Add cyrus-sasl-2.1.6 after repo. copy.

12 files changed, 75 insertions, 409 deletions

diff --git a/security/cyrus-sasl2/files/Sendmail.README b/security/cyrus-sasl2/files/Sendmail.README
deleted file mode 100644
index c88d2433e92e..000000000000
--- a/security/cyrus-sasl2/files/Sendmail.README
+++ /dev/null
@@ -1,51 +0,0 @@
-How to enable SMTP AUTH with FreeBSD default Sendmail
-
-1) Add the following to  /etc/make.conf:
-
-    # Add SMTP AUTH support to Sendmail
-    SENDMAIL_CFLAGS+=	-I/usr/local/include/sasl1 -DSASL
-    SENDMAIL_LDFLAGS+=	-L/usr/local/lib
-    SENDMAIL_LDADD+=	-lsasl
-
-    NOTE: Sendmail 8.10 - 8.11 needS -D_FFR_UNSAFE_SASL added
-          to SENDMAIL_CFLAGS, if you need the GroupReadableSASLFile option
-
-2) Rebuild FreeBSD (make buildworld, ...)
-
-3) Create /usr/local/lib/sasl/Sendmail.conf with the following.
-
-   pwcheck_method: pwcheck
-
-4) Add the following to your sendmail.mc file:
-
-   dnl The group needs to be mail in order to read the sasldb file
-   define(`confRUN_AS_USER',`root:mail')dnl
-
-   TRUST_AUTH_MECH(`DIGEST-MD5 CRAM-MD5')dnl
-   define(`confAUTH_MECHANISMS',`DIGEST-MD5 CRAM-MD5')dnl
-
-   dnl Use the following for Sendmail 8.12
-   define(`confDONT_BLAME_SENDMAIL',`GroupReadableSASLDBFile')dnl
-
-   dnl Use the following for Sendmail 8.10 - 8.11
-   define(`confDONT_BLAME_SENDMAIL',`GroupReadableSASLFile')dnl
-
- ----
-
-   Additional AUTH Mechanisms are LOGIN, PLAIN, GSSAPI, and KERBEROS_V4.
-   These can be added to TRUST_AUTH_MECH and confAUTH_MECHANISMS as a space
-   seperated list.  You may want to restrict LOGIN, and PLAIN authentication
-   methods for use with STARTTLS, as the password is not encrypted when
-   passed to sendmail.
-
-   LOGIN is required for Outlook Express users.  "My server requires
-   authentication" needs to be checked in the accounts properties to 
-   use SASL Authentication.
-
-   PLAIN is required for Netscape Communicator users.  By default Netscape
-   Communicator will use SASL Authentication when sendmail is compiled with
-   SASL.
-
-   The DONT_BLAME_SENDMAIL option GroupReadableSASL[DB]File is needed when you
-   are using cyrus-imapd and sendmail on the same server that requires access
-   to the sasldb database.
diff --git a/security/cyrus-sasl2/files/patch-ab b/security/cyrus-sasl2/files/patch-ab
deleted file mode 100644
index 4b1a2c357e00..000000000000
--- a/security/cyrus-sasl2/files/patch-ab
+++ /dev/null
@@ -1,92 +0,0 @@
---- configure.in.orig	Wed May 22 20:49:46 2002
-+++ configure.in	Thu May 23 16:52:07 2002
-@@ -66,8 +66,12 @@
- dnl check for -R, etc. switch
- CMU_GUESS_RUNPATH_SWITCH
- dnl let's just link against local.  otherwise we never find anything useful.
