Commit 440a34fa authored by Natanael Copa's avatar Natanael Copa

testing/cyrus-sasl: new aport

Cyrus Simple Authentication Service Layer (SASL)
http://cyrusimap.web.cmu.edu/downloads.html#sasl
parent c867b7e1
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=cyrus-sasl
pkgver=2.1.23
pkgrel=0
pkgdesc="Cyrus Simple Authentication Service Layer (SASL)"
url="http://cyrusimap.web.cmu.edu/downloads.html#sasl"
license="custom"
subpackages="$pkgname-dev $pkgname-doc libsasl"
depends="db openssl uclibc libsasl"
makedepends="db-dev openssl-dev"
#install=libsasl.install
source="ftp://ftp.andrew.cmu.edu/pub/cyrus-mail/$pkgname-$pkgver.tar.gz
saslauthd.initd
cyrus-sasl-2.1.19-checkpw.c.patch
db-4.7.patch"
build ()
{
cd "$srcdir"/cyrus-sasl-$pkgver
for i in ../*.patch; do
msg "Applying $i..."
patch -p0 -i $i || return 1
done
./configure --prefix=/usr \
--sysconfdir=/etc \
--localstatedir=/var \
--disable-anon \
--disable-cram \
--disable-digest \
--disable-gssapi \
--enable-login \
--disable-otp \
--enable-plain \
--with-devrandom=/dev/urandom \
--mandir=/usr/share/man
make || return 1
make -j1 DESTDIR="$pkgdir" install || return 1
install -D -m644 COPYING "$pkgdir"/usr/share/licenses/$pkgname/COPYING
install -Dm755 ../saslauthd.initd "$pkgdir"/etc/init.d/saslauthd
}
libsasl() {
depends="uclibc db"
pkgdesc="Cyrus Simple Authentication and Security Layer (SASL) library"
mkdir -p "$subpkgdir"/usr
mv "$pkgdir"/usr/lib "$subpkgdir"/usr/
}
md5sums="2eb0e48106f0e9cd8001e654f267ecbc cyrus-sasl-2.1.23.tar.gz
9045c1b9c79a6ae0727b31e602d098ad saslauthd.initd
e27ddff076342e7a3041c4759817d04b cyrus-sasl-2.1.19-checkpw.c.patch
71a3b7454f4d7cc2966b347bdf03f2fc db-4.7.patch"
diff -ur ../cyrus-sasl-2.1.19.orig/lib/Makefile.in ./lib/Makefile.in
--- ../cyrus-sasl-2.1.19.orig/lib/Makefile.in 2004-07-02 21:40:15.000000000 +0200
+++ ./lib/Makefile.in 2004-09-07 13:21:22.746680576 +0200
@@ -120,7 +120,7 @@
JAVA_TRUE = @JAVA_TRUE@
LDFLAGS = @LDFLAGS@
LIBOBJS = @LIBOBJS@
-LIBS = @LIBS@
+LIBS = -lcrypt @LIBS@
LIBTOOL = @LIBTOOL@
LIB_CRYPT = @LIB_CRYPT@
LIB_DES = @LIB_DES@
diff -ur ../cyrus-sasl-2.1.19.orig/lib/checkpw.c ./lib/checkpw.c
--- ../cyrus-sasl-2.1.19.orig/lib/checkpw.c 2004-03-17 14:58:13.000000000 +0100
+++ ./lib/checkpw.c 2004-09-07 13:21:12.645916147 +0200
@@ -94,6 +94,23 @@
# endif
#endif
+/******************************
+ * crypt(3) patch start *
+ ******************************/
+char *crypt(const char *key, const char *salt);
+
+/* cleartext password formats */
+#define PASSWORD_FORMAT_CLEARTEXT 1
+#define PASSWORD_FORMAT_CRYPT 2
+#define PASSWORD_FORMAT_CRYPTTRAD 3
+#define PASSWORD_SALT_BUF_LEN 22
+
+/* weeds out crypt(3) password's salt */
+int _sasl_get_salt (char *dest, char *src, int format);
+
+/******************************
+ * crypt(3) patch stop *
+ ******************************/
/* we store the following secret to check plaintext passwords:
*
@@ -143,7 +160,51 @@
"*cmusaslsecretPLAIN",
NULL };
struct propval auxprop_values[3];
-
+
+ /******************************
+ * crypt(3) patch start *
+ * for password format check *
+ ******************************/
+ sasl_getopt_t *getopt;
+ void *context;
+ const char *p = NULL;
+ /**
+ * MD5: 12 char salt
+ * BLOWFISH: 16 char salt
+ */
+ char salt[PASSWORD_SALT_BUF_LEN];
+ int password_format;
+
+ /* get password format from auxprop configuration */
+ if (_sasl_getcallback(conn, SASL_CB_GETOPT, &getopt, &context) == SASL_OK) {
+ getopt(context, NULL, "password_format", &p, NULL);
+ }
+
+ /* set password format */
+ if (p) {
+ /*
+ memset(pass_format_str, '\0', PASSWORD_FORMAT_STR_LEN);
+ strncpy(pass_format_str, p, (PASSWORD_FORMAT_STR_LEN - 1));
+ */
+ /* modern, modular crypt(3) */
+ if (strncmp(p, "crypt", 11) == 0)
+ password_format = PASSWORD_FORMAT_CRYPT;
+ /* traditional crypt(3) */
+ else if (strncmp(p, "crypt_trad", 11) == 0)
+ password_format = PASSWORD_FORMAT_CRYPTTRAD;
+ /* cleartext password */
+ else
+ password_format = PASSWORD_FORMAT_CLEARTEXT;
