Mercurial > dovecot > core-2.2
changeset 2717:9d83aecdcfd7 HEAD
Removed Cyrus SASL code completely. It hasn't worked for ages (if ever?) and
there's not much point in having it anyway.
author | Timo Sirainen <tss@iki.fi> |
---|---|
date | Sun, 10 Oct 2004 16:55:09 +0300 |
parents | ca9d5d046f23 |
children | f5b135533197 |
files | configure.in src/auth/Makefile.am src/auth/mech-cyrus-sasl2.c src/auth/mech.c src/auth/mech.h src/lib-index/mail-index-view.c src/master/auth-process.c src/master/master-settings.c src/master/master-settings.h |
diffstat | 9 files changed, 4 insertions(+), 297 deletions(-) [+] |
line wrap: on
line diff
--- a/configure.in Sat Oct 09 17:22:14 2004 +0300 +++ b/configure.in Sun Oct 10 16:55:09 2004 +0300 @@ -156,15 +156,6 @@ fi, want_mysql=no) -AC_ARG_WITH(cyrus-sasl2, -[ --with-cyrus-sasl2 Build with Cyrus SASL 2 library support], - if test x$withval = xno; then - want_cyrus_sasl2=no - else - want_cyrus_sasl2=yes - fi, - want_cyrus_sasl2=no) - AC_ARG_WITH(ssl, [ --with-ssl=[gnutls|openssl] Build with GNUTLS (default) or OpenSSL], if test x$withval = xno; then @@ -1234,16 +1225,6 @@ fi fi -if test $want_cyrus_sasl2 = yes; then - AC_CHECK_LIB(sasl2, sasl_server_start, [ - AC_CHECK_HEADER(sasl/sasl.h, [ - AC_DEFINE(USE_CYRUS_SASL2,, - Define if you want to use Cyrus SASL library) - AUTH_LIBS="$AUTH_LIBS -lsasl2" - ]) - ]) -fi - if test $need_crypt = yes; then AC_CHECK_LIB(crypt, crypt, [ AUTH_LIBS="-lcrypt $AUTH_LIBS"
--- a/src/auth/Makefile.am Sat Oct 09 17:22:14 2004 +0300 +++ b/src/auth/Makefile.am Sun Oct 10 16:55:09 2004 +0300 @@ -40,7 +40,6 @@ main.c \ mech.c \ mech-anonymous.c \ - mech-cyrus-sasl2.c \ mech-plain.c \ mech-login.c \ mech-cram-md5.c \
--- a/src/auth/mech-cyrus-sasl2.c Sat Oct 09 17:22:14 2004 +0300 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,250 +0,0 @@ -/* Copyright (C) 2003 Timo Sirainen */ - -#include "common.h" -#include "mech.h" - -#ifdef USE_CYRUS_SASL2 - -#include <stdlib.h> -#include <sasl/sasl.h> - -#include "auth-mech-desc.h" - -struct cyrus_auth_request { - struct auth_request auth_request; - - sasl_conn_t *conn; - int success; -}; - -static const char *auth_mech_to_str(enum auth_mech mech) -{ - int i; - - for (i = 0; i < AUTH_MECH_COUNT; i++) { - if (auth_mech_desc[i].mech == mech) - return auth_mech_desc[i].name; - } - - return NULL; -} - -static int -cyrus_sasl_auth_continue(struct auth_request *auth_request, - struct auth_login_request_continue *request, - const unsigned char *data, mech_callback_t *callback) -{ - struct cyrus_auth_request *cyrus_request = - (struct cyrus_auth_request *)auth_request; - struct auth_login_reply reply; - const char *serverout; - unsigned int serveroutlen; - int ret; - - ret = sasl_server_step(cyrus_request->conn, data, request->data_size, - &serverout, &serveroutlen); - - mech_init_login_reply(&reply); - reply.id = request->id; - - if (ret == SASL_CONTINUE) { - reply.result = AUTH_LOGIN_RESULT_CONTINUE; - reply.data_size = serveroutlen; - } else if (ret == SASL_OK) { - /* success */ - reply.result = AUTH_LOGIN_RESULT_SUCCESS; - cyrus_request->success = TRUE; - - serverout = mech_auth_success(&reply, auth_request, - serverout, serveroutlen); - } else { - /* failure */ - reply.result = AUTH_LOGIN_RESULT_FAILURE; - } - - callback(&reply, serverout, auth_request->conn); - return reply.result != AUTH_LOGIN_RESULT_FAILURE; -} - -#if 0 -static int auth_sasl_fill_reply(struct cookie_data *cookie, - struct auth_cookie_reply_data *reply) -{ - struct auth_context *ctx = cookie->context; - const char *canon_user; - const struct propval *prop; - int ret; - - if (!ctx->success) - return FALSE; - - /* get our username */ - ret = sasl_getprop(ctx->conn, SASL_USERNAME, - (const void **) &canon_user); - if (ret != SASL_OK) { - i_warning("sasl_getprop() failed: %s", - sasl_errstring(ret, NULL, NULL)); - return FALSE; - } - - memset(reply, 0, sizeof(*reply)); - reply->success = TRUE; - - if (strocpy(reply->virtual_user, canon_user, - sizeof(reply->virtual_user)) < 0) - i_panic("virtual_user overflow"); - - /* get other properties */ - prop = prop_get(sasl_auxprop_getctx(ctx->conn)); - for (; prop != NULL && prop->name != NULL; prop++) { - if (prop->nvalues == 0 || prop->values[0] == NULL) - continue; - - if (strcasecmp(prop->name, SASL_AUX_UIDNUM) == 0) - reply->uid = atoi(prop->values[0]); - else if (strcasecmp(prop->name, SASL_AUX_GIDNUM) == 0) - reply->gid = atoi(prop->values[0]); - else if (strcasecmp(prop->name, SASL_AUX_HOMEDIR) == 0) { - if (strocpy(reply->home, prop->values[0], - sizeof(reply->home)) < 0) - i_panic("home overflow"); - } else if (strcasecmp(prop->name, SASL_AUX_UNIXMBX) == 0) { - if (strocpy(reply->mail, prop->values[0], - sizeof(reply->mail)) < 0) - i_panic("mail overflow"); - } - } - - return TRUE; -} -#endif - -static void cyrus_sasl_auth_free(struct auth_request *auth_request) -{ - struct cyrus_auth_request *cyrus_request = - (struct cyrus_auth_request *)auth_request; - - sasl_dispose(&cyrus_request->conn); - pool_unref(auth_request->pool); -} - -struct auth_request *mech_cyrus_sasl_new(struct login_connection *conn, - struct auth_login_request_new *request, - mech_callback_t *callback) -{ - static const char *propnames[] = { - SASL_AUX_UIDNUM, - SASL_AUX_GIDNUM, - SASL_AUX_HOMEDIR, - SASL_AUX_UNIXMBX, - NULL - }; - struct cyrus_auth_request *cyrus_request; - struct auth_login_reply reply; - const char *mech, *serverout; - unsigned int serveroutlen; - sasl_security_properties_t sec_props; - sasl_conn_t *sasl_conn; - pool_t pool; - int ret; - - mech = auth_mech_to_str(request->mech); - if (mech == NULL) - i_fatal("Login asked for unknown mechanism %d", request->mech); - - /* create new SASL connection */ - ret = sasl_server_new("imap", NULL, NULL, NULL, NULL, NULL, 0, - &sasl_conn); - if (ret != SASL_OK) { - i_fatal("sasl_server_new() failed: %s", - sasl_errstring(ret, NULL, NULL)); - } - - /* don't allow SASL security layer */ - memset(&sec_props, 0, sizeof(sec_props)); - sec_props.min_ssf = 0; - sec_props.max_ssf = 1; - - if (sasl_setprop(sasl_conn, SASL_SEC_PROPS, &sec_props) != SASL_OK) { - i_fatal("sasl_setprop(SASL_SEC_PROPS) failed: %s", - sasl_errstring(ret, NULL, NULL)); - } - - ret = sasl_auxprop_request(sasl_conn, propnames); - if (ret != SASL_OK) { - i_fatal("sasl_auxprop_request() failed: %s", - sasl_errstring(ret, NULL, NULL)); - } - - /* initialize reply */ - mech_init_login_reply(&reply); - reply.id = request->id; - reply.reply_idx = 0; - - /* start the exchange */ - ret = sasl_server_start(sasl_conn, mech, NULL, 0, - &serverout, &serveroutlen); - if (ret != SASL_CONTINUE) { - reply.result = AUTH_LOGIN_RESULT_FAILURE; - sasl_dispose(&sasl_conn); - - callback(&reply, NULL, conn); - return NULL; - } - - pool = pool_alloconly_create("cyrus_sasl_auth_request", 256); - cyrus_request = p_new(pool, struct cyrus_auth_request, 1); - - cyrus_request->auth_request.refcount = 1; - cyrus_request->auth_request.pool = pool; - cyrus_request->auth_request.auth_continue = - cyrus_sasl_auth_continue; - cyrus_request->auth_request.auth_free = - cyrus_sasl_auth_free; - - reply.result = AUTH_LOGIN_RESULT_CONTINUE; - - reply.data_size = serveroutlen; - callback(&reply, serverout, conn); - - return &cyrus_request->auth_request; -} - -static int sasl_log(void *context __attr_unused__, - int level, const char *message) -{ - switch (level) { - case SASL_LOG_ERR: - i_error("SASL authentication error: %s", message); - break; - case