--- /dev/null
+diff -durN postfix-1.1.11.orig/src/lmtp/lmtp.h postfix-1.1.11/src/lmtp/lmtp.h
+--- postfix-1.1.11.orig/src/lmtp/lmtp.h Tue May 22 20:37:14 2001
++++ postfix-1.1.11/src/lmtp/lmtp.h Mon Jan 13 12:27:52 2003
+@@ -12,8 +12,8 @@
+ * SASL library.
+ */
+ #ifdef USE_SASL_AUTH
+-#include <sasl.h>
+-#include <saslutil.h>
++#include <sasl/sasl.h>
++#include <sasl/saslutil.h>
+ #endif
+
+ /*
+diff -durN postfix-1.1.11.orig/src/lmtp/lmtp_sasl_glue.c postfix-1.1.11/src/lmtp/lmtp_sasl_glue.c
+--- postfix-1.1.11.orig/src/lmtp/lmtp_sasl_glue.c Fri Jan 19 22:46:44 2001
++++ postfix-1.1.11/src/lmtp/lmtp_sasl_glue.c Mon Jan 13 12:31:32 2003
+@@ -138,10 +138,10 @@
+ {
+ switch (priority) {
+ case SASL_LOG_ERR:
+- case SASL_LOG_WARNING:
++ case SASL_LOG_WARN:
+ msg_warn("%s", message);
+ break;
+- case SASL_LOG_INFO:
++ case SASL_LOG_NOTE:
+ if (msg_verbose)
+ msg_info("%s", message);
+ break;
+@@ -318,6 +318,7 @@
+ for (cp = state->sasl_callbacks; cp->id != SASL_CB_LIST_END; cp++)
+ cp->context = (void *) state;
+ if (sasl_client_new("smtp", state->session->host,
++ NULL, NULL,
+ state->sasl_callbacks, NULL_SECFLAGS,
+ (sasl_conn_t **) &state->sasl_conn) != SASL_OK)
+ msg_fatal("per-session SASL client initialization");
+@@ -354,7 +355,7 @@
+ char *myname = "lmtp_sasl_authenticate";
+ unsigned enc_length;
+ unsigned enc_length_out;
+- char *clientout;
++ const char *clientout;
+ unsigned clientoutlen;
+ unsigned serverinlen;
+ LMTP_RESP *resp;
+@@ -376,7 +377,7 @@
+ */
+ result = sasl_client_start((sasl_conn_t *) state->sasl_conn,
+ state->sasl_mechanism_list,
+- NO_SASL_SECRET, NO_SASL_INTERACTION,
++ NO_SASL_INTERACTION,
+ &clientout, &clientoutlen, &mechanism);
+ if (result != SASL_OK && result != SASL_CONTINUE) {
+ vstring_sprintf(why, "cannot SASL authenticate to server %s: %s",
+@@ -404,7 +405,6 @@
+ STR(state->sasl_encoded), enc_length,
+ &enc_length_out) != SASL_OK)
+ msg_panic("%s: sasl_encode64 botch", myname);
+- free(clientout);
+ lmtp_chat_cmd(state, "AUTH %s %s", mechanism, STR(state->sasl_encoded));
+ } else {
+ lmtp_chat_cmd(state, "AUTH %s", mechanism);
+@@ -424,7 +424,7 @@
+ serverinlen = strlen(line);
+ VSTRING_SPACE(state->sasl_decoded, serverinlen);
+ if (sasl_decode64(line, serverinlen,
+- STR(state->sasl_decoded), &enc_length) != SASL_OK) {
++ STR(state->sasl_decoded), serverinlen, &enc_length) != SASL_OK) {
+ vstring_sprintf(why, "malformed SASL challenge from server %s",
+ state->session->namaddr);
+ return (-1);
+@@ -456,7 +456,6 @@
+ STR(state->sasl_encoded), enc_length,
+ &enc_length_out) != SASL_OK)
+ msg_panic("%s: sasl_encode64 botch", myname);
+- free(clientout);
+ } else {
+ vstring_strcat(state->sasl_encoded, "");
+ }
+diff -durN postfix-1.1.11.orig/src/smtp/smtp.h postfix-1.1.11/src/smtp/smtp.h
+--- postfix-1.1.11.orig/src/smtp/smtp.h Mon Jan 13 12:33:43 2003
++++ postfix-1.1.11/src/smtp/smtp.h Mon Jan 13 12:10:16 2003
+@@ -12,8 +12,8 @@
+ * SASL library.
