Submitted By: Armin K. <krejzi at email dot com>
Date: 2014-08-24
Initial Package Version: 2.1.26
Upstream Status: Unknown
Origin: Debian and Gentoo
Description: Various package fixes, including autotools fixes, plugin fixes, security fixes, parallel build fixes, etc.
--- a/cmulocal/sasl2.m4 2012-11-06 20:14:29.000000000 +0100
+++ b/cmulocal/sasl2.m4 2014-08-24 00:06:33.965346597 +0200
@@ -112,9 +112,6 @@
fi
if test "$gss_impl" = "auto" -o "$gss_impl" = "mit"; then
- # check for libkrb5support first
- AC_CHECK_LIB(krb5support,krb5int_getspecific,K5SUP=-lkrb5support K5SUPSTATIC=$gssapi_dir/libkrb5support.a,,${LIB_SOCKET})
-
gss_failed=0
AC_CHECK_LIB(gssapi_krb5,gss_unwrap,gss_impl="mit",gss_failed=1,
${GSSAPIBASE_LIBS} -lgssapi_krb5 -lkrb5 -lk5crypto -lcom_err ${K5SUP} ${LIB_SOCKET})
@@ -269,6 +266,7 @@
cmu_save_LIBS="$LIBS"
LIBS="$LIBS $GSSAPIBASE_LIBS"
AC_CHECK_FUNCS(gsskrb5_register_acceptor_identity)
+ AC_CHECK_FUNCS(krb5_gss_register_acceptor_identity)
AC_CHECK_FUNCS(gss_decapsulate_token)
AC_CHECK_FUNCS(gss_encapsulate_token)
AC_CHECK_FUNCS(gss_oid_equal)
--- a/config/kerberos_v4.m4 2012-01-28 00:31:36.000000000 +0100
+++ b/config/kerberos_v4.m4 2014-08-24 00:06:33.968346643 +0200
@@ -89,18 +89,18 @@
dnl if we were ambitious, we would look more aggressively for the
dnl krb4 install
if test -d ${krb4}; then
- AC_CACHE_CHECK(for Kerberos includes, cyrus_krbinclude, [
+ AC_CACHE_CHECK(for Kerberos includes, cyrus_cv_krbinclude, [
for krbhloc in include/kerberosIV include/kerberos include
do
if test -f ${krb4}/${krbhloc}/krb.h ; then
- cyrus_krbinclude=${krb4}/${krbhloc}
+ cyrus_cv_krbinclude=${krb4}/${krbhloc}
break
fi
done
])
- if test -n "${cyrus_krbinclude}"; then
- CPPFLAGS="$CPPFLAGS -I${cyrus_krbinclude}"
+ if test -n "${cyrus_cv_krbinclude}"; then
+ CPPFLAGS="$CPPFLAGS -I${cyrus_cv_krbinclude}"
fi
LDFLAGS="$LDFLAGS -L$krb4/lib"
fi
--- a/config.h.in 2012-11-06 20:20:59.000000000 +0100
+++ b/config.h.in 2014-08-24 00:06:33.969346659 +0200
@@ -126,6 +126,10 @@
*/
#undef HAVE_GSSKRB5_REGISTER_ACCEPTOR_IDENTITY
+/* Define to 1 if you have the `krb5_gss_register_acceptor_identity' function.
+ */
+#undef HAVE_KRB5_GSS_REGISTER_ACCEPTOR_IDENTITY
+
/* Define if your GSSAPI implementation defines GSS_C_NT_HOSTBASED_SERVICE */
#undef HAVE_GSS_C_NT_HOSTBASED_SERVICE
--- a/configure.in 2012-10-12 16:05:48.000000000 +0200
+++ b/configure.in 2014-08-24 00:06:46.492540015 +0200
@@ -44,6 +44,8 @@
AC_INIT(lib/saslint.h)
AC_PREREQ([2.54])
+AC_CONFIG_MACRO_DIR([cmulocal], [config])
+
dnl use ./config.cache as the default cache file.
dnl we require a cache file to successfully configure our build.
