# HG changeset patch # User Michael Schloh von Bennewitz # Date 1349469434 -7200 # Node ID b318ab5c5f26e406e0e8fef49f255125f96206de # Parent f051a589a05a1ac575eecb3a577722681cb35a33 Import package vendor original spec for necessary manipulations. diff -r f051a589a05a -r b318ab5c5f26 sasl/fsl.sasl --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/sasl/fsl.sasl Fri Oct 05 22:37:14 2012 +0200 @@ -0,0 +1,16 @@ +## +## fsl.sasl -- OSSP fsl configuration +## + +ident (saslauthd)/.+ q{ + prefix( + prefix="%b %d %H:%M:%S %N <%L> $1[%P]: " + ) + -> { + debug: file( + path="@l_prefix@/var/sasl/log/saslauthd.log", + perm=0600 + ) + } +}; + diff -r f051a589a05a -r b318ab5c5f26 sasl/rc.sasl --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/sasl/rc.sasl Fri Oct 05 22:37:14 2012 +0200 @@ -0,0 +1,60 @@ +#!@l_prefix@/bin/openpkg rc +## +## rc.sasl -- Run-Commands +## + +%config + sasl_enable="$openpkg_rc_def" + sasl_flags="" + sasl_authmech="@l_authmech@" + sasl_threads="4" + sasl_log_prolog="true" + sasl_log_epilog="true" + sasl_log_numfiles="10" + sasl_log_minsize="1M" + sasl_log_complevel="9" + +%common + sasl_pidfile="@l_prefix@/var/sasl/run/saslauthd/saslauthd.pid" + sasl_signal () { + [ -f $sasl_pidfile ] && kill -$1 `cat $sasl_pidfile` + } + +%status -u @l_susr@ -o + sasl_usable="unknown" + sasl_active="no" + rcService sasl enable yes && \ + sasl_signal 0 && sasl_active="yes" + echo "sasl_enable=\"$sasl_enable\"" + echo "sasl_usable=\"$sasl_usable\"" + echo "sasl_active=\"$sasl_active\"" + +%start -p 400 -u @l_susr@ + rcService sasl enable yes || exit 0 + rcService sasl active yes && exit 0 + @l_prefix@/sbin/saslauthd \ + -a "${sasl_authmech}" \ + -n "${sasl_threads}" \ + ${sasl_flags} + +%stop -p 600 -u @l_susr@ + rcService sasl enable yes || exit 0 + rcService sasl active no && exit 0 + sasl_signal TERM + +%restart -u @l_susr@ + rcService sasl enable yes || exit 0 + rcService sasl active no && exit 0 + rc sasl stop + sleep 2 + rc sasl start + +%daily -u @l_susr@ + rcService sasl enable yes || exit 0 + shtool rotate -f \ + -n ${sasl_log_numfiles} -s ${sasl_log_minsize} -d \ + -z ${sasl_log_complevel} -o @l_susr@ -g @l_sgrp@ -m 600 \ + -P "${sasl_log_prolog}" \ + -E "${sasl_log_epilog}; rc sasl restart" \ + @l_prefix@/var/sasl/log/saslauthd.log + diff -r f051a589a05a -r b318ab5c5f26 sasl/sasl.patch --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/sasl/sasl.patch Fri Oct 05 22:37:14 2012 +0200 @@ -0,0 +1,600 @@ +Index: configure +--- configure.orig 2006-05-18 21:30:13 +0200 ++++ configure 2008-12-25 18:48:51 +0100 +@@ -3944,9 +3944,6 @@ + + fi + +-if test "$ac_cv_c_compiler_gnu" = yes; then +- CFLAGS="-Wall -W ${CFLAGS}" +-fi + + + # Check whether --with-purecov or --without-purecov was given. +@@ -5125,7 +5122,7 @@ + fi + + saved_LIBS=$LIBS +- for dbname in db-4.4 db4.4 db44 db-4.3 db4.3 db43 db-4.2 db4.2 db42 db-4.1 db4.1 db41 db-4.0 db4.0 db-4 db40 db4 db-3.3 db3.3 db33 db-3.2 db3.2 db32 db-3.1 db3.1 db31 db-3 db30 db3 db ++ for dbname in db + do + LIBS="$saved_LIBS -l$dbname" + cat >conftest.$ac_ext <<_ACEOF +@@ -5205,6 +5202,54 @@ + fi + rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext + fi ++ if test "$dblib" = "no"; then ++ cat >conftest.$ac_ext <<_ACEOF ++/* confdefs.h. */ ++_ACEOF ++cat confdefs.h >>conftest.$ac_ext ++cat >>conftest.$ac_ext <<_ACEOF ++/* end confdefs.h. */ ++#include ++int ++main () ++{ ++dbm_open(NULL, 0, 0, 0, NULL, NULL, NULL); ++ ; ++ return 0; ++} ++_ACEOF ++rm -f conftest.$ac_objext conftest$ac_exeext ++if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 ++ (eval $ac_link) 2>conftest.er1 ++ ac_status=$? ++ grep -v '^ *+' conftest.er1 >conftest.err ++ rm -f conftest.er1 ++ cat conftest.err >&5 ++ echo "$as_me:$LINENO: \$? = $ac_status" >&5 ++ (exit $ac_status); } && ++ { ac_try='test -z "$ac_c_werror_flag" ++ || test ! -s conftest.err' ++ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 ++ (eval $ac_try) 2>&5 ++ ac_status=$? ++ echo "$as_me:$LINENO: \$? = $ac_status" >&5 ++ (exit $ac_status); }; } && ++ { ac_try='test -s conftest$ac_exeext' ++ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 ++ (eval $ac_try) 2>&5 ++ ac_status=$? ++ echo "$as_me:$LINENO: \$? = $ac_status" >&5 ++ (exit $ac_status); }; }; then ++ BDB_LIBADD="$BDB_LIBADD -ldb"; dblib="berkeley"; dbname=db ++else ++ echo "$as_me: failed program was:" >&5 ++sed 's/^/| /' conftest.