--CPPFLAGS="-I/usr/local/include ${CPPFLAGS}"
--CMU_ADD_LIBPATH("/usr/local/lib")
-+CPPFLAGS="-I${OPENSSLINC}/openssl ${CPPFLAGS}"
-+if test "${OPENSSLINC}" != "/usr/include" ; then
-+  CPPFLAGS="-I${OPENSSLINC} ${CPPFLAGS}"
-+fi
-+CMU_ADD_LIBPATH("${OPENSSLLIB}")
-+CMU_ADD_LIBPATH("${LOCALBASE}/lib")
- 
- AM_DISABLE_STATIC
- 
-@@ -122,8 +126,6 @@
- 
-   AC_SUBST(JAVA_INCLUDES)
-   AC_MSG_RESULT(JAVA_INCLUDES)
--  JAVAC=`echo "$JAVAC" | sed 's,.*/,,'`
--  JAVAH=`echo "$JAVAH" | sed 's,.*/,,'`
- fi
- 
- AM_CONDITIONAL(SAMPLE, test "$enable_sample" = yes)
-@@ -149,11 +151,13 @@
- 	AC_CHECK_HEADER(db.h,
- 			AC_CHECK_LIB(db-3, db_create, SASL_DB_LIB="-ldb-3";
- 			   dblib="berkeley",
-+			AC_CHECK_LIB(db3, db_create, SASL_DB_LIB="-ldb3";
-+			   dblib="berkeley",
- 			AC_CHECK_LIB(db, db_create, SASL_DB_LIB="-ldb";
- 			   dblib="berkeley",
- 			AC_CHECK_LIB(db, db_open, SASL_DB_LIB="-ldb"; 
- 			   dblib="berkeley",
--                        dblib="no"))),
-+                        dblib="no")))),
- 			dblib="no")
- 	;;
-   gdbm)
-@@ -175,11 +179,13 @@
- 	AC_CHECK_HEADER(db.h,
- 			AC_CHECK_LIB(db-3, db_create, SASL_DB_LIB="-ldb-3";
- 			   dblib="berkeley",
-+			AC_CHECK_LIB(db3, db_create, SASL_DB_LIB="-ldb3";
-+			   dblib="berkeley",
- 			AC_CHECK_LIB(db, db_create, SASL_DB_LIB="-ldb";
- 			   dblib="berkeley",
- 			AC_CHECK_LIB(db, db_open, SASL_DB_LIB="-ldb"; 
- 			   dblib="berkeley",
--                        dblib="no"))),
-+                        dblib="no")))),
- 			dblib="no")
- 	if test "$dblib" = no; then
- 	  dnl How about ndbm?
-@@ -229,6 +235,13 @@
-   berkeley)
-     SASL_DB_BACKEND="db_${dblib}.lo"
-     AC_DEFINE(SASL_BERKELEYDB)
-+    for db3loc in ${prefix} /usr/local /usr
-+    do
-+      if test -d ${db3loc}/include/db3; then
-+       CPPFLAGS="-I${db3loc}/include/db3 $CPPFLAGS"
-+       break
-+      fi
-+    done
-     ;;
-   *)
-     AC_MSG_WARN([Disabling SASL authentication database support])
-@@ -534,12 +547,16 @@
-   fi
- 
-   if test "$with_des" != no; then
-+    case "$host_os" in
-+	freebsd*)
-+	    COM_ERR="-lcom_err"
-+	    ;;
-+    esac
-     AC_CHECK_HEADER(krb.h,
--      AC_CHECK_LIB(krb, krb_mk_priv, COM_ERR="",
--	AC_CHECK_LIB(krb, krb_mk_priv, COM_ERR="-lcom_err",
--                     AC_WARN(No Kerberos V4 found); krb4=no, -ldes -lcom_err),
--        -ldes),
--      AC_WARN(No Kerberos V4 found); krb4=no)
-+      AC_CHECK_LIB(krb, krb_mk_priv,:,
-+                AC_WARN(No Kerberos V4 found); krb4=no,
-+		-ldes ${COM_ERR}),
-+      AC_WARN(No Kerberos V4 headers found); krb4=no)
-   else
-     AC_WARN(No DES library found for Kerberos V4 support)
-     krb4=no
diff --git a/security/cyrus-sasl2/files/patch-java::CyrusSasl::Makefile.am b/security/cyrus-sasl2/files/patch-java::CyrusSasl::Makefile.am
deleted file mode 100644
index bf5be6aef933..000000000000
--- a/security/cyrus-sasl2/files/patch-java::CyrusSasl::Makefile.am
+++ /dev/null
@@ -1,11 +0,0 @@