if test $cache_file = "/dev/null"; then
@@ -62,9 +64,6 @@
AM_INIT_AUTOMAKE(cyrus-sasl, 2.1.26)
CMU_INIT_AUTOMAKE
-# and include our config dir scripts
-ACLOCAL="$ACLOCAL -I \$(top_srcdir)/config"
-
DIRS=""
AC_ARG_ENABLE(cmulocal,
@@ -861,9 +860,9 @@
notfound) AC_WARN([SQLite Library not found]); true;;
*)
if test -d ${with_sqlite}/lib; then
- LIB_SQLITE="-L${with_sqlite}/lib -R${with_sqlite}/lib"
+ LIB_SQLITE="-L${with_sqlite}/lib"
else
- LIB_SQLITE="-L${with_sqlite} -R${with_sqlite}"
+ LIB_SQLITE="-L${with_sqlite}"
fi
LIB_SQLITE_DIR=$LIB_SQLITE
@@ -913,9 +912,9 @@
notfound) AC_WARN([SQLite3 Library not found]); true;;
*)
if test -d ${with_sqlite3}/lib; then
- LIB_SQLITE3="-L${with_sqlite3}/lib -R${with_sqlite3}/lib"
+ LIB_SQLITE3="-L${with_sqlite3}/lib"
else
- LIB_SQLITE3="-L${with_sqlite3} -R${with_sqlite3}"
+ LIB_SQLITE3="-L${with_sqlite3}"
fi
LIB_SQLITE3_DIR=$LIB_SQLITE3
@@ -1412,10 +1411,9 @@
#endif /* CONFIG_H */
])
-AM_CONFIG_HEADER(config.h)
+AC_CONFIG_HEADERS(config.h)
AC_OUTPUT(Makefile
-libsasl2.pc
include/Makefile
sasldb/Makefile
plugins/Makefile
--- a/include/sasl.h 2012-10-12 16:05:48.000000000 +0200
+++ b/include/sasl.h 2014-08-24 00:06:33.970346674 +0200
@@ -223,6 +223,8 @@
* they must be called before all other SASL functions:
*/
+#include <sys/types.h>
+
/* memory allocation functions which may optionally be replaced:
*/
typedef void *sasl_malloc_t(size_t);
--- a/java/CyrusSasl/Makefile.am 2012-01-28 00:31:36.000000000 +0100
+++ b/java/CyrusSasl/Makefile.am 2014-08-24 00:06:33.970346674 +0200
@@ -28,7 +28,7 @@
javasasldir = $(prefix)/lib/java/classes/sasl/CyrusSasl
javahtmldir = $(prefix)/html/sasl
-INCLUDES=-I$(top_srcdir)/include $(JAVA_INCLUDES)
+AM_CPPFLAGS=-I$(top_srcdir)/include $(JAVA_INCLUDES)
javasasl_JAVA = Sasl.java GenericClient.java \
ClientFactory.java \
--- a/lib/auxprop.c 2012-01-28 00:31:36.000000000 +0100
+++ b/lib/auxprop.c 2014-08-24 00:06:33.971346690 +0200
@@ -43,6 +43,7 @@
*/
#include <config.h>
+#include <stdio.h>
#include <sasl.h>
#include <prop.h>
#include <ctype.h>
@@ -970,6 +971,10 @@
}
if(!found) {
+ /* compatibility with <= 2.1.23, ignore the lack of auxrop plugin */
+ if (!plist)
+ result = SASL_OK;
+ else
_sasl_log(sparams->utils->conn, SASL_LOG_DEBUG,
"could not find auxprop plugin, was searching for '%s'",
plist ? plist : "[all]");
--- a/lib/dlopen.c 2012-01-28 00:31:36.000000000 +0100
+++ b/lib/dlopen.c 2014-08-24 00:06:33.971346690 +0200
@@ -247,105 +247,6 @@
return result;
}
-/* this returns the file to actually open.
