[packages/mutt.git] / mutt-sasl2.patch

diff -durN mutt-1.4.orig/configure.in mutt-1.4/configure.in
--- mutt-1.4.orig/configure.in	Fri Jan 10 11:50:30 2003
+++ mutt-1.4/configure.in	Fri Jan 10 11:50:41 2003
@@ -570,22 +570,24 @@
         then
           if test "$with_sasl" != "yes"
           then
-            CPPFLAGS="$CPPFLAGS -I$with_sasl/include"
+            CPPFLAGS="$CPPFLAGS -I$with_sasl/include/sasl"
             LDFLAGS="$LDFLAGS -L$with_sasl/lib"
+	  else
+            CPPFLAGS="$CPPFLAGS -I/usr/include/sasl"
           fi
 
           saved_LIBS="$LIBS"
 
-          AC_CHECK_LIB(sasl, sasl_client_init,,
-            AC_MSG_ERROR([could not find libsasl]),)
+          AC_CHECK_LIB(sasl2, sasl_client_init,,
+            AC_MSG_ERROR([could not find libsasl2]),)
 
           MUTT_LIB_OBJECTS="$MUTT_LIB_OBJECTS mutt_sasl.o"
-          MUTTLIBS="$MUTTLIBS -lsasl"
+          MUTTLIBS="$MUTTLIBS -lsasl2"
           LIBS="$saved_LIBS"
           AC_DEFINE(USE_SASL,1,
                   [ Define if want to use the Cyrus SASL library for POP/IMAP authentication. ])
           need_sasl=yes
-          need_md5=no
+          need_md5=yes
         fi
         ])
 AM_CONDITIONAL(USE_SASL, test x$need_sasl = xyes)
diff -durN mutt-1.4.orig/imap/auth_sasl.c mutt-1.4/imap/auth_sasl.c
--- mutt-1.4.orig/imap/auth_sasl.c	Sun Jan 13 22:16:34 2002
+++ mutt-1.4/imap/auth_sasl.c	Fri Jan 10 11:51:38 2003
@@ -34,7 +34,7 @@
   int rc, irc;
   char buf[LONG_STRING];
   const char* mech;
-  char* pc = NULL;
+  const char* pc = NULL;
   unsigned int len, olen;
   unsigned char client_start;
 
@@ -63,15 +63,13 @@
     if (mutt_bit_isset (idata->capabilities, AUTH_ANON) &&
 	(!idata->conn->account.user[0] ||
 	 !ascii_strncmp (idata->conn->account.user, "anonymous", 9)))
-      rc = sasl_client_start (saslconn, "AUTH=ANONYMOUS", NULL, NULL, &pc, &olen,
-			      &mech);
+      rc = sasl_client_start (saslconn, "AUTH=ANONYMOUS", NULL, &pc, &olen, &mech);
   }
   
   if (rc != SASL_OK && rc != SASL_CONTINUE)
     do
     {
-      rc = sasl_client_start (saslconn, method, NULL, &interaction,
-        &pc, &olen, &mech);
+      rc = sasl_client_start (saslconn, method, &interaction, &pc, &olen, &mech);
       if (rc == SASL_INTERACT)
 	mutt_sasl_interact (interaction);
     }
@@ -109,7 +107,7 @@
     if (irc == IMAP_CMD_RESPOND)
     {
       if (sasl_decode64 (idata->cmd.buf+2, strlen (idata->cmd.buf+2), buf,
-			 &len) != SASL_OK)
+			 LONG_STRING,&len) != SASL_OK)
       {
 	dprint (1, (debugfile, "imap_auth_sasl: error base64-decoding server response.\n"));
 	goto bail;
@@ -137,10 +135,6 @@
 	dprint (1, (debugfile, "imap_auth_sasl: error base64-encoding client response.\n"));
 	goto bail;
       }
-
-      /* sasl_client_st(art|ep) allocate pc with malloc, expect me to 
-       * free it */
-      FREE (&pc);
     }
     
     if (olen || rc == SASL_CONTINUE)
diff -durN mutt-1.4.orig/mutt_sasl.c mutt-1.4/mutt_sasl.c
--- mutt-1.4.orig/mutt_sasl.c	Tue Feb 26 11:38:27 2002
+++ mutt-1.4/mutt_sasl.c	Fri Jan 10 11:50:41 2003
@@ -92,10 +92,13 @@
  * probably stop exporting mutt_sasl_get_callbacks(). */
 int mutt_sasl_client_new (CONNECTION* conn, sasl_conn_t** saslconn)
 {
-  sasl_security_properties_t secprops;
-  sasl_external_properties_t extprops;
   const char* service;
   int rc;
+  struct sockaddr_in local, remote;
+  char buf[LONG_STRING];
+  char localip[LONG_STRING], remoteip[LONG_STRING];
+  socklen_t size;
+  sasl_security_properties_t secprops;
 
