diff options
Diffstat (limited to 'security/cyrus-sasl/files/patch-ai')
| -rw-r--r-- | security/cyrus-sasl/files/patch-ai | 357 |
1 files changed, 357 insertions, 0 deletions
diff --git a/security/cyrus-sasl/files/patch-ai b/security/cyrus-sasl/files/patch-ai new file mode 100644 index 000000000000..a630c2ca8d67 --- /dev/null +++ b/security/cyrus-sasl/files/patch-ai @@ -0,0 +1,357 @@ +--- lib/checkpw.c.orig Wed Jul 19 20:24:13 2000 ++++ lib/checkpw.c Sat Sep 16 21:07:33 2000 +@@ -95,10 +95,19 @@ + #include <sys/un.h> + #ifdef HAVE_UNISTD_H + #include <unistd.h> +-#endif ++#endif /* HAVE_UNISTD_H */ + + extern int errno; +-#endif ++#endif /* HAVE_PWCHECK */ ++ ++#ifdef HAVE_MYSQL ++#include <mysql.h> ++#endif /* HAVE_MYSQL */ ++ ++#ifdef HAVE_LDAP ++#include <lber.h> ++#include <ldap.h> ++#endif /* HAVE_LDAP */ + + #ifdef HAVE_KRB + +@@ -170,12 +179,20 @@ + memcpy (&temp_key, "kerberos", 8); + des_fixup_key_parity (&temp_key); + des_key_sched (&temp_key, schedule); ++#ifdef __FreeBSD__ ++ des_cbc_cksum ((const unsigned char *)password, &ivec, passlen, schedule, &ivec); ++#else + des_cbc_cksum ((des_cblock *)password, &ivec, passlen, schedule, &ivec); ++#endif + + memcpy (&temp_key, &ivec, sizeof temp_key); + des_fixup_key_parity (&temp_key); + des_key_sched (&temp_key, schedule); ++#ifdef __FreeBSD__ ++ des_cbc_cksum ((const unsigned char *)password, key, passlen, schedule, &ivec); ++#else + des_cbc_cksum ((des_cblock *)password, key, passlen, schedule, &ivec); ++#endif + + des_fixup_key_parity (key); + +@@ -210,10 +227,17 @@ + return (str); + } + ++#ifdef __FreeBSD__ ++static int use_key(const char *user __attribute__((unused)), ++ char *instance __attribute__((unused)), ++ const char *realm __attribute__((unused)), ++ const void *key, des_cblock *returned_key) ++#else + static int use_key(char *user __attribute__((unused)), + char *instance __attribute__((unused)), + char *realm __attribute__((unused)), + void *key, des_cblock *returned_key) ++#endif + { + memcpy (returned_key, key, sizeof(des_cblock)); + return 0; +@@ -838,7 +862,7 @@ + + + /* pwcheck daemon-authenticated login */ +-static int pwcheck_verify_password(sasl_conn_t *conn, ++static int pwcheck_verify_password(sasl_conn_t *conn __attribute__((unused)), + const char *userid, + const char *passwd, + const char *service __attribute__((unused)), +@@ -853,8 +877,10 @@ + static char response[1024]; + int start, n; + char pwpath[1024]; ++#if 0 /* Not used */ + sasl_getopt_t *getopt; + void *context; ++#endif + + if (reply) { *reply = NULL; } + +@@ -902,6 +928,260 @@ + + #endif + ++#ifdef HAVE_MYSQL ++/* DMZ mysql auth 12/29/1999 ++ * Updated to 1.5.24 by SWH 09/12/2000 ++ */ ++#ifdef USE_CRYPT_PASSWORD ++#define QUERY_STRING "select %s from %s where %s = '%s' and %s = password('%s')" ++#else ++#define QUERY_STRING "select %s from %s where %s = '%s' and %s = '%s'" ++#endif ++ ++static int mysql_verify_password(sasl_conn_t *conn, ++ const char *userid, ++ const char *password, ++ const char *service __attribute__((unused)), ++ const char *user_realm __attribute__((unused)), ++ const char **reply) ++{ ++ unsigned int numrows; ++ MYSQL mysql,*sock; ++ MYSQL_RES *result; ++ char qbuf[300]; ++ char *db_user="", ++ *db_passwd="", ++ *db_host="", ++ *db_uidcol="", ++ *db_pwcol="", ++ *db_database="", ++ *db_table=""; ++ sasl_getopt_t *getopt; ++ void *context; ++ ++ if (!userid || !password) { ++ return SASL_BADPARAM; ++ } ++ if (reply) { *reply = NULL; } ++ ++ /* check to see if the user configured a mysqluser/passwd/host/etc */ ++ if (_sasl_getcallback(conn, SASL_CB_GETOPT, &getopt, &context) == SASL_OK) { ++ getopt(context, NULL, "mysql_user", (const char **) &db_user, NULL); ++ if (!db_user) db_user = ""; ++ getopt(context, NULL, "mysql_passwd", (const char **) &db_passwd, NULL); ++ if (!db_passwd) db_passwd = ""; ++ getopt(context, NULL, "mysql_host", (const char **) &db_host, NULL); ++ if (!db_host) db_host = ""; ++ getopt(context, NULL, "mysql_database", (const char **) &db_database, NULL); ++ if (!db_database) db_database = ""; ++ getopt(context, NULL, "mysql_table", (const char **) &db_table, NULL); ++ if (!db_table) db_table = ""; ++ getopt(context, NULL, "mysql_uidcol", (const char **) &db_uidcol, NULL); ++ if (!db_uidcol) db_uidcol = ""; ++ getopt(context, NULL, "mysql_pwdcol", (const char **) &db_pwcol, NULL); ++ if (!db_pwcol) db_pwcol = ""; ++ } ++ ++ if (!(sock = mysql_connect(&mysql,db_host,db_user,db_passwd))) ++ { ++ if (reply) { *reply = "cannot connect to MySQL server"; } ++ return SASL_FAIL; ++ } ++ ++ if (mysql_select_db(sock,db_database) < 0) ++ { ++ mysql_close(sock); ++ if (reply) { *reply = "cannot select MySQL database"; } ++ return SASL_FAIL; ++ } ++ /* select DB_UIDCOL from DB_TABLE where DB_UIDCOL = 'userid' AND DB_PWCOL = password('password') */ ++ sprintf(qbuf,QUERY_STRING,db_uidcol,db_table,db_uidcol,userid,db_pwcol,password); ++ if (mysql_query(sock,qbuf) < 0 || !(result=mysql_store_result(sock))) ++ { ++ mysql_close(sock); ++ return SASL_FAIL; ++ } ++ ++ if (result) //There were some rows found ++ { ++ if ((numrows = mysql_affected_rows(&mysql)) != 1) ++ { ++ mysql_free_result(result); ++ mysql_close(sock); ++ if ((numrows > 1) && (reply)) { *reply = "Detected duplicate entries for user"; } ++ return SASL_BADAUTH; ++ } else { ++ mysql_free_result(result); ++ mysql_close(sock); ++ return SASL_OK; ++ } ++ } ++ mysql_free_result(result); ++ mysql_close(sock); ++ return SASL_BADAUTH; ++} ++#endif /* HAVE_MYSQL */ ++ ++#ifdef HAVE_LDAP ++/* simon@surf.org.uk LDAP auth 07/11/2000 ++ * Updated to 1.5.24 by SWH 09/12/2000 ++ */ ++ ++#define LDAP_SERVER "localhost" ++#define LDAP_BASEDN "o=JOFA, c=UK" ++#define LDAP_UIDATTR "uid" ++ ++#ifndef TRUE ++# define TRUE 1 ++# define FALSE 0 ++#endif ++ ++static int ldap_isdigits(char *value) ++{ ++ char *ptr; ++ int num = TRUE; ++ ++ for (ptr = value; *ptr != '\0' && num != FALSE; ptr++) { ++ if (!isdigit(*ptr)) ++ num = FALSE; ++ } ++ ++ return num; ++} ++ ++static int ldap_verify_password(sasl_conn_t *conn, ++ const char *userid, ++ const char *password, ++ const char *service __attribute__((unused)), ++ const char *user_realm __attribute__((unused)), ++ const char **reply) ++{ ++ ++ LDAP *ld; ++ LDAPMessage *result; ++ LDAPMessage *entry; ++ char *attrs[2]; ++ char filter[200]; ++ char *dn, ++ *ldap_server="", ++ *ldap_basedn="", ++ *ldap_uidattr="", ++ *port_num=""; ++ int ldap_port = LDAP_PORT; ++ int count; ++ sasl_getopt_t *getopt; ++ void *context; ++ ++ /* If the password is NULL, reject the login... ++ * Otherwise the bind will succed as a reference bind. Not good... ++ */ ++ if (strcmp(password,"") == 0) ++ { ++ return SASL_BADPARAM; ++ } ++ ++ if (reply) { *reply = NULL; } ++ ++ /* check to see if the user configured a mysqluser/passwd/host/etc */ ++ if (_sasl_getcallback(conn, SASL_CB_GETOPT, &getopt, &context) == SASL_OK) { ++ getopt(context, NULL, "ldap_server", (const char **) &ldap_server, NULL); ++ if (!ldap_server) ldap_server = LDAP_SERVER; ++ getopt(context, NULL, "ldap_basedn", (const char **) &ldap_basedn, NULL); ++ if (!ldap_basedn) { ++ if (reply) { *reply = "ldap_basedn not defined"; } ++ return SASL_BADPARAM; ++ } ++ getopt(context, NULL, "ldap_uidattr", (const char **) &ldap_uidattr, NULL); ++ if (!ldap_uidattr) ldap_uidattr = LDAP_UIDATTR; ++ getopt(context, NULL, "ldap_port", (const char **) &port_num, NULL); ++ if (!port_num) { ++ ldap_port = LDAP_PORT; ++ } else if (!ldap_isdigits(port_num)) { ++ if (reply) { *reply = "ldap_port - invalid value"; } ++ return SASL_BADPARAM; ++ } else { ++ ldap_port = atoi(port_num); ++ } ++ } ++ ++ /* Open the LDAP connection. */ ++ if ((ld = ldap_open(ldap_server, ldap_port)) == NULL) ++ { ++ if (reply) { *reply = "cannot connect to LDAP server"; } ++ return SASL_FAIL; ++ } ++ ++ /* Bind anonymously so that you can find the DN of the appropriate user. */ ++ if (ldap_simple_bind_s(ld,"","") != LDAP_SUCCESS) ++ { ++ ldap_unbind(ld); ++ if (reply) { *reply = "cannot bind to LDAP server"; } ++ return SASL_FAIL; ++ } ++ ++ /* Generate a filter that will return the entry with a matching UID */ ++ sprintf(filter,"(%s=%s)", ldap_uidattr,userid); ++ ++ /* Just return country...This doesn't actually matter, since we will ++ * not read the attributes and values, only the DN ++ */ ++ attrs[0] = "c"; ++ attrs[1] = NULL; ++ ++ /* Perform the search... */ ++ if (ldap_search_s(ld,ldap_basedn,LDAP_SCOPE_SUBTREE,filter,attrs,1,&result) != LDAP_SUCCESS ) ++ { ++ ldap_unbind(ld); ++ return SASL_BADAUTH; ++ } ++ ++ /* If the entry count is not equal to one, either the UID was not unique or ++ * there was no match ++ */ ++ if ((count = ldap_count_entries(ld,result)) != 1) ++ { ++ ldap_msgfree(result); ++ ldap_unbind(ld); ++ if ((count > 1) && (reply)) { *reply = "Detected duplicate entries for user"; } ++ return SASL_BADAUTH; ++ } ++ ++ /* Get the first entry */ ++ if ((entry = ldap_first_entry(ld,result)) == NULL) ++ { ++ ldap_msgfree(result); ++ ldap_unbind(ld); ++ return SASL_BADAUTH; ++ } ++ ++ /* Get the DN of the entry */ ++ if ((dn = ldap_get_dn(ld,entry)) == NULL) ++ { ++ ldap_msgfree(entry); ++ ldap_unbind(ld); ++ return SASL_BADAUTH; ++ } ++ ++ /* Now bind as the DN with the password supplied earlier... ++ * Successful bind means the password was correct, otherwise the ++ * password is invalid. ++ */ ++ if (ldap_simple_bind_s(ld,dn,(char *)password) != LDAP_SUCCESS) ++ { ++ free(dn); ++ ldap_msgfree(entry); ++ ldap_unbind(ld); ++ return SASL_BADAUTH; ++ } ++ ++ free(dn); ++ ldap_msgfree(entry); ++ ldap_unbind(ld); ++ return SASL_OK; ++} ++ ++#endif /* HAVE_LDAP */ ++ + struct sasl_verify_password_s _sasl_verify_password[] = { + { "sasldb", &sasldb_verify_password }, + #ifdef HAVE_KRB +@@ -921,6 +1201,12 @@ + #endif + #ifdef HAVE_PWCHECK + { "pwcheck", &pwcheck_verify_password }, ++#endif ++#ifdef HAVE_MYSQL ++ { "mysql", &mysql_verify_password }, ++#endif ++#ifdef HAVE_LDAP ++ { "ldap", &ldap_verify_password }, + #endif + { NULL, NULL } + }; |