- * out should be a buffer of size PATH_MAX
- * and may be the same as in. */
-
-/* We'll use a static buffer for speed unless someone complains */
-#define MAX_LINE 2048
-
-static int _parse_la(const char *prefix, const char *in, char *out)
-{
- FILE *file;
- size_t length;
- char line[MAX_LINE];
- char *ntmp = NULL;
-
- if(!in || !out || !prefix || out == in) return SASL_BADPARAM;
-
- /* Set this so we can detect failure */
- *out = '\0';
-
- length = strlen(in);
-
- if (strcmp(in + (length - strlen(LA_SUFFIX)), LA_SUFFIX)) {
- if(!strcmp(in + (length - strlen(SO_SUFFIX)),SO_SUFFIX)) {
- /* check for a .la file */
- strcpy(line, prefix);
- strcat(line, in);
- length = strlen(line);
- *(line + (length - strlen(SO_SUFFIX))) = '\0';
- strcat(line, LA_SUFFIX);
- file = fopen(line, "r");
- if(file) {
- /* We'll get it on the .la open */
- fclose(file);
- return SASL_FAIL;
- }
- }
- strcpy(out, prefix);
- strcat(out, in);
- return SASL_OK;
- }
-
- strcpy(line, prefix);
- strcat(line, in);
-
- file = fopen(line, "r");
- if(!file) {
- _sasl_log(NULL, SASL_LOG_WARN,
- "unable to open LA file: %s", line);
- return SASL_FAIL;
- }
-
- while(!feof(file)) {
- if(!fgets(line, MAX_LINE, file)) break;
- if(line[strlen(line) - 1] != '\n') {
- _sasl_log(NULL, SASL_LOG_WARN,
- "LA file has too long of a line: %s", in);
- return SASL_BUFOVER;
- }
- if(line[0] == '\n' || line[0] == '#') continue;
- if(!strncmp(line, "dlname=", sizeof("dlname=") - 1)) {
- /* We found the line with the name in it */
- char *end;
- char *start;
- size_t len;
- end = strrchr(line, '\'');
- if(!end) continue;
- start = &line[sizeof("dlname=")-1];
- len = strlen(start);
- if(len > 3 && start[0] == '\'') {
- ntmp=&start[1];
- *end='\0';
- /* Do we have dlname="" ? */
- if(ntmp == end) {
- _sasl_log(NULL, SASL_LOG_DEBUG,
- "dlname is empty in .la file: %s", in);
- return SASL_FAIL;
- }
- strcpy(out, prefix);
- strcat(out, ntmp);
- }
- break;
- }
- }
- if(ferror(file) || feof(file)) {
- _sasl_log(NULL, SASL_LOG_WARN,
- "Error reading .la: %s\n", in);
- fclose(file);
- return SASL_FAIL;
- }
- fclose(file);
-
- if(!(*out)) {
- _sasl_log(NULL, SASL_LOG_WARN,
- "Could not find a dlname line in .la file: %s", in);
- return SASL_FAIL;
- }
-
- return SASL_OK;
-}
#endif /* DO_DLOPEN */
/* loads a plugin library */
@@ -499,18 +400,18 @@
if (length + pos>=PATH_MAX) continue; /* too big */
if (strcmp(dir->d_name + (length - strlen(SO_SUFFIX)),
- SO_SUFFIX)
- && strcmp(dir->d_name + (length - strlen(LA_SUFFIX)),
- LA_SUFFIX))
+ SO_SUFFIX))
continue;
+ /* We only use .so files for loading plugins */
+
memcpy(name,dir->d_name,length);
name[length]='\0';
- result = _parse_la(prefix, name, tmp);
- if(result != SASL_OK)
- continue;
-
+ /* Create full name with path */
+ strncpy(tmp, prefix, PATH_MAX);
+ strncat(tmp, name, PATH_MAX);
+
/* skip "lib" and cut off suffix --
this only need be approximate */
strcpy(plugname, name + 3);
--- a/lib/Makefile.am 2012-10-12 16:05:48.000000000 +0200
+++ b/lib/Makefile.am 2014-08-24 00:06:33.971346690 +0200
@@ -45,7 +45,7 @@
# CURRENT:REVISION:AGE
sasl_version = 3:0:0
-INCLUDES=-DLIBSASL_EXPORTS=1 -I$(top_srcdir)/include -I$(top_srcdir)/plugins -I$(top_builddir)/include -I$(top_srcdir)/sasldb
