diff options
author | cvs2svn <cvs2svn@FreeBSD.org> | 2002-01-29 04:56:35 +0000 |
---|---|---|
committer | cvs2svn <cvs2svn@FreeBSD.org> | 2002-01-29 04:56:35 +0000 |
commit | b315e20b06b5067b11496cbfb4744f5cf16a9639 (patch) | |
tree | 3fe761c428249a06677cf9f97eb9badee0732a6a /security/cyrus-sasl2/files | |
parent | update to 2.0.6. (diff) |
This commit was manufactured by cvs2svn to create tag 'RELEASE_4_5_0'.release/4.5.0
Notes
Notes:
svn path=/head/; revision=53938
svn path=/tags/RELEASE_4_5_0/; revision=53939; tag=release/4.5.0
Diffstat (limited to 'security/cyrus-sasl2/files')
-rw-r--r-- | security/cyrus-sasl2/files/Sendmail.README | 41 | ||||
-rw-r--r-- | security/cyrus-sasl2/files/patch-ab | 37 | ||||
-rw-r--r-- | security/cyrus-sasl2/files/patch-java::CyrusSasl::Makefile.am | 11 | ||||
-rw-r--r-- | security/cyrus-sasl2/files/patch-java::javax::security::auth::callback::Makefile.am | 11 | ||||
-rw-r--r-- | security/cyrus-sasl2/files/patch-lib::checkpw.c | 101 | ||||
-rw-r--r-- | security/cyrus-sasl2/files/patch-plugins::gssapi.c | 15 | ||||
-rw-r--r-- | security/cyrus-sasl2/files/patch-pwcheck::Makefile.am | 17 | ||||
-rw-r--r-- | security/cyrus-sasl2/files/pwcheck.sh | 66 | ||||
-rw-r--r-- | security/cyrus-sasl2/files/pwcheck_pam.c | 101 |
9 files changed, 0 insertions, 400 deletions
diff --git a/security/cyrus-sasl2/files/Sendmail.README b/security/cyrus-sasl2/files/Sendmail.README deleted file mode 100644 index a7dd2267c39d..000000000000 --- a/security/cyrus-sasl2/files/Sendmail.README +++ /dev/null @@ -1,41 +0,0 @@ -How to enable SMTP AUTH with FreeBSD default Sendmail 8.11 - -1) Add the following to /etc/make.conf: - - # Add SMTP AUTH support to Sendmail - SENDMAIL_CFLAGS+= -I/usr/local/include/sasl -DSASL -D_FFR_UNSAFE_SASL - SENDMAIL_LDFLAGS+= -L/usr/local/lib - SENDMAIL_LDADD+= -lsasl - -2) Rebuild FreeBSD (make buildworld, ...) - -3) Create /usr/local/lib/sasl/Sendmail.conf with the following. - - pwcheck_method: pwcheck - -4) Add the following to your sendmail.mc file: - - TRUST_AUTH_MECH(`DIGEST-MD5 CRAM-MD5')dnl - define(`confAUTH_MECHANISMS',`DIGEST-MD5 CRAM-MD5')dnl - define(`confDONT_BLAME_SENDMAIL',`GroupReadableSASLFile')dnl - define(`confRUN_AS_USER',`root:mail')dnl - - ---- - - Additional AUTH Mechanisms are LOGIN, PLAIN, GSSAPI, and KERBEROS_V4. - These can be added to TRUST_AUTH_MECH and confAUTH_MECHANISMS as a space - seperated list. You may want to restrict LOGIN, and PLAIN authentication - methods for use with STARTTLS, as the password is not encrypted when - passed to sendmail. - - LOGIN is required for Outlook Express users. "My server requires - authentication" needs to be checked in the accounts properties to - use SASL Authentication. - - PLAIN is required for Netscape Communicator users. By default Netscape - Communicator will use SASL Authentication when sendmail is compiled with - SASL. - - The DONT_BLAME_SENDMAIL option