SOURCES: cyrus-sasl-hashdb.patch (NEW) - Original patch: 3.5.1. DELFI SASL...

Wed Feb 18 13:48:10 CET 2009

Author: glen                         Date: Wed Feb 18 12:48:10 2009 GMT
Module: SOURCES                       Tag: HEAD
---- Log message:
- Original patch:
3.5.1. DELFI SASL enchansmets
Cyrus SASL used in DELFI mail system uses a custom pwcheck method called
hashdb. This method is a proprietary enchansment added by hashdb patch. The
patch is located in CVS under module mercurius: patches/sasl-hashdb-2.1.15.patch.
To use this authentification method a sasl_pwcheck_method: hashdb switch must
be present in imapd.conf. This method uses a BerkleyDB4.1 hash-type database
for binding account ids with passwords. These account id and password tuples
are stored in /var/imap/passwd.db database.

---- Files affected:
SOURCES:
   cyrus-sasl-hashdb.patch (NONE -> 1.1)  (NEW)

---- Diffs:

================================================================
Index: SOURCES/cyrus-sasl-hashdb.patch
diff -u /dev/null SOURCES/cyrus-sasl-hashdb.patch:1.1

--- /dev/null	Wed Feb 18 13:48:10 2009
+++ SOURCES/cyrus-sasl-hashdb.patch	Wed Feb 18 13:48:04 2009
@@ -0,0 +1,89 @@
+diff -ruN original/lib/Makefile.in patched/lib/Makefile.in
+--- original/lib/Makefile.in	Tue Jul 15 18:42:28 2003
++++ patched/lib/Makefile.in	Tue Sep 23 22:10:08 2003
+@@ -216,10 +216,10 @@
+ LIBRARIES =  $(noinst_LIBRARIES)
+ 
+ 
+-DEFS = @DEFS@ -I. -I$(srcdir) -I..
++DEFS = @DEFS@ -I. -I$(srcdir) -I.. -I/usr/local/include
+ CPPFLAGS = @CPPFLAGS@
+ LDFLAGS = @LDFLAGS@
+-LIBS = @LIBS@
++LIBS = @LIBS@ @LIB_CRYPT@ -ldb41
+ libsasl2_a_LIBADD = 
+ libsasl2_a_OBJECTS = 
+ AR = ar
+diff -ruN original/lib/checkpw.c patched/lib/checkpw.c
+--- original/lib/checkpw.c	Wed Mar 19 20:25:27 2003
++++ patched/lib/checkpw.c	Tue Sep 23 22:15:48 2003
+@@ -2,6 +2,7 @@
+  * Rob Siemborski
+  * Tim Martin
+  * $Id$
++ * Patched by Kristijonas Siaulys <alpha at alpha.lt>
+  */
+ /* 
+  * Copyright (c) 1998-2003 Carnegie Mellon University.  All rights reserved.
+@@ -96,6 +97,9 @@
+ extern int errno;
+ #endif
+ 
++/* delfi specific */
++#include <db41/db.h>
++#define PW_DB_NAME "/var/imap/passwd.db"
+ 
+ /* we store the following secret to check plaintext passwords:
+  *
+@@ -629,8 +633,51 @@
+ }
+ #endif
+ 
++/* DELFI mail system specific */
++static int hashdb_verify_password(sasl_conn_t *sconn,
++				const char *login,
++				const char *password,
++				const char *service __attribute__((unused)),
++				const char *user_realm __attribute__((unused)))
++{
++	DBT			dbkey, dbdata;
++	DB			*dbp;
++	int			r;
++
++	/* retrieve user password */
++	if ((r = db_create(&dbp, 0, 0)) != 0) {
++		_sasl_log(sconn, SASL_LOG_ERR, "db_create failed: %s\n", db_strerror(r));
++		return SASL_FAIL;
++	}
++
++	if ((r = dbp->open(dbp, NULL, PW_DB_NAME, NULL, DB_HASH, DB_RDONLY, 0644)) != 0) {
++		_sasl_log(sconn, SASL_LOG_ERR, "failed to open database: %s\n", db_strerror(r));
++		dbp->close(dbp, 0);
++		return SASL_FAIL;
++	}
++
++	memset(&dbkey, 0, sizeof(DBT));
++	memset(&dbdata, 0, sizeof(DBT));
++	dbkey.data = (char*)login;
++	dbkey.size = strlen(login) + 1;
++
++	if((r = dbp->get(dbp, NULL, &dbkey, &dbdata, 0)) == 0) {
++		if(strcmp(dbdata.data, crypt(password, dbdata.data))) {
++			dbp->close(dbp, 0);
++			return SASL_BADAUTH;
++		}
++		dbp->close(dbp, 0);
++	} else {
++		dbp->close(dbp, 0);
++		return SASL_NOUSER;
++	}
++	return SASL_OK;
++}
++
++
+ struct sasl_verify_password_s _sasl_verify_password[] = {
+     { "auxprop", &auxprop_verify_password },
++    { "hashdb", &hashdb_verify_password },
+ #ifdef HAVE_PWCHECK
+     { "pwcheck", &pwcheck_verify_password },
+ #endif
================================================================