+AM_CPPFLAGS=-DLIBSASL_EXPORTS=1 -I$(top_srcdir)/include -I$(top_srcdir)/plugins -I$(top_builddir)/include -I$(top_srcdir)/sasldb
EXTRA_DIST = windlopen.c staticopen.h NTMakefile
EXTRA_LIBRARIES = libsasl2.a
@@ -64,8 +64,8 @@
lib_LTLIBRARIES = libsasl2.la
libsasl2_la_SOURCES = $(common_sources) $(common_headers)
-libsasl2_la_LDFLAGS = -version-info $(sasl_version)
-libsasl2_la_DEPENDENCIES = $(LTLIBOBJS)
+libsasl2_la_LDFLAGS = -version-info $(sasl_version) -Wl,--version-script=$(top_srcdir)/Versions
+libsasl2_la_DEPENDENCIES = $(LTLIBOBJS) $(top_srcdir)/Versions
libsasl2_la_LIBADD = $(LTLIBOBJS) $(SASL_DL_LIB) $(LIB_SOCKET) $(LIB_DOOR)
if MACOSX
@@ -80,7 +80,7 @@
libsasl2.a: libsasl2.la $(SASL_STATIC_OBJS)
@echo adding static plugins and dependencies
- $(AR) cru .libs/$@ $(SASL_STATIC_OBJS)
+ $(AR) cru $@ $(SASL_STATIC_OBJS)
@for i in ./libsasl2.la ../sasldb/libsasldb.la ../plugins/lib*.la; do \
if test ! -f $$i; then continue; fi; . $$i; \
for j in $$dependency_libs foo; do \
--- a/Makefile.am 2012-10-12 16:05:48.000000000 +0200
+++ b/Makefile.am 2014-08-24 00:06:46.492540015 +0200
@@ -43,6 +43,14 @@
#
################################################################
+do_subst = sed -e 's,[@]LIB_DOOR[@],$(LIB_DOOR),g' \
+ -e 's,[@]SASL_DL_LIB[@],$(SASL_DL_LIB),g' \
+ -e 's,[@]LIBS[@],$(LIBS),g' \
+ -e 's,[@]VERSION[@],$(VERSION),g' \
+ -e 's,[@]libdir[@],$(libdir),g'
+
+ACLOCAL_AMFLAGS = -I cmulocal -I config
+
if SASLAUTHD
SAD = saslauthd
else
@@ -76,6 +84,10 @@
pkgconfigdir = $(libdir)/pkgconfig
pkgconfig_DATA = libsasl2.pc
+libsasl2.pc: $(srcdir)/libsasl2.pc.in Makefile
+ rm -f $@
+ $(do_subst) < $(srcdir)/libsasl2.pc.in > $@
+
dist-hook:
@find $(distdir) -exec chmod o+w {} ';'
@find $(distdir) -name CVS -print | xargs -t rm -rf
--- a/plugins/gssapi.c 2012-01-28 00:31:36.000000000 +0100
+++ b/plugins/gssapi.c 2014-08-24 00:06:33.972346705 +0200
@@ -50,6 +50,9 @@
#else
#include <gssapi/gssapi.h>
#endif
+#ifdef HAVE_KRB5_GSS_REGISTER_ACCEPTOR_IDENTITY
+#include <gssapi/gssapi_krb5.h>
+#endif
#ifdef WIN32
# include <winsock2.h>
@@ -1367,7 +1370,7 @@
};
int gssapiv2_server_plug_init(
-#ifndef HAVE_GSSKRB5_REGISTER_ACCEPTOR_IDENTITY
+#if !defined(HAVE_GSSKRB5_REGISTER_ACCEPTOR_IDENTITY) && !defined(HAVE_KRB5_GSS_REGISTER_ACCEPTOR_IDENTITY)
const sasl_utils_t *utils __attribute__((unused)),
#else
const sasl_utils_t *utils,
@@ -1377,7 +1380,7 @@
sasl_server_plug_t **pluglist,
int *plugcount)
{
-#ifdef HAVE_GSSKRB5_REGISTER_ACCEPTOR_IDENTITY
+#if defined(HAVE_GSSKRB5_REGISTER_ACCEPTOR_IDENTITY) || defined(HAVE_KRB5_GSS_REGISTER_ACCEPTOR_IDENTITY)
const char *keytab = NULL;
char keytab_path[1024];
unsigned int rl;
@@ -1387,7 +1390,7 @@
return SASL_BADVERS;
}
-#ifdef HAVE_GSSKRB5_REGISTER_ACCEPTOR_IDENTITY
+#if defined(HAVE_GSSKRB5_REGISTER_ACCEPTOR_IDENTITY) || defined(HAVE_KRB5_GSS_REGISTER_ACCEPTOR_IDENTITY)
/* unfortunately, we don't check for readability of keytab if it's
the standard one, since we don't know where it is */
@@ -1410,7 +1413,12 @@
strncpy(keytab_path, keytab, 1024);
+#ifdef HAVE_GSSKRB5_REGISTER_ACCEPTOR_IDENTITY
gsskrb5_register_acceptor_identity(keytab_path);
+#endif
+#ifdef HAVE_KRB5_GSS_REGISTER_ACCEPTOR_IDENTITY
+ krb5_gss_register_acceptor_identity(keytab_path);
+#endif
}
#endif
--- a/plugins/ldapdb.c 2012-01-28 00:31:36.000000000 +0100
