2003-02-03 Rob Siemborski * cmulocal/sasl2.m4: Don't use -ldes to check for Heimdal * saslauthd/auth_krb4.c, saslauthd/auth_shadow.c, saslauthd/auth_getpwent.c, lib/kerberos4.c: Smarter checking of #includs for des.h (Mark Keasling ) * saslauthd/testsaslauthd.c, saslauthd/saslauthd-doors.c: retry_read() should use a char * buffer not a void * buffer (Mark Keasling ) * cmulocal/berkdb.m4: Set CPPFLAGS around tests (based on patch from Leena Heino ) * config/sasldb.m4: Actually use results of Berkeley DB tests (Leena Heino ) * Ready for 2.1.12 2003-01-31 Rob Siemborski * Ready for 2.1.11 * utils/Makefile.am: Ensure that dbconverter-2 can see the sasldb include directory. 2003-01-29 Rob Siemborski * plugins/digestmd5.c: Fix a situation where the realm wasn't being set for the client context, causing a segfault * config/kerberos_v4.m4: first check des_* then check DES_* during OpenSSL tests (based on ideas from Leena Heino ) 2003-01-28 Rob Siemborski * config/sasldb.m4: Don't build sasldb plugin if compiling --with-dblib=none, since it will only fail to load anyway. 2003-01-27 Rob Siemborski * saslauthd/configure.in: use CMU_ADD_LIBPATH for LDAP support (Simon Brady ) 2003-01-23 Rob Siemborski * saslauthd/acconfig.h: protect file from being included more than once (reported by Jeremy Rumpf ) * saslauthd/configure.in, configure.in: Move OpenSSL detection into cmulocal, detect openssl for use with lak.c 2003-01-21 Ken Murchison * plugins/ntlm.c: only _require_ one response (LM and/or NT), not both 2003-01-09 Rob Siemborski * saslauthd/lak.c, saslauthd/lak.h: Add the fastbind auth method (Simon Brady ) 2003-01-01 Ken Murchison * saslauthd/configure.in, saslauthd/Makefile.am: don't make -lcrypt dependent upon --enable-plain 2002-12-11 Ken Murchison * plugins/otp.c: set SASL_FEAT_ALLOWS_PROXY on client side 2002-12-10 Ken Murchison * plugins/otp.c: explicitly #include to resolve OpenBSD/OpenSSL cruftiness 2002-12-10 Rob Siemborksi * saslauthd/saslauthd-doors.c: Fix a potential memory leak when we call door_return() 2002-12-09 Rob Siemborski * lib/auxprop.c: Correct leak in prop_clear, also update list_end in prop_request. * doc/options.html: Update use of saslauthd_path to be correct 2002-12-06 Rob Siemborski * Ready for 2.1.10 2002-12-05 Larry Greenfield * plugins/digestmd5.c: DES key fixes. stupid DES libraries want the key in the stupid DES parity format. * plugins/digestmd5.c: refactored some of the cipher code so that there isn't RC4 state around when we're using DES and vice versa 2002-12-05 Rob Siemborski * saslauthd/lak.c: Allocate a large enough buffer to account for a completely escaped username. (lak_escape and lak_filter) * lib/common.c: Ensure there is enough space for the trailing \0 in _sasl_log 2002-12-04 Rob Siemborski * lib/canonusr.c: Check for potential buffer overflow 2002-12-03 Ken Murchison * plugins/digestmd5.c: major fast reauth rewrite, mech_step cleanup * doc/options.html: server-side reauth is disabled by default 2002-11-24 Ken Murchison * plugins/login.c: allow authid to be passed in initial response * doc/draft-sasl-login.txt, doc/mechanisms.html: documentation updates re: initial response 2002-11-07 Ken Murchison * doc/draft-nerenberg-sasl-crammd5-03.txt: added * doc/draft-nerenberg-sasl-crammd5-02.txt: deleted * doc/draft-zeilenga-sasl-anon-01.txt: added * doc/draft-zeilenga-sasl-anon-00.txt: deleted * doc/draft-zeilenga-sasl-plain-01.txt: added * doc/draft-zeilenga-sasl-plain-00.txt: deleted * doc/index.html: updated to latest CRAM-MD5, ANONYMOUS, PLAIN drafts 2002-11-01 Rob Siemborski * plugins/kerberos4.c: Make at most 1 canon_user call, not two. (Howard Chu ) 2002-10-25 Rob Siemborski * saslauthd/lak.c: minor cleanups 2002-10-24 Rob Siemborski * saslauthd/lak.c: fix problem where saslauthd stops LDAP authentications when ldap_auth_method is bind. (Igor Brezac ) * doc/sysadmin.html, doc/options.html, saslauthd/saslauthd.mdoc: documentation updates re: saslauthd mux path 2002-10-23 Ken Murchison * lib/external.c: added SASL_SEC_NOANONYMOUS to client side (Howard Chu, ) 2002-10-21 Ken Murchison * plugins/ntlm.c: NTLM probably doesn't offer perfect forward secrecy * doc/mechanisms: added table of properties/features 2002-10-20 Ken Murchison * saslauthd/lak.ch: consolidated hashed password checking code 2002-10-18 Rob Siemborski * saslauthd/lak.[ch], saslauthd/auth_ldap.c: Code cleanup, now support {SHA}, {SSHA}, {MD5}, and {SMD5} hashes, misc other cleanup. (Igor Brezac and Thomas Lussnig ) 2002-10-17 Ken Murchison * doc/draft-melnikov-rfc2831bis-02.txt: added * doc/draft-melnikov-rfc2831bis-01.txt: deleted * doc/index.html: updated to latest RFC 2831bis draft 2002-10-11 Rob Siemborski * lib/Makefile.am: add missing staticopen.h to EXTRA_DIST, fix some dependencies * Ready for 2.1.9 2002-10-10 Rob Siemborski * Ready for 2.1.8 2002-10-09 Rob Siemborski * lib/client.c: Allow plaintext mechanisms under an external security layer. 2002-10-07 Rob Siemborski * sample/server.c: Fix some IPV6 defines (Marshall Rose ) 2002-10-02 Ken Murchison * lib/checkpw.c: return SASL_NOUSER when we can't find APOP secret * lib/server.c: plug APOP memory leak and consolidate canonification * configure.in: force the use of a cache file (Carlos Velasco ) 2002-10-02 Rob Siemborski * lib/checkpw.c: Fix some misuses of sasl_seterror (Martin Exler ) 2002-09-24 Rob Siemborski * config/sasl2.m4, saslauthd/Makefile.am: GSSAPI doesn't need to link ndbm. Also cleanup some sasldb linking in saslauthd. 2002-09-23 Rob Siemborski * config/kerberos_v4.m4: Don't compile with kerberos unless we have both the libs and the headers (Carlos Velasco ) 2002-09-19 Rob Siemborski * plugins/gssapi.c: endinaness corrections * sasldb/db_berkeley.c, utils/dbconverter-2.c: Berkley DB 4.1 support (Mika Iisakkila ) 2002-09-19 Ken Murchison * plugins/plugin_common.