|
2000-07-17 Lawrence Greenfield <leg+@andrew.cmu.edu>
* version 1.5.23 ready for beta release * plugins/digestmd5.c: get_authid() and get_userid() should copy the result of the callbacks, not just use as is. 2000-07-13 Lawrence Greenfield <leg+@andrew.cmu.edu> * lib/common.c: _sasl_proxy_policy wasn't dealing with a NULL or "" requested_user by defaulting it to the auth_identity. * plugins/digestmd5.c: fix realm always being set to "" 2000-07-12 Lawrence Greenfield <leg+@andrew.cmu.edu> * utils/sasldblistusers.c (listusers): * include/makemd5.c (main): warning suppression, from Larry M. Rosenbaum <lmr@ornl.gov> 2000-07-10 Lawrence Greenfield <leg+@andrew.cmu.edu> * version 1.5.22 ready for beta release * lib/server.c: serious bug fixed! do authorization if sasl_server_start() returns SASL_OK. pointed out by Jerzy Balamut <jurekb@dione.ids.pl>, vulnerabilty obvious with EXTERNAL calls, PLAIN in a protocol with client-sends-first. 2000-07-05 Lawrence Greenfield <leg+@andrew.cmu.edu> * lib/checkpw.c: added pwcheck method "sia" for the Digital Unix "Security Integration Architecture". contributed by Chris Adams <cmadams@hiwaay.net>. 2000-06-09 Timothy Martin <tmartin+@andrew.cmu.edu> * plugins/digestmd5.c (server_continue_step): take out lowercasing 2000-06-07 Timothy Martin <tmartin+@andrew.cmu.edu> * plugins/digestmd5.c (get_pair): handle nasty stuff (digest_strdup_lower): lowercase 'qop' when put into challenge. this is not speicified in draft but "will be" (server_continue_step): allow empty realm 2000-05-10 Timothy Martin <tmartin+@andrew.cmu.edu> * plugins/digestmd5.c (c_continue_step): added more errstr's on errors 2000-05-22 Lawrence Greenfield <leg+@andrew.cmu.edu> * utils/saslpasswd.c: appname patch from Wolfgang Walter <wolfgang.walter@stusta.mhn.de> 2000-05-08 Lawrence Greenfield <leg+@andrew.cmu.edu> * version 1.5.21 ready for release * lib/db_berkeley.c: enable applications to open the database read-only 2000-05-03 Lawrence Greenfield <leg+@andrew.cmu.edu> * lib/common.c: vararg chars are always read as ints (Dowson Tong <dtong@sendmail.com>) 2000-05-02 Lawrence Greenfield <leg+@andrew.cmu.edu> * doc/gssapi.html: gssapi doc contributed by Ken Hornstein <kenh@cmf.nrl.navy.mil> added. 2000-04-27 Larry Greenfield <leg+@andrew.cmu.edu> * utils/sasldblistusers.c: patch from Leena Heino <liinu@uta.fi> to support Berkeley DB 2.6. * configure.in: des/rc4 were adding -I to the LDFLAGS line. now they add -L. 2000-04-26 Larry Greenfield <leg+@andrew.cmu.edu> * utils/sasldblistusers.c: look for 2 NULs, not 3. continue on possible corruption, don't abort. 2000-04-26 Timothy Martin <tmartin+@andrew.cmu.edu> * sasl: releasing 1.5.20 * plugins/login.c: patch from Rainer Schoepf <schoepf@uni-mainz.de> for initial client send of data 2000-04-13 Timothy Martin <tmartin+@andrew.cmu.edu> * sasl: releasing 1.5.19 * plugins/digestmd5.c (c_continue_step): free input string on SASL_INTERACT (c_continue_step): free nonce string on SASL_INTERACT * plugins/gssapi.c (sasl_gss_server_step): fixed errors in <gombasg@inf.elte.hu>'s patch * plugins/digestmd5.c (c_continue_step): free memory on failure (c_continue_step): free userid when setting to null * lib/common.c (sasl_done): set mutex to null after disposing of it * plugins/digestmd5.c (c_continue_step): free memory in error cases * plugins/kerberos4.c (server_continue_step): deal with short input * plugins/anonymous.c (server_continue_step): off by one error in strncpy 2000-04-12 Timothy Martin <tmartin+@andrew.cmu.edu> * plugins/gssapi.c: applied <gombasg@inf.elte.hu>'s gssapi patch * plugins/digestmd5.c (c_continue_step): infinite loop fix 2000-03-22 Walter Wong (wcw+@cmu.edu) * pwcheck/Makefile.am: add LIB_SOCKET 2000-04-06 Timothy Martin <tmartin+@andrew.cmu.edu> * man/Makefile.am: moved all man pages to section 3 * man/sasl.3: wrote 2000-04-05 Timothy Martin <tmartin+@andrew.cmu.edu> * doc/sysadmin.html (pwcheck_method): fix * doc/programming.html: finished up (kinda) 2000-04-03 Timothy Martin <tmartin+@andrew.cmu.edu> * plugins/srp.c: started writing. * plugins/kerberos4.c (server_continue_step): additional cases where errstr is filled in 2000-04-02 Timothy Martin <tmartin+@andrew.cmu.edu> * Makefile.am: added testing.txt to distribution * utils/sasllistdbusers.c: added Claus's sasldblistusers.c patch 2000-03-29 Timothy Martin <tmartin+@andrew.cmu.edu> * utils/Makefile.am (EXTRA_DIST): add an 's' :) * plugins/Makefile.am (libdigestmd5_la_LIBADD): -ldes -> $(LIB_DES) 2000-03-29 Larry Greenfield <leg+@andrew.cmu.edu> * utils/sasldblistusers.c: added ability to list an arbitrary database (Claus Assmann <ca+sasl@sendmail.org>) 2000-03-28 Larry Greenfield <leg+@andrew.cmu.edu> * plugins/anonymous.c: shouldn't free static memory * plugins/kerberos4.c (server_continue_step): delete unused variable * utils/dbconverter-1.5.9.c: shut up a warning message by adding <stdio.h> * configure.in: java defaults to "no" * lib/saslint.h: added _sasl_common_init() prototype 2000-03-28 Timothy Martin <tmartin+@andrew.cmu.edu> * utils/Makefile.am (EXTRA_DIST): sasldblistusers.8 to dist line * plugins/Makefile.am (login_version): releasing 1.5.18 * java/: wrote server side of javasasl * lib/server.c/client.c: take out pointless mutexes some fool put in 2000-03-26 Timothy Martin <tmartin+@andrew.cmu.edu> * man/: Man pages for all functions (i think) written * man/Makefile.am: added new files 2000-03-21 Timothy Martin <tmartin+@andrew.cmu.edu> * java/: Added with client side of javasasl 2000-03-14 Timothy Martin <tmartin+@andrew.cmu.edu> * lib/client.c,server.c,common.c: thread safe; see README file 2000-03-13 Timothy Martin <tmartin+@andrew.cmu.edu> * lib/client.c: MUTEX_DISPOSE instead of mem free of mutex * utils/testsuite.c (my_mutex_unlock): routines to test mutexes * lib/common.c (sasl_setprop): don't exit w/o unlocking the mutex 2000-03-11 Lawrence Greenfield <leg+@andrew.cmu.edu> * plugins/cram.c: same username hack as for PLAIN (default to serverFQDN) * utils/sasldblistusers.c: eliminate malloc/free. mechnames are always short. * lib/checkpw.c (parseuser): default to serverFQDN if the user didn't specify a realm 2000-03-11 Larry Greenfield <leg+@andrew.cmu.edu> * plugins/cram.c (mechanism_db_filled): htonl/long again * plugins/digestmd5.c (mechanism_db_filled): htonl takes a long (mechanism_fill_db): "version" was referring to the global DIGEST version, not a local database tmpversion. 