+ */
+ #ifdef USE_SASL_AUTH
+-#include <sasl.h>
+-#include <saslutil.h>
++#include <sasl/sasl.h>
++#include <sasl/saslutil.h>
+ #endif
+
+ /*
+diff -durN postfix-1.1.11.orig/src/smtp/smtp_sasl_glue.c postfix-1.1.11/src/smtp/smtp_sasl_glue.c
+--- postfix-1.1.11.orig/src/smtp/smtp_sasl_glue.c Mon Jul 2 21:12:54 2001
++++ postfix-1.1.11/src/smtp/smtp_sasl_glue.c Mon Jan 13 12:17:57 2003
+@@ -138,10 +138,10 @@
+ {
+ switch (priority) {
+ case SASL_LOG_ERR:
+- case SASL_LOG_WARNING:
++ case SASL_LOG_WARN:
+ msg_warn("SASL authentication problem: %s", message);
+ break;
+- case SASL_LOG_INFO:
++ case SASL_LOG_NOTE:
+ if (msg_verbose)
+ msg_info("SASL authentication info: %s", message);
+ break;
+@@ -317,9 +317,10 @@
+ memcpy((char *) state->sasl_callbacks, callbacks, sizeof(callbacks));
+ for (cp = state->sasl_callbacks; cp->id != SASL_CB_LIST_END; cp++)
+ cp->context = (void *) state;
+- if (sasl_client_new("smtp", state->session->host,
++ if (sasl_client_new("smtp", state->session->host, NULL, NULL,
+ state->sasl_callbacks, NULL_SECFLAGS,
+ (sasl_conn_t **) &state->sasl_conn) != SASL_OK)
++
+ msg_fatal("per-session SASL client initialization");
+
+ /*
+@@ -354,7 +355,7 @@
+ char *myname = "smtp_sasl_authenticate";
+ unsigned enc_length;
+ unsigned enc_length_out;
+- char *clientout;
++ const char *clientout;
+ unsigned clientoutlen;
+ unsigned serverinlen;
+ SMTP_RESP *resp;
+@@ -362,8 +363,7 @@
+ int result;
+ char *line;
+
+-#define NO_SASL_SECRET 0
+-#define NO_SASL_INTERACTION 0
++#define NO_SASL_INTERACTION NULL
+ #define NO_SASL_LANGLIST ((const char *) 0)
+ #define NO_SASL_OUTLANG ((const char **) 0)
+
+@@ -376,7 +376,7 @@
+ */
+ result = sasl_client_start((sasl_conn_t *) state->sasl_conn,
+ state->sasl_mechanism_list,
+- NO_SASL_SECRET, NO_SASL_INTERACTION,
++ NO_SASL_INTERACTION,
+ &clientout, &clientoutlen, &mechanism);
+ if (result != SASL_OK && result != SASL_CONTINUE) {
+ vstring_sprintf(why, "cannot SASL authenticate to server %s: %s",
+@@ -404,7 +404,6 @@
+ STR(state->sasl_encoded), enc_length,
+ &enc_length_out) != SASL_OK)
+ msg_panic("%s: sasl_encode64 botch", myname);
+- free(clientout);
+ smtp_chat_cmd(state, "AUTH %s %s", mechanism, STR(state->sasl_encoded));
+ } else {
+ smtp_chat_cmd(state, "AUTH %s", mechanism);
+@@ -424,7 +423,7 @@
+ serverinlen = strlen(line);
+ VSTRING_SPACE(state->sasl_decoded, serverinlen);
+ if (sasl_decode64(line, serverinlen,
+- STR(state->sasl_decoded), &enc_length) != SASL_OK) {
++ STR(state->sasl_decoded), serverinlen, &enc_length) != SASL_OK) {
+ vstring_sprintf(why, "malformed SASL challenge from server %s",
+ state->session->namaddr);
+ return (-1);
+diff -durN postfix-1.1.11.orig/src/smtpd/smtpd.h postfix-1.1.11/src/smtpd/smtpd.h
+--- postfix-1.1.11.orig/src/smtpd/smtpd.h Mon Jan 13 12:33:43 2003
++++ postfix-1.1.11/src/smtpd/smtpd.h Mon Jan 13 12:26:29 2003
+@@ -17,8 +17,8 @@
+ * SASL library.