---- java/CyrusSasl/Makefile.am.orig	Tue Nov 21 23:55:17 2000
-+++ java/CyrusSasl/Makefile.am	Thu Jan 17 21:58:10 2002
-@@ -25,7 +25,7 @@
- 
- javasasl_version = 1:0:0
- 
--javasasldir = $(prefix)/lib/java/classes/sasl/CyrusSasl
-+javasasldir = $(prefix)/share/java/classes/sasl/CyrusSasl
- javahtmldir = $(prefix)/html/sasl
- 
- INCLUDES=$(JAVA_INCLUDES) -I$(top_srcdir)/include
diff --git a/security/cyrus-sasl2/files/patch-java::javax::security::auth::callback::Makefile.am b/security/cyrus-sasl2/files/patch-java::javax::security::auth::callback::Makefile.am
deleted file mode 100644
index d4f02627d7a8..000000000000
--- a/security/cyrus-sasl2/files/patch-java::javax::security::auth::callback::Makefile.am
+++ /dev/null
@@ -1,11 +0,0 @@
---- java/javax/security/auth/callback/Makefile.am.orig	Sat Nov  4 16:55:44 2000
-+++ java/javax/security/auth/callback/Makefile.am	Thu Jan 17 22:05:23 2002
-@@ -39,7 +39,7 @@
- #
- ################################################################
- 
--javasasldir = $(prefix)/lib/java/classes/sasl/javax/security/auth/callback
-+javasasldir = $(prefix)/share/java/classes/sasl/javax/security/auth/callback
- javahtmldir = $(prefix)/html/sasl
- 
- javasasl_JAVA = PasswordCallback.java \
diff --git a/security/cyrus-sasl2/files/patch-lib::checkpw.c b/security/cyrus-sasl2/files/patch-lib::checkpw.c
deleted file mode 100644
index 3bc40e300107..000000000000
--- a/security/cyrus-sasl2/files/patch-lib::checkpw.c
+++ /dev/null
@@ -1,17 +0,0 @@
---- lib/checkpw.c.orig	Mon Jun 17 18:28:29 2002
-+++ lib/checkpw.c	Mon Jun 17 18:31:44 2002
-@@ -1667,12 +1667,14 @@
-     return SASL_FAIL;
-   }
-   /* setting dereferensing aliases mode */
-+#ifdef LDAP_OPT_DEREF
-   if (ldap_set_option(ld, LDAP_OPT_DEREF, (void *) &ldap_deref) != LDAP_OPT_SUCCESS) {
-     if (reply) {
-       *reply = "cannot set deref options";
-     }
-     return SASL_FAIL;
-   }
-+#endif
-   /* set ssl mode if needed */
- #ifdef LDAP_OPT_X_TLS
-   if ( ldap_ssl_flag ) {
diff --git a/security/cyrus-sasl2/files/patch-plugins::gssapi.c b/security/cyrus-sasl2/files/patch-plugins::gssapi.c
deleted file mode 100644
index 02273633a299..000000000000
--- a/security/cyrus-sasl2/files/patch-plugins::gssapi.c
+++ /dev/null
@@ -1,15 +0,0 @@
---- plugins/gssapi.c.orig	Fri Mar  9 23:56:46 2001
-+++ plugins/gssapi.c	Mon Jan 21 21:03:32 2002
-@@ -71,6 +71,12 @@
- #include <saslutil.h>
- #include <saslplug.h>
- 
-+#ifdef HAVE_UNISTD_H
-+#include <unistd.h>
-+#endif
-+
-+#include <errno.h>
-+
- #ifdef WIN32
- /* This must be after sasl.h */
- # include "saslgssapi.h"
diff --git a/security/cyrus-sasl2/files/patch-pwcheck::Makefile.am b/security/cyrus-sasl2/files/patch-pwcheck::Makefile.am
deleted file mode 100644
index c9e94adefa82..000000000000
--- a/security/cyrus-sasl2/files/patch-pwcheck::Makefile.am
+++ /dev/null
@@ -1,17 +0,0 @@
---- pwcheck/Makefile.am.orig	Wed Mar 22 11:06:43 2000
-+++ pwcheck/Makefile.am	Thu Jan 17 19:09:06 2002
-@@ -22,9 +22,13 @@
- # SOFTWARE.