[ch]: make SASL_CB_USER and result optional * plugins/anonymous.c: use SASL_CB_USER for fetching trace info, don't require SASL_CB_AUTHNAME * plugins/gssapi.c, plugins/kerberos.c: don't require SASL_CB_USER * lib/external.c: define SASL_FEAT_ALLOWS_PROXY for this mechanism, don't require SASL_CB_USER 2002-09-18 Rob Siemborski * plugins/srp.c, plugins/kerberos4.c: correct maxoutbuf handling * plugins/digestmd5.c: correct maxoutbuf handling, actually send maxbuf to the remote. * lib/common.c: sanity check security properties 2002-09-17 Ken Murchison * plugins/ntlm.c: home-grown client/server NTLM implementation * configure.in: NTLM depends on OpenSSL libcrypto * doc/sysadmin.html: added NTLM blurb 2002-09-16 Rob Siemborski * lib/canonusr.c: don't index begin_u with -1 (Randy Kunkee ) * doc/sysadmin.html: cleanup * utils/saslpasswd.c: don't exit with -SASL_FAIL * saslauthd/saslauthd-unix.c: use a char* instead of a void* in retry_read 2002-09-12 Ken Murchison * lib/common.c: NULL outbuf if we get no output from sasl_decode() 2002-09-11 Rob Siemborski * plugins/mysql.c: Actually loop through the potential servers properly (Seow Kok Heng ) * acinclude.m4: Added copy of the correct libtool macros as acinclude.m4 * configure.in: fix for gcc 3.x (Carlos Velasco ) 2002-09-10 Rob Siemborski * lib/server.c: Better handling of add_plugin failures 2002-09-10 Ken Murchison * acconfig.h, configure.in: enable/disable NTLM * lib/staticopen.h, plugins/Makefile.am, makeinit.sh, ntlm.c: added NTLM support (client-side only) 2002-09-07 Rob Siemborski * saslauthd/configure.in, saslauthd/Makefile.am: don't do configure substitutions for the saslauthd_SOURCES variable (Carlos Velasco ) 2002-09-05 Rob Siemborski * doc/os390.html: added * doc/index.html: referenced os390.html and macosx.html * lib/Makefile.am: better handling of plugin_common 2002-09-04 Rob Siemborski * (throughout) Extensive cleanup of how we build static and shared versions of libsasl. Also some more portability fixes (Howard Chu ) 2002-09-04 Rob Siemborski * acconfig.h, configure.in: Actually check for sysexits.h, varargs.h, and stdarg.h * lib/checkpw.c: compatibility patch for retry_read (Howard Chu ) 2002-09-03 Rob Siemborski * (throughout) fix handling of sys/param.h * (throughout) fix handling of time.h and sys/time.h * include/exits.h: include a replacement for sysexits.h * acconfig.h: define MAXHOSTNAMELEN if it isn't * lib/getaddrinfo.c, config/ipv6.m4: minor fixes for partial getaddrinfo/getnameinfo implementations * (Above changes are all from or based on ideas from Howard Chu ) 2002-08-28 Rob Siemborski * lib/client.c, lib/saslint.h: Properly handle client-side serverFQDN and clientFQDN 2002-08-19 Rob Siemborski * lib/dlopen.c: use correct paths when a .la file is not present (Justin Gibbs ) 2002-08-13 Rob Siemborski * doc/sysadmin.html: fix some /usr/lib/sasl references to /usr/lib/sasl2 (Andrew Jones ) 2002-08-09 Rob Siemborski * saslauthd/Makefile.am: fix small parts of the saslauthd.8 build process. * Ready for 2.1.7 2002-08-06 Ken Murchison * plugins/digestmd5.c: disable/remove server-side fast reauth 2002-08-02 Rob Siemborski * include/sasl.h, lib/common.c: Add SASL_AUTHUSER as a parameter to sasl_getprop 2002-08-01 Rob Siemborski * saslauthd/lak.c: allow use of more than one %u or %r in the filter (Laurent Larquère ) 2002-07-30 Rob Siemborski * lib/client.c, lib/server.c: Add checks for SASL_NEED_PROXY and SASL_FEAT_ALLOWS_PROXY * include/sasl.h, include/saslplug.h: Add SASL_NEED_PROXY and SASL_FEAT_ALLOWS_PROXY * plugins/digestmd5.c, plugins/gssapi.c, plugins/kerberos4.c, plugins/otp.c, plugins/plain.c, plugins/srp.c: define SASL_FEAT_ALLOWS_PROXY for these mechanisms 2002-07-27 Rob Siemborski * saslauthd/auth_sasldb.c: Include mechanisms.h in a reasonable place. 2002-07-24 Rob Siemborski * saslauthd/Makefile.am: Fix DEFS to still supply -I. and -I.. * configure.in: Make --with-ldap show up in top level configure script, make saslauthd compile by default * lib/saslutil.c: use read() and not fread() on /dev/random to preserve entropy * doc/sysadmin.html: Add note about using /dev/urandom 2002-07-19 Rob Siemborski * doc/sysadmin.html, doc/readme.html, doc/upgrading.html: Misc. documentation cleanup (Joe Rhett ) 2002-07-17 Ken Murchison * lib/canonusr.c: update length of user string to length of output from callback 2002-07-16 Rob Siemborski * plugins/cram.c: Fix a security problem in the verification of the digest string. (Andrew Jones ) * Ready for 2.1.6 2002-07-06 Rob Siemborski * plugins/mysql.c: Further memory management cleanup. (never strdup the options, and therefore don't free staticly allocated strings) * man/sasl_getopt_t.3: Clarify semantics of memory management 2002-07-05 Rob Siemborski * saslauthd/lak.c: Better handling of downed ldap servers (Igor Brezac ) * sasldb/db_berkeley.c, utils/dbconverter-2.c: Use db_strerror() rather than strerror() for Berkeley DB error values. (J.H.M. Dassen (Ray) ) * saslauthd/Makefile.am, saslauthd/auth_ldap.c: don't hardwire the saslauthd conf file (J.H.M. Dassen (Ray) ) 2002-07-03 Rob Siemborski * man/sasl_user_exists.3: fix sasl_idle reference 2002-07-02 Rob Siemborski * lib/auxprop.c: Can now select multiple auxprop plugins * doc/options.html: updated for above * lib/client.c: improve mechanism selection to include number of security flags 2002-06-27 Ken Murchison * doc/draft-zeilenga-sasl-plain-00.txt: added * doc/index.html: added PLAIN draft 2002-06-26 Ken Murchison * doc/draft-zeilenga-sasl-anon-00.txt: added * doc/index.html: added ANONYMOUS draft 2002-06-20 Rob Siemborski * lib/auxprop.c: Make "cound not find auxprop plugin" warning log at LOG_DEBUG 2002-06-19 Rob Siemborski * plugins/digestmd5.c: create layer keys for integrity as well as privacy * saslauthd/auth_ldap.[ch], saslauthd/lak.[ch]: Large rewrite (Igor Brezac ) * lib/client.c, lib/server.c, lib/common.c: Actually set most of the sparams and cparams structures 2002-06-19 Ken Murchison * doc/draft-melnikov-rfc2831bis-01.txt: added * doc/draft-melnikov-rfc2831bis-00.txt: deleted * doc/index.html: updated to latest RFC 2831bis draft 2002-06-18 Ken Murchison * doc/draft-nerenberg-sasl-crammd5-02.txt: added * doc/draft-nerenberg-sasl-crammd5-01.txt: deleted * doc/index.html: updated to latest CRAM-MD5 draft 2002-06-17 Rob Siemborski * plugins/login.c, plugins/plain.c: Canonicalize username before doing checkpass 2002-06-14 Rob Siemborski * lib/client.c, lib/server.c, lib/saslint.h, lib/common.c. lib/seterror.c: continued size_t vs unsigned cleanups 2002-06-13 Rob Siemborski * saslauthd/ : remove LDAP support * Ready for 2.1.5 2002-06-12 Rob Siemborski * plugins/digestmd5.c: rename get_realm to get_server_realm, and pay attention to its return value * lib/external.c, lib/seterror.c: cleanup size_t/unsigned confusion 2002-06-10 Rob Siemborski * sasldb/Makefile.am: fix handling of allockey (only include it once) * plugins/kerberos4.c: fix a reference count leak * Ready for 2.1.4 2002-05-28 Rob Siemborski * saslauthd/LDAP_SASLAUTHD, saslauthd/saslauthd.mdoc: Update documentation for LDAP and Saslauthd as per Igor Brezac 2002-05-22 Lawrence Greenfield * lib/checkpw.c: close door file descriptor in saslauthd_verify_password 2002-05-21 Rob Siemborski * saslauthd/auth_krb5.c: fix a leak due to not calling krb5_cc_destroy on failure 2002-05-17 Rob Siemborski * saslauthd/saslauthd-*.c: support a generic mechanism option -O instead of -H * saslauthd/auth_ldap.c, lak.c, et. al: auth_ldap overhaul (Igor Brezac ) * lib/common.c, include/sasl.h: add sasl_version 2002-05-13 Rob Siemborski * lib/checkpw.c: use "*cmusaslsecretPLAIN" in auxprop_verify_password (Howard Chu, ), also only make a single canon_user call. 2002-05-13 Ken Murchison * plugins/plugin_common.c: set the return code to SASL_FAIL, and NULL the results of the _plug_get_*() functions before we get started * plugins/digestmd5.c, otp.c, plain.c, srp.c: check for NULL or empty authzid from callback 2002-05-09 Rob Siemborski * saslauthd/configure.in: --with-ldap now takes a path 2002-05-08 Rob Siemborski * saslauthd/acconfig.h, auth_ldap.c, configure.in, lak.c, lak.h: Misc compile/portability fixes (mostly header-related) * utils/testsuite.c: minor getopt() parameter fix (Claus Assmann ) * lib/checkpw.c: fix some warnings 2002-05-07 Rob Siemborski * Ready for 2.1.3-BETA 2002-05-06 Rob Siemborski * include/saslplug.h: add name member for canon_user plugins * lib/canonusr.c: use name member 2002-05-06 Ken Murchison * plugins/digestmd5.c: added client-side reauth 2002-05-05 Ken Murchison * lib/client.c: pass global_context to mech_new() * lib/server.c: don't free global_context (the plugin should free it) * utils/testsuite: swapped serverlast tests so that the descriptions are correct 2002-05-03 Ken Murchison * plugins/digestmd5.c: added server-side reauth * doc/index.html: added Marshall Rose's SASL papers * doc/options.html: added 'reauth_timeout' 2002-05-03 Rob Siemborski * plugins/kerberos4.c: fix compile errors * config/kerberos_v4.m4, plugins/digestmd5.c: fix des_cbc_encrypt interoperability problem (OpenSSL) * saslauthd/Makefile.am, acconfig.h, auth_ldap.c, auth_ldap.h, configure.in, lak.c, lak.h, mechanisms.c, mechanisms.h, saslauthd.conf: added experimental LDAP saslauthd module (by Igor Brezac ) * include/saslplug.h: give auxprop plugins a name * plugins/sasldb.c: give sasldb plugin a name * lib/auxprop.c: allow auxprop selection * doc/options.html: document auxprop_plugin option 2002-05-01 Ken Murchison * plugins/digestmd5.c, gssapi.c, kerberos4.c, srp.c: general plugin cleanup - standardizing structure 2002-04-30 Rob Siemborski * plugins/gssapi.c: Minor cleanup of struct hack in context structure 2002-04-30 Ken Murchison * plugins/plugin_common.[ch], anonymous.c, cram.c, login.c, otp.c, plain.c, sasldb.c, srp.c, lib/client.c, external.c, saslint.h, server.c: general plugin cleanup - reusing more common code, standardizing structure 2002-04-28 Ken Murchison * plugins/plugin_common.[ch], anonymous.c, cram.c, digestmd5.c, gssapi.c, kerberosv4.c, login.c, otp.c, plain.c, srp.c, lib/external.c:finalize movement of callback/interaction stuff into plugin_common 2002-04-27 Ken Murchison * plugins/plugin_common.[ch], anonymous.c, cram.c, digestmd5.c, gssapi.c, kerberosv4.c, login.c, otp.c, plain.c, srp.c, lib/external.c: move make_prompts stuff into plugin_common * utils/testsuite.c: allow for testing of EXTERNAL 2002-04-26 Rob Siemborski * sasldb/allockey.c: be sure to set userPassword and not *userPassword 2002-04-26 Ken Murchison * lib/client.c, server.c: check 'doneflag' just before mech_step() * plugins/plugin_common.[ch], anonymous.c, cram.c, digestmd5.c, gssapi.c, kerberosv4.c, login.c, otp.c, plain.c, srp.c, lib/external.c, Makefile.am: move callback/interaction stuff into plugin_common * plugins/plugin_common.[ch], digestmd5.c, gssapi.c, kerberosv4.c, srp.c: move decode/concatenation of multiple packets into plugin_common * utils/testsuite.c: set SASL_AUTH_EXTERNAL so we can test EXTERNAL 2002-04-25 Ken Murchison * plugins/otp.c: don't free the secret when we get data from a callback (and don't copy it) * plugins/gssapi.c, plain.c: make sure to set 'doneflag' when done * lib/client.c, server.c: don't call mech_step() if 'doneflag' is set 2002-04-24 Rob Siemborski * plugins/cram.c, digestmd5.c, login.c, plain.c, srp.c: don't free the secret when we get data from a callback (and don't copy it) 2002-04-22 Rob Siemborski * include/gai.h: Fix for compatibility with older glibc versions (Howard Chu, ) * plugins/gssapi.c: Don't always send authzid on client side (Howard Chu, ) 2002-04-18 Rob Siemborski * saslauthd/auth_sasldb.c: Use "use_realm" instead of "realm" for lookup of secret. (Jonas Oberg ) * plugins/gssapi.c: Correct handling of client-side authid and authzid (Howard Chu, ) * lib/external.c: Better handling of user canonicalization (Howard Chu, ) * plugins/cram.c, digestmd5.c, gssapi.c, kerberos4.c, login.c, otp.c, plain.c, srp.c: zero out prompt_need structures before use 2002-04-17 Rob Siemborski * plugins/cram.c, digestmd5.c, srp.c: Adjust cmusaslsecretFOO to *cmusaslsecretFOO * plugins/sasldb.c: correctly handle *(property) * lib/canonusr.c, server.c: Lookup authzid and authid auxprops correctly (and in the same place). * include/sasl.h, saslplug.h: Fix auxprop lookups (e.g. SASL_AUXPROP_AUTHZID) 2002-04-15 Rob Siemborski * plugins/gssapi.c: Handle null authzid's correctly * lib/server.c: fix a strcmp() that should be a memcmp() 2002-04-15 Rob Siemborski * plugins/gssapi.c: fix how name_token and name_without_realm are freed. 