diff options
Diffstat (limited to 'security/cyrus-sasl2/files/patch-ai')
| -rw-r--r-- | security/cyrus-sasl2/files/patch-ai | 357 |
1 files changed, 0 insertions, 357 deletions
diff --git a/security/cyrus-sasl2/files/patch-ai b/security/cyrus-sasl2/files/patch-ai deleted file mode 100644 index a630c2ca8d67..000000000000 --- a/security/cyrus-sasl2/files/patch-ai +++ /dev/null @@ -1,357 +0,0 @@ ---- lib/checkpw.c.orig Wed Jul 19 20:24:13 2000 -+++ lib/checkpw.c Sat Sep 16 21:07:33 2000 -@@ -95,10 +95,19 @@ - #include <sys/un.h> - #ifdef HAVE_UNISTD_H - #include <unistd.h> --#endif -+#endif /* HAVE_UNISTD_H */ - - extern int errno; --#endif -+#endif /* HAVE_PWCHECK */ -+ -+#ifdef HAVE_MYSQL -+#include <mysql.h> -+#endif /* HAVE_MYSQL */ -+ -+#ifdef HAVE_LDAP -+#include <lber.h> -+#include <ldap.h> -+#endif /* HAVE_LDAP */ - - #ifdef HAVE_KRB - -@@ -170,12 +179,20 @@ - memcpy (&temp_key, "kerberos", 8); - des_fixup_key_parity (&temp_key); - des_key_sched (&temp_key, schedule); -+#ifdef __FreeBSD__ -+ des_cbc_cksum ((const unsigned char *)password, &ivec, passlen, schedule, &ivec); -+#else - des_cbc_cksum ((des_cblock *)password, &ivec, passlen, schedule, &ivec); -+#endif - - memcpy (&temp_key, &ivec, sizeof temp_key); - des_fixup_key_parity (&temp_key); - des_key_sched (&temp_key, schedule); -+#ifdef __FreeBSD__ -+ des_cbc_cksum ((const unsigned char *)password, key, passlen, schedule, &ivec); -+#else - des_cbc_cksum ((des_cblock *)password, key, passlen, schedule, &ivec); -+#endif - - des_fixup_key_parity (key); - -@@ -210,10 +227,17 @@ - return (str); - } - -+#ifdef __FreeBSD__ -+static int use_key(const char *user __attribute__((unused)), -+ char *instance __attribute__((unused)), -+ const char *realm __attribute__((unused)), -+ const void *key, des_cblock *returned_key) -+#else - static int use_key(char *user __attribute__((unused)), - char *instance __attribute__((unused)), - char *realm __attribute__((unused)), - void *key, des_cblock *returned_key) -+#endif - { - memcpy (returned_key, key, sizeof(des_cblock)); - return 0; -@@ -838,7 +862,7 @@ - - - /* pwcheck daemon-authenticated login */ --static int pwcheck_verify_password(sasl_conn_t *conn, -+static int pwcheck_verify_password(sasl_conn_t *conn __attribute__((unused)), - const char *userid, - const char *passwd, - const char *service __attribute__((unused)), -@@ -853,8 +877,10 @@ - static char response[1024]; - int start, n; - char pwpath[1024]; -+#if 0 /* Not used */ - sasl_getopt_t *getopt; - void *context; -+#endif - - if (reply) { *reply = NULL; } - -@@ -902,6 +928,260 @@ - - #endif - -+#ifdef HAVE_MYSQL -+/* DMZ mysql auth 12/29/1999 -+ * Updated to 1.5.24 by SWH 09/12/2000 -+ */ -+#ifdef USE_CRYPT_PASSWORD -+#define QUERY_STRING "select %s from %s where %s = '%s' and %s = password('%s')" -+#else -+#define QUERY_STRING "select %s from %s where %s = '%s' and %s = '%s'" -+#endif -+ -+static int mysql_verify_password(sasl_conn_t *conn, -+ const char *userid, -+ const char *password, -+ const char *service __attribute__((unused)), -+ const char *user_realm __attribute__((unused)), -+ const char **reply) -+{ -+ unsigned int numrows; -+ MYSQL mysql,*sock; -+ MYSQL_RES *result; -+ char qbuf[300]; -+ char *db_user="", -+ *db_passwd="", -+ *db_host="", -+ *db_uidcol="", -+ *db_pwcol="", -+ *db_database="", -+ *db_table=""; -+ sasl_getopt_t *getopt; -+ void *context; -+ -+ if (!userid || !password) { -+ return SASL_BADPARAM; -+ } -+ if (reply) { *reply = NULL; } -+ -+ /* check to see if the user configured a mysqluser/passwd/host/etc */ -+ if (_sasl_getcallback(conn, SASL_CB_GETOPT, &getopt, &context) == SASL_OK) { -+ getopt(context, NULL, "mysql_user", (const char **) &db_user, NULL); -+ if (!db_user) db_user = ""; -+ getopt(context, NULL, "mysql_passwd", (const char **) &db_passwd, NULL); -+ if (!db_passwd) db_passwd = ""; -+ getopt(context, NULL, "mysql_host", (const char **) &db_host, NULL); -+ if (!db_host) db_host = ""; -+ getopt(context, NULL, "mysql_database", (const char **) &db_database, NULL); -+ if (!db_database) db_database = ""; -+ getopt(context, NULL, "mysql_table", (const char **) &db_table, NULL); -+ if (!db_table) db_table = ""; -+ getopt(context, NULL, "mysql_uidcol", (const char **) &db_uidcol, NULL); -+ if (!db_uidcol) db_uidcol = ""; -+ getopt(context, NULL, "mysql_pwdcol", (const char **) &db_pwcol, NULL); -+ if (!db_pwcol) db_pwcol = ""; -+ } -+ -+ if (!(sock = mysql_connect(&mysql,db_host,db_user,db_passwd))) -+ { -+ if (reply) { *reply = "cannot connect to MySQL server"; } -+ return SASL_FAIL; -+ } -+ -+ if (mysql_select_db(sock,db_database) < 0) -+ { -+ mysql_close(sock); -+ if (reply) { *reply = "cannot select MySQL database"; } -+ return SASL_FAIL; -+ } -+ /* select DB_UIDCOL from DB_TABLE where DB_UIDCOL = 'userid' AND DB_PWCOL = password('password') */ -+ sprintf(qbuf,QUERY_STRING,db_uidcol,db_table,db_uidcol,userid,db_pwcol,password); -+ if (mysql_query(sock,qbuf) < 0 || !(result=mysql_store_result(sock))) -+ { -+ mysql_close(sock); -+ return SASL_FAIL; -+ } -+ -+ if (result) //There were some rows found -+ { -+ if ((numrows = mysql_affected_rows(&mysql)) != 1) -+ { -+ mysql_free_result(result); -+ mysql_close(sock); -+ if ((numrows > 1) && (reply)) { *reply = "Detected duplicate entries for user"; } -+ return SASL_BADAUTH; -+ } else { -+ mysql_free_result(result); -+ mysql_close(sock); -+ return SASL_OK; -+ } -+ } -+ mysql_free_result(result); -+ mysql_close(sock); -+ return SASL_BADAUTH; -+} -+#endif /* HAVE_MYSQL */ -+ -+#ifdef HAVE_LDAP -+/* simon@surf.org.uk LDAP auth 07/11/2000 -+ * Updated to 1.5.24 by SWH 09/12/2000 -+ */ -+ -+#define LDAP_SERVER "localhost" -+#define LDAP_BASEDN "o=JOFA, c=UK" -+#define LDAP_UIDATTR "uid" -+ -+#ifndef TRUE -+# define TRUE 1 -+# define FALSE 0 -+#endif -+ -+static int ldap_isdigits(char *value) -+{ -+ char *ptr; -+ int num = TRUE; -+ -+ for (ptr = value; *ptr != '\0' && num != FALSE; ptr++) { -+ if (!isdigit(*ptr)) -+ num = FALSE; -+ } -+ -+ return num; -+} -+ -+static int ldap_verify_password(sasl_conn_t *conn, -+ const char *userid, -+ const char *password, -+ const char *service __attribute__((unused)), -+ const char *user_realm __attribute__((unused)), -+ const char **reply) -+{ -+ -+ LDAP *ld; -+ LDAPMessage *result; -+ LDAPMessage *entry; -+ char *attrs[2]; -+ char filter[200]; -+ char *dn, -+ *ldap_server="", -+ *ldap_basedn="", -+ *ldap_uidattr="", -+ *port_num=""; -+ int ldap_port = LDAP_PORT; -+ int count; -+ sasl_getopt_t *getopt; -+ void *context; -+ -+ /* If the password is NULL, reject the login... -+ * Otherwise the bind will succed as a reference bind. Not good... -+ */ -+ if (strcmp(password,"") == 0) -+ { -+ return SASL_BADPARAM; -+ } -+ -+ if (reply) { *reply = NULL; } -+ -+ /* check to see if the user configured a mysqluser/passwd/host/etc */ -+ if (_sasl_getcallback(conn, SASL_CB_GETOPT, &getopt, &context) == SASL_OK) { -+ getopt(context, NULL, "ldap_server", (const char **) &ldap_server, NULL); -+ if (!ldap_server) ldap_server = LDAP_SERVER; -+ getopt(context, NULL, "ldap_basedn", (const char **) &ldap_basedn, NULL); -+ if (!ldap_basedn) { -+ if (reply) { *reply = "ldap_basedn not defined"; } -+ return SASL_BADPARAM; -+ } -+ getopt(context, NULL, "ldap_uidattr", (const char **) &ldap_uidattr, NULL); -+ if (!ldap_uidattr) ldap_uidattr = LDAP_UIDATTR; -+ getopt(context, NULL, "ldap_port", (const char **) &port_num, NULL); -+ if (!port_num) { -+ ldap_port = LDAP_PORT; -+ } else if (!ldap_isdigits(port_num)) { -+ if (reply) { *reply = "ldap_port - invalid value"; } -+ return SASL_BADPARAM; -+ } else { -+ ldap_port = atoi(port_num); -+ } -+ } -+ -+ /* Open the LDAP connection. */ -+ if ((ld = ldap_open(ldap_server, ldap_port)) == NULL) -+ { -+ if (reply) { *reply = "cannot connect to LDAP server"; } -+ return SASL_FAIL; -+ } -+ -+ /* Bind anonymously so that you can find the DN of the appropriate user. */ -+ if (ldap_simple_bind_s(ld,"","") != LDAP_SUCCESS) -+ { -+ ldap_unbind(ld); -+ if (reply) { *reply = "cannot bind to LDAP server"; } -+ return SASL_FAIL; -+ } -+ -+ /* Generate a filter that will return the entry with a matching UID */ -+ sprintf(filter,"(%s=%s)", ldap_uidattr,userid); -+ -+ /* Just return country...This doesn't actually matter, since we will -+ * not read the attributes and values, only the DN -+ */ -+ attrs[0] = "c"; -+ attrs[1] = NULL; -+ -+ /* Perform the search... */ -+ if (ldap_search_s(ld,ldap_basedn,LDAP_SCOPE_SUBTREE,filter,attrs,1,&result) != LDAP_SUCCESS ) -+ { -+ ldap_unbind(ld); -+ return SASL_BADAUTH; -+ } -+ -+ /* If the entry count is not equal to one, either the UID was not unique or -+ * there was no match -+ */ -+ if ((count = ldap_count_entries(ld,result)) != 1) -+ { -+ ldap_msgfree(result); -+ ldap_unbind(ld); -+ if ((count > 1) && (reply)) { *reply = "Detected duplicate entries for user"; } -+ return SASL_BADAUTH; -+ } -+ -+ /* Get the first entry */ -+ if ((entry = ldap_first_entry(ld,result)) == NULL) -+ { -+ ldap_msgfree(result); -+ ldap_unbind(ld); -+ return SASL_BADAUTH; -+ } -+ -+ /* Get the DN of the entry */ -+ if ((dn = ldap_get_dn(ld,entry)) == NULL) -+ { -+ ldap_msgfree(entry); -+ ldap_unbind(ld); -+ return SASL_BADAUTH; -+ } -+ -+ /* Now bind as the DN with the password supplied earlier... -+ * Successful bind means the password was correct, otherwise the -+ * password is invalid. -+ */ -+ if (ldap_simple_bind_s(ld,dn,(char *)password) != LDAP_SUCCESS) -+ { -+ free(dn); -+ ldap_msgfree(entry); -+ ldap_unbind(ld); -+ return SASL_BADAUTH; -+ } -+ -+ free(dn); -+ ldap_msgfree(entry); -+ ldap_unbind(ld); -+ return SASL_OK; -+} -+ -+#endif /* HAVE_LDAP */ -+ - struct sasl_verify_password_s _sasl_verify_password[] = { - { "sasldb", &sasldb_verify_password }, - #ifdef HAVE_KRB -@@ -921,6 +1201,12 @@ - #endif - #ifdef HAVE_PWCHECK - { "pwcheck", &pwcheck_verify_password }, -+#endif -+#ifdef HAVE_MYSQL -+ { "mysql", &mysql_verify_password }, -+#endif -+#ifdef HAVE_LDAP -+ { "ldap", &ldap_verify_password }, - #endif - { NULL, NULL } - }; |