diff --git a/README.md b/README.md index 1bd535d..bb25dbb 100644 --- a/README.md +++ b/README.md @@ -1,2 +1,6 @@ # cyrus-sasl +SASL is the Simple Authentication and Security Layer, a method for adding authentication support to connection-based protocols. +To use SASL, a protocol includes a command for identifying and authenticating a user to a server and for optionally negotiating protection of subsequent protocol interactions. +If its use is negotiated, a security layer is inserted between the protocol and the connection. + diff --git a/cyrus-sasl-2.1.21-gcc4.patch b/cyrus-sasl-2.1.21-gcc4.patch new file mode 100644 index 0000000..ebcd212 --- /dev/null +++ b/cyrus-sasl-2.1.21-gcc4.patch @@ -0,0 +1,11 @@ +--- cyrus-sasl-2.1.21/lib/saslint.h 2004-11-17 14:19:30.000000000 +0000 ++++ cyrus-sasl-2.1.21/lib/saslint.h 2005-11-04 17:23:31.000000000 +0000 +@@ -109,7 +109,7 @@ + const char *appname; + } sasl_global_callbacks_t; + +-extern sasl_global_callbacks_t global_callbacks; ++/* extern sasl_global_callbacks_t global_callbacks; */ + + typedef struct _sasl_external_properties + { diff --git a/cyrus-sasl-2.1.23-gcc44.patch b/cyrus-sasl-2.1.23-gcc44.patch new file mode 100644 index 0000000..ce49c2a --- /dev/null +++ b/cyrus-sasl-2.1.23-gcc44.patch @@ -0,0 +1,21 @@ +diff -Nru cyrus-sasl-2.1.23.orig/plugins/digestmd5.c cyrus-sasl-2.1.23/plugins/digestmd5.c +--- cyrus-sasl-2.1.23.orig/plugins/digestmd5.c 2009-04-28 17:09:17.000000000 +0200 ++++ cyrus-sasl-2.1.23/plugins/digestmd5.c 2009-06-10 13:06:09.000000000 +0200 +@@ -2715,7 +2715,7 @@ + "DIGEST-MD5", /* mech_name */ + #ifdef WITH_RC4 + 128, /* max_ssf */ +-#elif WITH_DES ++#elif defined(WITH_DES) + 112, + #else + 1, +@@ -4034,7 +4034,7 @@ + "DIGEST-MD5", + #ifdef WITH_RC4 /* mech_name */ + 128, /* max ssf */ +-#elif WITH_DES ++#elif defined(WITH_DES) + 112, + #else + 1, diff --git a/cyrus-sasl-2.1.25-db-5.1-2.patch b/cyrus-sasl-2.1.25-db-5.1-2.patch new file mode 100644 index 0000000..f00988a --- /dev/null +++ b/cyrus-sasl-2.1.25-db-5.1-2.patch @@ -0,0 +1,13 @@ +Index: utils/dbconverter-2.c +diff -u -p utils/dbconverter-2.c.orig utils/dbconverter-2.c +--- utils/dbconverter-2.c.orig 2003-02-14 04:56:17.000000000 +0900 ++++ utils/dbconverter-2.c 2010-05-27 14:28:26.249314464 +0900 +@@ -214,7 +214,7 @@ static int berkeleydb_open(const char *p + ret = db_create(mbdb, NULL, 0); + if (ret == 0 && *mbdb != NULL) + { +-#if DB_VERSION_MAJOR == 4 && DB_VERSION_MINOR >= 1 ++#if (DB_VERSION_MAJOR == 4 && DB_VERSION_MINOR >= 1) || DB_VERSION_MAJOR >= 5 + ret = (*mbdb)->open(*mbdb, NULL, path, NULL, DB_HASH, DB_CREATE, 0664); + #else + ret = (*mbdb)->open(*mbdb, path, NULL, DB_HASH, DB_CREATE, 0664); diff --git a/cyrus-sasl-2.1.25-db-5.1.patch b/cyrus-sasl-2.1.25-db-5.1.patch new file mode 100644 index 0000000..d0baf97 --- /dev/null +++ b/cyrus-sasl-2.1.25-db-5.1.patch @@ -0,0 +1,13 @@ +Index: sasldb/db_berkeley.c +diff -u -p sasldb/db_berkeley.c.orig sasldb/db_berkeley.c +--- sasldb/db_berkeley.c.orig 2009-04-29 00:09:18.000000000 +0900 ++++ sasldb/db_berkeley.c 2010-05-27 14:25:14.458302060 +0900 +@@ -100,7 +100,7 @@ static int berkeleydb_open(const sasl_ut + ret = db_create(mbdb, NULL, 0); + if (ret == 0 && *mbdb != NULL) + { +-#if DB_VERSION_MAJOR == 4 && DB_VERSION_MINOR >= 1 ++#if (DB_VERSION_MAJOR == 4 && DB_VERSION_MINOR >= 1) || DB_VERSION_MAJOR >= 5 + ret = (*mbdb)->open(*mbdb, NULL, path, NULL, DB_HASH, flags, 0660); + #else + ret = (*mbdb)->open(*mbdb, path, NULL, DB_HASH, flags, 0660); diff --git a/cyrus-sasl.spec b/cyrus-sasl.spec new file mode 100644 index 0000000..0be25cd --- /dev/null +++ b/cyrus-sasl.spec @@ -0,0 +1,224 @@ +Name: cyrus-sasl +Version: 2.1.25 +Release: 3mamba +Summary: SASL Authentication Daemon for simple authentication and security +Group: System/Libraries +Vendor: openmamba +Distribution: openmamba +Packager: Silvan Calarco +URL: http://asg.web.cmu.edu/sasl/ +Source0: ftp://ftp.andrew.cmu.edu/pub/cyrus-mail/%{name}-%{version}.tar.gz +Source1: saslauthd-initscript +Patch0: %{name}-2.1.21-gcc4.patch +Patch1: %{name}-2.1.23-gcc44.patch +Patch2: cyrus-sasl-2.1.25-db-5.1.patch +Patch3: cyrus-sasl-2.1.25-db-5.1-2.patch +License: BSD +## AUTOBUILDREQ-BEGIN +BuildRequires: glibc-devel +BuildRequires: libdb51-devel +BuildRequires: libe2fs-devel +BuildRequires: libkrb5-devel +%if "%{stage1}" != "1" +BuildRequires: libopenldap-devel +%endif +BuildRequires: libopenssl-devel +BuildRequires: pam-devel +## AUTOBUILDREQ-END +Requires: pam >= 0.77 +BuildRoot: %{_tmppath}/%{name}-%{version}-root +Provides: sasl +Obsoletes: sasl + +%description +SASL is the Simple Authentication and Security Layer, a method for adding authentication support to connection-based protocols. +To use SASL, a protocol includes a command for identifying and authenticating a user to a server and for optionally negotiating protection of subsequent protocol interactions. +If its use is negotiated, a security layer is inserted between the protocol and the connection. + +%package -n libsasl +Group: System/Libraries +Summary: Libraries for SASL, the Simple Authentication and Security Layer + +%description -n libsasl +SASL is the Simple Authentication and Security Layer, a method for adding authentication support to connection-based protocols. +To use SASL, a protocol includes a command for identifying and authenticating a user to a server and for optionally negotiating protection of subsequent protocol interactions. +If its use is negotiated, a security layer is inserted between the protocol and the connection. +This package contains the libsasl shared library. + +%package -n libsasl-devel +Group: Development/Libraries +Summary: Static libraries and headers for %{name} +Requires: libsasl = %{version}-%{release} + +%description -n libsasl-devel +SASL is the Simple Authentication and Security Layer, a method for adding authentication support to connection-based protocols. +To use SASL, a protocol