+ } else {
+ /* cleartext password */
+ password_format = PASSWORD_FORMAT_CLEARTEXT;
+ }
+
+ /******************************
+ * crypt(3) patch stop *
+ * for password format check *
+ ******************************/
+
if (!conn || !userstr)
return SASL_BADPARAM;
@@ -180,14 +241,31 @@
goto done;
}
- /* At the point this has been called, the username has been canonified
- * and we've done the auxprop lookup. This should be easy. */
- if(auxprop_values[0].name
- && auxprop_values[0].values
- && auxprop_values[0].values[0]
- && !strcmp(auxprop_values[0].values[0], passwd)) {
- /* We have a plaintext version and it matched! */
- return SASL_OK;
+
+ /******************************
+ * crypt(3) patch start *
+ ******************************/
+
+ /* get salt */
+ _sasl_get_salt(salt, (char *) auxprop_values[0].values[0], password_format);
+
+ /* crypt(3)-ed password? */
+ if (password_format != PASSWORD_FORMAT_CLEARTEXT) {
+ /* compare password */
+ if (auxprop_values[0].name && auxprop_values[0].values && auxprop_values[0].values[0] && strcmp(crypt(passwd, salt), auxprop_values[0].values[0]) == 0)
+ return SASL_OK;
+ else
+ ret = SASL_BADAUTH;
+ }
+ else if (password_format == PASSWORD_FORMAT_CLEARTEXT) {
+ /* compare passwords */
+ if (auxprop_values[0].name && auxprop_values[0].values && auxprop_values[0].values[0] && strcmp(auxprop_values[0].values[0], passwd) == 0)
+ return SASL_OK;
+ else
+ ret = SASL_BADAUTH;
+ /******************************
+ * crypt(3) patch stop *
+ ******************************/
} else if(auxprop_values[1].name
&& auxprop_values[1].values
&& auxprop_values[1].values[0]) {
@@ -975,3 +1053,37 @@
#endif
{ NULL, NULL }
};
+
+/* weeds out crypt(3) password's salt */
+int _sasl_get_salt (char *dest, char *src, int format) {
+ int num; /* how many characters is salt long? */
+ switch (format) {
+ case PASSWORD_FORMAT_CRYPT:
+ /* md5 crypt */
+ if (src[1] == '1')
+ num = 12;
+ /* blowfish crypt */
+ else if (src[1] == '2')
+ num = (src[1] == '2' && src[2] == 'a') ? 17 : 16;
+ /* traditional crypt */
+ else
+ num = 2;
+ break;
+
+ case PASSWORD_FORMAT_CRYPTTRAD:
+ num = 2;
+ break;
+
+ default:
+ return 1;
+ }
+
+ /* destroy destination */
+ memset(dest, '\0', (num + 1));
+
+ /* copy salt to destination */
+ strncpy(dest, src, num);
+
+ return 1;
+}
+
--- configure 2006-05-18 21:30:13.000000000 +0200
+++ configure.new 2007-09-29 00:22:42.000000000 +0200
@@ -5125,7 +5125,7 @@
fi
saved_LIBS=$LIBS
- for dbname in db-4.4 db4.4 db44 db-4.3 db4.3 db43 db-4.2 db4.2 db42 db-4.1 db4.1 db41 db-4.0 db4.0 db-4 db40 db4 db-3.3 db3.3 db33 db-3.2 db3.2 db32 db-3.1 db3.1 db31 db-3 db30 db3 db
+ for dbname in db-4.7 db4.7 db47 db-4.54 db4.5 db45 db-4.4 db4.4 db44 db-4.3 db4.3 db43 db-4.2 db4.2 db42 db-4.1 db4.1 db41 db-4.0 db4.0 db-4 db40 db4 db-3.3 db3.3 db33 db-3.2 db3.2 db32 db-3.1 db3.1 db31 db-3 db30 db3 db
do
LIBS="$saved_LIBS -l$dbname"
cat >conftest.$ac_ext <<_ACEOF
@@ -5882,7 +5882,7 @@
fi
saved_LIBS=$LIBS
- for dbname in db-4.4 db4.4 db44 db-4.3 db4.3 db43 db-4.2 db4.2 db42 db-4.1 db4.1 db41 db-4.0 db4.0 db-4 db40 db4 db-3.3 db3.3 db33 db-3.2 db3.2 db32 db-3.1 db3.1 db31 db-3 db30 db3 db
+ for dbname in db-4.7 db4.7 db47 db-4.54 db4.5 db45 db-4.4 db4.4 db44 db-4.3 db4.3 db43 db-4.2 db4.2 db42 db-4.1 db4.1 db41 db-4.0 db4.0 db-4 db40 db4 db-3.3 db3.3 db33 db-3.2 db3.2 db32 db-3.1 db3.1 db31 db-3 db30 db3 db
do
LIBS="$saved_LIBS -l$dbname"
cat >conftest.$ac_ext <<_ACEOF
#!/sbin/runscript
# Copyright 1999-2007 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Header: /var/cvsroot/gentoo-x86/dev-libs/cyrus-sasl/files/saslauthd2.rc6,v 1.7 2007/04/07 13:03:55 chtekk Exp $
depend() {
need net
}
start() {
ebegin "Starting saslauthd"
start-stop-daemon --start --quiet --exec /usr/sbin/saslauthd \
-- ${SASLAUTHD_OPTS}
eend $?
}
stop() {
ebegin "Stopping saslauthd"
start-stop-daemon --stop --quiet --pidfile /var/lib/sasl2/saslauthd.pid
eend $?
}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment