--- cyrus-sasl2_2.1.22.dfsg1-18ubuntu2.diff 2008-04-10 00:04:41.000000000 +0200 +++ cyrus-sasl2_2.1.22.dfsg1-18ubuntu2kbe1.diff 2008-05-08 02:48:09.000000000 +0200 @@ -39694,6 +39694,15 @@ GSSAPIBASE_LIBS = @GSSAPIBASE_LIBS@ GSSAPI_LIBS = @GSSAPI_LIBS@ INSTALL_DATA = @INSTALL_DATA@ +@@ -121,7 +121,7 @@ + JAVA_TRUE = @JAVA_TRUE@ + LDFLAGS = @LDFLAGS@ + LIBOBJS = @LIBOBJS@ +-LIBS = @LIBS@ ++LIBS = -lcrypt @LIBS@ + LIBTOOL = @LIBTOOL@ + LIB_CRYPT = @LIB_CRYPT@ + LIB_DES = @LIB_DES@ @@ -134,13 +195,16 @@ LN_S = @LN_S@ LTGETADDRINFOOBJS = @LTGETADDRINFOOBJS@ @@ -82246,7 +82255,7 @@ + --- cyrus-sasl2-2.1.22.dfsg1.orig/debian/patches/0001_versioned_symbols.dpatch +++ cyrus-sasl2-2.1.22.dfsg1/debian/patches/0001_versioned_symbols.dpatch -@@ -0,0 +1,35 @@ +@@ -0,0 +1,36 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 01_versioned_symbols.dpatch by +## @@ -82263,9 +82272,10 @@ + libsasl2_la_SOURCES = $(common_sources) $(common_headers) +-libsasl2_la_LDFLAGS = -version-info $(sasl_version) +-libsasl2_la_DEPENDENCIES = $(LTLIBOBJS) ++-libsasl2_la_LIBADD = $(LTLIBOBJS) $(SASL_DL_LIB) $(LIB_SOCKET) $(LIB_DOOR) ++libsasl2_la_LDFLAGS = -version-info $(sasl_version) -Wl,--version-script=Versions ++libsasl2_la_DEPENDENCIES = $(LTLIBOBJS) Versions -+ libsasl2_la_LIBADD = $(LTLIBOBJS) $(SASL_DL_LIB) $(LIB_SOCKET) $(LIB_DOOR) +++libsasl2_la_LIBADD = $(LTLIBOBJS) $(SASL_DL_LIB) $(LIB_SOCKET) $(LIB_DOOR) $(LIB_CRYPT) + + if MACOSX +@@ -93,6 +93,13 @@ @@ -82284,7 +82294,7 @@ + linksrcs: --- cyrus-sasl2-2.1.22.dfsg1.orig/debian/patches/00list +++ cyrus-sasl2-2.1.22.dfsg1/debian/patches/00list -@@ -0,0 +1,20 @@ +@@ -0,0 +1,21 @@ +0001_versioned_symbols +0002_testsuite +0003_saslauthd_mdoc @@ -82305,6 +82315,7 @@ +0018_auth_rimap_quotes +0019_ldap_deprecated +0020_saslauthd_manpage ++0021_crypted_passwords --- cyrus-sasl2-2.1.22.dfsg1.orig/debian/patches/0019_ldap_deprecated.dpatch +++ cyrus-sasl2-2.1.22.dfsg1/debian/patches/0019_ldap_deprecated.dpatch @@ -0,0 +1,25 @@ @@ -88131,3 +88142,168 @@ +Index: /usr/share/doc/cyrus-sasl2-doc/index.html +Files: /usr/share/doc/cyrus-sasl2-doc/*.html + +--- cyrus-sasl2-2.1.22.dfsg1.orig/debian/patches/0021_crypted_passwords.dpatch ++++ cyrus-sasl2-2.1.22.dfsg1/debian/patches/0021_crypted_passwords.dpatch +@@ -0,0 +1,162 @@ ++#! /bin/sh /usr/share/dpatch/dpatch-run ++## 0021_crypted_passwords.dpatch by Karsten Behrens ++## ++## All lines beginning with `## DP:' are a description of the patch. ++## DP: Enable encrypted stored passwords ++ ++@DPATCH@ ++diff -urNad trunk~/lib/checkpw.c trunk/lib/checkpw.c ++--- trunk~/lib/checkpw.c +++++ trunk/lib/checkpw.c ++@@ -94,6 +94,23 @@ ++ # endif ++ #endif ++ +++/****************************** +++ * crypt(3) patch start * +++ ******************************/ +++char *crypt(const char *key, const char *salt); +++ +++/* cleartext password formats */ +++#define PASSWORD_FORMAT_CLEARTEXT 1 +++#define PASSWORD_FORMAT_CRYPT 2 +++#define PASSWORD_FORMAT_CRYPTTRAD 3 +++#define PASSWORD_SALT_BUF_LEN 22 +++ +++/* weeds out crypt(3) password's salt */ +++int _sasl_get_salt (char *dest, char *src, int format); +++ +++/****************************** +++ * crypt(3) patch stop * +++ ******************************/ ++ ++ /* we store the following secret to check plaintext passwords: ++ * ++@@ -143,6 +160,50 @@ ++ "*cmusaslsecretPLAIN", ++ NULL }; ++ struct propval auxprop_values[3]; +++ +++ /****************************** +++ * crypt(3) patch start * +++ * for password format