$ac_ext >&5 ++ ++dblib="no" ++fi ++rm -f conftest.err conftest.$ac_objext \ ++ conftest$ac_exeext conftest.$ac_ext ++ fi + LIBS=$saved_LIBS + + LDFLAGS=$BDB_SAVE_LDFLAGS +@@ -5882,7 +5927,7 @@ + fi + + saved_LIBS=$LIBS +- for dbname in db-4.4 db4.4 db44 db-4.3 db4.3 db43 db-4.2 db4.2 db42 db-4.1 db4.1 db41 db-4.0 db4.0 db-4 db40 db4 db-3.3 db3.3 db33 db-3.2 db3.2 db32 db-3.1 db3.1 db31 db-3 db30 db3 db ++ for dbname in db + do + LIBS="$saved_LIBS -l$dbname" + cat >conftest.$ac_ext <<_ACEOF +@@ -5962,6 +6007,54 @@ + fi + rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext + fi ++ if test "$dblib" = "no"; then ++ cat >conftest.$ac_ext <<_ACEOF ++/* confdefs.h. */ ++_ACEOF ++cat confdefs.h >>conftest.$ac_ext ++cat >>conftest.$ac_ext <<_ACEOF ++/* end confdefs.h. */ ++#include ++int ++main () ++{ ++dbm_open(NULL, 0, 0, 0, NULL, NULL, NULL); ++ ; ++ return 0; ++} ++_ACEOF ++rm -f conftest.$ac_objext conftest$ac_exeext ++if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 ++ (eval $ac_link) 2>conftest.er1 ++ ac_status=$? ++ grep -v '^ *+' conftest.er1 >conftest.err ++ rm -f conftest.er1 ++ cat conftest.err >&5 ++ echo "$as_me:$LINENO: \$? = $ac_status" >&5 ++ (exit $ac_status); } && ++ { ac_try='test -z "$ac_c_werror_flag" ++ || test ! -s conftest.err' ++ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 ++ (eval $ac_try) 2>&5 ++ ac_status=$? ++ echo "$as_me:$LINENO: \$? = $ac_status" >&5 ++ (exit $ac_status); }; } && ++ { ac_try='test -s conftest$ac_exeext' ++ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 ++ (eval $ac_try) 2>&5 ++ ac_status=$? ++ echo "$as_me:$LINENO: \$? = $ac_status" >&5 ++ (exit $ac_status); }; }; then ++ BDB_LIBADD="$BDB_LIBADD -ldb"; dblib="berkeley"; dbname=db ++else ++ echo "$as_me: failed program was:" >&5 ++sed 's/^/| /' conftest.$ac_ext >&5 ++ ++dblib="no" ++fi ++rm -f conftest.err conftest.$ac_objext \ ++ conftest$ac_exeext conftest.$ac_ext ++ fi + LIBS=$saved_LIBS + + LDFLAGS=$BDB_SAVE_LDFLAGS +@@ -12005,20 +12098,20 @@ + fi + + LIB_SQLITE_DIR=$LIB_SQLITE +- LIB_SQLITE="$LIB_SQLITE -lsqlite" ++ LIB_SQLITE="$LIB_SQLITE -lsqlite3" + + if test -d ${with_sqlite}/include; then + CPPFLAGS="${CPPFLAGS} -I${with_sqlite}/include" + else + CPPFLAGS="${CPPFLAGS} -I${with_sqlite}" + fi +- echo "$as_me:$LINENO: checking for sqlite_open in -lsqlite" >&5 +-echo $ECHO_N "checking for sqlite_open in -lsqlite... $ECHO_C" >&6 ++ echo "$as_me:$LINENO: checking for sqlite3_open in -lsqlite3" >&5 ++echo $ECHO_N "checking for sqlite3_open in -lsqlite3... $ECHO_C" >&6 + if test "${ac_cv_lib_sqlite_sqlite_open+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 + else + ac_check_lib_save_LIBS=$LIBS +-LIBS="-lsqlite $LIB_SQLITE_DIR $LIBS" ++LIBS="-lsqlite3 $LIB_SQLITE_DIR $LIBS" + cat >conftest.$ac_ext <<_ACEOF + #line $LINENO "configure" + /* confdefs.h. */ +@@ -12033,11 +12126,11 @@ + #endif + /* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +-char sqlite_open (); ++char sqlite3_open (); + int + main () + { +-sqlite_open (); ++sqlite3_open (); + ; + return 0; + } +Index: lib/saslint.h +--- lib/saslint.h.orig 2006-04-18 22:25:45 +0200 ++++ lib/saslint.h 2008-12-25 18:48:51 +0100 +@@ -109,8 +109,6 @@ + const char *appname; + } sasl_global_callbacks_t; + +-extern sasl_global_callbacks_t global_callbacks; +- + typedef struct _sasl_external_properties + { + sasl_ssf_t ssf; +Index: lib/server.c +--- lib/server.c.orig 2006-05-17 18:46:13 +0200 ++++ lib/server.c 2008-12-25 18:48:51 +0100 +@@ -95,7 +95,7 @@ + + static mech_list_t *mechlist = NULL; /* global var which holds the list */ + +-sasl_global_callbacks_t global_callbacks; ++static sasl_global_callbacks_t global_callbacks; + + /* set the password for a user + * conn -- SASL connection +@@ -477,16 +477,8 @@ + return SASL_CONTINUE; + } + +- /* get the path to the config file */ +- getconfpath_cb = _sasl_find_getconfpath_callback( global_callbacks.callbacks ); +- if (getconfpath_cb == NULL) return SASL_BADPARAM; +- +- /* getconfpath_cb->proc MUST be a sasl_getconfpath_t; if only C had a type +- system */ +- result = ((sasl_getconfpath_t *)(getconfpath_cb->proc))(getconfpath_cb->context, +- &path_to_config); +- if (result != SASL_OK) goto done; +- if (path_to_config == NULL) path_to_config = ""; ++ result = SASL_OK; ++ path_to_config = "@l_sysconfdir@"; + + next = path_to_config; + +Index: plugins/sql.c +--- plugins/sql.c.orig 2006-04-07 15:42:16 +0200 ++++ plugins/sql.c 2008-12-25 21:57:47 +0100 +@@ -150,9 +150,15 @@ + return -1; + } + if (value) { +- strncpy(value, row[0], size-2); +- value[size-1] = '\0'; +- if (value_len) *value_len = strlen(value); ++ unsigned long *col_lens; ++ size_t col_len; ++ col_lens = mysql_fetch_lengths(result); ++ col_len = (size_t)col_lens[0]; ++ if (col_len > size - 1); ++ col_len = size - 1; ++ memcpy(value, row[0], col_len); ++ value[col_len] = '\0'; ++ if (value_len) *value_len = col_len; + } + + /* free result */ +@@ -277,7 +283,7 @@ + ExecStatusType status; + + /* run the query */ +- result = PQexec(conn, cmd); ++ result = PQexecParams(conn, cmd, 0, NULL, NULL, NULL, NULL, 1); + + /* check the status */ + status = PQresultStatus(result); +@@ -298,6 +304,7 @@ + row_count = PQntuples(result); + if (!row_count) { + /* umm nothing found */ ++ utils->log(NULL, SASL_LOG_DEBUG, "sql plugin: no result found for query %s", cmd); + utils->log(NULL, SASL_LOG_NOTE, "sql plugin: no result found"); + PQclear(result); + return -1; +@@ -310,9 +317,26 @@ + /* now get the result set value and value_len */ + /* we only fetch one because we don't care about the rest */ + if (value) { +- strncpy(value, PQgetvalue(result,0,0), size-2); +- value[size-1] = '\0'; +- if (value_len) *value_len = strlen(value); ++ if (PQgetisnull(result, 0, 0)) { ++ size_t col_len; ++ col_len = strlen(SQL_NULL_VALUE); ++ if (col_len > size - 1) ++ col_len = size - 1; ++ memcpy(value, SQL_NULL_VALUE, col_len); ++ value[col_len] = '\0'; ++ if (value_len) ++ *value_len = col_len; ++ } ++ else { ++ size_t col_len; ++ col_len = (size_t)PQgetlength(result, 0, 0); ++ if (col_len > size - 1); ++ col_len = size - 1; ++ memcpy(value, PQgetvalue(result, 0, 0), col_len); ++ value[col_len] = '\0'; ++ if (value_len) ++ *value_len = col_len; ++ } + } + + /* free result */ +@@ -342,7 +366,7 @@ + #endif /* HAVE_PGSQL */ + + #ifdef HAVE_SQLITE +-#include ++#include + + static void *_sqlite_open(char *host __attribute__((unused)), + char *port __attribute__((unused)), +@@ -352,21 +376,23 @@ + const char *database, const sasl_utils_t *utils) + { + int rc; +- sqlite *db; ++ sqlite3 *db; + char *zErrMsg = NULL; + +- db = sqlite_open(database, 0, &zErrMsg); +- if (db == NULL) { ++ rc = sqlite3_open(database, &db); ++ if (rc != SQLITE_OK) { ++ zErrMsg = (char *)sqlite3_errmsg(db); + utils->log(NULL, SASL_LOG_ERR, "sql plugin: %s", zErrMsg); +- sqlite_freemem (zErrMsg); ++ sqlite3_free (zErrMsg); ++ sqlite3_close (db); + return NULL; + } + +- rc = sqlite_exec(db, "PRAGMA empty_result_callbacks = ON", NULL, NULL, &zErrMsg); ++ rc = sqlite3_exec(db, "PRAGMA empty_result_callbacks = ON", NULL, NULL, &zErrMsg); + if (rc != SQLITE_OK) { + utils->log(NULL, SASL_LOG_ERR, "sql plugin: %s", zErrMsg); +- sqlite_freemem (zErrMsg); +- sqlite_close(db); ++ sqlite3_free (zErrMsg); ++ sqlite3_close(db); + return NULL; + } + +@@ -388,62 +414,67 @@ + return 0; + } + +-static int sqlite_my_callback(void *pArg, int argc __attribute__((unused)), +- char **argv, +- char **columnNames __attribute__((unused))) +-{ +- char **result = (char**)pArg; +- +- if (argv == NULL) { +- *result = NULL; /* no record */ +- } else if (argv[0] == NULL) { +- *result = strdup(SQL_NULL_VALUE); /* NULL IS SQL_NULL_VALUE */ +- } else { +- *result = strdup(argv[0]); +- } +- +- return /*ABORT*/1; +-} +- + static int _sqlite_exec(void *db, const char *cmd, char *value, size_t size, + size_t *value_len, const sasl_utils_t *utils) + { + int rc; +- char *result = NULL; +- char *zErrMsg = NULL; ++ sqlite3_stmt *stmt; ++ const char *todo; ++ size_t len; + +- rc = sqlite_exec((sqlite*)db, cmd, sqlite_my_callback, (void*)&result, &zErrMsg); +- if (rc != SQLITE_OK && rc != SQLITE_ABORT) { +- utils->log(NULL, SASL_LOG_DEBUG, "sql plugin: %s ", zErrMsg); +- sqlite_freemem (zErrMsg); ++ rc = sqlite3_prepare((sqlite3*)db, cmd, (int)strlen(cmd), &stmt, &todo); ++ if (rc != SQLITE_OK) { ++ utils->log(NULL, SASL_LOG_DEBUG, "sql plugin error: %s", sqlite3_errmsg((sqlite3*)db)); + return -1; + } +- +- if (rc == SQLITE_OK) { ++ rc = sqlite3_step(stmt); ++ if (rc != SQLITE_ROW && rc != SQLITE_DONE) { ++ utils->log(NULL, SASL_LOG_DEBUG, "sql plugin error: %s", sqlite3_errmsg((sqlite3*)db)); ++ sqlite3_finalize(stmt); ++ return -1; ++ } ++ if (sqlite3_column_count(stmt) == 0) { + /* no results (BEGIN, COMMIT, DELETE, INSERT, UPDATE) */ ++ sqlite3_finalize(stmt); + return 0; + } +- +- if (result == NULL) { ++ if (rc == SQLITE_DONE) { + /* umm nothing found */ ++ utils->log(NULL, SASL_LOG_DEBUG, "sql plugin: no result found for query %s", cmd); + utils->log(NULL, SASL_LOG_NOTE, "sql plugin: no result found"); ++ sqlite3_finalize(stmt); + return -1; + } +- +- /* XXX: Duplication cannot be found by this method. */ +- +- /* now get the result set value and value_len */ +- /* we only fetch one because we don't care about the rest */ +- if (value) { +- strncpy(value, result, size - 2); +- value[size - 1] = '\0'; +- if (value_len) { +- *value_len = strlen(value); +- } ++ rc = sqlite3_column_type(stmt, 0); ++ switch (rc) { ++ case SQLITE_NULL: { ++ len = strlen(SQL_NULL_VALUE); ++ if (len > size - 1) ++ len = size - 1; ++ memcpy(value, SQL_NULL_VALUE, len); ++ value[len] = '\0'; ++ if (value_len) ++ *value_len = len; ++ break; ++ } ++ default: { ++ const void *blob = sqlite3_column_blob(stmt, 0); ++ len = (size_t)sqlite3_column_bytes(stmt, 0); ++ if (len > size - 1) ++ len = size - 1; ++ memcpy(value, blob, len); ++ value[len] = '\0'; ++ if (value_len) ++ *value_len = len; ++ break; ++ } + } +- +- /* free result */ +- free(result); ++ rc = sqlite3_step(stmt); ++ if (rc != SQLITE_DONE) { ++ utils->log(NULL, SASL_LOG_WARN, ++ "sql plugin: found duplicate row for query %s", cmd); ++ } ++ sqlite3_finalize(stmt); + return 0; + } + +@@ -464,7 +495,7 @@ + + static void _sqlite_close(void *db) + { +- sqlite_close((sqlite*)db); ++ sqlite3_close((sqlite3 *)db); + } + #endif /* HAVE_SQLITE */ + +@@ -771,7 +802,7 @@ + settings = (sql_settings_t *) glob_context; + + sparams->utils->log(NULL, SASL_LOG_DEBUG, +- "sql plugin Parse the username %s\n", user); ++ "sql plugin parse the username %s\n", user); + + user_buf = sparams->utils->malloc(ulen + 1); + if (!user_buf) goto done; +@@ -849,7 +880,7 @@ + } + + sparams->utils->log(NULL, SASL_LOG_DEBUG, +- "sql plugin create statement from %s %s %s\n", ++ "sql plugin create statement from name=%s user=%s realm=%s\n", + realname, escap_userid, escap_realm); + + /* create a statement that we will use */ +@@ -864,9 +895,15 @@ + /* run the query */ + if (!settings->sql_engine->sql_exec(conn, query, value, sizeof(value), + &value_len, sparams->utils)) { ++ sparams->utils->log(NULL, SASL_LOG_DEBUG, ++ "sql plugin query successful\n"); + sparams->utils->prop_set(sparams->propctx, cur->name, + value, value_len); + } ++ else { ++ sparams->utils->log(NULL, SASL_LOG_DEBUG, ++ "sql plugin query failed\n"); ++ } + + sparams->utils->free(query); + } +Index: sample/client.c +--- sample/client.c.orig 2004-03-09 18:35:32 +0100 ++++ sample/client.c 2008-12-25 18:48:51 +0100 +@@ -133,13 +133,11 @@ + return SASL_OK; + } + +-#ifndef HAVE_GETPASSPHRASE + static char * +-getpassphrase(const char *prompt) ++my_getpassphrase(const char *prompt) + { + return getpass(prompt); + } +-#endif /* ! HAVE_GETPASSPHRASE */ + + static int + getsecret(sasl_conn_t *conn, +@@ -155,7 +153,7 @@ + if (! conn || ! psecret || id != SASL_CB_PASS) + return SASL_BADPARAM; + +- password = getpassphrase("Password: "); ++ password = my_getpassphrase("Password: "); + if (! password) + return SASL_FAIL; + +Index: sample/sample-client.c +--- sample/sample-client.c.orig 2004-10-26 13:14:33 +0200 ++++ sample/sample-client.c 2008-12-25 18:48:51 +0100 +@@ -244,13 +244,11 @@ + return SASL_OK; + } + +-#ifndef HAVE_GETPASSPHRASE + static char * +-getpassphrase(const char *prompt) ++my_getpassphrase(const char *prompt) + { + return getpass(prompt); + } +-#endif /* ! HAVE_GETPASSPHRASE */ + + static int + getsecret(sasl_conn_t *conn, +@@ -264,7 +262,7 @@ + if (! conn || ! psecret || id != SASL_CB_PASS) + return