   if (mutt_sasl_start () != SASL_OK)
     return -1;
@@ -112,9 +115,21 @@
       dprint (1, (debugfile, "mutt_sasl_client_new: account type unset\n"));
       return -1;
   }
-  
-  rc = sasl_client_new (service, conn->account.host,
-    mutt_sasl_get_callbacks (&conn->account), SASL_SECURITY_LAYER, saslconn);
+ 
+  size = sizeof (local);
+  if (getsockname (conn->fd, (struct sockaddr*) &local, &size))
+    return -1;
+  inet_ntop(local.sin_family, &local.sin_addr,buf,LONG_STRING);
+  sprintf(localip,"%s;%i",buf,local.sin_port);
+
+  size = sizeof(remote);
+  if (getpeername(conn->fd, (struct sockaddr*) &remote, &size))
+    return -1;
+  inet_ntop(remote.sin_family, &remote.sin_addr,buf,LONG_STRING);
+  sprintf(remoteip,"%s;%i",buf,local.sin_port);
+
+  rc = sasl_client_new (service, conn->account.host, localip, remoteip,
+    mutt_sasl_get_callbacks (&conn->account), 0, saslconn);
   
   if (rc != SASL_OK)
   {
@@ -123,40 +138,6 @@
     return -1;
   }
 
-  /*** set sasl IP properties, necessary for use with krb4 ***/
-  /* Do we need to fail if this fails? I would assume having these unset
-   * would just disable KRB4. Who wrote this code? I'm not sure how this
-   * interacts with the NSS code either, since that mucks with the fd. */
-  {
-    struct sockaddr_in local, remote;
-    socklen_t size;
-
-    size = sizeof (local);
-    if (getsockname (conn->fd, (struct sockaddr*) &local, &size))
-      return -1;
-
-    size = sizeof(remote);
-    if (getpeername(conn->fd, (struct sockaddr*) &remote, &size))
-      return -1;
-
-#ifdef SASL_IP_LOCAL
-    if (sasl_setprop(*saslconn, SASL_IP_LOCAL, &local) != SASL_OK)
-    {
-      dprint (1, (debugfile,
-	"mutt_sasl_client_new: Error setting local IP address\n"));
-      return -1;
-    }
-#endif
-
-#ifdef SASL_IP_REMOTE
-    if (sasl_setprop(*saslconn, SASL_IP_REMOTE, &remote) != SASL_OK)
-    {
-      dprint (1, (debugfile,
-	"mutt_sasl_client_new: Error setting remote IP address\n"));
-      return -1;
-    }
-#endif
-  }
 
   /* set security properties. We use NOPLAINTEXT globally, since we can
    * just fall back to LOGIN in the IMAP case anyway. If that doesn't
@@ -181,10 +162,9 @@
 #if defined(USE_SSL) && !defined(USE_NSS)
   if (conn->account.flags & M_ACCT_SSL)
   {
-    memset (&extprops, 0, sizeof (extprops));
-    extprops.ssf = conn->ssf;
-    dprint (2, (debugfile, "External SSF: %d\n", extprops.ssf));
-    if (sasl_setprop (*saslconn, SASL_SSF_EXTERNAL, &extprops) != SASL_OK)
+    sasl_ssf_t ssf=conn->ssf; 
+    dprint (2, (debugfile, "External SSF: %d\n", ssf));
+    if (sasl_setprop (*saslconn, SASL_SSF_EXTERNAL, &ssf) != SASL_OK)
     {
       dprint (1, (debugfile, "mutt_sasl_client_new: Error setting external properties\n"));
       return -1;
@@ -274,7 +254,7 @@
 
   sasldata->saslconn = saslconn;
   /* get ssf so we know whether we have to (en|de)code read/write */
-  sasl_getprop (saslconn, SASL_SSF, (void**) &sasldata->ssf);
+  sasl_getprop (saslconn, SASL_SSF, (const void**) &sasldata->ssf);
   dprint (3, (debugfile, "SASL protection strength: %u\n", *sasldata->ssf));
   /* Add SASL SSF to transport SSF */
   conn->ssf += *sasldata->ssf;
diff -durN mutt-1.4.orig/pop_auth.c mutt-1.4/pop_auth.c
--- mutt-1.4.orig/pop_auth.c	Thu Aug 30 10:11:06 2001
+++ mutt-1.4/pop_auth.c	Fri Jan 10 11:51:26 2003
@@ -41,7 +41,7 @@
   char buf[LONG_STRING];
   char inbuf[LONG_STRING];
   const char* mech;
-  char* pc = NULL;
+  const char* pc = NULL;
   unsigned int len, olen;
   unsigned char client_start;
 