2002-04-12 Ken Murchison * doc/draft-melnikov-rfc2831bis-00.txt: added * doc/draft-myers-saslrev-02.txt: moved TOC * doc/draft-myers-saslrev-02.txt: added * doc/draft-myers-saslrev-01.txt: deleted * doc/index.html: changed link to updated saslrev draft, added KERBEROS_V4 notation, added link to rfc2831bis draft 2002-04-08 Ken Murchison * lib/server.c, doc/options.html: allow multiple pwcheck_methods 2002-04-03 Rob Siemborski * saslauthd/configure.in: properly define AUTH_KRB5 * saslauthd/auth_krb5.c: changes for MIT KRB5 2002-03-27 Rob Siemborski * Removed check for db3/db.h (people can just use --with-bdb-incdir) 2002-03-26 Rob Siemborski * Ready for 2.1.2 2002-03-11 Rob Siemborski * plugins/kerberos4.c: Fix a race condition during mutex allocation 2002-03-04 Rob Siemborski * lib/checkpw.c: Stop logging "authentication failed" message * plugins/gssapi.c: Reduce log level of "gss_accept_context" message 2002-02-27 Rob Siemborski * saslauthd/saslauthd.mdoc: Clarify that sasldb with saslauthd is not what you want to be doing. * doc/sysadmin.html: Update "sasldb" verifier to "auxprop" 2002-02-22 Rob Siemborski * lib/checkpw.c: made retry_read static 2002-02-21 Rob Siemborski * lib/checkpw.c (auxprop_verify_password) report SASL_NOUSER instead of SASL_FAIL. * lib/client.c, lib/server.c: More Complete returning of SASL_NOTINIT * utils/testsuite.c: Better checking for SASL_NOTINIT 2002-02-11 Ken Murchison * plugins/srp.c: removed OpenSSL 0.9.6 dependencies, small bugfix * configure.in: cleaned up OpenSSL (libcrypto) check 2002-02-05 Rob Siemborski * contrib/tclsasl: Add Marshall Rose's tclsasl patch. * plugins/anonymous.c: No longer append extra NUL to client response 2002-02-04 Rob Siemborski * utils/saslpasswd.c: Added -n option (Ken Murchison) * lib/dlopen.c: Removed confusing entry point message. * Ready for 2.1.1 2002-02-01 Ken Murchison * plugins/srp.c: fixed srp_setpass() 2002-01-31 Ken Murchison * include/sasl.h, lib/server.c, plugins/digestmd5.c, gssapi.c, kerberos4.c, srp.c: added SASL_SEC_MUTUAL_AUTH * plugins/srp.c: cleanup error messages and return codes 2002-01-30 Ken Murchison * plugins/otp.c, plugins/otp.h: added non-OPIE client/server implementation (requires OpenSSL) * configure.in: OTP now requires OpenSSL, OPIE is optional * doc/options.html, doc/readme.html, doc/sysadmin.html, doc/TODO: updated for new OTP implementation 2002-01-25 Rob Siemborski * saslauthd/Makefile.am: Correct multiple EXTRA_DIST bug * saslauthd/Makefile.am: small typo fixed (Leena Heino ) 2002-01-23 Rob Siemborski * utils/dbconverter-2.c (main): More intelligent default paths * acconfig.h: #ifndef's for _GNU_SOURCE (Assar ) 2002-01-22 Rob Siemborski * lib/common.c: Complete definition of sasl_global_listmech (from Love ) * lib/client.c: added checks for _sasl_client_active to sasl_client_new and sasl_client_start 2002-01-21 Ken Murchison * doc/draft-myers-saslrev-01.txt: moved TOC * doc/draft-ietf-cat-sasl-gssapi-05.txt: moved TOC * doc/draft-nerenberg-sasl-crammd5-01.txt: added * doc/draft-nerenberg-sasl-crammd5-00.txt: deleted * doc/index.html: changed link to updated draft * plugins/login.c (login_client_mech_step): fix client-first handling 2002-01-21 Rob Siemborski * lib/server.c (sasl_server_start): null out *serverout and *serveroutlen, just in case. * lib/external.c: Added correct required_prompts * saslauthd/testsaslauthd.c: Added simple saslauthd client * saslauthd/Makefile.am: rules for testsaslauthd * doc/sysadmin.html: updated to reference testsaslauthd * saslauthd/saslauthd.c: allow -n 0 (for fork-per-connection) * saslauthd/saslauthd.mdoc: documentation of -n 0 * plugins/cram.c (crammd5_client_mech_step): fix client-first handling * sasldb/db_gdbm.c: improved error reporting (Courtesy Marshall T. Rose * config/sasldb.m4: improved gdbm configure handling (Courtesy Marshall T. Rose * config/kerberos_v4.m4: Detect OpenSSL libdes first. (Courtesy Marshall T. Rose * plugins/cram.c, digestmd5.c, kervberos4.c, login.c, lib/client.c, server.c, include/saslplug.h: Cleaner client-first ABI. 2002-01-19 Ken Murchison * plugins/otp.c: set serverout to NULL where we have nothing to send instead of the empty string * plugins/srp.c: let glue code handle client-last/server-last situation by setting serverout appropriately 2002-01-19 Rob Siemborski * plugins/plain.c, plugins/login.c, plugins/digestmd5.c: set serverout to NULL where we have nothing to send instead of the empty string * include/saslplug.h, lib/client.c, lib/server.c: eliminated SASL_FEAT_WANT_SERVER_LAST in favor of clever setting of serverout * plugins/digestmd5.c: removed SASL_FEAT_WANT_SERVER_LAST 2002-01-18 Ken Murchison * plugins/srp.c: updated to draft-burdis-cat-srp-sasl-06 * plugins/srp.c: server uses external SSF * plugins/srp.c: server sends mandatory options based on min SSF * doc/draft-burdis-cat-srp-sasl-06.txt: added * doc/draft-burdis-cat-srp-sasl-05.txt: deleted * doc/index.html: changed link to updated draft 2002-01-17 Rob Siemborski * plugins/kerberos4.c: Actually allocate a mutex on the client side 2002-01-16 Rob Siemborski * lib/server.c (mech_permitted): fixed incorrect return value of SASL_NOMECH that should have been 0. * lib/common.c (sasl_errdetail): fixed core if passed in conn is NULL * plugins/digestmd5.c (encode_tmp_buf): removed unneeded buffer 2002-01-16 Ken Murchison * plugins/srp.c: fixed layer decoding to handle multiple packets * plugins/srp.c: plugged memory leaks (now passes testsuite) * plugins/srp.c: more logging * plugins/srp.c: lots of other nits, bug fixes * utils/testsuite.c: added SSF=0/56 test 2002-01-14 Rob Siemborski * saslauthd/auth_krb4.c (auth_krb4): fix tf_name memory leak, and other efficency fixes 2002-01-11 Rob Siemborski * include/saslplug.h: Add flags member to params structures * lib/client.c, lib/server.c: flags parameter to sasl_*_new now gets to the plugins 2002-01-10 Rob Siemborski * include/sasl.h: Update for sasl_global_listmech API * lib/common.c, lib/client.c, lib/server.c: sasl_global_listmech() * lib/dlopen.c (_parse_la): fix parseing of dlname= line * Ready for 2.1.0 2002-01-09 Ken Murchison * plugins/otp.c: fixed security_flags * plugins/srp.c: corrected integrity layer encoding * plugins/srp.c: finished maxbuffersize handling * plugins/srp.c: fixed security_flags * doc/index.html: added reference to SRP paper 2002-01-09 Rob Siemborski * lib/common.c (sasl_decode): Removed maxoutbuf check * man/sasl_setprop.3: Minor clarifications * plugins/digestmd5.c, plugins/gssapi.c, plugins/kerberos4.c: Assorted security layer fixes (maxoutbuf setting, mech_ssf setting) * lib/common.c, lib/client.c, lib/server.c, lib/saslint.h: Allowed client-side sasl_listmech calls. * include/sasl.h: Minor cosmetic fix to comments * doc/programming.html: Interaction memory management clarifications * lib/common.c: Fix several crash problems in getprop (Courtesy Marshall T. Rose ) 2002-01-05 Lawrence Greenfield * saslauthd/saslauthd.c: F_SETLK doesn't block; F_SETLKW does * saslauthd/saslauthd.c: detect errors somewhat better 2002-01-04 Rob Siemborski * lib/common.c: Allow sasl_setprop for SASL_DEFUSERREALM 2002-01-04 Ken Murchison * plugins/srp.c: don't send M2 if using a confidentiality layer * plugins/srp.c: more constraint checks * plugins/otp.c: improve standard hex/word response detection * doc/install.html, doc/sysadmin.html, contrib/opie-2.4-fixes: add patch for OPIE 2.4 to enable extended responses 2002-01-03 Ken Murchison * configure.in: removed check fpr gmp * plugins/srp.c: migrated to OpenSSL's BN (removed GNU MP dependency) 2001-12-20 Rob Siemborski * sasldb/db_ndbm.c: Fixed small memory leak (Courtesy Howard Chu ) 2001-12-18 Ken Murchison * plugins/srp.c: more constraint checks 2001-12-17 Rob Siemborski * saslauthd/saslauthd.c: Prefork a number of processes to handle connections. * saslauthd/auth_krb4.c: Handle concurrent accesses better. 