL are not AC_SUBSTed, nor is
+-# AC_CONFIG_SUBDIRS called. If DIR is not provided and an installed
+-# libltdl is not found, it is assumed to be `libltdl'. LIBLTDL will
+-# be prefixed with '${top_builddir}/' and INCLTDL will be prefixed
+-# with '${top_srcdir}/' (note the single quotes!). If your package is
+-# not flat and you're not using automake, define top_builddir and
+-# top_srcdir appropriately in the Makefiles.
++# the libltdl installable library, and adds --enable-ltdl-install to
++# the configure arguments. Note that LIBLTDL is not AC_SUBSTed, nor
++# is AC_CONFIG_SUBDIRS called. If DIR is not provided, it is assumed
++# to be `${top_builddir}/libltdl'. Make sure you start DIR with
++# '${top_builddir}/' (note the single quotes!) if your package is not
++# flat, and, if you're not using automake, define top_builddir as
++# appropriate in the Makefiles.
+ # In the future, this macro may have to be called after AC_PROG_LIBTOOL.
+ AC_DEFUN(AC_LIBLTDL_INSTALLABLE, [AC_BEFORE([$0],[AC_LIBTOOL_SETUP])dnl
+ AC_CHECK_LIB(ltdl, main,
+@@ -607,8 +598,8 @@
+ ])
+ if test x"$enable_ltdl_install" = x"yes"; then
+ ac_configure_args="$ac_configure_args --enable-ltdl-install"
+- LIBLTDL='${top_builddir}/'ifelse($#,1,[$1],['libltdl'])/libltdl.la
+- INCLTDL='-I${top_srcdir}/'ifelse($#,1,[$1],['libltdl'])
++ LIBLTDL=ifelse($#,1,$1,['${top_builddir}/libltdl'])/libltdl.la
++ INCLTDL=ifelse($#,1,-I$1,['-I${top_builddir}/libltdl'])
+ else
+ ac_configure_args="$ac_configure_args --enable-ltdl-install=no"
+ LIBLTDL="-lltdl"
+--- ./config.h.in.orig Wed Mar 14 04:49:33 2001
++++ ./config.h.in Thu Mar 28 12:40:23 2002
+@@ -86,6 +86,12 @@
+ /* do we have PAM for plaintext password checking? */
+ #undef HAVE_PAM
+
++/* do we have MySQL for plaintext password checking? */
++#undef HAVE_MYSQL
++
++/* do we have LDAP for plaintext password checking? */
++#undef HAVE_LDAP
++
+ /* what flavor of GSSAPI are we using? */
+ #undef HAVE_GSS_C_NT_HOSTBASED_SERVICE
+
+--- ./configure.in.orig Sat Mar 24 01:47:27 2001
++++ ./configure.in Thu Mar 28 12:40:23 2002
+@@ -322,6 +322,94 @@
+ fi
+ AM_CONDITIONAL(PWCHECK, test "$with_pwcheck" != no)
+
++
++############################################################################
++# Simon Loader tries to do auto conf
++dnl MySQL
++AC_ARG_WITH(mysql, [ --with-mysql=PATH enable authentication from MySQL database [no] ],
++ with_mysql=$withval,
++ with_mysql=no)
++
++# fine location of library
++# prsumesing if one given then correct
++if test "${with_mysql}" = "yes"; then
++ for mysqlloc in lib/mysql lib
++ do
++ if test -f ${prefix}/${mysqlloc}/libmysqlclient.a; then
++ with_mysql="${prefix}"
++ break
++ elif test -f /usr/local/${mysqlloc}/libmysqlclient.a; then
++ with_mysql="/usr/local"
++ break
++ elif test -f /usr/${mysqlloc}/libmysqlclient.a; then
++ with_mysql="/usr"
++ break
++ fi
++ done
++fi
++
++case "$with_mysql" in
++ no) true;;
++ *)
++ if test -d ${with_mysql}/include/mysql; then
++ CPPFLAGS="${CPPFLAGS} -I${with_mysql}/include/mysql"
++ LDFLAGS="$LDFLAGS -L${with_mysql}/lib/mysql"
++ else
++ CPPFLAGS="${CPPFLAGS} -I${with_mysql}/include"
++ LDFLAGS="$LDFLAGS -L${with_mysql}/lib"
++ fi
++ AC_CHECK_LIB(mysqlclient, mysql_select_db,[
++ LIB_MYSQL="-lmysqlclient"
++ AC_DEFINE(HAVE_MYSQL)],
++ [AC_ERROR([MYSQL libarary mysqlclient not found])]);;
++
++esac
++AC_SUBST(LIB_MYSQL)
++
++dnl LDAP
++AC_ARG_WITH(ldap, [ --with-ldap=PATH enable authentication from LDAP [no] ],
++ with_ldap=$withval,
++ with_ldap=no)
++
++if test "$with_ldap" = "yes"; then
++ for ldaploc in lib/ldap lib
++ do
++ if test -f ${prefix}/${ldaploc}/libldap.a; then
++ with_ldap="${prefix}"
++ break
++ elif test -f /usr/local/${ldaploc}/libldap.a; then
++ with_ldap="/usr/local"
++ break
++ elif test -f /usr/${ldaploc}/libldap.a; then
++ with_ldap="/usr"
++ break
++ fi
++ done
++fi
++
++case "$with_ldap" in
++ no) true;;
++ *)
++ if test -d ${with_ldap}/include/ldap; then
++ CPPFLAGS="${CPPFLAGS} -I${with_ldap}/include/ldap"
++ LDFLAGS="$LDFLAGS -L${with_ldap}/lib/ldap"
++ else
++ CPPFLAGS="${CPPFLAGS} -I${with_ldap}/include"
++ LDFLAGS="$LDFLAGS -L${with_ldap}/lib"
++ fi
++ AC_CHECK_LIB(ldap, ldap_open,[
++ LIB_LDAP="-lldap -llber"
++ AC_DEFINE(HAVE_LDAP)],
++ [AC_ERROR([LDAP libarary ldap and lber not found])],
++ [-llber]);;
++esac
++AC_SUBST(LIB_LDAP)
++
++
++# end of addition
++#######################################################################
++
++
+ dnl CRAM-MD5
+ AC_ARG_ENABLE(cram, [ --enable-cram enable CRAM-MD5 authentication [yes] ],
+ cram=$enableval,