- #
- 
--sbin_PROGRAMS = pwcheck
-+sbin_PROGRAMS = pwcheck pwcheck_pam
- 
- pwcheck_SOURCES = pwcheck.c
- EXTRA_pwcheck_SOURCES = pwcheck_getpwnam.c pwcheck_getspnam.c
- pwcheck_DEPENDECIES = pwcheck_@PWCHECKMETH@.lo
- pwcheck_LDADD = pwcheck_@PWCHECKMETH@.lo @LIB_CRYPT@ @LIB_SOCKET@
-+
-+pwcheck_pam_SOURCES = pwcheck.c
-+pwcheck_pam_DEPENDECIES = pwcheck_pam.lo
-+pwcheck_pam_LDADD = pwcheck_pam.lo @LIB_CRYPT@ @LIB_SOCKET@ @LIB_PAM@
diff --git a/security/cyrus-sasl2/files/patch-sample::Makefile.am b/security/cyrus-sasl2/files/patch-sample::Makefile.am
deleted file mode 100644
index 98fd62f809da..000000000000
--- a/security/cyrus-sasl2/files/patch-sample::Makefile.am
+++ /dev/null
@@ -1,12 +0,0 @@
---- sample/Makefile.am.orig	Tue Jan 22 21:00:24 2002
-+++ sample/Makefile.am	Tue Jan 22 21:01:02 2002
-@@ -54,7 +54,9 @@
- client_SOURCES = client.c common.c common.h
- 
- server_LDADD = ../lib/libsasl.la $(LIB_SOCKET)
-+server_LDFLAGS = $(GSSAPIBASE_LIBS)
- client_LDADD = ../lib/libsasl.la $(LIB_SOCKET)
-+client_LDFLAGS = $(GSSAPIBASE_LIBS)
- 
- sample_client_LDADD = ../lib/libsasl.la $(LIB_SOCKET)
- sample_server_LDADD = ../lib/libsasl.la $(LIB_SOCKET)
diff --git a/security/cyrus-sasl2/files/patch-utils::Makefile.am b/security/cyrus-sasl2/files/patch-utils::Makefile.am
deleted file mode 100644
index f8c887ba515e..000000000000
--- a/security/cyrus-sasl2/files/patch-utils::Makefile.am
+++ /dev/null
@@ -1,16 +0,0 @@
---- utils//Makefile.am.orig	Tue Jan 22 21:03:43 2002
-+++ utils//Makefile.am	Tue Jan 22 21:02:49 2002
-@@ -45,10 +45,13 @@
- sbin_PROGRAMS = saslpasswd sasldblistusers
- man_MANS = saslpasswd.8 sasldblistusers.8
- saslpasswd_LDADD = ../lib/libsasl.la
-+saslpasswd_LDFLAGS = $(GSSAPIBASE_LIBS)
- sasldblistusers_LDADD = $(SASL_DB_LIB)
-+sasldblistusers_LDFLAGS = $(GSSAPIBASE_LIBS)
- 
- noinst_PROGRAMS = dbconverter-1.5.9
- dbconverter_1_5_9_LDADD = ../lib/libsasl.la $(SASL_DB_LIB)
-+dbconverter_1_5_9_LDFLAGS = $(GSSAPIBASE_LIBS)
- 
- EXTRA_PROGRAMS = testsuite
- testsuite_LDADD = ../lib/libsasl.la $(SASL_DB_LIB) $(LIB_SOCKET)
diff --git a/security/cyrus-sasl2/files/pwcheck.sh b/security/cyrus-sasl2/files/pwcheck.sh
deleted file mode 100644
index 3f4c903817a2..000000000000
--- a/security/cyrus-sasl2/files/pwcheck.sh
+++ /dev/null
@@ -1,66 +0,0 @@
-#!/bin/sh
-#
-# $FreeBSD$
-#
-
-action=$1
-
-PREFIX=%%PREFIX%%
-
-# Suck in the configuration variables.