SASL_LOG_WARN: - i_warning("SASL authentication warning: %s", message); - break; - case SASL_LOG_NOTE: - /*i_info("SASL authentication info: %s", message);*/ - break; - case SASL_LOG_FAIL: - /*i_info("SASL authentication failure: %s", message);*/ - break; - } - - return SASL_OK; -} - -static const struct sasl_callback sasl_callbacks[] = { - { SASL_CB_LOG, &sasl_log, NULL }, - { SASL_CB_LIST_END, NULL, NULL } -}; - -void mech_cyrus_sasl_init_lib(void) -{ - int ret; - - ret = sasl_server_init(sasl_callbacks, "dovecot-auth"); - if (ret != SASL_OK) { - i_fatal("sasl_server_init() failed: %s", - sasl_errstring(ret, NULL, NULL)); - } -} - -#endif
--- a/src/auth/mech.c Sat Oct 09 17:22:14 2004 +0300 +++ b/src/auth/mech.c Sun Oct 10 16:55:09 2004 +0300 @@ -20,7 +20,6 @@ char username_chars[256], username_translation[256]; int ssl_require_client_cert; -static int set_use_cyrus_sasl; static struct auth_client_request_reply failure_reply; static buffer_t *auth_failures_buf; @@ -114,13 +113,7 @@ return; } -#ifdef USE_CYRUS_SASL2 - if (set_use_cyrus_sasl) - auth_request = mech_cyrus_sasl_new(conn, request, callback); - else -#endif - auth_request = mech->auth_new(); - + auth_request = mech->auth_new(); if (auth_request == NULL) return; @@ -473,11 +466,6 @@ } } - set_use_cyrus_sasl = getenv("USE_CYRUS_SASL") != NULL; -#ifdef USE_CYRUS_SASL2 - if (set_use_cyrus_sasl) - mech_cyrus_sasl_init_lib(); -#endif ssl_require_client_cert = getenv("SSL_REQUIRE_CLIENT_CERT") != NULL; auth_failures_buf = buffer_create_dynamic(default_pool, 1024);
--- a/src/auth/mech.h Sat Oct 09 17:22:14 2004 +0300 +++ b/src/auth/mech.h Sun Oct 10 16:55:09 2004 +0300 @@ -83,13 +83,6 @@ int mech_fix_username(char *username, const char **error_r); -void mech_cyrus_sasl_init_lib(void); -struct auth_request * -mech_cyrus_sasl_new(struct auth_client_connection *conn, - struct auth_client_request_new *request, - const unsigned char *data, - mech_callback_t *callback); - void auth_request_ref(struct auth_request *request); int auth_request_unref(struct auth_request *request);
--- a/src/lib-index/mail-index-view.c Sat Oct 09 17:22:14 2004 +0300 +++ b/src/lib-index/mail-index-view.c Sun Oct 10 16:55:09 2004 +0300 @@ -167,13 +167,13 @@ void mail_index_view_unref_maps(struct mail_index_view *view) { - struct mail_index_map **maps; + struct mail_index_map *const *maps; size_t i, size; if (view->map_refs == NULL) return; - maps = buffer_get_modifyable_data(view->map_refs, &size); + maps = buffer_get_data(view->map_refs, &size); size /= sizeof(*maps); for (i = 0; i < size; i++)
--- a/src/master/auth-process.c Sat Oct 09 17:22:14 2004 +0300 +++ b/src/master/auth-process.c Sun Oct 10 16:55:09 2004 +0300 @@ -397,8 +397,6 @@ &as->master); } - if (group->set->use_cyrus_sasl) - env_put("USE_CYRUS_SASL=1"); if (group->set->verbose) env_put("VERBOSE=1"); if (group->set->debug)
--- a/src/master/master-settings.c Sat Oct 09 17:22:14 2004 +0300 +++ b/src/master/master-settings.c Sun Oct 10 16:55:09 2004 +0300 @@ -146,7 +146,6 @@ DEF(SET_STR, username_translation), DEF(SET_STR, anonymous_username), - DEF(SET_BOOL, use_cyrus_sasl), DEF(SET_BOOL, verbose), DEF(SET_BOOL, debug), DEF(SET_BOOL, ssl_require_client_cert), @@ -318,7 +317,6 @@ MEMBER(username_translation) "", MEMBER(anonymous_username) "anonymous", - MEMBER(use_cyrus_sasl) FALSE, MEMBER(verbose) FALSE, MEMBER(debug) FALSE, MEMBER(ssl_require_client_cert) FALSE,
--- a/src/master/master-settings.h Sat Oct 09 17:22:14 2004 +0300 +++ b/src/master/master-settings.h Sun Oct 10 16:55:09 2004 +0300 @@ -136,7 +136,7 @@ const char *username_translation; const char *anonymous_username; - int use_cyrus_sasl, verbose, debug; + int verbose, debug; int ssl_require_client_cert; unsigned int count;