@@ -56,8 +56,7 @@
 
   FOREVER
   {
-    rc = sasl_client_start (saslconn, method, NULL,
-			    &interaction, &pc, &olen, &mech);
+    rc = sasl_client_start (saslconn, method, &interaction, &pc, &olen, &mech);
     if (rc != SASL_INTERACT)
       break;
     mutt_sasl_interact (interaction);
@@ -96,7 +95,7 @@
     if (mutt_strncmp (inbuf, "+ ", 2))
       goto bail;
 
-    if (sasl_decode64 (inbuf, strlen (inbuf), buf, &len) != SASL_OK)
+    if (sasl_decode64 (inbuf, strlen (inbuf), buf, LONG_STRING, &len) != SASL_OK)
     {
       dprint (1, (debugfile, "pop_auth_sasl: error base64-decoding server response.\n"));
       goto bail;
@@ -124,10 +123,6 @@
 	dprint (1, (debugfile, "pop_auth_sasl: error base64-encoding client response.\n"));
 	goto bail;
       }
-
-      /* sasl_client_st(art|ep) allocate pc with malloc, expect me to 
-       * free it */
-      safe_free ((void *) &pc);
     }
   }
Commit	Line	Data
91233d0a	1	diff -durN mutt-1.4.orig/configure.in mutt-1.4/configure.in
ededeff7 JK	2	--- mutt-1.4.orig/configure.in Fri Jan 10 11:50:30 2003
ededeff7 JK	3	+++ mutt-1.4/configure.in Fri Jan 10 11:50:41 2003
91233d0a JK	4	@@ -570,22 +570,24 @@
	5	then
	6	if test "$with_sasl" != "yes"
	7	then
	8	- CPPFLAGS="$CPPFLAGS -I$with_sasl/include"
	9	+ CPPFLAGS="$CPPFLAGS -I$with_sasl/include/sasl"
	10	LDFLAGS="$LDFLAGS -L$with_sasl/lib"
	11	+ else
	12	+ CPPFLAGS="$CPPFLAGS -I/usr/include/sasl"
	13	fi
	14
	15	saved_LIBS="$LIBS"
	16
	17	- AC_CHECK_LIB(sasl, sasl_client_init,,
	18	- AC_MSG_ERROR([could not find libsasl]),)
	19	+ AC_CHECK_LIB(sasl2, sasl_client_init,,
	20	+ AC_MSG_ERROR([could not find libsasl2]),)
	21
	22	MUTT_LIB_OBJECTS="$MUTT_LIB_OBJECTS mutt_sasl.o"
	23	- MUTTLIBS="$MUTTLIBS -lsasl"
	24	+ MUTTLIBS="$MUTTLIBS -lsasl2"
	25	LIBS="$saved_LIBS"
	26	AC_DEFINE(USE_SASL,1,
	27	[ Define if want to use the Cyrus SASL library for POP/IMAP authentication. ])
	28	need_sasl=yes
	29	- need_md5=no
	30	+ need_md5=yes
	31	fi
	32	])
	33	AM_CONDITIONAL(USE_SASL, test x$need_sasl = xyes)
	34	diff -durN mutt-1.4.orig/imap/auth_sasl.c mutt-1.4/imap/auth_sasl.c
	35	--- mutt-1.4.orig/imap/auth_sasl.c Sun Jan 13 22:16:34 2002
ededeff7	36	+++ mutt-1.4/imap/auth_sasl.c Fri Jan 10 11:51:38 2003
91233d0a JK	37	@@ -34,7 +34,7 @@
	38	int rc, irc;
	39	char buf[LONG_STRING];
	40	const char* mech;
	41	- char* pc = NULL;
	42	+ const char* pc = NULL;
	43	unsigned int len, olen;
	44	unsigned char client_start;
	45
	46	@@ -63,15 +63,13 @@
	47	if (mutt_bit_isset (idata->capabilities, AUTH_ANON) &&
	48	(!idata->conn->account.user[0] \|\|
	49	!ascii_strncmp (idata->conn->account.user, "anonymous", 9)))
	50	- rc = sasl_client_start (saslconn, "AUTH=ANONYMOUS", NULL, NULL, &pc, &olen,
	51	- &mech);
	52	+ rc = sasl_client_start (saslconn, "AUTH=ANONYMOUS", NULL, &pc, &olen, &mech);
	53	}
	54
	55	if (rc != SASL_OK && rc != SASL_CONTINUE)
	56	do
	57	{
	58	- rc = sasl_client_start (saslconn, method, NULL, &interaction,
	59	- &pc, &olen, &mech);
	60	+ rc = sasl_client_start (saslconn, method, &interaction, &pc, &olen, &mech);
	61	if (rc == SASL_INTERACT)