2000-03-09 Timothy Martin <tmartin+@andrew.cmu.edu> * sample/sample-client.c: add <unistd.h> for FreeBSD. * utils/sasldblistusers.c (listusers): tested more with gdbm/ndbm. * plugins/digestmd5.c (c_continue_step): extra step for end. * utils/sasldblistusers.c (listusers): compatability with db2.x cursor() * version 1.5.17 BETA ready for release 2000-03-08 Timothy Martin <tmartin+@andrew.cmu.edu> * plugins/plain.c: ditto * plugins/kerberos4.c: strcpy,sprintf checked * plugins/gssapi.c: strcpy,sprintf checked * plugins/digestmd5.c: strcpy, sprintf checking * plugins/cram.c (c_continue_step): ditto (randomdigits): checks of strcpy, sprintf * plugins/anonymous.c (client_continue_step): ditto but more annoying. had to add a context, mech_dispose etc.. * plugins/plain.c (server_continue_step): ditto * plugins/kerberos4.c (client_continue_step): client last step verifier added 2000-03-08 Lawrence Greenfield <leg+@andrew.cmu.edu> * configure.in: added paths.h to AC_CHECK_HEADERS * pwcheck/pwcheck.c: #ifdef HAVE_PATHS_H added 2000-03-07 Timothy Martin <tmartin+@andrew.cmu.edu> * utils/Makefile.am: added foo for sasldblistusers * utils/sasldblistusers.8: wrote * utils/sasldblistusers.c: wrote * lib/checkpw.c (kerberos_verify_password): make sure trailing null * <lots>: updated license 2000-03-06 Timothy Martin <tmartin+@andrew.cmu.edu> * testing.txt: added section on testsuite * lib/checkpw.c: claus patches for security slightly modified * lib/server.c (sasl_server_init): moved around some stuff and initialized some stuff to NULL to make it not leak (load_config): don't leak memory on failures * plugins/cram.c (server_continue_step): if given zero length deal with it (start): initialize msgid so server doesn't screw up trying to free it (c_continue_step): NULL oparams by default * plugins/plain.c (client_continue_step): ditto * plugins/digestmd5.c (c_continue_step): ditto * plugins/cram.c (server_continue_step): freeing memory when wasn't supposed to (c_continue_step): initialize clientout to null just to be careful 2000-03-05 Timothy Martin <tmartin+@andrew.cmu.edu> * plugins/digestmd5.c (mechanism_fill_db): free secret * plugins/gssapi.c (sasl_gss_server_step): fill in out params on success step 2000-03-03 Lawrence Greenfield <leg+@andrew.cmu.edu> * plugins/login.c: when creating context, set password to NULL. (Claus Assmann <ca+sasl@sendmail.org>) 2000-03-01 Timothy Martin <tmartin+@andrew.cmu.edu> * lib/server.c (sasl_setpass): can return SASL_NOUSER on PLAIN failure 2000-02-29 Timothy Martin <tmartin+@andrew.cmu.edu> * plugins/cram.c (server_continue_step): be less leaky * plugins/digestmd5.c (c_continue_step): changes to try and leak less memory * plugins/kerberos4.c (sasl_server_plug_init): free srvtab on failure * plugins/cram.c (server_continue_step): rework to always free memory (hopefully) * lib/checkpw.c (sasldb_verify_password): free tmp values 2000-02-28 Timothy Martin <tmartin+@andrew.cmu.edu> * plugins/gssapi.c (sasl_gss_server_step): don't free memory if gss_unwrap did on failure * plugins/cram.c (server_continue_step): BADPARAM negative length inputs * plugins/digestmd5.c (c_continue_step): make sure client gives us a nonce * plugins/cram.c (server_continue_step): alloc space for null byte in nonce * plugins/digestmd5.c (c_continue_step): memory leaks (server_continue_step): fail on any input greater 2048 bytes (client is not allowed to send that big) * plugins/kerberos4.c (integrity_decode): fail on huge requests * plugins/gssapi.c (sasl_gss_set_client_context): fail on huge requests * plugins/digestmd5.c (privacy_decode): fail on huge requests * utils/Makefile.am (testsuite_LDADD): needs socket libraries on solaris 2000-02-27 Timothy Martin <tmartin+@andrew.cmu.edu> * plugins/kerberos4.c (server_continue_step): step 2: deal with large inputs (server_continue_step): step 1: deal with large inputs * utils/testsuite.c: added tests of sasl_checkpass * lib/server.c (sasl_checkpass): check parameters 2000-02-27 Larry Greenfield <leg+@andrew.cmu.edu> * plugins/plain.c: removed superfluous includes, brought in line with new checkpass() * plugins/login.c: removed superfluous includes, brought in line with new checkpass() * lib/server.c: changed _sasl_checkpass() to the new format for checkpw.c; much cleaner code. * lib/config.c: removed <syslog.h>; we weren't using it anyway * lib/common.c: uses syslog(), so look for HAVE_SYSLOG. removed some conditional compilation code. * lib/checkpw.c: cleaned up the code to export a structure containing all the plaintext verifiers instead of functions. 2000-02-24 Lawrence Greenfield <leg+@andrew.cmu.edu> * plugins/digestmd5.c: changed protocol version from unsigned int to unsigned short * plugins/anonymous.c: added <stdio.h> 2000-02-23 Lawrence Greenfield <leg+@andrew.cmu.edu> * version 1.5.16 BETA ready for release * configure.in (LIB_DES): try using DES from OpenSSL. 2000-02-23 Timothy Martin <tmartin+@andrew.cmu.edu> * utils/Makefile.am: added testsuite * lib/db_ndbm.c (putsecret): return SASL_NOUSER on delete failures * lib/db_gdbm.c (putsecret): return SASL_NOUSER on delete failures * lib/db_berkeley.c (putsecret): return SASL_NOUSER if not found in delete * lib/server.c (sasl_setpass): propogate up the specific error code * lib/saslutil.c (sasl_randseed): check params (sasl_churn): check params (sasl_churn): init pool if necessary (sasl_encode64): check params * plugins/digestmd5.c (c_continue_step): check params * plugins/kerberos4.c (server_continue_step): checks everywhere if errstr exists before setting to it * plugins/kerberos4.c (server_continue_step): checks everywhere if errstr exists before setting to it * plugins/kerberos4.c (server_continue_step): only set errstr if non-null * plugins/digestmd5.c (c_continue_step): imid 2000-02-23 Lawrence Greenfield <leg+@andrew.cmu.edu> * lib/common.c, lib/db_berkeley.c, lib/db_ndbm.c, lib/db_gdbm.c, * lib/dlopen.c, lib/server.c: verifyfile fixup * include/sasl.h: verifyfile callback changed at the request of sendmail.org * acconfig.h: some random includes in here were removed and placed closer to the code that needs them * lib/saslutil.c (getranddata): cleaned up, dead code eliminated. DEV_RANDOM moved to config.h, gettimeofday() is used if available. 2000-02-22 Lawrence Greenfield <leg+@andrew.cmu.edu> * win32/saslLOGIN: added; contributed by Geir Myrestrand <geir@sendmail.com> * plugins/cram.c: * plugins/digestmd5.c: don't log version mismatched if fetching the version results in a failure (probably no database). pointed out by Claus Assmann <ca+sasl@sendmail.org> * plugins/kerberos4.c: unused variable ignored * lib/checkpw.c (_sasl_kerberos_verify_password): change the location of the ticket cache while verifying password, then restore the original ticket cache (inherently not thread safe) 2000-02-22 Timothy Martin <tmartin+@andrew.cmu.edu> * plugins/digestmd5.c (c_continue_step): if bad client reauth then fail * plugins/gssapi.c (sasl_gss_server_step): don't return the realm for local (local kerberos realm) users (sasl_gss_client_step): switched all DEBUG's to VL's * lib/common.c (_sasl_proxy_policy): make sure errstr non-null * plugins/cram.c (server_continue_step): don't allow any length except zero first time * plugins/anonymous.c (server_continue_step): don't allow negative length 2000-01-24 Timothy L Martin <tmartin+@andrew.cmu.edu> * lib/client.c (sasl_client_start): check params 2000-01-21 Timothy L Martin <tmartin+@andrew.cmu.edu> * sample/sample-client.c (main): always send data from client->server even if length zero 2000-01-13 Lawrence Greenfield <leg+@andrew.cmu.edu> * version 1.5.15 released 2000-01-06 Lawrence Greenfield <leg+@andrew.cmu.edu> * configure.in: now detects berkeley db 3.x * utils/saslpasswd.c: removed _sasl_debug (wasn't serving any purpose) * lib/dlopen.c: efficiency improvement by Claus Assmann <ca+sasl@sendmail.org> * lib/common.c: fix so that we can get options even without a connection structure 2000-01-01 Lawrence Greenfield <leg+@andrew.cmu.edu> * version 1.5.14 released * configure.in: added login foo, disabled by default * plugins/Makefile.am: added login foo * plugins/login.c: added, based on