-if [ -z "${source_rc_confs_defined}" ]; then
-        if [ -r /etc/defaults/rc.conf ]; then
-                . /etc/defaults/rc.conf
-                source_rc_confs
-        elif [ -r /etc/rc.conf ]; then
-                . /etc/rc.conf
-        fi
-fi
-
-# The following sasl_pwcheck_* variables may be defined in rc.conf
-#
-# 	sasl_pwcheck_enable  -	Set to YES to enable pwcheck
-#				Default: %%ENABLEPWCHECK%%
-#
-#	sasl_pwcheck_program -	Path to pwcheck program (pwcheck/pwcheck_pam)
-#				Default: ${PREFIX}/sbin/%%PWCHECK%%
-
-if [ -z "${sasl_pwcheck_enable}" ] ; then
-	sasl_pwcheck_enable=%%ENABLEPWCHECK%%
-fi
-
-if [ -z "${sasl_pwcheck_program}" ]; then
-	sasl_pwcheck_program=${PREFIX}/sbin/%%PWCHECK%%
-fi
-
-rc=0
-
-case "${sasl_pwcheck_enable}" in
-    [Yy][Ee][Ss])
-	case "${action}" in
-
-	    start)
-		if [ -x ${sasl_pwcheck_program} ] ; then
-		    ${sasl_pwcheck_program} & && echo -n " pwcheck"
-		fi
-		;;
-
-	    stop)
-		if [ -r /var/run/pwcheck.pid ]; then
-		    kill `cat /var/run/pwcheck.pid` && echo -n " pwcheck"
-		    rm /var/run/pwcheck.pid
-		fi
-		;;
-
-	    *)
-		echo "usage: $0 {start|stop}" 1>&2
-		rc=64
-		;;
-	esac
-	;;
-    *)
-	rc=0
-	;;
-esac
-
-exit $rc
diff --git a/security/cyrus-sasl2/files/pwcheck_pam.c b/security/cyrus-sasl2/files/pwcheck_pam.c
deleted file mode 100644
index 57e1076ca92a..000000000000
--- a/security/cyrus-sasl2/files/pwcheck_pam.c
+++ /dev/null
@@ -1,101 +0,0 @@
-
-#include <security/pam_appl.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-
-/* Static variables used to communicate between the conversation function
- * and the server_login function
- */
-static char *PAM_username;
-static char *PAM_password;
-
-/* PAM conversation function
- */
-static int PAM_conv (int num_msg,
-                     const struct pam_message **msg,
-                     struct pam_response **resp,
-                     void *appdata_ptr) {
-  int replies = 0;
-  struct pam_response *reply = NULL;
-
-  #define COPY_STRING(s) (s) ? strdup(s) : NULL
-
-  reply = malloc(sizeof(struct pam_response) * num_msg);
-  if (!reply) return PAM_CONV_ERR;
-
-  for (replies = 0; replies < num_msg; replies++) {
-    switch (msg[replies]->msg_style) {
-      case PAM_PROMPT_ECHO_ON:
-        reply[replies].resp_retcode = PAM_SUCCESS;
-        reply[replies].resp = COPY_STRING(PAM_username);
-          /* PAM frees resp */
-        break;
-      case PAM_PROMPT_ECHO_OFF:
-        reply[replies].resp_retcode = PAM_SUCCESS;
-        reply[replies].resp = COPY_STRING(PAM_password);
-          /* PAM frees resp */
-        break;
-      case PAM_TEXT_INFO:
-        /* fall through */
-      case PAM_ERROR_MSG:
-        /* ignore it, but pam still wants a NULL response... */
-        reply[replies].resp_retcode = PAM_SUCCESS;
-        reply[replies].resp = NULL;
-        break;
-      default:
-        /* Must be an error of some sort... */
-        free (reply);
-        return PAM_CONV_ERR;
-    }
-  }
-  *resp = reply;
-  return PAM_SUCCESS;
-}
-