2001-12-15 Ken Murchison * plugins/srp.c: added confidentiality layers 2001-12-14 Ken Murchison * plugins/srp.c: improved client/server layer option handling * plugins/srp.c: added client-side support for mandatory options * plugins/srp.c: added framework for confidentiality layers * plugins/srp.c: added some data sanity checking (thanks to Tom Holroyd for feedback) 2001-12-13 Rob Siemborski * lib/server.c, lib/common.c: Fix handling of global callbacks so that plugin_list works again 2001-12-12 Rob Siemborski * pwcheck/Makefile.am: Added include of ../lib (from Hajimu UMEMOTO ) 2001-12-11 Rob Siemborski * sasldb/db_ndbm.c: fix call to dbm_nextkey, from Scot W. Hetzel 2001-12-10 Rob Siemborski * doc/plugprog.html: Update for new user canonicalization usage. * man/sasl_canon_user.3: Update for new user canonicalization usage. * configure.in: Actually set STATIC_GSSAPIV2 when necessary 2001-12-08 Ken Murchison * plugins/srp.c: make sure we have the HMAC before trying to use it * plugins/srp.c: don't advertise server integrity w/o HMAC-SHA-1 * plugins/srp.c: move EVP_cleanup() to mech_free so mech can be reused 2001-12-07 Ken Murchison * configure.in: SRP now requires OpenSSL * plugins/srp.c: migrated to OpenSSL's MDA/cipher abstraction API * plugins/srp.c: added RIPEMD-160 support * plugins/srp.c: using "standard ACSII names" for MDA-names as documented by [SCAN] (until determined otherwise) * plugins/srp.c: using updated canon_user API to allow separate canonicalization of authid and authzid. 2001-12-06 Rob Siemborski * lib/canonusr.c: Better logging when desired plugin is not found. * lib/checkpw.c: spelling error fixed. * lib/canonusr.c, lib/checkpw.c, lib/client.c, lib/external.c, lib/saslint.h, lib/server.c, include/sasl.h, include/saslplug.h, plugins/*.c: Updated canon_user API to allow separate canonicalization of authid and authzid. 2001-12-05 Rob Siemborski * saslauthd/Makefile.am, saslauthd/acconfig.h, saslauthd/configure.in: Solaris 7 and FreeBSD (FreeBSD is courtesy of Claus Assmann ) * sasldb/Makefile.am: link order fix (Courtesy Claus Assmann ) 2001-12-05 Ken Murchison * configure.in: * plugins/Makefile.am: only build SRP with sasldb libs when srp_setpass() is enabled * plugins/srp.c: added HMAC-SHA-160 integrity layer * plugins/srp.c: don't offer integrity layers unless HMAC-SHA-160 is available (mandatory) * plugins/srp.c: fixed multiple integrity/confidentiality layer client-side bug * plugins/srp.c: fixed delete SRP secret bug * plugins/srp.c: removed VL() stuff 2001-12-04 Rob Siemborski * utils/Makefile.am, config/sasldb.m4: Build sasldblistusers2 and saslpasswd2. Default database now /etc/sasldb2 * INSTALL, README, doc/index.html, doc/upgrading.html: Update with upgrading instructions in preparation for release. * doc/, /: Documentation reorganization, convert README and INSTALL to HTML format. * Bumped appropriate version numbers, Ready for 2.0.5-BETA 2001-12-04 Ken Murchison * acconfig.h, configure.in: dependency checking for SRP * acconfig.h, configure.in: * plugins/srp.c: made srp_setpass() a compile-time option (default=off) * plugins/srp.c: use auxprop to fetch cmusaslsecretSRP/userPassword * plugins/srp.c: code cleanup * acconfig.h, configure.in: * doc/sysadmin.html: * plugins/otp.c: made otp_setpass() a compile-time option (default=off) 2001-12-02 Ken Murchison * plugins/srp.c: fixed SHA1 support * plugins/srp.c: changed calculation of 'x' to coincide with draft -05 * plugins/srp.c: code cleanup 2001-12-01 Ken Murchison * plugins/srp.c: abstracted MDA interface * plugins/srp.c: added SHA1 support (not working) 2001-11-30 Ken Murchison * plugins/srp.c: renumbered steps to start at 1 * plugins/srp.c: check plugin API version instead of SRP_VERSION * plugins/srp.c: changed data exchanges to conform to draft -05 2001-11-29 Ken Murchison * plugins/srp.c: code now compiles and runs * plugins/Makefile.am: added sasldb libs to SRP build 2001-11-24 Ken Murchison * lib/external.c: made EXTERNAL a client-send-first mechanism * doc/index.html: added CRAM-MD5 draft 2001-11-22 Ken Murchison * plugins/otp.c: fixed otp_setpass() bug * doc/sysadmin.html: OTP additions/changes 2001-11-19 Rob Siemborski * utils/saslpasswd.c: Corrected disable handling 2001-11-17 Ken Murchison * doc/index.html, rfc2945.txt, rfc3174.txt: specification additions * doc/Makefile.am: Updated included RFCs and IDs 2001-11-14 Ken Murchison * lib/server.c, doc/options.html: added 'mech_list' option 2001-11-14 Rob Siemborski * sasldb/allockey.c: removed an assert() call * sasldb/db_ndmb.c, sasldb/db_gdbm.c: Fixed cntxt's to be conn's 2001-11-13 Ken Murchison * acconfig.h, configure.in: * plugins/otp.c: support client-side OTP without OPIE 2001-11-08 Ken Murchison * plugins/otp.c: allow entry of one-time password via SASL_CB_ECHOPROMPT callback * plugins/otp.c: code cleanup * doc/index.html, draft*.txt: specification updates/additions 2001-11-08 Rob Siemborski * plugins/cram.c, digestmd5.c, sasldb.c: Removed all assert() calls from supported plugins. 2001-11-07 Rob Siemborski * utils/testsuite.c: added proxy policy checks * lib/checkpw.c (_sasl_auxprop_verify_apop): correct handling of seterror calls 2001-11-06 Rob Siemborski * lib/canonusr.c (_canonuser_internal): added necessary seterror calls * doc/Makefile.am: Updated included RFCs and IDs * lib/canonusr.c, lib/server.c: Corrected authzid/authid handling * plugins/digestmd5.c: Unconfused authzid/authid in server call to canon_user 2001-11-01 Rob Siemborski * plugins/gssapi.c, plugins/kerberos4.c: Get rid of unnecessary buffer copy in security layer encodes. 