schoepf@uni-mainz.de. untested; may be useful for SMTP servers wanting to support stupid clients 1999-12-30 Lawrence Greenfield <leg+@andrew.cmu.edu> * libtool: upgraded to libtool 1.3.4 * lib/dlopen.c (_sasl_get_mech_list): openbsd needs "_" appended before symbol names 1999-12-29 Lawrence Greenfield <leg+@andrew.cmu.edu> * lib/server.c (mech_permitted): ditto. now considers external encryption. * lib/client.c (sasl_client_start): now considers external encryption correctly when looking for mechanisms * plugins/digestmd5.c (c_continue_step): cleaned up how it selected a cipher to use for auth-conf qop. now much less #ifdefs 1999-12-28 Lawrence Greenfield <leg+@andrew.cmu.edu> * plugins/gssapi.c: client-side wasn't dealing with not being offered all the options * plugins/gssapi.c: make sure we advertise and accept only the right integrity/privacy/etc. layers * plugins/digestmd5.c: also make sure that whatever the client sends us meets our ssf restrictions. restructured the code a little for clarity. * plugins/digestmd5.c: fixes to the server-side ssf processing (we were offering things we didn't want to support due to min/max ssf) 1999-12-21 Lawrence Greenfield <leg+@andrew.cmu.edu> * lib/server.c (init_mechlist): patch from Claus Assmann <ca+sasl@sendmail.org>. stupid bug; pointer was being used before it was checked for being NULL. Sun Dec 12 17:32:02 1999 Lawrence Greenfield <leg+@andrew.cmu.edu> * configure.in: if we don't find DES, don't use Kerberos (Simon Josefsson <jas@pdc.kth.se>) Sat Dec 11 14:27:52 1999 Lawrence Greenfield <leg+@andrew.cmu.edu> * lib/dlopen.c: applied patch from Claus Assmann <ca+sasl@sendmail.org> to handle (some versions of) HP-UX. Thu Dec 9 17:34:30 1999 Lawrence Greenfield <leg+@andrew.cmu.edu> * lib/checkpw.c (sasl_pam_conv): if solaris PAM is buggy, don't crash Sun Dec 5 00:10:11 1999 Lawrence Greenfield <leg+@andrew.cmu.edu> * pwcheck/pwcheck.c (main): now records process ID in /var/run * configure.in (rsaref): now checks for rsaref; possibly needed to detect openssl * pwcheck/Makefile.am: finally got the damn pwcheck makefile.am file right. well, i think. Thu Dec 2 14:11:33 1999 Lawrence Greenfield <leg+@andrew.cmu.edu> * version 1.5.13 released * utils/saslpasswd.c (main): don't prompt for a password if disabling an account 1999-12-01 Timothy L Martin <tmartin+@andrew.cmu.edu> * plugins/kerberos4.c: enforces minumum ssf * plugins/digestmd5.c: enforces minumum ssf * lib/server.c (sasl_server_start): from alexey: set external_ssf in sasl_server_start * plugins/digestmd5.c: caches db has entries; checks db version * plugins/cram.c: caches db has entries; checks db version * lib/server.c (sasl_setpass): set secret exist condition to true on successful mechanism setpass Tue Nov 30 16:45:12 1999 Lawrence Greenfield <leg+@andrew.cmu.edu> * configure.in: added test for res_search; suggested by tjs Fri Nov 19 13:05:47 1999 Lawrence Greenfield <leg+@andrew.cmu.edu> * lib/server.c (sasl_server_start): make sure conn != NULL 1999-11-28 Larry Greenfield <leg+@andrew.cmu.edu> * lib/db_berkeley.c (_sasl_server_check_db): sasldb_path note, flaw in implementation---goes for all three dbs: if an application specifies a different path given a connection than it does otherwise, verifyfile isn't checked * lib/db_ndbm.c (_sasl_server_check_db): sasldb_path added * lib/db_gdbm.c (_sasl_server_check_db): now looks up "sasldb_path" Fri Nov 19 13:05:47 1999 Lawrence Greenfield <leg+@andrew.cmu.edu> * lib/db_berkeley.c: patch from Greg Shapiro <gshapiro@sendmail.org> to support Berkeley DB 3.x Thu Nov 18 17:53:03 1999 Lawrence Greenfield <leg+@andrew.cmu.edu> * lib/db_berkeley.c (getsecret): applied a patch from Gregory Shapio <gshapiro@sendmail.org> to make sure the database is closed * pwcheck/Makefile.in: applied patch from Joe Hohertz <jhohertz@golden.net> Wed Nov 17 16:41:09 1999 Lawrence Greenfield <leg+@andrew.cmu.edu> * lib/server.c (mechanism_permitted): cleaned up the plaintext only under layer code * lib/common.c (_sasl_syslog): was missing some breaks; also now logs bad priorities at the LOG_DEBUG level * lib/db_berkeley.c: wasn't calling _sasl_log with a logging level * lib/checkpw.c (_sasl_sasldb_set_pass): *errstr was being set to NULL even if errstr was NULL 1999-11-17 Timothy L Martin <tmartin@andrew.cmu.edu> * plugins/digestmd5.c (sasl_server_plug_init): return SASL_NOUSER if no users in secrets db * lib/server.c: doesn't show mechanisms where there are no secrets changed parameter to mechanism_permitted() to allow checking condition Tue Nov 16 14:33:49 1999 Lawrence Greenfield <leg+@andrew.cmu.edu> * version 1.5.12 cut for testing * plugins/digestmd5.c: can't have indented #'s! * lib/db_berkeley.c (berkeleydb_open): now honors sasldb_path option; also improved log messages 1999-11-15 Timothy L Martin <tmartin@andrew.cmu.edu> * lib/server.c (mech_permitted): special case to allow PLAIN under external layer * plugins/gssapi.c (sasl_gss_client_step): changed "unsigned int need" to int need so negative numbers wouldn't underflow Mon Nov 15 00:43:10 1999 Lawrence Greenfield <leg+@andrew.cmu.edu> * plugins/gssapi.c (sasl_gss_client_step): deals with external encryption correctly (sasl_gss_client_step): don't pass a random pointer back * configure.in: kerberos v4 check now looks for the include file, too 1999-11-11 Larry Greenfield <leg+@andrew.cmu.edu> * plugins/kerberos4.c (new_text): fixed the type to what is actually used Thu Nov 11 00:10:33 1999 Lawrence Greenfield <leg+@andrew.cmu.edu> * lib/checkpw.c: patches from Ronald Guilmette <rfg@monkeys.com> to minimize warnings in kerberos code * plugins/kerberos4.c: ditto 1999-11-10 Timothy L Martin <tmartin@andrew.cmu.edu> * lib/db_berkeley.c: Cleaned up * plugins/digestmd5.c: Can use rc4 libraries from openSSL if they exist 1999-11-10 Timothy L Martin <tmartin@andrew.cmu.edu> * lib/checkpw.c (parseuser): Added patches from Claus Assmann <ca+sasl@sendmail.org>; fixes segfault 1999-11-06 Timothy L Martin <tmartin@andrew.cmu.edu> * configure.in (SASL_DB_LIB): added support for berkeley db. * utils/saslpasswd.c (main): eliminated stupid printf's * lib/checkpw.c (_sasl_sasldb_set_pass): fixed silly larry error * lib/server.c (sasl_checkpass): failing if passed in null * lib/checkpw.c (_sasl_sasldb_set_pass): if getting secret failed was faulting 1999-11-02 Timothy L Martin <tmartin+@andrew.cmu.edu> * plugins/digestmd5.c: bug fixes from chris. mostly minor silly stuff Thu Oct 28 13:58:43 1999 Lawrence Greenfield <leg+@andrew.cmu.edu> * configure.in: applied patch from Joe Hohertz <jhohertz@golden.net> to get pwcheck to compile. Mon Oct 25 14:46:04 1999 Lawrence Greenfield <leg+@andrew.cmu.edu> * plugins/plain.c (client_continue_step): fix so that given an empty server response, client resends (for IMAP). Wed Oct 20 12:06:56 1999 Lawrence Greenfield <leg+@andrew.cmu.edu> * lib/checkpw.c (_sasl_sasldb_setpass): rpool was being free'd even when not created (Till Franke <franke@suse.de>) Sat Oct 16 20:13:40 1999 Lawrence Greenfield <leg+@andrew.cmu.edu> * version 1.5.11 released * plugins/digestmd5.c: fixed memory leak in previous fix Sat Oct 11 22:14:00 1999 Timothy L Martin <tmartin+andrew.cmu.edu> * plugins/digestmd5.c: fixed not copying realm result from get_realm callback Mon Oct 11 00:02:25 1999 Lawrence Greenfield <leg+@andrew.cmu.edu> * version 1.5.10 released Sun Oct 10 13:37:08 1999 Lawrence Greenfield <leg+@andrew.cmu.edu> * acconfig.h: added SASL_GDBM/SASL_NDBM (for the conversion tool) * plugins/digestmd5.c: cleaned up some warning messages * lib/server.c (sasl_setpass): improved error messages 1999-10-09 Timothy L Martin <tmartin+@andrew.cmu.edu> * plugins/digestmd5.c: Fixed layers and integrity up to the latest spec Sat Oct 9 22:05:33 1999 Lawrence Greenfield <leg+@andrew.cmu.edu> * lib/server.c (external_server_step): no longer allow anonymous if SASL_SEC_NOANONYMOUS is set * acconfig.h: added WITH_DES * configure.in (WITH_DES): changed the DES test for DIGEST-MD5 Fri Oct 1 16:05:22 1999 Lawrence Greenfield <leg+@andrew.cmu.edu> * version 1.5.9 released * lib/server.c (sasl_setpass): for user sanity, we now create the PLAIN secrets regardless 1999-09-20 Gregory M. Diskin <diskin+@andrew.cmu.edu> * win32/saslgssapi: Added control files for win32 gssapi plugin build 1999-09-20 Gregory M. Diskin <diskin+@andrew.cmu.edu> * win32/utils/saslpwd: Added control files for win32 read-pw utility 1999-09-21 Larry Greenfield <leg+@andrew.cmu.edu> * plugins/cram.c (server_continue_step): made some return code more specific; added errstr returns as well 1999-09-20 Larry Greenfield <leg+@andrew.cmu.edu> * lib/checkpw.c (_sasl_sasldb_verify_password): added realm gotten from server connection passed in (_sasl_sasldb_set_pass): also puts realm * plugins/digestmd5.c (server_continue_step): now uses the realm parameter instead of klunky userid (setpass): ditto * plugins/cram.c (server_continue_step): now has a rudimentary concept of "realm" * lib/db_ndbm.c (alloc_key): added realm parameter * lib/db_gdbm.c (alloc_key): added realm parameter * include/sasl.h: added realm parameter to sasl_server_getsecret_t and sasl_server_putsecret_t 1999-09-15 Larry Greenfield <leg+@andrew.cmu.edu> * plugins/digestmd5.c (server_start): set context to 0 before using (c_start): ditto (c_get_realm): copy result of getrealm_cb * sample/sample-server.c (main): added verbose flag * sample/sample-client.c (main): added verbose flag 1999-09-14 Larry Greenfield <leg+@andrew.cmu.edu> * sample/sample-server.c (main): removed random "a" from end of program 1999-09-13 Larry Greenfield <leg+@andrew.cmu.edu> * plugins/cram.c (setpass): now correctly zeros out stuff * plugins/digestmd5.c: now deletes secrets when asked * lib/checkpw.c (_sasl_sasldb_set_pass): added; sets or deletes the PLAIN password * plugins/cram.c (setpass): now can delete secrets when asked 1999-09-20 Gregory M. Diskin <diskin+@andrew.cmu.edu> * plugins/gssapi.c: include saslgssapi.h for win32 Thu Sep 9 13:30:48 1999 Lawrence Greenfield <leg+@andrew.cmu.edu> * doc/sysadmin.html: added some links Wed Sep 8 14:21:23 1999 Lawrence Greenfield <leg+@andrew.cmu.edu> * lib/client.c (sasl_client_start): added another cmu kludge for a "preferred mechanism" (PREFER_MECH), settable at compile time * lib/common.c (_sasl_getcallback): don't require a connection for logging messages; this way we can log configuration errors * lib/server.c (_sasl_checkpass): log a message when there's an unknown plaintext verifier * configure.in: added --enable-cmulocal * plugins/kerberos4.c (server_continue_step): added a cmu kludge: KRB4_IGNORE_IP_ADDRESS, for ignoring ip addresses when doing a kerberos authentication 1999-09-08 Timothy L Martin <tmartin+@andrew.cmu.edu> * lib/db_ndbm.c (getsecret): don't dbm_close() if opening the dbm failed 1999-08-20 Timothy L Martin <tmartin+@andrew.cmu.edu> Sarah Robeson <robeson@andrew.cmu.edu> * doc/programming.html: wrote more. not done yet * doc/sysadmin.html: Fixed some of Larry's grammer. Mon Sep 6 20:10:14 1999 Lawrence Greenfield <leg+@andrew.cmu.edu> * configure.in: when checking for PAM, don't use -ldl, use SASL_DB_LIBS Sat Sep 4 22:32:18 1999 Lawrence Greenfield <leg+@andrew.cmu.edu> * plugins/gssapi.c: now returns error messages via errstr for server steps (sasl_gss_server_step): fixed a buffer-off-by-one error Thu Aug 26 12:23:26 1999 Lawrence Greenfield <leg+@andrew.cmu.edu> * lib/server.c: now pwcheck_method is case & trailing whitespace insensitive * lib/server.c (_sasl_checkpass): pwcheck_method is no longer case sensitive. Tue Aug 24 18:30:57 1999 Lawrence Greenfield <leg+@andrew.cmu.edu> * lib/checkpw.c (_sasl_pwcheck_verify_password): added * lib/saslint.h: added pwcheck Fri Aug 20 00:57:45 1999 Lawrence Greenfield <leg+@andrew.cmu.edu> * Version 1.5.5 released * include/makemd5.c: added; creates the md5global.h at compile time to autodetech what size numbers we have * lib/common.c (_sasl_log): fixed an ival/cval problem * plugins/kerberos4.c: more work on 64-bit friendliness * plugins/cram.c: work on 64-bit friendliness Thu Aug 19 16:15:49 1999 Lawrence Greenfield <leg+@andrew.cmu.edu> * lib/dlopen.c (_sasl_get_mech_list): conditionalized the use of RTLD_NOW for dlopen * plugins/kerberos4.c: when we need a 32 bit number, let's use an int 1999-08-19 Timothy L Martin <tmartin+@andrew.cmu.edu> * plugins/cram.c (c_continue_step): set oparams->user to correct thing. not anonymous * plugins/digestmd5.c: leaks much less memory. 1999-08-19 Gregory M. Diskin <diskin+@andrew.cmu.edu> * lib/db_testw32.c: wrote this to store and retrieve mech-specific secrets for one user, to test mechs on win32 using sample-server and sample-client. * plugins/gssapi.c: Fix include statements for Win32 * sample/sample-server.c (main): ifdef out a free statement which causes win32 to crash. * utils/saslpasswd.c (main) (read_password): rebuild for Win32 * win32/include/config.h (VL): enabled for debug printing * win32/libsasl/libsasl.dsp: Add db_testw32.c to build * win32/libsasl/libsasl.dsw: Add gssapi plugin and utility saslpwd to project * win32/sample_client/sample_client.dsp: Remove pre-compiled header option * win32/saslDIGESTMD5/saslDIGESTMD5.h: Enable inclusion of this header file on win32 1999-08-19 Timothy L Martin <tmartin+@andrew.cmu.edu> * sample/sample-server.c (samp_recv): give better error messages. less obfuscated code * plugins/digestmd5.c: only free in once * sample/sample-client.c (main): supports realm callback * plugins/cram.c (server_continue_step): end saved msgid with a null (start): start authid and password as null so the server doesn't try to free them in dispose() (server_continue_step): free userid (server_continue_step): put tmphmac on the stack not heap (server_continue_step): free the secret in more cases (server_continue_step): oparams->authid gets an allocated string so one mem ptr isn't free'd 2x 1999-08-18 Timothy L Martin <tmartin+@andrew.cmu.edu> * TODO: snipped some stuff * plugins/digestmd5.c (make_prompts): Put the challenge part of the interaction in the computer readable form containing the list of possible realms * plugins/kerberos4.c: should require CB_USER not CB_AUTHNAME the authname is in the ticket * sample/sample-client.c (main): should always interact. 