includes a command for identifying and authenticating a user to a server and for optionally negotiating protection of subsequent protocol interactions. +If its use is negotiated, a security layer is inserted between the protocol and the connection. + +This package contains static libraries and header files need for development. + +%prep +%setup -q -n cyrus-sasl-%{version} +%patch0 -p1 +#%patch1 -p1 +%patch2 -p0 +%patch3 -p0 +sed -i "s|db-4.7|db-5.1|" configure + +%build +# replace the hardcoded occorrences of `/usr/local/{lib,include}' +# we don't want to see RPATH="/usr/local/lib" in +# '/usr/sbin/sasldblistusers2` and '/usr/sbin/saslpasswd2' +sed -i 's,/usr/local/,/usr/,g' configure +%configure \ + --enable-anon \ + --enable-login \ + --enable-plain \ + --enable-cram \ + --enable-digest \ + --enable-otp \ + --enable-ntlm \ + --enable-krb4 \ + --with-pam \ + --with-ldap \ + --with-saslauthd=/var/run/saslauthd \ + --with-plugindir=%{_libdir}/sasl2 \ + --cache-file= \ + --with-bdb-incdir=%{_includedir}/db51 + +make + +%install +[ %{buildroot} != / ] && rm -rf "%{buildroot}" +%makeinstall +# sasldir=%{_libdir}/sasl2 + +install -D %{SOURCE1} %{buildroot}%{_initrddir}/saslauthd +# install man pages in the expected location, even if they are +# pre-formatted. +#mv %{buildroot}%{_mandir}/cat8/* %{buildroot}%{_mandir}/man8/ +#rm -fr %{buildroot}%{_mandir}/cat8/ + +install -d %{buildroot}/var/run/saslauthd + +%clean +[ %{buildroot} != / ] && rm -rf "%{buildroot}" + +%post +# new install +if [ $1 -eq 1 ]; then + /sbin/chkconfig --add saslauthd + %{_initrddir}/saslauthd start +fi +exit 0 + +%preun +# erase +if [ $1 -eq 0 ]; then + %{_initrddir}/saslauthd stop + /sbin/chkconfig --del saslauthd +fi +exit 0 + +%postun +# upgrade +if [ $1 -eq 1 ]; then + %{_initrddir}/saslauthd restart +fi +exit 0 + +%post -n libsasl -p /sbin/ldconfig +%postun -n libsasl -p /sbin/ldconfig + +%files +%defattr(-,root,root) +%attr(0755,root,root) %{_initrddir}/saslauthd +%{_sbindir}/pluginviewer +%{_sbindir}/saslauthd +%{_sbindir}/testsaslauthd +%dir %{_localstatedir}/run/saslauthd +%{_mandir}/man8/saslauthd.* + +%files -n libsasl +%defattr(-,root,root) +%{_sbindir}/sasldblistusers2 +%{_sbindir}/saslpasswd2 +%{_libdir}/libsasl2.so.* +%{_mandir}/man8/* +%dir %{_libdir}/sasl2 +%{_libdir}/sasl2/*.so.* +%{_libdir}/sasl2/*.so +%{_libdir}/sasl2/*.la +%doc AUTHORS ChangeLog COPYING NEWS README + +%files -n libsasl-devel +%defattr(-,root,root) +%dir %{_includedir}/sasl +%{_includedir}/sasl/* +%{_libdir}/*.la +%{_libdir}/*.so +%{_mandir}/man3/* +%doc doc/*.txt doc/*.html + +%changelog +* Mon Apr 28 2014 Silvan Calarco 2.1.25-3mamba +- rebuilt with --with-plugindir=%{_libdir}/sasl2 for x86_64 + +* Thu Apr 03 2014 Silvan Calarco 2.1.25-2mamba +- rebuilt with db 5.1 to fix version mismatch with postfix (with smtpd crash) + +* Tue Apr 24 2012 Silvan Calarco 2.1.25-1mamba +- update to 2.1.25 + +* Thu Nov 11 2010 Silvan Calarco 2.1.23-2mamba +- rebuilt