2001-10-24 Ken Murchison * plugins/otp.c: added otp_setpass() so that saslpasswd can be used instead of opiepasswd on closed systems * doc/sysadmin.html: OTP additions/changes 2001-10-22 Ken Murchison * acconfig.h, configure.in: detect OPIE, enable/disable OTP * plugins/Makefile.am, makeinit.sh, otp.c: added OTP support (still need work on RFC2444 compliance - depends on OPIE changes) * doc/index.html, options.html, sysadmin.html, rfc*.txt: OTP additions/changes 2001-10-18 Rob Siemborski * utils/testsuite.c: Test DES harder for DIGEST-MD5 * plugins/digestmd5.c (enc_des): Get rid of one buffer copy. * plugins/digestmd5.c (dec_des, dec_3des): correct handling of padding length check. 2001-10-17 Rob Siemborski * config/sasldb.m4: detect berkeley db 4 * plugins/gssapi.c, cram.c, kerberos4.c, digestmd5.c: have dispose calls deal with the possibility of a null context 2001-10-16 Rob Siemborski * saslauthd/Makefile.am: Link LIB_PAM as well, if needed * plugins/digestmd5.c: Don't send a trailing nul on challenge and responses. * lib/server.c (sasl_server_start, sasl_server_step): Deal with authentication failures better. (Reported by Larry Rosenbaum ) 2001-10-02 Rob Siemborski * saslauthd/Makefile.am, saslauthd/auth_sasldb.c, saslauthd/configure.in: Changes to allow extraction of saslauthd as needed. 2001-09-19 Rob Siemborski * lib/getaddrinfo.c (getaddrinfo): Correct fix for AI_PASSIVE bug from Hajimu UMEMOTO * plugins/plugin_common.c, lib/common.c (_*_ipfromstring): revert to previous versions. * plugins/Makefile.am: Include necessry compatibility objects as needed. * lib/Makefile.am: compatibility code for static libsasl * configure.in: small changes to make compatibility objects easy to use. 2001-09-18 Rob Siemborski * plugins/plugin_common.c, lib/common.c (_*_ipfromstring): no longer use AI_PASSIVE hint for getaddrinfo 2001-09-13 Rob Siemborski * saslauthd/auth_sasldb.c, saslauthd/auth_sasldb.h: Added experimental sasldb saslauthd module * saslauthd/configure.in: sasldb related config changes, do not config if disabled 2001-09-12 Rob Siemborski * saslauthd/*, lib/checkpw.c (saslauthd_verify_password): merged new saslauthd protocol from Ken Murchison 2001-08-30 Rob Siemborski * configure.in, saslauthd/configure.in: check for inet_aton in libresolv.so, so as to link it if necessary * config/sasldb.m4 (BERKELEY_DB_CHK_LIB): set runpath of library if necessary 2001-08-29 Rob Siemborski * utils/testsuite.c: Minor testsuite fix (include paths) * Ready for 2.0.4-BETA 2001-08-24 Rolf Braun * Mac OS 9 and X support, including Carbon Mac OS 9 Classic support based on the SASL v1 code by Aaron Wohl * updated ltconfig and ltmain.sh * acconfig.h: * configure.in: * lib/saslutil.c: use random() when jrand48() isn't available * dlcompat-20010505: dlcompat included for OS X support, compiles separately * lib/dlopen.c: prefix symbols with underscore on OS X, as on OpenBSD note that this is also detected automatically by configure, this only helps when cross-compiling (for OS X?) * acconfig.h: * configure.in: * config/kerberos_v4.m4 look for libdes524 when libdes doesn't exist. look for libkrb4 when libkrb doesn't exist. * lib/saslint.h: * lib/common.c: * lib/seterror.c: * lib/Makefile.am: split sasl_seterror() into a new file. add_string -> _sasl_add_string and made this non-static so seterror can use it. added _sasl_get_errorbuf to go into the conn_t struct so we don't have to know the format of that struct when seterror.c is linked from glue code (i.e., the Mac OS X CFM glue) * acconfig.h: fix the order of the fake iovec struct for systems that don't have it (like Mac OS 9) so it's the same order as most Unixes that do (like Mac OS X) -- the CFM glue needs this * acconfig.h: include before we include * plugins/kerberos4.c: * lib/checkpw.c: * acconfig.h: * configure.in: check for krb_get_err_txt in the kerberos 4 library, and use it instead of the krb_err_txt[] array if available * plugins/kerberos4.c: define KEYFILE to "/etc/srvtab" if not already defined by the kerberos 4 headers (needed for MIT KfM 4.0) * doc/macosx.html: added this * README: point Mac OS X users to doc/macosx.html * doc/Makefile.am: add doc/macosx.html to distfiles * Makefile.am: * lib/Makefile.am: * include/Makefile.am: * config/Info.plist: * configure.in: when building on Mac OS X, install a framework in /Library/Frameworks * mac/*: projects and support files for Mac OS 9, classic and Carbon * mac/osx_cfm_glue: the glue to allow CFM Carbon applications under Mac OS X call the Unix-layer SASL library * lib/common.c: * lib/canonusr.c: don't do the auxprop stuff on Mac OS 9 * lib/getaddrinfo.c: don't look up hostnames on Mac OS 9 (we only officially support passing IP address strings anyway) * lib/getaddrinfo.c: * plugins/plugin_common.c: * plugins/plugin_common.h: don't include headers on Mac OS 9 that we don't have. * sample/sample-client.c: add a cast for Mac OS 9 (different type handling of char) * plugins/makeinit.sh: include the stub header to export the right symbols on Mac OS 9 2001-08-20 Rob Siemborski * plugins/gssapi.c (gssapi_server_mech_step): fixed accidental back link into glue code * config/kerberos4.m4: Actually link in -lkrb 2001-08-15 Rob Siemborski * lib/common.c (_sasl_iptostring): #if 0'd out. * lib/server.c (sasl_user_exists): only check the verifier we are using * config/kerberos_v4.m4 (SASL_DES_CHK): added * config/kerberos_v4.m4 (SASL_KERBEROS_V4_CHK): included entire check from configure.in * configure.in: moved kerberos 4 code completely out. * saslauthd/acconfig.h (WITH_DES, WITH_SSL_DES): Added DES-related symbols 2001-08-14 Rob Siemborski * configure.in: Check for sys/uio.h * saslauthd/configure.in: Check for sys/uio.h * config.h: Do the Right Thing for struct iovec (and no longer include sys/uio.h elsewhere) * saslauthd/config.h: Do the Right Thing for struct iovec (and no longer include sys/uio.h elsewhere) 2001-08-13 Rob Siemborski * plugins/digestmd5.c (init_des, init_3des, enc_des, dec_des, enc_3des, dec_3des): fixed interoperability problems, 3des was not decrypting with correct key and des was not setting up the initial vector. * lib/checkpw.c (always_true): log users who log in via this verifier 2001-08-13 Rob Siemborski * utils/testsuite.c (giveokpath): fix memory leak * lib/common.c (sasl_ipfromstring): add call to freeaddrinfo() * plugins/plugin_common.c (_plug_ipfromstring): add call to freeaddrinfo() * lib/saslutil.c (sasl_randseed): actually initilize the randpool * saslauthd/auth_getpwent.c (auth_getpwent): clear a warning * saslauthd/auth_shadow.c (auth_shadow): clear a similar warning * utils/Makefile.am (EXTRA_DIST): Actually include the needed files * saslauthd/configure.in: Handle shadow passwords correctly * saslauthd/acconfig.h: Handle