	62	mutt_sasl_interact (interaction);
	63	}
	64	@@ -109,7 +107,7 @@
	65	if (irc == IMAP_CMD_RESPOND)
	66	{
	67	if (sasl_decode64 (idata->cmd.buf+2, strlen (idata->cmd.buf+2), buf,
	68	- &len) != SASL_OK)
	69	+ LONG_STRING,&len) != SASL_OK)
	70	{
	71	dprint (1, (debugfile, "imap_auth_sasl: error base64-decoding server response.\n"));
	72	goto bail;
ededeff7 JK	73	@@ -137,10 +135,6 @@
	74	dprint (1, (debugfile, "imap_auth_sasl: error base64-encoding client response.\n"));
	75	goto bail;
	76	}
	77	-
	78	- /* sasl_client_st(art\|ep) allocate pc with malloc, expect me to
	79	- * free it */
	80	- FREE (&pc);
	81	}
	82
	83	if (olen \|\| rc == SASL_CONTINUE)
91233d0a JK	84	diff -durN mutt-1.4.orig/mutt_sasl.c mutt-1.4/mutt_sasl.c
91233d0a JK	85	--- mutt-1.4.orig/mutt_sasl.c Tue Feb 26 11:38:27 2002
ededeff7	86	+++ mutt-1.4/mutt_sasl.c Fri Jan 10 11:50:41 2003
91233d0a JK	87	@@ -92,10 +92,13 @@
	88	* probably stop exporting mutt_sasl_get_callbacks(). */
	89	int mutt_sasl_client_new (CONNECTION* conn, sasl_conn_t** saslconn)
	90	{
	91	- sasl_security_properties_t secprops;
	92	- sasl_external_properties_t extprops;
	93	const char* service;
	94	int rc;
	95	+ struct sockaddr_in local, remote;
	96	+ char buf[LONG_STRING];
	97	+ char localip[LONG_STRING], remoteip[LONG_STRING];
	98	+ socklen_t size;
	99	+ sasl_security_properties_t secprops;
	100
	101	if (mutt_sasl_start () != SASL_OK)
	102	return -1;
	103	@@ -112,9 +115,21 @@
	104	dprint (1, (debugfile, "mutt_sasl_client_new: account type unset\n"));
	105	return -1;
	106	}
	107	-
	108	- rc = sasl_client_new (service, conn->account.host,
	109	- mutt_sasl_get_callbacks (&conn->account), SASL_SECURITY_LAYER, saslconn);
	110	+
	111	+ size = sizeof (local);
	112	+ if (getsockname (conn->fd, (struct sockaddr*) &local, &size))
	113	+ return -1;
	114	+ inet_ntop(local.sin_family, &local.sin_addr,buf,LONG_STRING);
ededeff7	115	+ sprintf(localip,"%s;%i",buf,local.sin_port);
91233d0a JK	116	+
	117	+ size = sizeof(remote);
	118	+ if (getpeername(conn->fd, (struct sockaddr*) &remote, &size))
	119	+ return -1;
	120	+ inet_ntop(remote.sin_family, &remote.sin_addr,buf,LONG_STRING);
ededeff7	121	+ sprintf(remoteip,"%s;%i",buf,local.sin_port);
91233d0a JK	122	+
	123	+ rc = sasl_client_new (service, conn->account.host, localip, remoteip,
	124	+ mutt_sasl_get_callbacks (&conn->account), 0, saslconn);
	125
	126	if (rc != SASL_OK)
	127	{
	128	@@ -123,40 +138,6 @@
	129	return -1;
	130	}
	131
	132	- /* set sasl IP properties, necessary for use with krb4 */
	133	- /* Do we need to fail if this fails? I would assume having these unset
	134	- * would just disable KRB4. Who wrote this code? I'm not sure how this
	135	- * interacts with the NSS code either, since that mucks with the fd. */
	136	- {
	137	- struct sockaddr_in local, remote;
	138	- socklen_t size;
	139	-
	140	- size = sizeof (local);
	141	- if (getsockname (conn->fd, (struct sockaddr*) &local, &size))
	142	- return -1;
	143	-
	144	- size = sizeof(remote);
	145	- if (getpeername(conn->fd, (struct sockaddr*) &remote, &size))
	146	- return -1;
	147	-