with openssl 1.0.0 + +* Wed Jun 10 2009 Automatic Build System 2.1.23-1mamba +- automatic update by autodist + +* Thu Jan 01 2009 Silvan Calarco 2.1.22-2mamba +- automatic rebuild by autodist + +* Tue Jun 17 2008 Silvan Calarco 2.1.22-1mamba +- update to 2.1.22 +- source package renamed to cyrus-sasl + +* Fri Nov 04 2005 Stefano Cotta Ramusino 2.1.21-1qilnx +- update to version 2.1.21 by autospec +- CAN-2004-0884 security fix removed because merged upstream + +* Thu Apr 14 2005 Davide Madrisan 2.1.19-5qilnx +- fixed security issue QSA-2005-051 (CAN-2004-0884). + (note: CAN-2005-0373 already fixed in the 2.1.19 version) +- do not package unneded files in the documentation + +* Thu Apr 14 2005 Davide Madrisan 2.1.19-4qilnx +- removed unneded requirements in the specfile preamble +- own /usr/lib/sasl2, /usr/include/sasl + +* Fri Dec 24 2004 Davide Madrisan 2.1.19-3qilnx +- rebuild with new libe2fs-devel, libkrb5-devel packages +- added missing %%post, %%postup scriptlets + +* Mon Dec 13 2004 Silvan Calarco 2.1.19-2qilnx +- documentation and man3 moved to devel package + +* Thu Oct 28 2004 Silvan Calarco 2.1.19-1qilnx +- new version build +- linked against libdb42 + +* Fri Nov 21 2003 Davide Madrisan 2.1.15-4qilnx +- added missing requirements; specfile updates; added documentation + +* Fri Nov 21 2003 Silvan Calarco 2.1.15-3qilnx +- plugins moved to main package (%{_libdir}/libsasl/*.{so,la}) + +* Fri Nov 14 2003 Silvan Calarco 2.1.15-2qilnx +- added more configure options (ntlm) + +* Wed Sep 10 2003 Silvan Calarco 2.1.15-1qilnx +- rebuilt with new version +- added pam support and sasl package for sasl authentication daemon + +* Thu May 08 2003 Alessandro Ramazzina 2.1.13-1qilnx +- creation of libsasl package diff --git a/saslauthd-initscript b/saslauthd-initscript new file mode 100644 index 0000000..53a3c28 --- /dev/null +++ b/saslauthd-initscript @@ -0,0 +1,60 @@ +#!/bin/sh +# +# saslauthd This shell script takes care of starting and stopping +# saslauthd. +# +# chkconfig: 2345 50 10 +# description: saslauthd is the Sasl authentication daemon. + +# Source function library. +. /etc/rc.d/init.d/functions + +# Source networking configuration. +. /etc/sysconfig/network + +# Check that networking is up. +[ ${NETWORKING} = "no" ] && exit 0 + +[ -x /usr/sbin/saslauthd ] || exit 0 + +# See how we were called. +case "$1" in + start) + # Start daemons. + echo -n "Starting Sasl authentication daemon: " + saslauthd -a pam & + evaluate_retval + echo + touch /var/lock/subsys/saslauthd + ;; + stop) + # Stop daemons. + echo -n "Stopping Sasl authentication daemon: " + killproc saslauthd + evaluate_retval + echo + rm -f /var/lock/subsys/saslauthd + ;; + status) + status saslauthd + ;; + restart) + $0 stop + $0 start + ;; + reload) + $0 stop + $0 start + ;; + condrestart) + if [ -f /var/lock/subsys/saslauthd ]; then + $0 stop + $0 start + fi + ;; + *) + echo "Usage: saslauthd {start|stop|restart|status}" + exit 1 +esac + +exit 0