+++ b/plugins/ldapdb.c 2014-08-24 00:06:33.972346705 +0200
@@ -251,6 +251,8 @@
#if defined(LDAP_PROXY_AUTHZ_FAILURE)
case LDAP_PROXY_AUTHZ_FAILURE:
+#elif defined(LDAP_X_PROXY_AUTHZ_FAILURE)
+ case LDAP_X_PROXY_AUTHZ_FAILURE:
#endif
case LDAP_INAPPROPRIATE_AUTH:
case LDAP_INVALID_CREDENTIALS:
@@ -404,6 +406,7 @@
if ( len > out_max )
len = out_max;
memcpy(out, bvals[0]->bv_val, len);
+ out[len] = '\0';
*out_ulen = len;
ber_bvecfree(bvals);
}
--- a/plugins/Makefile.am 2012-10-12 16:05:48.000000000 +0200
+++ b/plugins/Makefile.am 2014-08-24 00:06:33.973346721 +0200
@@ -49,7 +49,7 @@
# CURRENT:REVISION:AGE
plugin_version = 3:0:0
-INCLUDES=-I$(top_srcdir)/include -I$(top_srcdir)/lib -I$(top_srcdir)/sasldb -I$(top_builddir)/include
+AM_CPPFLAGS=-I$(top_srcdir)/include -I$(top_srcdir)/lib -I$(top_srcdir)/sasldb -I$(top_builddir)/include
AM_LDFLAGS = -module -export-dynamic -rpath $(plugindir) -version-info $(plugin_version)
COMPAT_OBJS = @LTGETADDRINFOOBJS@ @LTGETNAMEINFOOBJS@ @LTSNPRINTFOBJS@
--- a/pwcheck/Makefile.am 2012-01-28 00:31:36.000000000 +0100
+++ b/pwcheck/Makefile.am 2014-08-24 00:06:33.973346721 +0200
@@ -24,7 +24,7 @@
sbin_PROGRAMS = pwcheck
-INCLUDES = -I../include -I../lib
+AM_CPPFLAGS = -I../include -I../lib
pwcheck_SOURCES = pwcheck.c
EXTRA_pwcheck_SOURCES = pwcheck_getpwnam.c pwcheck_getspnam.c
--- a/pwcheck/pwcheck_getpwnam.c 2012-01-28 00:31:36.000000000 +0100
+++ b/pwcheck/pwcheck_getpwnam.c 2014-08-24 00:06:33.973346721 +0200
@@ -32,6 +32,7 @@
char *password;
{
char* r;
+ char* crpt_passwd;
struct passwd *pwd;
pwd = getpwnam(userid);
@@ -41,7 +42,7 @@
else if (pwd->pw_passwd[0] == '*') {
r = "Account disabled";
}
- else if (strcmp(pwd->pw_passwd, crypt(password, pwd->pw_passwd)) != 0) {
+ else if (!(crpt_passwd = crypt(password, pwd->pw_passwd)) || strcmp(pwd->pw_passwd, (const char *)crpt_passwd) != 0) {
r = "Incorrect password";
}
else {
--- a/pwcheck/pwcheck_getspnam.c 2012-01-28 00:31:36.000000000 +0100
+++ b/pwcheck/pwcheck_getspnam.c 2014-08-24 00:06:33.973346721 +0200
@@ -24,6 +24,7 @@
******************************************************************/
#include <shadow.h>
+#include <string.h>
extern char *crypt();
@@ -32,13 +33,15 @@
char *password;
{
struct spwd *pwd;
+ char *crpt_passwd;
pwd = getspnam(userid);
if (!pwd) {
return "Userid not found";
}
- if (strcmp(pwd->sp_pwdp, crypt(password, pwd->sp_pwdp)) != 0) {
+ crpt_passwd = crypt(password, pwd->sp_pwdp);
+ if (!crpt_passwd || strcmp(pwd->sp_pwdp, (const char *)crpt_passwd) != 0) {
return "Incorrect password";
}
else {
--- a/sample/Makefile.am 2012-10-16 15:07:55.000000000 +0200
+++ b/sample/Makefile.am 2014-08-24 00:06:33.973346721 +0200
@@ -42,7 +42,7 @@
#
################################################################
-INCLUDES=-I$(top_srcdir)/include
+AM_CPPFLAGS=-I$(top_srcdir)/include
noinst_PROGRAMS = client server
EXTRA_PROGRAMS = sample-client sample-server
--- a/saslauthd/auth_getpwent.c 2012-10-12 16:05:48.000000000 +0200
+++ b/saslauthd/auth_getpwent.c 2014-08-24 00:06:33.974346736 +0200
@@ -77,6 +77,7 @@
{
/* VARIABLES */
struct passwd *pw; /* pointer to passwd file entry */
+ char *crpt_passwd; /* encrypted password */
int errnum;
/* END VARIABLES */
@@ -105,7 +106,8 @@
}
}
- if (strcmp(pw->pw_passwd, (const char *)crypt(password, pw->pw_passwd))) {
