Mercurial > dovecot > core-2.2

changeset 2717:9d83aecdcfd7 HEAD

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Removed Cyrus SASL code completely. It hasn't worked for ages (if ever?) and there's not much point in having it anyway.
author Timo Sirainen <tss@iki.fi>
date Sun, 10 Oct 2004 16:55:09 +0300
parents ca9d5d046f23
children f5b135533197
files configure.in src/auth/Makefile.am src/auth/mech-cyrus-sasl2.c src/auth/mech.c src/auth/mech.h src/lib-index/mail-index-view.c src/master/auth-process.c src/master/master-settings.c src/master/master-settings.h
diffstat 9 files changed, 4 insertions(+), 297 deletions(-) [+]
line wrap: on
line diff
--- a/configure.in	Sat Oct 09 17:22:14 2004 +0300
+++ b/configure.in	Sun Oct 10 16:55:09 2004 +0300
@@ -156,15 +156,6 @@
 	fi,
 	want_mysql=no)
 
-AC_ARG_WITH(cyrus-sasl2,
-[  --with-cyrus-sasl2      Build with Cyrus SASL 2 library support],
-	if test x$withval = xno; then
-		want_cyrus_sasl2=no
-	else
-		want_cyrus_sasl2=yes
-	fi,
-	want_cyrus_sasl2=no)
-
 AC_ARG_WITH(ssl,
 [  --with-ssl=[gnutls|openssl] Build with GNUTLS (default) or OpenSSL],
 	if test x$withval = xno; then
@@ -1234,16 +1225,6 @@
 	fi
 fi
 