1999-08-17 Timothy L Martin <tmartin+@andrew.cmu.edu> * plugins/kerberos4.c (integrity_decode): checks timestamps (privacy_decode): checks timestamps Tue Aug 17 02:35:17 1999 Lawrence Greenfield <leg+@andrew.cmu.edu> * utils/dbconverter.c (dbm_convert): some minor cleanups for sun cc Mon Aug 16 14:52:27 1999 Lawrence Greenfield <leg+@andrew.cmu.edu> * lib/db_ndbm.c (getsecret): fixed a free'd memory read (closed the database too early) * plugins/anonymous.c (server_continue_step): make sure that a string is null terminated 1999-08-17 Timothy L Martin <tmartin@andrew.cmu.edu> * utils/dbconverter.c: wrote this. converts sasl 1.5.3 secret db's to 1.5.5 1999-08-16 Timothy L Martin <tmartin@andrew.cmu.edu> * plugins/cram.c (setpass): stores hash of password * plugins/cram.c (server_step): uses the hash instead of plaintext to authenticate Mon Aug 16 14:52:27 1999 Lawrence Greenfield <leg+@andrew.cmu.edu> * plugins/plain.c (server_continue_step): fixed a bug with null-terminating the password * lib/common.c (_sasl_getcallback): if it can't find a callback, it returns SASL_FAIL, not SASL_OK. is there any reason for it to return SASL_OK? * plugins/digestmd5.c (c_continue_step): we can get multiple realms in the challenge; added use of realm callback Sat Aug 14 19:13:19 1999 Lawrence Greenfield <leg+@andrew.cmu.edu> * plugins/digestmd5.c: updated to alexey's latest version support for DIGEST_DRAFT_2 dropped Fri Aug 13 00:54:29 1999 Lawrence Greenfield <leg+@andrew.cmu.edu> * doc/sysadmin.html: updated to reflect sasldb pwcheck_method Thu Aug 12 23:56:50 1999 Lawrence Greenfield <leg+@andrew.cmu.edu> * lib/checkpw.c (_sasl_make_plain_secret): created; makes a hash of the password for later plaintext checking * lib/server.c (sasl_setpass): made it set the plaintext secret if pwcheck_method is "sasldb" Mon Aug 9 19:17:30 1999 Lawrence Greenfield <leg+@andrew.cmu.edu> * plugins/kerberos4.c (server_continue_step): made kerberos append the "@realm" when cross-realm authenticating 1999-08-08 Larry Greenfield <leg+@andrew.cmu.edu> * doc/sysadmin.html: added to doc directory * lib/saslint.h (_sasl_sasldb_verify_password): added prototype * lib/server.c (_sasl_checkpass): added sasldb option; inserted else's * lib/checkpw.c (_sasl_kerberos_verify_password): added userid/password NULL checks & set reply to NULL (_sasl_shadow_verify_password): ditto (_sasl_passwd_verify_password): ditto (_sasl_PAM_verify_password): set reply to NULL (_sasl_sasldb_verify_password): created; checks the sasl database with "PLAIN" Mon Aug 2 20:57:42 1999 Lawrence Greenfield <leg+@andrew.cmu.edu> * lib/server.c (sasl_listmech): fixed bug---would print out seperator to begin even if the mechanisms didn't pass mech_permitted Sat Jul 31 13:12:51 1999 Lawrence Greenfield <leg+@andrew.cmu.edu> * utils/Makefile.am (EXTRA_DIST): EXTRA_DIST should include sfsasl.h Fri Jul 30 20:04:39 1999 Lawrence Greenfield <leg+@andrew.cmu.edu> * lib/db_ndbm.c (_sasl_server_check_db): added test for DBM_SUFFIX and fixed some really stupid typos Wed Jul 21 23:35:15 1999 Lawrence Greenfield <leg+@andrew.cmu.edu> * lib/server.c (load_config): small fixes (cosmetic & free'ing path_to_config) Fri Jul 30 13:33:05 1999 Lawrence Greenfield <leg+@andrew.cmu.edu> * Version 1.5.3 released * plugins/gssapi.c (sasl_gss_free_context_contents): free the context buffer * include/sasl.h: added SASL_CB_GETREALM callback Thu Jul 29 14:50:19 1999 Lawrence Greenfield <leg+@andrew.cmu.edu> * plugins/digestmd5.c (DigestCalcSecret): removed a superfluous call to MD5_UTF8_8859_1. * lib/db_none.c (_sasl_server_check_db): made _sasl_server_check_db * lib/db_ndbm.c (_sasl_server_check_db): made _sasl_server_check_db * lib/db_gdbm.c (_sasl_server_check_db): made _sasl_server_check_db * lib/server.c (sasl_server_init): made it call the verify db func * plugins/gssapi.c (sasl_gss_decode): now conforms to SASL convention of sending packet size (sasl_gss_encode): ditto Mon Jul 26 00:16:40 1999 Lawrence Greenfield <leg+@andrew.cmu.edu> * plugins/gssapi.c (sasl_gss_server_step): made it look only at clientinlen and not clientin when determining if we just received an empty data exchange Fri Jul 23 14:47:33 1999 Lawrence Greenfield <leg+@andrew.cmu.edu> * sample/sample-client.c (sasl_my_log): ditto, changed to avoid "log" conflict * sample/sample-server.c (sasl_my_log): changed "log" to sasl_my_log to avoid name conflict with math library. * plugins/gssapi.c: updated to bugfixes by Sam Hartman <hartmans@fundsxpress.com> and then by Leif Johansson <leifj@matematik.su.se>. 1999-07-23 Gregory M. Diskin <diskin+@andrew.cmu.edu> * include/saslplug.h: handle the fact that errno has been defined as a function in a dll, not an extern int * include/saslutil.h: prototypes for getopt and getpass * lib/checkpw.c: tweaks for win32, mainly correct includes * lib/common.c: win32 tweaks, mainly, using the GetUserName standard call rather than getenv * lib/config.c: win32 tweak * lib/getsubopt.c: for win32, add getsubopt prototype * lib/saslint.h: for win32, minor fixes * lib/saslutil.c: add getpass, getopt functions for win32, plus declarations for exported variables. * lib/server.c: tweaks for win32 * lib/windlopen.c: add dlopen change to windlopen.c * plugins/cram.c: fix includes for win32 * plugins/digestmd5.c: fix includes for win32 * plugins/kerberos4.c: fix includes for win32 * plugins/plain.c: just a warning note for win32 * plugins/scram.c: minor tweak for win32 * sample/sample-client.c: for win32, eliminate frees which break on win32, add declarations for getopt foo, add cast for arg to htons * sample/sample-server.c: for win32, eliminate frees which break on win32, add declarations for getopt foo, add cast for arg to htons 1999-07-20 Larry Greenfield <leg+@andrew.cmu.edu> * plugins/anonymous.c (server_start): removed the need for anonymous to get a non-NULL errstr (server_continue_step): and again with the errstr Thu Jul 15 14:29:35 1999 Lawrence Greenfield <leg+@andrew.cmu.edu> * lib/common.c (_sasl_getcallback): oops, forgot a return statement. Thanks Claus! Sat Jul 10 19:58:50 1999 Lawrence Greenfield <leg+@andrew.cmu.edu> * lib/server.c (_sasl_transition): now looks at the connection getopt callback * lib/checkpw.c (_sasl_kerberos_verify_password): now gets the srvtab option * lib/server.c (_sasl_checkpass): modified to pass along the conn parameter * include/saslplug.h: added a conn parameter to checkpass so that we can use the configuration stuff Thu Jul 1 13:42:14 1999 Lawrence Greenfield <leg+@andrew.cmu.edu> * include/sasl.h: gethostname() not gethostbyname() (comment) Tue Jun 29 00:35:08 1999 Lawrence Greenfield <leg+@andrew.cmu.edu> * configure.in (SASL_DB_LIB): fixed config problem with autodetecting gdbm brought up by ryan troll * plugins/plain.c (client_continue_step): fixing auth/user problem Mon Jun 28 00:50:02 1999 Lawrence Greenfield <leg+@andrew.cmu.edu> * plugins/plain.c (server_continue_step): proxy callback is done in server.c; removed here * lib/common.c (_sasl_getcallback): added default proxy policy callback (_sasl_proxy_policy): default proxy policy callback (auth_identity must equal requested_user) * include/saslplug.h: added a md5global test, just in case Sun Jun 27 18:39:37 1999 Lawrence Greenfield <leg+@andrew.cmu.edu> * lib/server.c (sasl_server_step): added check for SASL_CB_PROXY_POLICY so plugins don't have to do it Mon Jun 21 22:39:17 1999 Lawrence Greenfield <leg+@andrew.cmu.edu> * plugins/kerberos4.c: efficiency improvements (not so many mallocs/frees) Fri Jun 18 00:05:56 1999 Lawrence Greenfield <leg+@andrew.cmu.edu> * plugins/kerberos4.c (sasl_server_plug_init): made srvtab file configurable (srvtab) * plugins/digestmd5.c (get_pair): doesn't check that there actually is a '=' in *name. does this code check for errors? Thu Jun 17 00:46:03 1999 Lawrence Greenfield <leg+@andrew.cmu.edu> * plugins/digestmd5.c (init_rc4): the generation of incoming/outgoing keys was seriously flawed and didn't conform to the draft. * plugins/digestmd5.c: it's broken. both integrity and encryption. disabled in this version. authentication SHOULD still work. * plugins/cram.c (get_authid): added a NULL check (causing test client to crash!) Thu Jun 17 00:40:07 1999 Lawrence Greenfield <leg+@andrew.cmu.edu> * lib/client.c (sasl_client_start): rewrote the evil if statement from hell, and added security properties check * lib/server.c (mech_permitted): added security properties check * plugins/plain.c (server_continue_step): if null first step, just return SASL_CONTINUE so it might work with IMAP! Wed Jun 16 23:19:00 1999 Lawrence Greenfield <leg+@andrew.cmu.edu> * lib/server.c (sasl_checkpass): pwcheck_method added * plugins/plain.c (verify_password): added PAM support pwcheck_method added Tue Jun 15 15:21:05 1999 Lawrence Greenfield <leg+@andrew.cmu.edu> * plugins/digestmd5.c (init_rc4): changed type so it comforms to cipher_init_t * lib/checkpw.c (_sasl_kerberos_verify_password): return SASL_FAIL * configure.in (LIB_PAM): added check for PAM * lib/checkpw.c (_sasl_PAM_verify_password): added a PAM mechanism for verifying passwords * lib/server.c (sasl_checkpass): added PAM support * lib/common.c (sasl_getprop): changed so it correctly does the indirection (void ** != int *). added comment. SASL_GETOPTCTX still not implemented---currently returns SASL_FAIL. (sasl_setprop): bug in SASL_SSF_EXTERNAL fixed. 1999-06-10 Timothy L Martin <tmartin+@andrew.cmu.edu> * lib/server.c (_sasl_transition): checks config now (sasl_checkpass): transitions 1999-06-09 Timothy L Martin <tmartin+@andrew.cmu.edu> * lib/common.c: doesn't do getdomain name anymore b/c it's usually broken * lib/common.c (_sasl_log): fixed casting problem. doesn't support as many types anymore 1999-06-08 Timothy L Martin <tmartin+@andrew.cmu.edu> * lib/server.c (sasl_server_init): verify config file ok * lib/dlopen.c (_sasl_get_mech_list): callback to verify files ok * lib/client.c,server.c: check parameters before passing to mechanism 1999-06-07 Timothy L Martin <tmartin+@andrew.cmu.edu> * plugins/digestmd5.c (get_realm): tries user_realm then serverFQDN * lib/common.c: local_domain -> serverFQDN * lib/saslutil.c: local_domain -> serverFQDN * lib/server.c: user_domain -> user_realm * lib/server.c: local_domain -> serverFQDN 1999-06-02 Timothy L Martin <tmartin@andrew.cmu.edu> * lib/saslutil.c (sasl_rand): made random seeding lazy 1999-05-12 Timothy L Martin <tmartin+@andrew.cmu.edu> * lib/server.c (sasl_listmech): fixed extra seperator bug 1999-03-31 Rob Earhart <rob+@andrew.cmu.edu> * plugins/digestmd5.c: why was this using // for comments in C code? well, it doesn't now. * lib/dlopen.c (_sasl_get_mech_list): Changed dynamic loading to bind symbols immediately (this is preferable to dumping core when symbols bound lazily fail to actually bind when needed), and to keep them private (reducing the chances for plugins to collide). XXX Rob is there any way to get this to compile on Linux??? * sample/sample-server.c (main): Fixed forced-mechanism code * AUTHORS: added ref to Alexey Melnikov 1999-03-30 Rob Earhart <rob+@andrew.cmu.edu> * Version 1.4.1 released * configure.in: added digest des check, rc4 check * plugins/digestmd5.c: diked out rc4 code * configure.in: turned off use of nana by default * plugins/cram.c: fixed endian bug 1999-03-29 Rob Earhart <rob+@andrew.cmu.edu> * config/{libtool things}: updated to libtool-1.2f * plugins/digestmd5.c: removed tmp ptrs; des routines are returning voids * README: updated * plugins/cram.c (setpass): aligned buffer * plugins/digestmd5.c: no longer requiring errstr to be passed in cleaned up memory leaks in setpass aligned buf in setpass * plugins/plain.c: cleaned up some code * lib/common.c (_sasl_getcallback): no longer returns SASL_INTERACT when it can't find a callback; uses SASL_OK instead. * plugins/kerberos4.c (client_continue_step): diked out all the authid code. Why was this in Kerberos, anyway? Also added required prompts for kerberos (i.e. none, instead of the default SASL_CB_AUTHNAME and SASL_CB_PASS). * lib/common.c (_sasl_getcallback): eliminated builtin SASL_CB_USER * plugins/cram.c (c_continue_step): don't send a zero-length initial response... * sample/sample-client.c (main): free data properly when initial response is possible * plugins/cram.c: set client-side user+authid oparams, tweaked a couple allocation constants to make purify happy. CRAM-MD5 now passes purify, both client and server, success and fail cases, returning all data correctly to both sides. * sample/sample-client.c (main): added property retrieval tests to sample-client.c (so the client can discover whom it has authenticated as). * lib/md5.c (hmac_md5_import): fixed count update bug 1999-03-28 Rob Earhart <rob+@andrew.cmu.edu> * lib/saslutil.c (sasl_mkchal): always generate positive nonces * plugins/cram.c (server_continue_step): lots of little changes; no longer tickles purify (c_continue_step): some more little changes * config/sasl.spec: Added the extra RFCs * doc/Makefile.am (EXTRA_DIST): Added a few more RFCs 1999-03-26 Rob Earhart <rob+@andrew.cmu.edu> * plugins/cram.c (find_prompt): Fixed (c_continue_step): Fixed call to free_prompts * lib/server.c (sasl_server_step): removed strange setprop * lib/common.c: Setting security flags (sasl_errstring): changed badparam message to something a little less confusing * config/{config.guess,config.sub,ltconfig,ltmain.sh}: reverted to old hacked versions * SMakefile: removed libtoolize * plugins/digestmd5.c: changed various instances of user_domain to local_domain * lib/server.c (_sasl_transition): changed to call setpass directly (sasl_setpass): added logging * sample/sample-server.c (main): cleaned up data handling, base64 generation * lib/server.c (sasl_listmech): better final len calculation 1999-03-25 Rob Earhart <rob+@andrew.cmu.edu> * plugins/digestmd5.c: made a lot of things const; this makes the code happier. * plugins/cram.c (c_start): fixed text init bug * lib/server.c (sasl_server_new): moved local_domain code to common, removed local_domain from sasl_server_conn, no longer disposing local_domain in server on cleanup * lib/common.c: (_sasl_conn_init): took local_domain code from server (_sasl_conn_dispose) added code to free local_domain * lib/saslint.h: added local_domain to sasl_conn_t and _sasl_conn_init * lib/client.c (sasl_client_new): calling _sasl_conn_init with NULL local domain * lib/saslutil.c: wrote sasl_mkchal * plugins/cram.c (server_continue_step): Fixed nonce generation * lib/common.c (_sasl_alloc_utils): added hmac routines, mutex routines, rand stuff... * lib/md5.c: Wrote hmac routines * plugins/cram.c (setpass): Massive surgery to clean this up removed required prompts -- they're the default prompts * testing.txt: updated testing documentation * plugins/plain.c (verify_password): added shadow password file support (server_continue_step): fixed mech_ssf and authorization buglet (server_continue_step): setting realm to local domain name (sasl_client_plug_init): tweaked logging 1999-03-25 Timothy L Martin <tmartin+@andrew.cmu.edu> * lib/server.c (setpass): sends sparams correctly now 1999-03-24 Timothy L Martin <tmartin+@andrew.cmu.edu> * plugins/digestmd5.c (setpass): merged in rob's changes fixed realm mistake merged in alexey's changes for 8859 etc 1999-03-24 Rob Earhart <rob+@andrew.cmu.edu> * configure.in: added checks for crypt.h, shadow.h, getspnam. * plugins/plain.c (server_continue_step): replaced weird error codes with actual symbolic constants * lib/server.c (sasl_server_start): check error code from mech_new, eliminated antiquated call to sasl_setprop(). * sample/sample-server.c (main): made mandatory mech check case-insensitive * lib/common.c (_sasl_getsimple): don't require len param * lib/client.c (have_prompts): made this static * sample/sample-client.c (main): dynamic callback list generation, eliminated most globals * plugins/plain.c (get_authid): dup authid (get_userid): dup userid * sample/sample-client.c (getsecret): fixed broken password reading code * lib/server.c: added credential callback pointers to EXTERNAL * plugins/plain.c (client_continue_step): fixed * lib/server.c (server_dispose): braces to make the compiler happy * include/Makefile.am: removed winconfig.h dependancy 1999-03-23 Rob Earhart <rob+@andrew.cmu.edu> * plugins/plain.c (client_plugins): deleted required prompts; plain only *needs* the default (SASL_CB_AUTHNAME and SASL_CB_PASS). * configure.in: switched java to default to no * utils/saslpasswd.c (main): documented flags (main): added user realm * plugins/digestmd5.c (get_realm): flipped this to user_domain (setpass): massive surgery to make this sort of work fixed free_prompts call * plugins/plain.c (find_prompt): minor surgery to make this work fixed free_prompts call * config/sasl.spec: massive update to build normal lib, development package, and packages for each plugin * doc/Makefile.am (EXTRA_DIST): updated digest-sasl doc 1999-03-22 Rob Earhart <rob+@andrew.cmu.edu> * plugins/kerberos4.c (server_continue_step): fixed security layer negotiation code, used symbolic constants, eliminated context ssf 1999-03-19 Timothy L Martin <tmartin+@andrew.cmu.edu> * plugins/cram.c: Doesn't store passwords in /etc/sasldb in clear. tested 1999-03-18 Rob Earhart <rob+@andrew.cmu.edu> * lib/server.c (server_dispose): fixed up credential disposal * Moved winconfig.h to win32/include/config.h to remove a bunch of ifdefs; windows project header paths will need to be adjusted. * man/Makefile.am: created 1999-03-15 Rob Earhart <rob+@andrew.cmu.edu> * sample/sample-server.c: seperated saslfail/sasldebug, made failure to obtain info at the end not cause fail * testing.txt: rewrote * config/cyrus-sasl.spec: Added sample code to docs * configure.in: added optional compilation for sample code * Makefile.am: split sample out to make it optionally compile 1999-03-14 Rob Earhart <rob+@andrew.cmu.edu> * plugins/plain.c (free_string): removed warning, simplified (client_continue_step): Fixed some printfs * sasl/Makefile.am (javasasl_JAVA): Added new java classes * plugins/cram.c (setpass): return something on function exit (free_string): simplified, removing compiler warning * plugins/Makefile.am: Updated plugin versions * lib/Makefile.am (sasl_version): Updated revision 1999-03-11 Rob Earhart <rob+@andrew.cmu.edu> * configure.in: Added kaffeh support 1999-03-08 Timothy L Martin <tmartin+@andrew.cmu.edu> * plugins/plain.c: No sensetive information leaked * plugins/cram.c: No sensetive information leaked 1999-03-07 Timothy L Martin <tmartin+@andrew.cmu.edu> * plugins/digestmd5.c: client and server can't send challenges >2048 bytes now 1999-03-05 Timothy L Martin <tmartin+@andrew.cmu.edu> * plugins/plain.c: uses callbacks and interactions now (tested) * plugins/cram.c: uses callbacks and interactions now (tested) * plugins/anonymous.c (c_continue_step): fencepost error corrected 1999-03-04 Rob Earhart <rob+@andrew.cmu.edu> * plugins/kerberos4.c (client_continue_step): changed ssf printf()s to unsigned * sample/sample-client.c (main): fixed max ssf * sample/sample-server.c (main): fixed max ssf * plugins/kerberos4.c (client_continue_step): fixed to deal nicely with NULL userid and authid 1999-03-01 Rob Earhart <rob+@andrew.cmu.edu> * plugins/kerberos4.c: interaction and callback fixes. This'll probably break stuff -- but only stuff that shouldn't have been written in the first place... * lib/common.c: axed the user/realm stuff from sasl_conn_t, rewrote common to use copies from oparams 1999-02-25 Rob Earhart <rob+@andrew.cmu.edu> * plugins/anonymous.c (c_continue_step): added case for NULL user (c_continue_step): fixed anon id creation * lib/client.c: fixed various prompt_need assumptions * lib/server.c (sasl_listmech): gracefully deal with NULL prefix, sep, and suffix * lib/client.c (sasl_client_new): SASL_FAIL => SASL_BADPARAM for bad parameters * lib/dlopen.c (_sasl_get_mech_list): added path defaulting 1999-02-22 Rob Earhart <rob+@andrew.cmu.edu> * plugins/anonymous.c (continue_step): changes %*s to %s (len doesn't work in log function), and NULL-terminated the client's str. * lib/common.c (add_string): cleaned up a bit * doc: wrote Makefile.am, added relevant drafts and RFCs * Makefile.am: added doc dir * plugins/digestmd5.c: cleaned up some warnings * plugins/kerberos4.c: cleaned up some warnings * configure.in: removed -pedantic -ansi -fbuiltin; glibc-2.1 is just too broken for this to work without lots of useless whining 1999-02-21 Timothy L Martin <tmartin+@andrew.cmu.edu> * all: eliminated some warnings * plugins/digestmd5: added integrity protection * plugins/digestmd5: replaced all DEBUG prints with VL's 1999-02-17 Timothy L Martin <tmartin+@andrew.cmu.edu> * plugins/all: added VL's for error conditions * all: eliminated some warnings * plugins/kerberos4.c: went back to an old version. works now. Please test when you make changes in the future * plugins/kerberos4.c: doesn't work now. no clue why * lib/saslutil.c: fixed some stuff. added comments * plugings/cram.c: fixed various things. works now. please don't touch Rob * lib/common.c: fixed username error 1999-02-12 Rob Earhart <rob+@andrew.cmu.edu> * lib/client.c (sasl_client_start): added credentials consideration * lib/saslint.h: moved oparams into sasl_conn_t (instead of keeping a pointer to them); adjusted other code to match * include/sasl.h: added credentials interface. This may change at some point; it's nice and simple, but doesn't seperate the credentials from the sasl_conn_t... * include/saslplug.h: added credential calls for server plugins, incremented plugin version * plugins/scram.c (sasl_server_plug_init): added credential ptrs, fixed version check, incremented version (sasl_client_plug_init): fixed version check * plugins/plain.c (sasl_server_plug_init): added credential ptrs, fixed version check, incremented version (sasl_client_plug_init): fixed version check * plugins/gssapi.c (sasl_server_plug_init): added credential ptrs, fixed version check, incremented version (sasl_client_plug_init): fixed version check * plugins/digestmd5.c (sasl_server_plug_init): added credential ptrs, fixed version check, incremented version (sasl_client_plug_init): fixed version check * plugins/anonymous.c (sasl_server_plug_init): added credential