	148	-#ifdef SASL_IP_LOCAL
	149	- if (sasl_setprop(*saslconn, SASL_IP_LOCAL, &local) != SASL_OK)
	150	- {
	151	- dprint (1, (debugfile,
	152	- "mutt_sasl_client_new: Error setting local IP address\n"));
	153	- return -1;
	154	- }
	155	-#endif
	156	-
	157	-#ifdef SASL_IP_REMOTE
	158	- if (sasl_setprop(*saslconn, SASL_IP_REMOTE, &remote) != SASL_OK)
	159	- {
	160	- dprint (1, (debugfile,
	161	- "mutt_sasl_client_new: Error setting remote IP address\n"));
	162	- return -1;
	163	- }
	164	-#endif
	165	- }
	166
	167	/* set security properties. We use NOPLAINTEXT globally, since we can
	168	* just fall back to LOGIN in the IMAP case anyway. If that doesn't
	169	@@ -181,10 +162,9 @@
	170	#if defined(USE_SSL) && !defined(USE_NSS)
	171	if (conn->account.flags & M_ACCT_SSL)
	172	{
	173	- memset (&extprops, 0, sizeof (extprops));
	174	- extprops.ssf = conn->ssf;
	175	- dprint (2, (debugfile, "External SSF: %d\n", extprops.ssf));
	176	- if (sasl_setprop (*saslconn, SASL_SSF_EXTERNAL, &extprops) != SASL_OK)
	177	+ sasl_ssf_t ssf=conn->ssf;
	178	+ dprint (2, (debugfile, "External SSF: %d\n", ssf));
	179	+ if (sasl_setprop (*saslconn, SASL_SSF_EXTERNAL, &ssf) != SASL_OK)
	180	{
	181	dprint (1, (debugfile, "mutt_sasl_client_new: Error setting external properties\n"));
	182	return -1;
	183	@@ -274,7 +254,7 @@
	184
	185	sasldata->saslconn = saslconn;
186	/* get ssf so we know whether we have to (en\|de)code read/write */
187	- sasl_getprop (saslconn, SASL_SSF, (void**) &sasldata->ssf);
188	+ sasl_getprop (saslconn, SASL_SSF, (const void**) &sasldata->ssf);
189	dprint (3, (debugfile, "SASL protection strength: %u\n", *sasldata->ssf));
190	/* Add SASL SSF to transport SSF */
191	conn->ssf += *sasldata->ssf;
192	diff -durN mutt-1.4.orig/pop_auth.c mutt-1.4/pop_auth.c
193	--- mutt-1.4.orig/pop_auth.c Thu Aug 30 10:11:06 2001
ededeff7	194	+++ mutt-1.4/pop_auth.c Fri Jan 10 11:51:26 2003
91233d0a JK	195	@@ -41,7 +41,7 @@
	196	char buf[LONG_STRING];
	197	char inbuf[LONG_STRING];
	198	const char* mech;
	199	- char* pc = NULL;
	200	+ const char* pc = NULL;
	201	unsigned int len, olen;
	202	unsigned char client_start;
	203
	204	@@ -56,8 +56,7 @@
	205
	206	FOREVER
	207	{
	208	- rc = sasl_client_start (saslconn, method, NULL,
	209	- &interaction, &pc, &olen, &mech);
	210	+ rc = sasl_client_start (saslconn, method, &interaction, &pc, &olen, &mech);
	211	if (rc != SASL_INTERACT)
	212	break;
	213	mutt_sasl_interact (interaction);
	214	@@ -96,7 +95,7 @@
	215	if (mutt_strncmp (inbuf, "+ ", 2))
	216	goto bail;
	217
	218	- if (sasl_decode64 (inbuf, strlen (inbuf), buf, &len) != SASL_OK)
	219	+ if (sasl_decode64 (inbuf, strlen (inbuf), buf, LONG_STRING, &len) != SASL_OK)
	220	{
	221	dprint (1, (debugfile, "pop_auth_sasl: error base64-decoding server response.\n"));
	222	goto bail;
ededeff7 JK	223	@@ -124,10 +123,6 @@
	224	dprint (1, (debugfile, "pop_auth_sasl: error base64-encoding client response.\n"));
	225	goto bail;
	226	}
	227	-
	228	- /* sasl_client_st(art\|ep) allocate pc with malloc, expect me to
	229	- * free it */
	230	- safe_free ((void *) &pc);
	231	}
	232	}
	233