shadow passwords correctly * lib/checkpw.c (always_true): added * configure.in: added check for alwaystrue verifier * acconfig.h: added HAVE_ALWAYSTRUE * doc/options.html: alwaystrue verifier documented 2001-08-11 Rob Siemborski * saslauthd/: Now configures separately from SASL, so as to localize tests for that package within that package * utils/dbconverter-2.c (listusers_cb): fix handling of APOP 2001-08-10 Rob Siemborski * saslauthd/Makefile.am (install-data-local): correct handling of $(DESTDIR) (and create the directory if it isn't there) [Amos Gouaux ] * lib/server.c (sasl_server_init): Added plugname to add_plugin call for EXTERNAL * doc/index.html: updated * doc/appconvert.html: cleaned up 2001-08-09 Rob Siemborski * plugins/digestmd5.c (digestmd5_client_mech_step): handle missing authorization name * plugins/plain.c (plain_client_mech_step): handle missing authorization name * include/sasl.h: better documentation of SASL_CB_CANON_USER 2001-08-08 Rob Siemborski * saslauthd/saslauthd.mdoc: updated re: pam * saslauthd/saslauthd.8: regenerated * saslauthd/Makefile.am: Link against PLAIN_LIBS also (from Ken Murchison ) 2001-08-07 Rob Siemborski * lib/client.c (sasl_server_step): corrected maxoutbuf handleing * lib/server.c (sasl_server_step): corrected maxoutbuf handleing * lib/saslint.h (DEFAULT_MAXOUTBUF): removed * lib/common.c (sasl_encodev, sasl_decode): maxbufsize checking * utils/testsuite.c (testseclayer,doauth): more security layer checking. Added parameter to doauth to disable fatal() calls, updated all callers. * utils/smtptest.c (main): added ability to support LMTP * plugins/gssapi.c: conform with draft-ietf-cat-sasl-gssapi-05.txt * doc/draft-ietf-cat-sasl-gssapi-05.txt: added * doc/Makefile.am (EXTRA_DIST): added above to EXTRA_DIST 2001-08-06 Rob Siemborski * utils/dbconverter-2.c (listusers_cb): handle PLAIN-APOP * lib/client.c (sasl_client_add_plugin, client_done): save plugin name * lib/server.c (sasl_server_add_plugin, server_done): save plugin name * lib/dlopen.c (_sasl_plugin_load): correctly pass pluginname * lib/common.c (sasl_getprop): implement SASL_AUTHSOURCE properly * lib/saslint.h (cmechanism_t, mechanism_t): added plugname field * lib/canonusr.c (internal_canonuser_init): no longer limit based on plugname * plugins/sasldb.c (sasldb_auxprop_plug_init): no longer limit based on plugname 2001-08-01 Rob Siemborski * utils/smtptest.c (iptostring): better behaved w.r.t endianness * plugins/cram.c (crammd5_server_mech_step): support for old-style secrets * plugins/digestmd5.c (digestmd5_server_mech_step): support for old-style secrets * lib/checkpw.c (auxprop_verify_password,_sasl_make_plain_secret): support for old-style secrets * utils/dbconverter-2.c: added * utils/sasldblistusers.c (listusers): Print out property names as well as username@realm format. * utils/saslpasswd.c (_sasl_sasldb_set_pass): Correctly handle updates that concern old-style secrets * sasldb/allockey.c: Added a missing null to propName in key parser 2001-07-31 Rob Siemborski * plugins/kerberos4.c (mech_avail): made static * plugins/kerberos4.c (mech_avail): fixed ipv4 check (patch from Hajimu UMEMOTO ) * doc/appconvert.html: vague guide documenting our experience porting Cyrus IMAPd to use SASLv2 * doc/Makefile.am: added appconvert.html * lib/client.c (sasl_client_new): fixed ip address setting to hit relevant params structures as well * lib/server.c (sasl_server_new): fixed ip address setting to hit relevant params structures as well * lib/common.c (sasl_setprop): fixed ip address setting to hit relevant params structures as well * lib/common.c (sasl_seterror): fixed spelling error 2001-07-30 Rob Siemborski * sasldb/db_berkeley.c: utils->seterror() calls * sasldb/db_gdbm.c: utils->seterror() calls * sasldb/db_ndbm.c: utils->seterror() calls * sasldb/allockey.c: utils->seterror() calls * lib/common.c (sasl_seterror): still call logging callback with a null sasl_conn_t * plugins/sasldb.c (sasldb_auxprop_lookup): support for multiple properties * plugins/Makefile.am: added -module to LDFLAGS * config/sasldb.m4: Allow specification of exact berkeley db lib and include paths * sasldb/Makefile.am: Add proper include directory * sasldb/sasldb.m4 (SASL_DB_BACKEND_STATIC): include allockey.o * Ready for 2.0.3-BETA * plugins/kerberos4.c (kerberos4_server_plug_init): reset srvtab when we do not load correctly. * lib/staticopen.c (_sasl_load_plugins): do not fail if a single plugin load fails * include/sasl.h (SASL_CLIENT_FALLBACK): removed 2001-07-27 Rob Siemborski * configure.in: extracted SASLDB-related checking * config/sasldb.m4: added * configure.in: now cache the JNI include directory path * utils/testsuite.c: switch some sasl_errstrings to sasl_errdetail * plugins/gssapi.c: Fix error reporting * plugins/gssapi.c: Required SASL_CB_USER instead of SASL_CB_AUTHNAME * plugins/anonymous.c: Function name standardization * plugins/cram.c: Function name standardization * plugins/digestmd5.c: Function name standardization * plugins/gssapi.c: Function name standardization * plugins/kerberos.c: Function name standardization * plugins/login.c: Function name standardization * plugins/plain.c: Function name standardization * sasldb/allockey.c: Generalized SASLdb API * sasldb/db_berkeley.c: Generalized SASLdb API * sasldb/db_gdbm.c: Generalized SASLdb API * sasldb/db_ndbm.c: Generalized SASLdb API * sasldb/db_none.c: Generalized SASLdb API * sasldb/db_testw32.c: Added #error to block compile so the API will be fixed when we do the Win 32 port * plugins/sasldb.c: Use new SASLdb API * utils/saslpasswd.c: Use new SASLdb API 2001-07-26 Rob Siemborski * lib/common.c (_sasl_getcallback): fixed reference to possibly NULL conn * configure.in: only build saslpasswd and sasldblistusers if we have a meaningfull libsasldb (e.g. not db_none), * utils/Makefile.am: only build saslpasswd and sasldblistusers if we have a meaningfull libsasldb (e.g. not db_none), * configure.in: conditionally build smtptest * utils/Makefile.am: conditionally build smtptest * sasldb/allockey.c (_sasldb_parse_key): added * sasldb/sasldb.h: New key list access API, added parameter to sasl_check_db (all callers updated, all callees updated) * sasldb/db_berkeley.c: Implement key list access API * sasldb/db_gdbm.c: Implement key list access API * sasldb/db_ndbm.c: Implement key list access API * sasldb/db_none.c: Implement key list access API * utils/sasldblistuser.c: Use libsasldb instead