+ */
+ #ifdef USE_SASL_AUTH
+-#include <sasl.h>
+-#include <saslutil.h>
++#include <sasl/sasl.h>
++#include <sasl/saslutil.h>
+ #endif
+
+ /*
+@@ -69,7 +69,7 @@
+ off_t msg_size;
+ int junk_cmds;
+ #ifdef USE_SASL_AUTH
+- char *sasl_mechanism_list;
++ const char *sasl_mechanism_list;
+ char *sasl_method;
+ char *sasl_username;
+ char *sasl_sender;
+diff -durN postfix-1.1.11.orig/src/smtpd/smtpd_sasl_glue.c postfix-1.1.11/src/smtpd/smtpd_sasl_glue.c
+--- postfix-1.1.11.orig/src/smtpd/smtpd_sasl_glue.c Mon Nov 26 01:14:01 2001
++++ postfix-1.1.11/src/smtpd/smtpd_sasl_glue.c Mon Jan 13 12:27:15 2003
+@@ -117,10 +117,10 @@
+ {
+ switch (priority) {
+ case SASL_LOG_ERR:
+- case SASL_LOG_WARNING:
++ case SASL_LOG_WARN:
+ msg_warn("SASL authentication problem: %s", message);
+ break;
+- case SASL_LOG_INFO:
++ case SASL_LOG_NOTE:
+ if (msg_verbose)
+ msg_info("SASL authentication info: %s", message);
+ break;
+@@ -196,6 +196,7 @@
+ #define NO_SESSION_CALLBACKS ((sasl_callback_t *) 0)
+
+ if (sasl_server_new("smtp", var_myhostname, var_smtpd_sasl_realm,
++ NULL, NULL,
+ NO_SESSION_CALLBACKS, NO_SECURITY_LAYERS,
+ &state->sasl_conn) != SASL_OK)
+ msg_fatal("SASL per-connection server initialization");
+@@ -238,10 +239,6 @@
+
+ void smtpd_sasl_disconnect(SMTPD_STATE *state)
+ {
+- if (state->sasl_mechanism_list) {
+- free(state->sasl_mechanism_list);
+- state->sasl_mechanism_list = 0;
+- }
+ if (state->sasl_conn) {
+ sasl_dispose(&state->sasl_conn);
+ state->sasl_conn = 0;
+@@ -262,10 +259,9 @@
+ unsigned enc_length;
+ unsigned enc_length_out;
+ unsigned reply_len;
+- char *serverout = 0;
++ const char *serverout = 0;
+ unsigned serveroutlen;
+ int result;
+- const char *errstr = 0;
+
+ #define IFELSE(e1,e2,e3) ((e1) ? (e2) : (e3))
+
+@@ -289,7 +285,7 @@
+ VSTRING_SPACE(state->sasl_decoded, reply_len);
+ dec_buffer = STR(state->sasl_decoded);
+ if (sasl_decode64(init_response, reply_len,
+- dec_buffer, &dec_length) != SASL_OK)
++ dec_buffer, reply_len, &dec_length) != SASL_OK)
+ return ("501 Authentication failed: malformed initial response");
+ if (msg_verbose)
+ msg_info("%s: decoded initial response %s", myname, dec_buffer);
+@@ -298,7 +294,7 @@
+ dec_length = 0;
+ }
+ result = sasl_server_start(state->sasl_conn, sasl_method, dec_buffer,
+- dec_length, &serverout, &serveroutlen, &errstr);
++ dec_length, &serverout, &serveroutlen);
+
+ /*
+ * Repeat until done or until the client gives up.
+@@ -327,7 +323,6 @@
+ if (sasl_encode64(serverout, serveroutlen, STR(state->sasl_encoded),
+ enc_length, &enc_length_out) != SASL_OK)
+ msg_panic("%s: sasl_encode64 botch", myname);
+- free(serverout);
+ serverout = 0;
+ smtpd_chat_reply(state, "334 %s", STR(state->sasl_encoded));
+
+@@ -343,22 +338,16 @@
+ reply_len = VSTRING_LEN(state->buffer);
+ VSTRING_SPACE(state->sasl_decoded, reply_len);
+ if (sasl_decode64(vstring_str(state->buffer), reply_len,
+- STR(state->sasl_decoded), &dec_length) != SASL_OK)
++ STR(state->sasl_decoded), reply_len, &dec_length) != SASL_OK)
+ return ("501 Error: malformed authentication response");
+ if (msg_verbose)
+ msg_info("%s: decoded response: %.*s",
+ myname, (int) dec_length, STR(state->sasl_decoded));
+ result = sasl_server_step(state->sasl_conn, STR(state->sasl_decoded),
+- dec_length, &serverout, &serveroutlen, &errstr);
++ dec_length, &serverout, &serveroutlen);
+ }
+
+ /*
+- * Cleanup. What an awful interface.
+- */
+- if (serverout)
+- free(serverout);
+-
+- /*
+ * The authentication protocol was completed.
+ */
+ if (result != SASL_OK)
+@@ -370,7 +359,7 @@
+ * authentication method that was used. XXX Do not free(serverout).
+ */
+ result = sasl_getprop(state->sasl_conn, SASL_USERNAME,
+- (void **) &serverout);
++ (const void **) &serverout);
+ if (result != SASL_OK || serverout == 0)
+ msg_panic("%s: sasl_getprop SASL_USERNAME botch", myname);
+ state->sasl_username = mystrdup(serverout);