-static struct pam_conv PAM_conversation = {
-    PAM_conv,
-    NULL
-};
-
-/* Server log in
- * Accepts: user name string
- *          password string
- * Returns: "OK" if password validated, error message otherwise
- */ 
- 
-char *pwcheck(char *username, char *password)
-{
-  pam_handle_t *pamh;
-  int pam_error;
-
-  /* PAM only handles authentication, not user information. */
-  if ( !(username && password && strlen(username) && strlen(password)) )
-      return "Incorrect username";
-
-  /* validate password */
-
-  PAM_password = password;
-  PAM_username = username;
-  fprintf(stderr, "checking %s\n", username);
-  pam_error = pam_start("cyrus", username, &PAM_conversation, &pamh);
-  if (pam_error == PAM_SUCCESS) 
-    pam_error = pam_authenticate(pamh, 0);
-    
-  if (pam_error == PAM_SUCCESS) 
-    pam_error = pam_acct_mgmt(pamh, 0);
-
-  if ( pam_error == PAM_SUCCESS) 
-    fprintf(stderr, "\tauthenticated %s\n", username);
-  else
-    fprintf(stderr, "\tfailed to authenticate %s\n", username);
-  
-  if(pam_end(pamh, pam_error) != PAM_SUCCESS) {
-    pamh = NULL;
-    fprintf(stderr, "pwcheck: failed to release authenticator\n");
-    exit(1);
-  }
-  return ( pam_error == PAM_SUCCESS ? "OK" : "Incorrect passwd" );
-}
-
-
diff --git a/security/cyrus-sasl2/files/saslauthd.sh b/security/cyrus-sasl2/files/saslauthd.sh
new file mode 100644
index 000000000000..39bd6fc091fc
--- /dev/null
+++ b/security/cyrus-sasl2/files/saslauthd.sh
@@ -0,0 +1,75 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+
+action=$1
+
+PREFIX=%%PREFIX%%
+
+# Suck in the configuration variables.
+if [ -z "${source_rc_confs_defined}" ]; then
+        if [ -r /etc/defaults/rc.conf ]; then
+                . /etc/defaults/rc.conf
+                source_rc_confs
+        elif [ -r /etc/rc.conf ]; then
+                . /etc/rc.conf
+        fi
+fi
+
+# The following sasl_saslauthd_* variables may be defined in rc.conf
+#
+# 	sasl_saslauthd_enable  - Set to YES to enable saslauthd
+#				 Default: %%ENABLEPWCHECK%%
+#
+#	sasl_saslauthd_program - Path to saslauthd program
+#				 Default: ${PREFIX}/sbin/%%PWCHECK%%
+#
+#	sasl_saslauthd_flags   - Flags to saslauthd program
+#				 Default: -a pam
+
+if [ -z "${sasl_saslauthd_enable}" ]; then
+	sasl_saslauthd_enable=%%ENABLEPWCHECK%%
+fi
+
+if [ -z "${sasl_saslauthd_program}" ]; then
+	sasl_saslauthd_program=${PREFIX}/sbin/%%PWCHECK%%
+fi
+
+if [ -z "${sasl_saslauthd_flags}" ]; then
+	sasl_saslauthd_flags="-a pam"
+fi
+
+rc=0
+
+case "${sasl_saslauthd_enable}" in
+    [Yy][Ee][Ss])
+	case "${action}" in
+
+	    start)
+		if [ -x ${sasl_saslauthd_program} ] ; then
+		    ${sasl_saslauthd_program} ${sasl_saslauthd_flags} \
+			&& echo -n " saslauthd"
+		fi
+		;;
+
+	    stop)
+		if [ -r /var/state/saslauthd/mux.pid ]; then
+		    kill `cat /var/state/saslauthd/mux.pid` && \
+			echo -n " saslauthd"
+		    rm /var/state/saslauthd/mux.pid
+		fi
+		;;
+
+	    *)
+		echo "usage: $0 {start|stop}" 1>&2
+		rc=64
+		;;
+	esac
+	;;
+    *)
+	rc=0
+	;;
+esac
+
+exit $rc