+ crpt_passwd = crypt(password, pw->pw_passwd);
+ if (!crpt_passwd || strcmp(pw->pw_passwd, (const char *)crpt_passwd)) {
if (flags & VERBOSE) {
syslog(LOG_DEBUG, "DEBUG: auth_getpwent: %s: invalid password", login);
}
--- a/saslauthd/auth_rimap.c 2012-10-12 16:05:48.000000000 +0200
+++ b/saslauthd/auth_rimap.c 2014-08-24 00:06:33.974346736 +0200
@@ -90,6 +90,7 @@
service we connect to. */
#define TAG "saslauthd" /* IMAP command tag */
#define LOGIN_CMD (TAG " LOGIN ") /* IMAP login command (with tag) */
+#define LOGOUT_CMD (TAG " LOGOUT ") /* IMAP logout command (with tag)*/
#define NETWORK_IO_TIMEOUT 30 /* network I/O timeout (seconds) */
#define RESP_LEN 1000 /* size of read response buffer */
@@ -307,10 +308,12 @@
int s=-1; /* socket to remote auth host */
struct addrinfo *r; /* remote socket address info */
struct iovec iov[5]; /* for sending LOGIN command */
+ struct iovec iov2[1]; /* for sending LOGOUT command */
char *qlogin; /* pointer to "quoted" login */
char *qpass; /* pointer to "quoted" password */
char *c; /* scratch pointer */
int rc; /* return code scratch area */
+ int rcl; /* return code scratch area */
char rbuf[RESP_LEN]; /* response read buffer */
char hbuf[NI_MAXHOST], pbuf[NI_MAXSERV];
int saved_errno;
@@ -505,6 +508,24 @@
}
}
}
+
+ /* close remote imap */
+ iov2[0].iov_base = LOGOUT_CMD;
+ iov2[0].iov_len = sizeof(LOGOUT_CMD) - 1;
+ iov2[1].iov_base = "\r\n";
+ iov2[1].iov_len = sizeof("\r\n") - 1;
+
+ if (flags & VERBOSE) {
+ syslog(LOG_DEBUG, "auth_rimap: sending %s%s %s",
+ LOGOUT_CMD, qlogin, qpass);
+ }
+ alarm(NETWORK_IO_TIMEOUT);
+ rcl = retry_writev(s, iov2, 2);
+ alarm(0);
+ if (rcl == -1) {
+ syslog(LOG_WARNING, "auth_rimap: writev logout: %m");
+ }
+
(void) close(s); /* we're done with the remote */
if (rc == -1) {
syslog(LOG_WARNING, "auth_rimap: read (response): %m");
--- a/saslauthd/auth_shadow.c 2012-10-12 16:05:48.000000000 +0200
+++ b/saslauthd/auth_shadow.c 2014-08-24 00:06:33.974346736 +0200
@@ -210,8 +210,8 @@
RETURN("NO Insufficient permission to access NIS authentication database (saslauthd)");
}
- cpw = strdup((const char *)crypt(password, sp->sp_pwdp));
- if (strcmp(sp->sp_pwdp, cpw)) {
+ cpw = crypt(password, sp->sp_pwdp);
+ if (!cpw || strcmp(sp->sp_pwdp, (const char *)cpw)) {
if (flags & VERBOSE) {
/*
* This _should_ reveal the SHADOW_PW_LOCKED prefix to an
@@ -221,10 +221,8 @@
syslog(LOG_DEBUG, "DEBUG: auth_shadow: pw mismatch: '%s' != '%s'",
sp->sp_pwdp, cpw);
}
- free(cpw);
RETURN("NO Incorrect password");
}
- free(cpw);
/*
* The following fields will be set to -1 if:
@@ -286,7 +284,7 @@
RETURN("NO Invalid username");
}
- if (strcmp(upw->upw_passwd, crypt(password, upw->upw_passwd)) != 0) {
+ if (!(cpw = crypt(password, upw->upw_passwd)) || (strcmp(upw->upw_passwd, (const char *)cpw) != 0)) {
if (flags & VERBOSE) {
syslog(LOG_DEBUG, "auth_shadow: pw mismatch: %s != %s",
password, upw->upw_passwd);
--- a/saslauthd/configure.in 2012-10-12 16:05:48.000000000 +0200
+++ b/saslauthd/configure.in 2014-08-24 00:06:33.975346752 +0200
@@ -1,7 +1,8 @@
AC_INIT(mechanisms.h)
AC_PREREQ([2.54])
-AC_CONFIG_AUX_DIR(config)
+AC_CONFIG_MACRO_DIR([../cmulocal], [../config])
+AC_CONFIG_AUX_DIR([config])
AC_CANONICAL_HOST
dnl Should we enable SASLAUTHd at all?