of internal functions. * utils/saslpasswd.c: No longer have separate global_utils, call sasl_dispose and sasl_done * acconfig.h: check for inttypes.h * configure.in: check for inttypes.h * plugins/plugin_common.c: include, if necessary, inttypes.h, reference uint32_t instead of u_int32_t 2001-07-25 Rob Siemborski * lib/saslint.h: changed "sasldb" verifier to "auxprop" * lib/server.c: changed "sasldb" verifier to "auxprop" * lib/checkpw.c: changed "sasldb" verifier to "auxprop" * utils/testsuite.c: changed "sasldb" verifier to "auxprop" * doc/options.html: changed "sasldb" verifier to "auxprop" * README: updated upgrade information * utils/Makefile.am (CLEANFILES): added * sasldb/allockey.c (alloc_key): single place for alloc_key() Removed alloc_key from other source files. * sasldb/sasldb.h: added declaration of alloc_key() * configure.in: added checks for db-3.3 and db3.3 * plugins/digestmd5.c (get_realm): now error on empty user_realm * plugins/cram.c (client_required_prompts): removed redundant required_prompts * plugins/plain.c (client_continue_step): server-send-last error * utils/testsuite.c (main): detailed client-send-first, server-send-last checking 2001-07-24 Rob Siemborski * plugins/sasldb.c: Cleaned up calls into the glue code * java/Test/*: Cleaned up java test utilities * configure.in: Minor GSSAPI configure changes * utils/saslpasswd.c: Clarfied -d option for saslpasswd * utils/saslpasswd.8: Clarfied -d option for saslpasswd * doc/plugprog.html: Added plugin programmer's guide * doc/index.html: linked to plugin programmer's guide * configure.in: corrected configure checking of Berkeley DB (from Scot W. Hetzel ) * configure.in: corrected checking for libcom_err (from Scot W. Hetzel ) 2001-07-23 Rob Siemborski * configure.in: Added check for db3/db.h * plugins/kerberos4.c Added mech_avail (checks for IP info) * lib/common.c: Fixed setting of serverFQDN in _sasl_conn_init * lib/server.c: Fully Implemented mech_avail calls in glue code * lib/server.c: Fixed allocation/destruction of sasl_conn_t's * lib/client.c: Fixed allocation/destruction of sasl_conn_t's * lib/common.c: Rely on earlier initialization in server.c and client.c * doc/options.html: added * ChangeLog: back to standard format 2001-07-20 Rob Siemborski * Can now deal with variable client-first mechs such as DIGEST-MD5, though this interface is subject to change * Modified parseuser to deal better with default realms * Simplified realm handling in DIGEST-MD5 (getrealm callback is no longer required). * Cleaned up some memory management issues in DIGEST-MD5 2001-07-19 Rob Siemborski * Fixed prototype of sasl_getpath_t to be in conformance with memory allocation rules * Fixed up samples directory * Try to dlopen using information in .la file if available (based on patch from Stoned Elipot ) * Resolution of most of the server-send-first and client-send-last issues (using mechanism feature flags) 2001-07-18 Rob Siemborski * Updated config.guess and config.sub * Better underscore checking for dlsym * Resolved possible global_utils namespace collision * Updated sasldb library to be expandable to multiple properties if the need arises in the future. * IPv6 support from Hajimu UMEMOTO 2001-07-17 Rob Siemborski * Extricated sasldb support to an auxprop plugin only. sasldb modifications can now only be done through the saslpasswd interface. 2001-07-13 Rob Siemborski * Fixed buffer overrun problem in sasldb auxprop plugin * Removed severe memory leak from testsuite * Version 2.0.2-ALPHA Released 2001-07-11 Rob Siemborski * error reporting in KERBEROS_V4 plugin * vague handling of SASL_AUTHSOURCE for getprop * random misc error reporting bugs * basic error messages for GSSAPI plugin 2001-07-10 Rob Siemborski * added client-send-first logic in glue code * removed some client-send-first logic in mechanisms * removed IPv4 specifics from sasl_conn_t * Much gluecode error revamping (store the error code in sasl_conn_t) 2001-07-09 Rob Siemborski * Removed dependency on "name" in canonuser plugin structure * Update configure.in from a new configure.scan * Update copyright info in man pages, finished all API man pages * Added auxprop tests to testsuite * Added userdb callback support 2001-07-09 Rob Siemborski * First attempt at making the java code work again * Minor memory and byte order bugfixes * Added testing support for dmalloc (--with-dmalloc) 2001-07-06 Rob Siemborski * Loading of auxprop and canonuser plugins from DSOs (This still sucks performance wise, and will be fixed soon) * Fixed some lack of indirection in the plugins * Reverted to the v1 entry points for the plugins * Cleaned up a good deal of the library loading code so it now only gets called from the sasl_*_init functions, and all the cleanup happens in the common sasl_done function * Added SASL_IPREMOTEPORT and SASL_IPLOCALPORT to setprop, and now _sasl_conn_init calls it to do the same work. 2001-07-05 Rob Siemborski * Working libsfsasl and smtptest program (--with-sfio) * Fixed sasldblistusers (atleast for Berkeley DB) * seterror() calls in ANONYMOUS, CRAM, PLAIN and LOGIN * Some new manpages 2001-07-03 Rob Siemborski * Static library compilation now optional (--with-staticsasl) Note that this is different from --enable-static, which causes libtool to build static versions of everything is is almost certainly NOT what you want. * Removed all references to the ancient NANA code. * Updated some documentation. 2001-07-02 Rob Siemborski * Improved allocation efficiency of KERBEROS_V4, DIGEST-MD5, and GSSAPI security layers. * Fixed a decode bug in DIGEST-MD5 (and testsuite improvements to help find similar ones) * Fixed a number of solaris compiler warnings * Static Library Build Support 2001-06-30 Rob Siemborski * Cleanup of some man pages (added sasl_errors.3) 2001-06-29 Rob Siemborski * Cleanup of APOP Code + new man page (Ken Murchison ) * Cleanup of comments in some files (Ken Murchison ) * Fixed some compiler errors on Solaris using /opt/SUNWspro/bin/cc (Reported by Mei-Hui Su 2001-06-28 Rob Siemborski * Improved memory allocation in default sasl_decode handler * Added ability to disable sasl_checkapop (--disable-checkapop) * Re-initialized kerberos mutex to NULL after it was freed 2001-06-28 Rob Siemborski * Fixed a severe bug in DIGEST-MD5 Plugin * KERBEROS_V4 plugin now thread safe * Version 2.0.1-ALPHA Released (due to DIGEST-MD5 problem) 2001-06-27 Rob Siemborski * Version 2.0.0-ALPHA Released