ptrs, fixed version check, incremented version (sasl_client_plug_init): checked version check * plugins/kerberos4.c (sasl_server_plug_init): added credential ptrs, incremented version (sasl_client_plug_init): checked version check * lib/server.c (mech_permitted): fixed reversed ssf test * plugins/cram.c (sasl_server_plug_init): added credential ptrs, fixed version check, incremented version. (sasl_client_plug_init): fixed version check 1999-02-11 Rob Earhart <rob+@andrew.cmu.edu> * include/sasl.h (SASL_SEC_MAXIMUM): changed definition of SASL_SEC_MEXIMUM (I never did like the way it was defined before), and added SASL_SEC_MAX_DEFINED, which the library will need in order to properly process SASL_SEC_MAXIMUM. (SASL_SEC_PASS_CREDENTIALS): added this, as well as sasl_credentials_t, used by plugins which accept forwarded credentials to hand them to servers. * plugins/anonymous.c (client_plugins): added required prompts (SASL_CB_USER), commented a little. (c_continue_step): changed from getprop for username to callback * include/saslplug.h: made required_prompts a const long ptr * lib/common.c (_sasl_getcallback): added SASL_CB_LIST_END check * lib/saslint.h (_sasl_getcallback): added prototype * lib/common.c (_sasl_getcallback): made non-static * lib/client.c (have_prompts): implemented; checks whether or not the app provides the prompts necessary for a given mechanism. 1999-02-10 Rob Earhart <rob+@andrew.cmu.edu> * lib/common.c (_sasl_getcallback): returns SASL_INTERACT if callback exists but proc is NULL (as per spec). * acconfig.h: moved string&dir&mem stuff here & winconfig.h; wiped nasty magic from most src 1999-02-09 Rob Earhart <rob+@andrew.cmu.edu> * lib/server.c (external_server_init): added, implemented, linked in * lib/client.c (external_client_init): added, implemented, linked in * include/saslplug.h: changed const char *s in oparams to char *s * lib/test-client.c: fixed some little nits (main): added Extern auth flag * lib/saslutil.c (sasl_encode64): added outmax and outlen handling (parityof): diked out * include/sasl.h: made sasl_secret_t.data signed * lib/test-server.c: fixed some little nits (main): added Extern auth flag * lib/test-common.c: fixed some little nits * testing.txt: fixed test program names 1999-02-08 Rob Earhart <rob+@andrew.cmu.edu> * lib/saslint.h: ssf => sasl_external_properties_t * lib/common.c (sasl_setprop): serious cleanup * lib/server.c (mech_permitted): implemented (sasl_server_start): added mech_permitted() check (sasl_listmech): added mech_permitted() check * include/sasl.h: Added sasl_external_properties_t, moved sasl_security_properties_t from saslplug.h, fixed some documentation 1999-02-07 Ryan Troll <ryan+@andrew.cmu.edu> * configure.in: Added reminder about version number in winconfig.h * include/sasl.h: Fixed WIN32 declarations * include/winconfig.h: Added new defines, for compilation under windows * lib/test-client.c: fixed loop, so it will work with anonymous mechanism * Added saslDIGESTMD5 project to main workspace 1999-02-05 Rob Earhart <rob+@andrew.cmu.edu> * lib/windlopen.c (_sasl_get_mech_list): added getpath_cb * lib/saslint.h: _sasl_get_mech_list *takes* getpath callback added _sasl_find_getpath_callback prototype * lib/dlopen.c (_sasl_get_mech_list): checking args, using getpath callback to find the path * lib/client.c (sasl_client_init): passing getpath callback to _sasl_get_mech_list, using _sasl_find_getpath_callback * lib/server.c (sasl_server_init): passing getpath callback to _sasl_get_mech_list, using _sasl_find_getpath_callback * lib/common.c (_sasl_getcallback): changed sasl_syslog to _sasl_syslog (_sasl_getcallback): added ref to _sasl_getpath (_sasl_getpath): wrote (_sasl_find_getpath_callback): wrote * include/sasl.h: added sasl_getpath_t decl 1999-01-26 Rob Earhart <rob+@andrew.cmu.edu> * configure.in: Added digest-md5 configuration * plugins/Makefile.am: Added digestmd5 stuff * Removed Id tags from all files * plugins/digestmd5.c: Added plugin from Alexey 1999-01-25 Rob Earhart <rob+@andrew.cmu.edu> * include/winconfig.h: Bumped version to 1.4b1 (strncasecmp): Added strncasecmp => strnicmp translation * configure.in: Bumped version to 1.4b1 * Makefile.am (dist-hook): Added cmulocal to dist 1999-01-19 Rob Earhart <rob+@andrew.cmu.edu> * Version 1.3b2 released * configure.in: Updated to v1.3b2 * include/sasl.h: Wrapped the error codes in parens, for sanity 1999-01-15 Rob Earhart <rob+@andrew.cmu.edu> * Version 1.3b1 released 1999-01-12 Rob Earhart <rob+@andrew.cmu.edu> * lib/server.c (sasl_setpass): pass flags & errstr * configure.in: uses CMU_SOCKETS, for sanity; sets SASL_UTIL_LIBS; writes utils/Makefile; updated version to 1.3b1 * Makefile.am: added utils * utils/Makefile.am: wrote * utils/saslpasswd.8: wrote * utils/saslpasswd.c: upgraded 1998-12-14 Timothy L Martin <tmartin+@andrew.cmu.edu> * lib/common.c: added logging capability * sasl.h, saslplug.h: changed logging functions 1998-12-09 Timothy L Martin <tmartin+@andrew.cmu.edu> * utils/*: created utils directory with saslpasswd, imtest, and smtptest * server.c: implemented sasl_setpass (adding passwords only) * plugins/cram.c: stores password in clear. Made cram work correctly 1998-12-01 Rob Earhart <rob+@andrew.cmu.edu> * TODO: added setpass stuff 1998-11-30 Rob Earhart <rob+@andrew.cmu.edu> * Version 1.2b3 released * SMakefile: switched order of automake and autoconf * plugins/Makefile.am: added PLAIN_LIBS to libplain_la_LIBADD * configure.in: check for libcrypt for plain 1998-11-30 Ryan Troll <ryan@andrew.cmu.edu> * win32/libsasl workspace: Updated to handle new server db mechanism. Now just uses 'db_none'. 1998-11-30 Rob Earhart <rob+@andrew.cmu.edu> * plugins/*.c: made plugin structs static * lib/Makefile.am: added windlopen.c * plugins/plain.c: passing a len return to getsimple callbacks * Makefile.am: added note about SASL_PATH * INSTALL: added note about SASL_PATH * include/winconfig.h: added copyright, updated version * include/Makefile.am: added winconfig.h to distribution * sasl/Makefile.am: removed saslMechList.java 1998-11-30 Rob Earhart <rob@ANDREW.CMU.EDU> * configure.in: bumped up version to 1.2b3 * lib/common.c: added default user/authname callbacks * Makefile.am: added plugin path warning 1998-11-29 Rob Earhart <rob+@andrew.cmu.edu> * plugins/plain.c: now attempts to look up userid and authid as well as password via callbacks, and sets callback ids appropriately for SASL_INTERACT. Uses authorization callback. Revamped parser to not copy data onto stack and to use arbitrary-length data. * lib/server.c: removed gdbm/ndbm code and the whole SASL_DB_TYPE nonsense; replaced with linkage against _sasl_db_getsecret and _sasl_db_putsecret * lib/db_ndbm.c: created; moved ndbm code from server.c to here * lib/db_gdbm: created; moved gdbm code from server.c to here * lib/db_none: created; filled in hook symbols * lib/saslint.h: added _sasl_db_getsecret and _sasl_db_putsecret symbol definitions * lib/Makefile.am: added SASL_DB_BACKEND and db backend sources, incremented library version number * acconfig.h: removed SASL_DB_TYPE; it's superfluous now * configure.in: now subst's SASL_DB_BACKEND appropriately, and is more careful about pulling in libs after checking for them 1998-11-25 Rob Earhart <rob+@andrew.cmu.edu> * Version 1.2b2 released |