SASL_BADPARAM; + +- password = getpassphrase("Password: "); ++ password = my_getpassphrase("Password: "); + if (! password) + return SASL_FAIL; + +@@ -307,7 +305,7 @@ + fflush(stdout); + + if (id == SASL_CB_ECHOPROMPT) { +- char *original = getpassphrase(""); ++ char *original = my_getpassphrase(""); + if (! original) + return SASL_FAIL; + if (*original) +Index: saslauthd/Makefile.am +--- saslauthd/Makefile.am.orig 2006-05-17 18:46:17 +0200 ++++ saslauthd/Makefile.am 2008-12-25 18:48:51 +0100 +@@ -36,4 +36,4 @@ + + install-data-local: saslauthd.8 + $(mkinstalldirs) $(DESTDIR)$(mandir)/man8 +- $(INSTALL_DATA) $(srcdir)/saslauthd.8 $(DESTDIR)$(mandir)/man8/saslauthd.8 ++ $(INSTALL_DATA) $(srcdir)/saslauthd.mdoc $(DESTDIR)$(mandir)/man8/saslauthd.8 +Index: saslauthd/Makefile.in +--- saslauthd/Makefile.in.orig 2008-12-25 18:48:51 +0100 ++++ saslauthd/Makefile.in 2008-12-25 18:48:51 +0100 +@@ -621,7 +621,7 @@ + + install-data-local: saslauthd.8 + $(mkinstalldirs) $(DESTDIR)$(mandir)/man8 +- $(INSTALL_DATA) $(srcdir)/saslauthd.8 $(DESTDIR)$(mandir)/man8/saslauthd.8 ++ $(INSTALL_DATA) $(srcdir)/saslauthd.mdoc $(DESTDIR)$(mandir)/man8/saslauthd.8 + # Tell versions [3.59,3.63) of GNU make to not export all variables. + # Otherwise a system limit (for SysV at least) may be exceeded. + .NOEXPORT: +Index: saslauthd/lak.c +--- saslauthd/lak.c.orig 2005-05-15 07:49:51 +0200 ++++ saslauthd/lak.c 2008-12-25 18:48:51 +0100 +@@ -47,6 +47,7 @@ + #include + #endif + ++#include "saslauthd.h" /* get strlcpy macro for non-BSD; get HAVE_OPENSSL from config.h */ + #ifdef HAVE_OPENSSL + #ifndef OPENSSL_DISABLE_OLD_DES_SUPPORT + #define OPENSSL_DISABLE_OLD_DES_SUPPORT +@@ -57,7 +58,7 @@ + + #include + #include +-#include ++#include "sasl.h" + #include "lak.h" + + typedef struct lak_auth_method { +Index: utils/pluginviewer.c +--- utils/pluginviewer.c.orig 2006-05-17 18:46:17 +0200 ++++ utils/pluginviewer.c 2008-12-25 18:48:51 +0100 +@@ -536,7 +536,7 @@ + fprintf(stderr, "%s: Usage: %s [-a] [-s] [-c] [-b min=N,max=N] [-e ssf=N,id=ID] [-m MECHS] [-x AUXPROP_MECH] [-f FLAGS] [-i local=IP,remote=IP] [-p PATH]\n" + "\t-a\tlist auxprop plugins\n" + "\t-s\tlist server authentication (SASL) plugins\n" +- "\t-s\tlist client authentication (SASL) plugins\n" ++ "\t-c\tlist client authentication (SASL) plugins\n" + "\t-b ...\t#bits to use for encryption\n" + "\t\tmin=N\tminumum #bits to use (1 => integrity)\n" + "\t\tmax=N\tmaximum #bits to use\n" diff -r f051a589a05a -r b318ab5c5f26 sasl/sasl.pc --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/sasl/sasl.pc Fri Oct 05 22:37:14 2012 +0200 @@ -0,0 +1,10 @@ +prefix=@l_prefix@ +exec_prefix=${prefix} +libdir=${exec_prefix}/lib +includedir=${prefix}/include + +Name: sasl +Description: SASL +Version: @version@ +Libs: -L${libdir} @libs@ +Cflags: -I${includedir} diff -r f051a589a05a -r b318ab5c5f26 sasl/sasl.spec --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/sasl/sasl.spec Fri Oct 05 22:37:14 2012 +0200 @@ -0,0 +1,440 @@ +## +## sasl.spec -- OpenPKG RPM Package Specification +## Copyright (c) 2000-2010 OpenPKG Foundation e.V. +## +## Permission to use, copy, modify, and distribute this software for +## any purpose with or without fee is hereby granted, provided that +## the above copyright notice and this permission notice appear in all +## copies. +## +## THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED +## WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +## MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. +## IN NO EVENT SHALL THE AUTHORS AND COPYRIGHT HOLDERS AND THEIR +## CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +## SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT +## LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF +## USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND +## ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, +## OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT +## OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +## SUCH DAMAGE. +## + +# package information +Name: sasl +Summary: Simple Authentication and Security Layer (SASL) +URL: http://www.cyrusimap.org/ +Vendor: Cyrus Project, CMU +Packager: OpenPKG Foundation e.V. +Distribution: OpenPKG Community +Class: BASE +Group: Cryptography +License: BSD +Version: 2.1.23 +Release: 20101020 + +# package options +%option with_fsl yes +%option with_sasldb yes +%option with_pam no +%option with_login no +%option with_ldap no +%option with_mysql no +%option with_pgsql no +%option with_sqlite no +%option with_ntlm no +%option with_otp no +%option with_srp no +%option with_kerberos no + +# list of sources +Source0: ftp://ftp.cyrusimap.org/cyrus-sasl/cyrus-sasl-%{version}.tar.gz +Source1: rc.sasl +Source2: fsl.sasl +Source3: saslauthd.conf +Source4: sasl.pc +Patch0: sasl.patch + +# build information +BuildPreReq: OpenPKG, openpkg >= 20100101, gcc, make, groff +PreReq: OpenPKG, openpkg >= 20100101 +BuildPreReq: db >= 4.1.24, openssl +PreReq: db >= 4.1.24, openssl +%if "%{with_fsl}" == "yes" +BuildPreReq: fsl +PreReq: fsl +%endif +%if "%{with_pam}" == "yes" +BuildPreReq: PAM +PreReq: PAM +%endif +%if "%{with_ldap}" == "yes" +BuildPreReq: openldap +PreReq: openldap +%endif +%if "%{with_mysql}" == "yes" +BuildPreReq: mysql +PreReq: mysql +%endif +%if "%{with_pgsql}" == "yes" +BuildPreReq: postgresql +PreReq: postgresql +%endif +%if "%{with_sqlite}" == "yes" +BuildPreReq: sqlite +PreReq: sqlite +%endif +%if "%{with_otp}" == "yes" +BuildPreReq: opie +PreReq: opie +%endif +%if "%{with_kerberos}" == "yes" +BuildPreReq: KERBEROS +PreReq: KERBEROS +%endif + +%description + SASL is the Simple Authentication and Security Layer, a method + for adding authentication support to connection-based protocols. + To use SASL, a protocol includes a command for identifying and + authenticating a user to a server and for optionally negotiating + protection of subsequent protocol interactions. If its use is + negotiated, a security layer is inserted between the protocol and + the connection. + +%track + prog sasl = { + version = %{version} + url = ftp://ftp.cyrusimap.org/cyrus-sasl/ + regex = cyrus-sasl-(\d+\.\d+\.\d+)\.tar\.gz + } + +%prep + %setup -q -n cyrus-sasl-%{version} + %patch -p0 + +%build + # ensure the OpenPKG Berkeley-DB is picked up only + %{l_shtool} subst \ + -e 's;for dbname in db-.*db$;for dbname in db;' \ + saslauthd/configure configure + + # disable some unwanted configure checks + %{l_shtool} subst \ + -e 's;\(SASL_DB_UTILS="saslpasswd2 sasldblistusers2\);\1 dbconverter-2;' \ + -e "s;javac;javac-xxx;g" \ + -e "s;javah;javah-xxx;g" \ + -e "s;javadoc;javadoc-xxx;g" \ + configure + + # fix OpenLDAP support +%if "%{with_ldap}" == "yes" + echo 'ac_cv_lib_ldap_ldap_initialize=yes' >config.cache + %{l_shtool} subst \ + -e "s;\(\$LDAP_LIBS\) *\(-lcrypto\);\1 -lssl -lcrypto \2;" \ + saslauthd/configure +%endif + + # fix GSS/Kerberos support +%if "%{with_kerberos}" == "yes" + %{l_shtool} subst \ + -e 's;\(-lk5crypto\);\1 -lkrb5support;' \ + configure +%endif + + # enforce disabled Kerberos 5 support in saslauthd + echo 'ac_cv_header_krb5_h=no' >config.cache + + # configure path to sasl-server config files + %{l_shtool} subst \ + -e 's;@l_sysconfdir@;%{l_prefix}/etc/sasl/sasl.d;g' \ + lib/server.c + + # determine build flags + cflags="%{l_cflags -O} %{l_cppflags}" + ldflags="%{l_ldflags} %{l_fsl_ldflags}" + libs="-ldb %{l_fsl_libs}" +%if "%{with_ldap}" == "yes" + cflags="$cflags -DAUTH_LDAP" +%endif +%if "%{with_mysql}" == "yes" + libs="$libs -lz -lm" +%endif +%if "%{with_pgsql}" == "yes" + cflags="$cflags -I%{l_cppflags postgresql}" + libs="$libs -lssl -lcrypto -lcrypt" +%endif +%if "%{with_kerberos}" == "yes" + cflags="$cflags `krb5-config --cflags gssapi`" + libs="$libs `krb5-config --libs gssapi`" +%endif + case "%{l_platform -t}" in + *-sunos* ) libs="$libs -lrt" ;; + esac + + # configure package + CC="%{l_cc}" \ + CFLAGS="$cflags" \ + CPPFLAGS="%{l_cppflags}" \ + LDFLAGS="$ldflags" \ + LIBS="$libs" \ + ./configure \ + --cache-file=./config.cache \ + --prefix=%{l_prefix} \ + --sysconfdir=%{l_prefix}/etc/sasl \ + --with-configdir=%{l_prefix}/etc/sasl/sasl.d \ + --with-plugindir=%{l_prefix}/lib/sasl \ + --with-saslauthd=%{l_prefix}/var/sasl/run/saslauthd \ + --enable-digest \ + --enable-cram \ + --enable-anon \ +%if "%{with_sasldb}" == "yes" + --enable-auth-sasldb \ + --with-dbpath=%{l_prefix}/var/sasl/run/sasl.db \ + --with-dblib=berkeley \ + --with-bdb-incdir=%{l_prefix}/include \ + --with-bdb-libdir=%{l_prefix}/lib \ +%else + --with-dblib=none \ +%endif + --with-openssl=%{l_prefix} \ +%if "%{with_pam}" == "yes" + --with-pam \ +%else + --without-pam \ +%endif +%if "%{with_login}" == "yes" + --enable-login \ +%else + --disable-login \ +%endif +%if "%{with_ldap}" == "yes" + --with-ldap=%{l_prefix} \ +%else + --without-ldap \ +%endif +%if "%{with_otp}" == "yes" + --enable-otp \ + --with-opie=%{l_prefix} \ +%else + --disable-otp \ + --without-opie \ +%endif +%if "%{with_srp}" == "yes" + --enable-srp \ +%else + --disable-srp \ +%endif +%if "%{with_kerberos}" == "yes" + --enable-gssapi \ + --with-gss_impl=`if [ -d %{l_prefix}/include/heimdal ]; then echo "heimdal"; else echo "mit"; fi` \ +%else + --disable-gssapi \ + --without-gss_impl \ +%endif +%if "%{with_mysql}" == "yes" || "%{with_pgsql}" == "yes" || "%{with_sqlite}" == "yes" + --enable-sql \ +%if "%{with_mysql}" == "yes" + --with-mysql=%{l_prefix} \ +%else + --without-mysql \ +%endif +%if "%{with_pgsql}" == "yes" + --with-pgsql=%{l_prefix} \ +%else + --without-pgsql \ +%endif +%if "%{with_sqlite}" == "yes" + --with-sqlite=%{l_prefix} \ +%else + --without-sqlite \ +%endif +%endif +%if "%{with_ntlm}" == "yes" + --enable-ntlm \ +%else + --disable-ntlm \ +%endif + --enable-shared \ + --enable-static \ + --enable-staticdlopen \ + --enable-sample \ + --disable-java \ + --disable-krb4 \ + --without-des + + # post adjustment: trust me, libtool, I know what I am doing + %{l_shtool} subst \ + -e 's;^\(deplibs_check_method=\).*;\1"pass_all";' \ + -e 's/\(eval libobjs=.*$whole_archive_flag_spec.*\)$/case $archive_cmds in \\$LD* ) wl= ;; esac; \1/' \ + libtool + + # post adjustment: do not reference static plugins + %{l_shtool} subst \ + -e '58s;.*;#define PIC;' \ + lib/dlopen.c + + # post adjustment: do not pull static plugins into static library + %{l_shtool} subst \ + -e 's;-ln -s $(SASL_STATIC_SRCS) .;-ln ../sasldb/*.o ../plugins/*.o $(SASL_STATIC_SRCS) .;' \ + lib/Makefile + + # post adjustment: build utils against static library + %{l_shtool} subst \ + -e 's;\(\$(CCLD)\);\1 -static;' \ + -e 's;\(noinst.*=\) *dbconverter.*;\1;' \ + utils/Makefile \ + sample/Makefile + + # post adjustment: fix OpenLDAP support +%if "%{with_ldap}" == "yes" + %{l_shtool} subst \ + -e "s;^\(saslauthd_LDADD[ ]*=[ ]*[^\\]*\);\1 -lcrypt -lldap -llber -lssl -lcrypto ;" \ + saslauthd/Makefile +%endif + + # build package + %{l_make} %{l_mflags} + ( cd saslauthd + %{l_make} %{l_mflags} testsaslauthd + ) || exit $? + ( cd sample + %{l_make} %{l_mflags} sample-client sample-server + ) || exit $? + +%install + + # install package + %{l_make} %{l_mflags} install AM_MAKEFLAGS="DESTDIR=$RPM_BUILD_ROOT" + + # remove libtool cruft + rm -f \ + $RPM_BUILD_ROOT%{l_prefix}/lib/*.la \ + $RPM_BUILD_ROOT%{l_prefix}/lib/*.s[ol] \ + $RPM_BUILD_ROOT%{l_prefix}/lib/*.s[ol].* \ + $RPM_BUILD_ROOT%{l_prefix}/lib/sasl2/*.a + + # post-adjust installation + mv $RPM_BUILD_ROOT%{l_prefix}/lib/sasl2 \ + $RPM_BUILD_ROOT%{l_prefix}/lib/sasl + mv $RPM_BUILD_ROOT%{l_prefix}/sbin/testsaslauthd \ + $RPM_BUILD_ROOT%{l_prefix}/sbin/saslauthd-test + mv $RPM_BUILD_ROOT%{l_prefix}/sbin/pluginviewer \ + $RPM_BUILD_ROOT%{l_prefix}/sbin/sasl-pluginviewer + mv $RPM_BUILD_ROOT%{l_prefix}/man/man8/pluginviewer.8 \ + $RPM_BUILD_ROOT%{l_prefix}/man/man8/sasl-pluginviewer.8 + mv $RPM_BUILD_ROOT%{l_prefix}/sbin/saslpasswd2 \ + $RPM_BUILD_ROOT%{l_prefix}/sbin/saslpasswd + mv $RPM_BUILD_ROOT%{l_prefix}/man/man8/saslpasswd2.8 \ + $RPM_BUILD_ROOT%{l_prefix}/man/man8/saslpasswd.8 + mv $RPM_BUILD_ROOT%{l_prefix}/sbin/sasldblistusers2 \ + $RPM_BUILD_ROOT%{l_prefix}/sbin/sasldblistusers + mv $RPM_BUILD_ROOT%{l_prefix}/man/man8/sasldblistusers2.8 \ + $RPM_BUILD_ROOT%{l_prefix}/man/man8/sasldblistusers.8 + rm -f $RPM_BUILD_ROOT%{l_prefix}/sbin/dbconverter-2 + strip $RPM_BUILD_ROOT%{l_prefix}/sbin/* >/dev/null 2>&1 || true + + # install sample client/server programs + %{l_shtool} install -c -m 755 \ + sample/sample-client \ + $RPM_BUILD_ROOT%{l_prefix}/sbin/sasl-sample-client + %{l_shtool} install -c -m 755 \ + sample/sample-server \ + $RPM_BUILD_ROOT%{l_prefix}/sbin/sasl-sample-server + + # install saslauthd default configuration + %{l_shtool} mkdir -f -p -m 755 \ + $RPM_BUILD_ROOT%{l_prefix}/etc/sasl + %{l_shtool} install -c -m 755 \ + %{SOURCE saslauthd.conf} \ + $RPM_BUILD_ROOT%{l_prefix}/etc/sasl/ + + # create necessary additional directories + %{l_shtool} mkdir -f -p -m 755 \ + $RPM_BUILD_ROOT%{l_prefix}/var/sasl/log \ + $RPM_BUILD_ROOT%{l_prefix}/var/sasl/run/saslauthd \ + $RPM_BUILD_ROOT%{l_prefix}/etc/sasl/sasl.d + + # install run-command script +%if "%{with_pam}" == "yes" + l_authmech="pam" +%else + case "%{l_platform -t}" in + *-linux* | *-sunos* ) l_authmech="shadow" ;; + * ) l_authmech="getpwent" ;; + esac +%endif + %{l_shtool} mkdir -f -p -m 755 \ + $RPM_BUILD_ROOT%{l_prefix}/etc/rc.d + %{l_shtool} install -c -m 755 \ + -e "s;@l_authmech@;${l_authmech};g" %{l_value -s -a} \ + %{SOURCE rc.sasl} \ + $RPM_BUILD_ROOT%{l_prefix}/etc/rc.d/ + + # install OSSP fsl configuration + %{l_shtool} mkdir -f -p -m 755 \ + $RPM_BUILD_ROOT%{l_prefix}/etc/fsl + %{l_shtool} install -c -m 644 %{l_value -s -a} \ + %{SOURCE fsl.sasl} \ + $RPM_BUILD_ROOT%{l_prefix}/etc/fsl/ + + # install pkg-config configuration + libs="-lsasl2" + case "%{l_platform -t}" in + *-linux* ) libs="$libs -ldl" ;; + esac + %{l_shtool} mkdir -f -p -m 755 \ + $RPM_BUILD_ROOT%{l_prefix}/lib/pkgconfig + %{l_shtool} install -c -m 644 %{l_value -s -a} \ + -e "s;@version@;%{version};" \ + -e "s;@libs@;$libs;" \ + %{SOURCE sasl.pc} \ + $RPM_BUILD_ROOT%{l_prefix}/lib/pkgconfig/ + + # determine installation files + %{l_rpmtool} files -v -ofiles -r$RPM_BUILD_ROOT \ + %{l_files_std} \ + '%config %{l_prefix}/etc/fsl/fsl.sasl' \ + '%config %{l_prefix}/etc/sasl/saslauthd.conf' \ + '%dir %attr(0755,%{l_musr},%{l_rgrp}) %{l_prefix}/var/sasl' \ + '%dir %attr(0755,%{l_musr},%{l_rgrp}) %{l_prefix}/var/sasl/run' \ + '%dir %attr(0755,%{l_musr},%{l_rgrp}) %{l_prefix}/var/sasl/run/saslauthd' \ + '%dir %attr(0700,%{l_susr},%{l_sgrp}) %{l_prefix}/var/sasl/log' + +%files -f files + +%clean + +%pre + # before upgrade, save status and stop service + [ $1 -eq 2 ] || exit 0 + eval `%{l_rc} sasl status 2>/dev/null | tee %{l_tmpfile}` + %{l_rc} sasl stop 2>/dev/null + exit 0 + +%post +%if "%{with_pam}" == "yes" + if [ $1 -eq 1 ]; then + # after install, add PAM configuration entry + $RPM_INSTALL_PREFIX/sbin/pamtool --add --smart --name=sasl + fi +%endif + if [ $1 -eq 2 ]; then + # after upgrade, restore status + eval `cat %{l_tmpfile}`; rm -f %{l_tmpfile} + [ ".$sasl_active" = .yes ] && %{l_rc} sasl start + fi + exit 0 + +%preun + # before erase, stop service and remove log files + [ $1 -eq 0 ] || exit 0 + %{l_rc} sasl stop 2>/dev/null + rm -f $RPM_INSTALL_PREFIX/var/sasl/log/*.log* >/dev/null 2>&1 || true +%if "%{with_pam}" == "yes" + # remove PAM configuration entry + $RPM_INSTALL_PREFIX/sbin/pamtool --remove --smart --name=sasl +%endif + exit 0 + diff -r f051a589a05a -r b318ab5c5f26 sasl/saslauthd.conf --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/sasl/saslauthd.conf Fri Oct 05 22:37:14 2012 +0200 @@ -0,0 +1,55 @@ +## +## saslauthd.conf -- SASL Authentication Daemon Configuration +## + +# white space separated list of LDAP servers +ldap_servers: ldap://127.0.0.1 + +# authentication for restricted LDAP servers +#ldap_bind_dn: cn=operator,ou=Profile,o=example.com +#ldap_bind_pw: secret + +# LDAP version to use (2|3) +#ldap_version 3 + +# LDAP timeout +#ldap_timeout 5 + +# LDAP aliases (search|find|always|never) +ldap_deref: never + +# follow LDAP referrals ? +ldap_referrals: no + +# restart LDAP I/O operations that fail ? +ldap_restart: yes + +# search scope (sub|one|base) +#ldap_scope: sub + +# starting point for a search +ldap_search_base: MUST-SPECIFY + +# authenticate against LDAP (bind|custom|fastbind) +ldap_auth_method: bind + +# Filter LDAP records, %u = username, %r = realm +# if ldap_auth_method is 'bind' the filter searches for the DN +# otherwise the filter searches for the userPassword attribute +#ldap_filter: uid=%u + +# debugging LDAP operation +#ldap_debug 0 + +# require and verify server certificate +#ldap_tls_check_peer: no +#ldap_tls_cacert_file: +#ldap_tls_cacert_dir: + +# list of SSL/TLS ciphers to allow +#ldap_tls_ciphers: DEFAULT + +# files containing client certificate and key +#ldap_tls_cert: +#ldap_tls_key: +