@@ -25,6 +26,7 @@
AC_PROG_MAKE_SET
AC_PROG_LN_S
AC_PROG_INSTALL
+AC_PROG_LIBTOOL
dnl Checks for build foo
CMU_C___ATTRIBUTE__
@@ -77,7 +79,7 @@
AC_DEFINE(AUTH_SASLDB,[],[Include SASLdb Support])
SASL_DB_PATH_CHECK()
SASL_DB_CHECK()
- SASL_DB_LIB="$SASL_DB_LIB ../sasldb/.libs/libsasldb.al"
+ SASL_DB_LIB="$SASL_DB_LIB ../sasldb/.libs/libsasldb.a"
fi
AC_ARG_ENABLE(httpform, [ --enable-httpform enable HTTP form authentication [[no]] ],
@@ -163,30 +165,30 @@
dnl Checks for which function macros exist
AC_MSG_CHECKING(whether $CC implements __func__)
-AC_CACHE_VAL(have_func,
+AC_CACHE_VAL(_cv_have_func,
[AC_TRY_LINK([#include <stdio.h>],[printf("%s", __func__);],
-have_func=yes,
-have_func=no)])
-AC_MSG_RESULT($have_func)
-if test "$have_func" = yes; then
+_cv_have_func=yes,
+_cv_have_func=no)])
+AC_MSG_RESULT($_cv_have_func)
+if test "$_cv_have_func" = yes; then
AC_DEFINE(HAVE_FUNC,[],[Does the compiler understand __func__])
else
AC_MSG_CHECKING(whether $CC implements __PRETTY_FUNCTION__)
- AC_CACHE_VAL(have_pretty_function,
+ AC_CACHE_VAL(_cv_have_pretty_function,
[AC_TRY_LINK([#include <stdio.h>],[printf("%s", __PRETTY_FUNCTION__);],
- have_pretty_function=yes,
- have_pretty_function=no)])
- AC_MSG_RESULT($have_pretty_function)
- if test "$have_pretty_function" = yes; then
+ _cv_have_pretty_function=yes,
+ _cv_have_pretty_function=no)])
+ AC_MSG_RESULT($_cv_have_pretty_function)
+ if test "$_cv_have_pretty_function" = yes; then
AC_DEFINE(HAVE_PRETTY_FUNCTION,[],[Does compiler understand __PRETTY_FUNCTION__])
else
AC_MSG_CHECKING(whether $CC implements __FUNCTION__)
- AC_CACHE_VAL(have_function,
+ AC_CACHE_VAL(_cv_have_function,
[AC_TRY_LINK([#include <stdio.h>],[printf("%s", __FUNCTION__);],
- have_function=yes,
- have_function=no)])
- AC_MSG_RESULT($have_function)
- if test "$have_function" = yes; then
+ _cv_have_function=yes,
+ _cv_have_function=no)])
+ AC_MSG_RESULT($_cv_have_function)
+ if test "$_cv_have_function" = yes; then
AC_DEFINE(HAVE_FUNCTION,[],[Does compiler understand __FUNCTION__])
fi
fi
--- a/saslauthd/Makefile.am 2012-01-28 00:31:36.000000000 +0100
+++ b/saslauthd/Makefile.am 2014-08-24 00:06:33.975346752 +0200
@@ -1,4 +1,6 @@
AUTOMAKE_OPTIONS = 1.7
+ACLOCAL_AMFLAGS = -I ../cmulocal -I ../config
+
sbin_PROGRAMS = saslauthd testsaslauthd
EXTRA_PROGRAMS = saslcache
@@ -16,7 +18,7 @@
saslauthd_DEPENDENCIES = saslauthd-main.o @LTLIBOBJS@
saslauthd_LDADD = @SASL_KRB_LIB@ \
@GSSAPIBASE_LIBS@ @GSSAPI_LIBS@ @LIB_CRYPT@ @LIB_SIA@ \
- @LIB_SOCKET@ @SASL_DB_LIB@ @LIB_PAM@ @LDAP_LIBS@ @LTLIBOBJS@
+ @LIB_SOCKET@ ../sasldb/libsasldb.la @LIB_PAM@ @LDAP_LIBS@ @LTLIBOBJS@
testsaslauthd_SOURCES = testsaslauthd.c utils.c
testsaslauthd_LDADD = @LIB_SOCKET@
@@ -25,7 +27,7 @@
EXTRA_DIST = saslauthd.8 saslauthd.mdoc config include \
getnameinfo.c getaddrinfo.c LDAP_SASLAUTHD
-INCLUDES = -I$(top_srcdir)/include -I$(top_builddir)/include -I$(top_srcdir)/../include
+AM_CPPFLAGS = -I$(top_srcdir)/include -I$(top_builddir)/include -I$(top_srcdir)/../include
DEFS = @DEFS@ -DSASLAUTHD_CONF_FILE_DEFAULT=\"@sysconfdir@/saslauthd.conf\" -I. -I$(srcdir) -I..