GroupReadableSASLFile is needed when you - are using cyrus-imapd and sendmail on the same server that requires access - to the sasldb database. diff --git a/security/cyrus-sasl2/files/patch-ab b/security/cyrus-sasl2/files/patch-ab deleted file mode 100644 index 009a8b4a9f82..000000000000 --- a/security/cyrus-sasl2/files/patch-ab +++ /dev/null @@ -1,37 +0,0 @@ ---- configure.in.orig Thu Jan 17 19:21:51 2002 -+++ configure.in Thu Jan 17 19:47:46 2002 -@@ -66,8 +66,9 @@ - dnl check for -R, etc. switch - CMU_GUESS_RUNPATH_SWITCH - dnl let's just link against local. otherwise we never find anything useful. --CPPFLAGS="-I/usr/local/include ${CPPFLAGS}" --CMU_ADD_LIBPATH("/usr/local/lib") -+CPPFLAGS="-I${OPENSSLINC} -I${OPENSSLINC}/openssl ${CPPFLAGS}" -+CMU_ADD_LIBPATH("${OPENSSLLIB}") -+CMU_ADD_LIBPATH("${LOCALBASE}/lib") - - AM_DISABLE_STATIC - -@@ -122,8 +123,6 @@ - - AC_SUBST(JAVA_INCLUDES) - AC_MSG_RESULT(JAVA_INCLUDES) -- JAVAC=`echo "$JAVAC" | sed 's,.*/,,'` -- JAVAH=`echo "$JAVAH" | sed 's,.*/,,'` - fi - - AM_CONDITIONAL(SAMPLE, test "$enable_sample" = yes) -@@ -235,6 +234,13 @@ - berkeley) - SASL_DB_BACKEND="db_${dblib}.lo" - AC_DEFINE(SASL_BERKELEYDB) -+ for db3loc in ${prefix} /usr/local /usr -+ do -+ if test -d ${db3loc}/include/db3; then -+ CPPFLAGS="-I${db3loc}/include/db3 $CPPFLAGS" -+ break -+ fi -+ done - ;; - *) - AC_MSG_WARN([Disabling SASL authentication database support]) diff --git a/security/cyrus-sasl2/files/patch-java::CyrusSasl::Makefile.am b/security/cyrus-sasl2/files/patch-java::CyrusSasl::Makefile.am deleted file mode 100644 index bf5be6aef933..000000000000 --- a/security/cyrus-sasl2/files/patch-java::CyrusSasl::Makefile.am +++ /dev/null @@ -1,11 +0,0 @@ ---- java/CyrusSasl/Makefile.am.orig Tue Nov 21 23:55:17 2000 -+++ java/CyrusSasl/Makefile.am Thu Jan 17 21:58:10 2002 -@@ -25,7 +25,7 @@ - - javasasl_version = 1:0:0 - --javasasldir = $(prefix)/lib/java/classes/sasl/CyrusSasl -+javasasldir = $(prefix)/share/java/classes/sasl/CyrusSasl - javahtmldir = $(prefix)/html/sasl - - INCLUDES=$(JAVA_INCLUDES) -I$(top_srcdir)/include diff --git a/security/cyrus-sasl2/files/patch-java::javax::security::auth::callback::Makefile.am b/security/cyrus-sasl2/files/patch-java::javax::security::auth::callback::Makefile.am deleted file mode 100644 index d4f02627d7a8..000000000000 --- a/security/cyrus-sasl2/files/patch-java::javax::security::auth::callback::Makefile.am +++ /dev/null @@ -1,11 +0,0 @@ ---- java/javax/security/auth/callback/Makefile.am.orig Sat Nov 4 16:55:44 2000 -+++ java/javax/security/auth/callback/Makefile.am Thu Jan 17 22:05:23 2002 -@@ -39,7 +39,7 @@ - # - ################################################################ - --javasasldir = $(prefix)/lib/java/classes/sasl/javax/security/auth/callback -+javasasldir = $(prefix)/share/java/classes/sasl/javax/security/auth/callback - javahtmldir = $(prefix)/html/sasl - - javasasl_JAVA = PasswordCallback.java \ diff --git a/security/cyrus-sasl2/files/patch-lib::checkpw.c b/security/cyrus-sasl2/files/patch-lib::checkpw.c deleted file mode 100644 index a7632c8a4ff6..000000000000 --- a/security/cyrus-sasl2/files/patch-lib::checkpw.c +++ /dev/null @@ -1,101 +0,0 @@ ---- lib/checkpw.c.orig Fri Jan 18 21:56:29 2002 -+++ lib/checkpw.c Fri Jan 18 22:14:58 2002 -@@ -1491,6 +1491,9 @@ - # define FALSE 0 - #endif - -+#ifndef LDAP_NO_ATTRS -+#define LDAP_NO_ATTRS "1.1" -+#endif - static int ldap_isdigits(char *value) - { - char *ptr; -@@ -1504,6 +1507,16 @@ - return num; - } - -+#ifdef LDAP_VENDOR_VERSION -+#define SASL_ldap_search_ext_s(ld, base, scope, filter, attrs, attrsonly, serverctrls, clientctrls, timeout, sizelimit, res) \ -+ ldap_search_ext_s(ld, base, scope, filter, attrs, attrsonly, serverctrls, clientctrls, timeout, sizelimit, res) -+#define SASL_ldap_memfree(dn) ldap_memfree(dn) -+#else -+#define SASL_ldap_search_ext_s(ld, base, scope, filter, attrs, attrsonly, serverctrls, clientctrls, timeout, sizelimit, res) \ -+ ldap_search_st(ld, base, scope, filter, attrs, attrsonly, timeout, res) -+#define SASL_ldap_memfree(dn) free(dn) -+#endif -+ - static int ldap_verify_password(sasl_conn_t *conn, - const char *userid, - const char *password, -@@ -1522,18 +1535,18 @@ - *ldap_filter="", - *ldap_bind_dn="", - *ldap_bind_pw="", -- *ldap_ssl="", - *ldap_filter_mode="", - *port_num=""; - int malloc_size; /* safety net */ - int ldap_filter_flag = 0; -- int ldap_ssl_flag = 0; - int ldap_port = LDAP_PORT; - sasl_getopt_t *getopt; - void *context; - LDAPMessage *result, *e; - char *attrs[]={LDAP_NO_ATTRS, NULL}; - #ifdef LDAP_OPT_X_TLS -+ char *ldap_ssl=""; -+ int ldap_ssl_flag = 0; - int tls_option; - #endif - -@@ -1625,9 +1638,11 @@ - return SASL_FAIL; - } - /* set ssl mode if needed */ -+#ifdef LDAP_OPT_X_TLS - if ( ldap_ssl_flag ) { - ldap_set_option(ld, LDAP_OPT_X_TLS, (void *)&tls_option); - } -+#endif - - /* either run the filter or just bind as them ? */ - -@@ -1657,7 +1672,7 @@ - snprintf(filter,malloc_size-1,"(&(%s=%s)%s)", ldap_uidattr, userid, ldap_filter); - - /* Now do the search */ -- if (ldap_search_ext_s(ld, ldap_basedn, LDAP_SCOPE_SUBTREE, filter, -+ if (SASL_ldap_search_ext_s(ld, ldap_basedn, LDAP_SCOPE_SUBTREE, filter, - attrs, 0, NULL, NULL, LDAP_NO_LIMIT, 1, &result) != - LDAP_SUCCESS) { - free(filter); -@@ -1680,17 +1695,17 @@ - ldap_unbind(ld); - return SASL_BADAUTH; - } -- if (ldap_simple_bind_s(ld,dn,password) != LDAP_SUCCESS) { -+ if (ldap_simple_bind_s(ld,dn,(char *)password) != LDAP_SUCCESS) { - e = NULL; - free(filter); -- ldap_memfree(dn); -+ SASL_ldap_memfree(dn); - ldap_msgfree(result); - ldap_unbind(ld); - return SASL_BADAUTH; - } - e = NULL; - free(filter); -- ldap_memfree(dn); -+ SASL_ldap_memfree(dn); - ldap_msgfree(result); - - } else { -@@ -1710,7 +1725,7 @@ - * If this is not so I have a version or that too - * Simon@surf.org.uk - */ -- if (ldap_simple_bind_s(ld,dn,password) != LDAP_SUCCESS) { -+ if (ldap_simple_bind_s(ld,dn,(char *)password) != LDAP_SUCCESS) { - free(dn); - ldap_unbind(ld); - return SASL_BADAUTH; diff --git a/security/cyrus-sasl2/files/patch-plugins::gssapi.c b/security/cyrus-sasl2/files/patch-plugins::gssapi.c deleted file mode 100644 index 02273633a299..000000000000 --- a/security/cyrus-sasl2/files/patch-plugins::gssapi.c +++ /dev/null @@ -1,15 +0,0 @@ ---- plugins/gssapi.c.orig Fri Mar 9 23:56:46 2001 -+++ plugins/gssapi.c Mon Jan 21 21:03:32 2002 -@@ -71,6 +71,12 @@ - #include <saslutil.h> - #include <saslplug.h> - -+#ifdef HAVE_UNISTD_H -+#include <unistd.h> -+#endif -+ -+#include <errno.h> -+ - #ifdef WIN32 - /* This must be after sasl.h */ - # include "saslgssapi.h" diff --git a/security/cyrus-sasl2/files/patch-pwcheck::Makefile.am b/security/cyrus-sasl2/files/patch-pwcheck::Makefile.am deleted file mode 100644 index c9e94adefa82..000000000000 --- a/security/cyrus-sasl2/files/patch-pwcheck::Makefile.am +++ /dev/null @@ -1,17 +0,0 @@ ---- pwcheck/Makefile.am.orig Wed Mar 22 11:06:43 2000 -+++ pwcheck/Makefile.am Thu Jan 17 19:09:06 2002 -@@ -22,9 +22,13 @@ - # SOFTWARE. - # - --sbin_PROGRAMS = pwcheck -+sbin_PROGRAMS = pwcheck pwcheck_pam - - pwcheck_SOURCES = pwcheck.c - EXTRA_pwcheck_SOURCES = pwcheck_getpwnam.c pwcheck_getspnam.c - pwcheck_DEPENDECIES = pwcheck_@PWCHECKMETH@.lo - pwcheck_LDADD = pwcheck_@PWCHECKMETH@.lo @LIB_CRYPT@ @LIB_SOCKET@ -+ -+pwcheck_pam_SOURCES = pwcheck.c -+pwcheck_pam_DEPENDECIES = pwcheck_pam.lo -+pwcheck_pam_LDADD = pwcheck_pam.lo @LIB_CRYPT@ @LIB_SOCKET@ @LIB_PAM@ diff --git a/security/cyrus-sasl2/files/pwcheck.sh b/security/cyrus-sasl2/files/pwcheck.sh deleted file mode 100644 index 3f4c903817a2..000000000000 --- a/security/cyrus-sasl2/files/pwcheck.sh +++ /dev/null @@ -1,66 +0,0 @@ -#!/bin/sh -# -# $FreeBSD$ -# - -action=$1 - -PREFIX=%%PREFIX%% - -# Suck in the configuration variables. -if [ -z "${source_rc_confs_defined}" ]; then - if [ -r /etc/defaults/rc.conf ]; then - . /etc/defaults/rc.conf - source_rc_confs - elif [ -r /etc/rc.conf ]; then - . /etc/rc.conf - fi -fi - -# The following sasl_pwcheck_* variables may be defined in rc.conf -# -# sasl_pwcheck_enable - Set to YES to enable pwcheck -# Default: %%ENABLEPWCHECK%% -# -# sasl_pwcheck_program - Path to pwcheck program (pwcheck/pwcheck_pam) -# Default: ${PREFIX}/sbin/%%PWCHECK%% - -if [ -z "${sasl_pwcheck_enable}" ] ; then - sasl_pwcheck_enable=%%ENABLEPWCHECK%% -fi - -if [ -z "${sasl_pwcheck_program}" ]; then - sasl_pwcheck_program=${PREFIX}/sbin/%%PWCHECK%% -fi - -rc=0 - -case "${sasl_pwcheck_enable}" in - [Yy][Ee][Ss]) - case "${action}" in - - start) - if [ -x ${sasl_pwcheck_program} ] ; then - ${sasl_pwcheck_program} & && echo -n " pwcheck" - fi - ;; - - stop) - if [ -r /var/run/pwcheck.pid ]; then - kill `cat /var/run/pwcheck.pid` && echo -n " pwcheck" - rm /var/run/pwcheck.pid - fi - ;; - - *) - echo "usage: $0 {start|stop}" 1>&2 - rc=64 - ;; - esac - ;; - *) - rc=0 - ;; -esac - -exit $rc diff --git a/security/cyrus-sasl2/files/pwcheck_pam.c b/security/cyrus-sasl2/files/pwcheck_pam.c deleted file mode 100644 index 57e1076ca92a..000000000000 --- a/security/cyrus-sasl2/files/pwcheck_pam.c +++ /dev/null @@ -1,101 +0,0 @@ - -#include <security/pam_appl.h> -#include <stdio.h> -#include <stdlib.h> -#include <string.h> - -/* Static variables used to communicate between the conversation function - * and the server_login function - */ -static char *PAM_username; -static char *PAM_password; - -/* PAM conversation function - */ -static int PAM_conv (int num_msg, - const struct pam_message **msg, - struct pam_response **resp, - void *appdata_ptr) { - int replies = 0; - struct pam_response *reply = NULL; - - #define COPY_STRING(s) (s) ? strdup(s) : NULL - - reply = malloc(sizeof(struct pam_response) * num_msg); - if (!reply) return PAM_CONV_ERR; - - for (replies = 0; replies < num_msg; replies++) { - switch (msg[replies]->msg_style) { - case PAM_PROMPT_ECHO_ON: - reply[replies].resp_retcode = PAM_SUCCESS; - reply[replies].resp = COPY_STRING(PAM_username); - /* PAM frees resp */ - break; - case PAM_PROMPT_ECHO_OFF: - reply[replies].resp_retcode = PAM_SUCCESS; - reply[replies].resp = COPY_STRING(PAM_password); - /* PAM frees resp */ - break; - case PAM_TEXT_INFO: - /* fall through */ - case PAM_ERROR_MSG: - /* ignore it, but pam still wants a NULL response... */ - reply[replies].resp_retcode = PAM_SUCCESS; - reply[replies].resp = NULL; - break; - default: - /* Must be an error of some sort... */ - free (reply); - return PAM_CONV_ERR; - } - } - *resp = reply; - return PAM_SUCCESS; -} - -static struct pam_conv PAM_conversation = { - PAM_conv, - NULL -}; - -/* Server log in - * Accepts: user name string - * password string - * Returns: "OK" if password validated, error message otherwise - */ - -char *pwcheck(char *username, char *password) -{ - pam_handle_t *pamh; - int pam_error; - - /* PAM only handles authentication, not user information. */ - if ( !(username && password && strlen(username) && strlen(password)) ) - return "Incorrect username"; - - /* validate password */ - - PAM_password = password; - PAM_username = username; - fprintf(stderr, "checking %s\n", username); - pam_error = pam_start("cyrus", username, &PAM_conversation, &pamh); - if (pam_error == PAM_SUCCESS) - pam_error = pam_authenticate(pamh, 0); - - if (pam_error == PAM_SUCCESS) - pam_error = pam_acct_mgmt(pamh, 0); - - if ( pam_error == PAM_SUCCESS) - fprintf(stderr, "\tauthenticated %s\n", username); - else - fprintf(stderr, "\tfailed to authenticate %s\n", username); - - if(pam_end(pamh, pam_error) != PAM_SUCCESS) { - pamh = NULL; - fprintf(stderr, "pwcheck: failed to release authenticator\n"); - exit(1); - } - return ( pam_error == PAM_SUCCESS ? "OK" : "Incorrect passwd" ); -} - - |