check * +++ ******************************/ +++ sasl_getopt_t *getopt; +++ void *context; +++ const char *p = NULL; +++ /** +++ * MD5: 12 char salt +++ * BLOWFISH: 16 char salt +++ */ +++ char salt[PASSWORD_SALT_BUF_LEN]; +++ int password_format; +++ +++ /* get password format from auxprop configuration */ +++ if (_sasl_getcallback(conn, SASL_CB_GETOPT, &getopt, &context) == SASL_OK) { +++ getopt(context, NULL, "password_format", &p, NULL); +++ } +++ +++ /* set password format */ +++ if (p) { +++ /* +++ memset(pass_format_str, '\0', PASSWORD_FORMAT_STR_LEN); +++ strncpy(pass_format_str, p, (PASSWORD_FORMAT_STR_LEN - 1)); +++ */ +++ /* modern, modular crypt(3) */ +++ if (strncmp(p, "crypt", 11) == 0) +++ password_format = PASSWORD_FORMAT_CRYPT; +++ /* traditional crypt(3) */ +++ else if (strncmp(p, "crypt_trad", 11) == 0) +++ password_format = PASSWORD_FORMAT_CRYPTTRAD; +++ /* cleartext password */ +++ else +++ password_format = PASSWORD_FORMAT_CLEARTEXT; +++ } else { +++ /* cleartext password */ +++ password_format = PASSWORD_FORMAT_CLEARTEXT; +++ } +++ +++ /****************************** +++ * crypt(3) patch stop * +++ * for password format check * +++ ******************************/ ++ ++ if (!conn || !userstr) ++ return SASL_BADPARAM; ++@@ -179,15 +240,30 @@ ++ ret = SASL_BADPARAM; ++ goto done; ++ } +++ /****************************** +++ * crypt(3) patch start * +++ ******************************/ ++ ++- /* At the point this has been called, the username has been canonified ++- * and we've done the auxprop lookup. This should be easy. */ ++- if(auxprop_values[0].name ++- && auxprop_values[0].values ++- && auxprop_values[0].values[0] ++- && !strcmp(auxprop_values[0].values[0], passwd)) { ++- /* We have a plaintext version and it matched! */ ++- return SASL_OK; +++ /* get salt */ +++ _sasl_get_salt(salt, (char *) auxprop_values[0].values[0], password_format); +++ +++ /* crypt(3)-ed password? */ +++ if (password_format != PASSWORD_FORMAT_CLEARTEXT) { +++ /* compare password */ +++ if (auxprop_values[0].name && auxprop_values[0].values && auxprop_values[0].values[0] && strcmp(crypt(passwd, salt), auxprop_values[0].values[0]) == 0) +++ return SASL_OK; +++ else +++ ret = SASL_BADAUTH; +++ } +++ else if (password_format == PASSWORD_FORMAT_CLEARTEXT) { +++ /* compare passwords */ +++ if (auxprop_values[0].name && auxprop_values[0].values && auxprop_values[0].values[0] && strcmp(auxprop_values[0].values[0], passwd) == 0) +++ return SASL_OK; +++ else +++ ret = SASL_BADAUTH; +++ /****************************** +++ * crypt(3) patch stop * +++ ******************************/ ++ } else if(auxprop_values[1].name ++ && auxprop_values[1].values ++ && auxprop_values[1].values[0]) { ++@@ -975,3 +1051,37 @@ ++ #endif ++ { NULL, NULL } ++ }; +++ +++/* weeds out crypt(3) password's salt */ +++int _sasl_get_salt (char *dest, char *src, int format) { +++ int num; /* how many characters is salt long? */ +++ switch (format) { +++ case PASSWORD_FORMAT_CRYPT: +++ /* md5 crypt */ +++ if (src[1] == '1') +++ num = 12; +++ /* blowfish crypt */ +++ else if (src[1] == '2') +++ num = (src[1] == '2' && src[2] == 'a') ? 17 : 16; +++ /* traditional crypt */ +++ else +++ num = 2; +++ break; +++ +++ case PASSWORD_FORMAT_CRYPTTRAD: +++ num = 2; +++ break; +++ +++ default: +++ return 1; +++ } +++ +++ /* destroy destination */ +++ memset(dest, '\0', (num + 1)); +++ +++ /* copy salt to destination */ +++ strncpy(dest, src, num); +++ +++ return 1; +++} +++