--- a/saslauthd/saslauthd.h.in 2012-11-06 20:21:43.000000000 +0100
+++ b/saslauthd/saslauthd.h.in 2014-08-24 00:06:33.975346752 +0200
@@ -62,6 +62,10 @@
*/
#undef HAVE_GSSKRB5_REGISTER_ACCEPTOR_IDENTITY
+/* Define to 1 if you have the `krb5_gss_register_acceptor_identity' function.
+ */
+#undef HAVE_KRB5_GSS_REGISTER_ACCEPTOR_IDENTITY
+
/* Define if your GSSAPI implementation defines GSS_C_NT_HOSTBASED_SERVICE */
#undef HAVE_GSS_C_NT_HOSTBASED_SERVICE
--- a/sasldb/Makefile.am 2012-01-28 00:31:36.000000000 +0100
+++ b/sasldb/Makefile.am 2014-08-24 00:06:33.975346752 +0200
@@ -44,7 +44,7 @@
# Note that this doesn't necessaraly follow the libsasl2 verison info
sasl_version = 1:25:0
-INCLUDES=-I$(top_srcdir)/include -I$(top_builddir)/include @SASL_DB_INC@
+AM_CPPFLAGS=-I$(top_srcdir)/include -I$(top_builddir)/include @SASL_DB_INC@
extra_common_sources = db_none.c db_ndbm.c db_gdbm.c db_berkeley.c
@@ -55,14 +55,14 @@
libsasldb_la_SOURCES = allockey.c sasldb.h
EXTRA_libsasldb_la_SOURCES = $(extra_common_sources)
-libsasldb_la_DEPENDENCIES = $(SASL_DB_BACKEND)
-libsasldb_la_LIBADD = $(SASL_DB_BACKEND)
+libsasldb_la_DEPENDENCIES = $(SASL_DB_BACKEND) $(SASL_DB_LIB)
+libsasldb_la_LIBADD = $(SASL_DB_BACKEND) $(SASL_DB_LIB)
# Prevent make dist stupidity
libsasldb_a_SOURCES =
EXTRA_libsasldb_a_SOURCES =
libsasldb.a: libsasldb.la $(SASL_DB_BACKEND_STATIC)
- $(AR) cru .libs/$@ $(SASL_DB_BACKEND_STATIC)
+ $(AR) cru $@ $(SASL_DB_BACKEND_STATIC)
--- a/utils/Makefile.am 2012-01-28 00:31:36.000000000 +0100
+++ b/utils/Makefile.am 2014-08-24 00:06:33.976346767 +0200
@@ -89,7 +89,7 @@
libsfsasl2_la_LIBADD = sfsasl.lo
libsfsasl2_la_LDFLAGS = -version-info 1:0:0 -export-dynamic -rpath $(libdir)
-INCLUDES=-I$(top_srcdir)/include -I$(top_builddir)/include @SASL_DB_INC@
+AM_CPPFLAGS=-I$(top_srcdir)/include -I$(top_builddir)/include @SASL_DB_INC@
EXTRA_DIST = saslpasswd2.8 sasldblistusers2.8 pluginviewer.8 sfsasl.h sfsasl.c smtptest.c testsuite.c pluginviewer.c NTMakefile
sfsasl.lo: sfsasl.c
--- a/Versions 1970-01-01 01:00:00.000000000 +0100
+++ b/Versions 2014-08-24 00:06:33.976346767 +0200
@@ -0,0 +1,7 @@
+SASL2 {
+ global:
+ sasl_*; prop_*; auxprop_plugin_info; _sasl_MD5*;
+};
+
+HIDDEN { local: __*; _rest*; _save*; *; };
+