-if test $want_cyrus_sasl2 = yes; then
-	AC_CHECK_LIB(sasl2, sasl_server_start, [
-		AC_CHECK_HEADER(sasl/sasl.h, [
-			AC_DEFINE(USE_CYRUS_SASL2,,
-				  Define if you want to use Cyrus SASL library)
-			AUTH_LIBS="$AUTH_LIBS -lsasl2"
-		])
-	])
-fi
-
 if test $need_crypt = yes; then
 	AC_CHECK_LIB(crypt, crypt, [
 		AUTH_LIBS="-lcrypt $AUTH_LIBS"
--- a/src/auth/Makefile.am	Sat Oct 09 17:22:14 2004 +0300
+++ b/src/auth/Makefile.am	Sun Oct 10 16:55:09 2004 +0300
@@ -40,7 +40,6 @@
 	main.c \
 	mech.c \
 	mech-anonymous.c \
-	mech-cyrus-sasl2.c \
 	mech-plain.c \
 	mech-login.c \
 	mech-cram-md5.c \
--- a/src/auth/mech-cyrus-sasl2.c	Sat Oct 09 17:22:14 2004 +0300
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,250 +0,0 @@
-/* Copyright (C) 2003 Timo Sirainen */
-
-#include "common.h"
-#include "mech.h"
-
-#ifdef USE_CYRUS_SASL2
-
-#include <stdlib.h>
-#include <sasl/sasl.h>
-
-#include "auth-mech-desc.h"
-
-struct cyrus_auth_request {
-	struct auth_request auth_request;
-
-	sasl_conn_t *conn;
-	int success;
-};
-
-static const char *auth_mech_to_str(enum auth_mech mech)
-{
-	int i;
-
-	for (i = 0; i < AUTH_MECH_COUNT; i++) {
-		if (auth_mech_desc[i].mech == mech)
-			return auth_mech_desc[i].name;
-	}
-
-	return NULL;
-}
-
-static int
-cyrus_sasl_auth_continue(struct auth_request *auth_request,
-			 struct auth_login_request_continue *request,
-			 const unsigned char *data, mech_callback_t *callback)
-{
-	struct cyrus_auth_request *cyrus_request =
-		(struct cyrus_auth_request *)auth_request;
-	struct auth_login_reply reply;
-	const char *serverout;
-	unsigned int serveroutlen;
-	int ret;
-
-	ret = sasl_server_step(cyrus_request->conn, data, request->data_size,
-			       &serverout, &serveroutlen);
-
-	mech_init_login_reply(&reply);
-	reply.id = request->id;
-
-	if (ret == SASL_CONTINUE) {
-		reply.result = AUTH_LOGIN_RESULT_CONTINUE;
-		reply.data_size = serveroutlen;
-	} else if (ret == SASL_OK) {
-		/* success */
-		reply.result = AUTH_LOGIN_RESULT_SUCCESS;
-		cyrus_request->success = TRUE;
-
-		serverout = mech_auth_success(&reply, auth_request,
-					      serverout, serveroutlen);
-	} else {
-		/* failure */
-		reply.result = AUTH_LOGIN_RESULT_FAILURE;
-	}
-
-	callback(&reply, serverout, auth_request->conn);
-	return reply.result != AUTH_LOGIN_RESULT_FAILURE;
-}
-
-#if 0
-static int auth_sasl_fill_reply(struct cookie_data *cookie,
-				struct auth_cookie_reply_data *reply)
-{
-	struct auth_context *ctx = cookie->context;
-	const char *canon_user;
-        const struct propval *prop;
-	int ret;
-
-	if (!ctx->success)
-		return FALSE;
-
-	/* get our username */
-	ret = sasl_getprop(ctx->conn, SASL_USERNAME,
-			   (const void **) &canon_user);
-	if (ret != SASL_OK) {
-		i_warning("sasl_getprop() failed: %s",
-			  sasl_errstring(ret, NULL, NULL));
-		return FALSE;
-	}
-
-	memset(reply, 0, sizeof(*reply));
-	reply->success = TRUE;
-
-	if (strocpy(reply->virtual_user, canon_user,
-		    sizeof(reply->virtual_user)) < 0)
-		i_panic("virtual_user overflow");
-
-	/* get other properties */
-	prop = prop_get(sasl_auxprop_getctx(ctx->conn));
-	for (; prop != NULL && prop->name != NULL; prop++) {
-		if (prop->nvalues == 0 || prop->values[0] == NULL)
-			continue;
-
-		if (strcasecmp(prop->name, SASL_AUX_UIDNUM) == 0)
-			reply->uid = atoi(prop->values[0]);
-		else if (strcasecmp(prop->name, SASL_AUX_GIDNUM) == 0)
-			reply->gid = atoi(prop->values[0]);
-		else if (strcasecmp(prop->name, SASL_AUX_HOMEDIR) == 0) {
-			if (strocpy(reply->home, prop->values[0],
-				    sizeof(reply->home)) < 0)
-				i_panic("home overflow");
-		} else if (strcasecmp(prop->name, SASL_AUX_UNIXMBX) == 0) {
-			if (strocpy(reply->mail, prop->values[0],
-				    sizeof(reply->mail)) < 0)
-				i_panic("mail overflow");
-		}
-	}
-
-	return TRUE;
-}
-#endif
-
-static void cyrus_sasl_auth_free(struct auth_request *auth_request)
-{
-	struct cyrus_auth_request *cyrus_request =
-		(struct cyrus_auth_request *)auth_request;
-
-	sasl_dispose(&cyrus_request->conn);
-	pool_unref(auth_request->pool);
-}
-
-struct auth_request *mech_cyrus_sasl_new(struct login_connection *conn,
-					 struct auth_login_request_new *request,
-					 mech_callback_t *callback)
-{
-	static const char *propnames[] = {
-		SASL_AUX_UIDNUM,
-		SASL_AUX_GIDNUM,
-		SASL_AUX_HOMEDIR,
-		SASL_AUX_UNIXMBX,
-		NULL
-	};
-	struct cyrus_auth_request *cyrus_request;
-	struct auth_login_reply reply;
-	const char *mech, *serverout;
-	unsigned int serveroutlen;
-	sasl_security_properties_t sec_props;
-	sasl_conn_t *sasl_conn;
-	pool_t pool;
-	int ret;
-
-	mech = auth_mech_to_str(request->mech);
-	if (mech == NULL)
-		i_fatal("Login asked for unknown mechanism %d", request->mech);
-
-	/* create new SASL connection */
-	ret = sasl_server_new("imap", NULL, NULL, NULL, NULL, NULL, 0,
-			      &sasl_conn);
-	if (ret != SASL_OK) {
-		i_fatal("sasl_server_new() failed: %s",
-			sasl_errstring(ret, NULL, NULL));
-	}
-
-	/* don't allow SASL security layer */
-	memset(&sec_props, 0, sizeof(sec_props));
-	sec_props.min_ssf = 0;
-	sec_props.max_ssf = 1;
-
-	if (sasl_setprop(sasl_conn, SASL_SEC_PROPS, &sec_props) != SASL_OK) {
-		i_fatal("sasl_setprop(SASL_SEC_PROPS) failed: %s",
-			sasl_errstring(ret, NULL, NULL));
-	}
-
-	ret = sasl_auxprop_request(sasl_conn, propnames);
-	if (ret != SASL_OK) {
-		i_fatal("sasl_auxprop_request() failed: %s",
-			sasl_errstring(ret, NULL, NULL));
-	}
-
-	/* initialize reply */
-	mech_init_login_reply(&reply);
-	reply.id = request->id;
-	reply.reply_idx = 0;
-
-	/* start the exchange */
-	ret = sasl_server_start(sasl_conn, mech, NULL, 0,
-				&serverout, &serveroutlen);
-	if (ret != SASL_CONTINUE) {
-		reply.result = AUTH_LOGIN_RESULT_FAILURE;
-		sasl_dispose(&sasl_conn);
-
-		callback(&reply, NULL, conn);
-		return NULL;
-	}
-
-	pool = pool_alloconly_create("cyrus_sasl_auth_request", 256);
-	cyrus_request = p_new(pool, struct cyrus_auth_request, 1);
-
-	cyrus_request->auth_request.refcount = 1;
-	cyrus_request->auth_request.pool = pool;
-	cyrus_request->auth_request.auth_continue =
-		cyrus_sasl_auth_continue;
-	cyrus_request->auth_request.auth_free =
-		cyrus_sasl_auth_free;
-
-	reply.result = AUTH_LOGIN_RESULT_CONTINUE;
-
-	reply.data_size = serveroutlen;
-	callback(&reply, serverout, conn);
-
-	return &cyrus_request->auth_request;
-}
-
-static int sasl_log(void *context __attr_unused__,
-		    int level, const char *message)
-{
-	switch (level) {
-	case SASL_LOG_ERR:
-		i_error("SASL authentication error: %s", message);
-		break;
-	case SASL_LOG_WARN:
-		i_warning("SASL authentication warning: %s", message);
-		break;
-	case SASL_LOG_NOTE:
-		/*i_info("SASL authentication info: %s", message);*/
-		break;
-	case SASL_LOG_FAIL:
-		/*i_info("SASL authentication failure: %s", message);*/
-		break;
-	}
-
-	return SASL_OK;
-}
-
-static const struct sasl_callback sasl_callbacks[] = {
-	{ SASL_CB_LOG, &sasl_log, NULL },
-	{ SASL_CB_LIST_END, NULL, NULL }
-};
-
-void mech_cyrus_sasl_init_lib(void)
-{
-	int ret;
-
-	ret = sasl_server_init(sasl_callbacks, "dovecot-auth");
-	if (ret != SASL_OK) {
-		i_fatal("sasl_server_init() failed: %s",
-			sasl_errstring(ret, NULL, NULL));
-	}
-}
-
-#endif
--- a/src/auth/mech.c	Sat Oct 09 17:22:14 2004 +0300
+++ b/src/auth/mech.c	Sun Oct 10 16:55:09 2004 +0300
@@ -20,7 +20,6 @@
 char username_chars[256], username_translation[256];
 int ssl_require_client_cert;
 
-static int set_use_cyrus_sasl;
 static struct auth_client_request_reply failure_reply;
 
 static buffer_t *auth_failures_buf;
@@ -114,13 +113,7 @@
 		return;
 	}
 
-#ifdef USE_CYRUS_SASL2
-	if (set_use_cyrus_sasl)
-		auth_request = mech_cyrus_sasl_new(conn, request, callback);
-	else
-#endif
-		auth_request = mech->auth_new();
-
+	auth_request = mech->auth_new();
 	if (auth_request == NULL)
 		return;
 
@@ -473,11 +466,6 @@
 		}
 	}
 
-	set_use_cyrus_sasl = getenv("USE_CYRUS_SASL") != NULL;
-#ifdef USE_CYRUS_SASL2
-	if (set_use_cyrus_sasl)
-		mech_cyrus_sasl_init_lib();
-#endif
 	ssl_require_client_cert = getenv("SSL_REQUIRE_CLIENT_CERT") != NULL;
 
 	auth_failures_buf = buffer_create_dynamic(default_pool, 1024);
--- a/src/auth/mech.h	Sat Oct 09 17:22:14 2004 +0300
+++ b/src/auth/mech.h	Sun Oct 10 16:55:09 2004 +0300
@@ -83,13 +83,6 @@
 
 int mech_fix_username(char *username, const char **error_r);
 
-void mech_cyrus_sasl_init_lib(void);
-struct auth_request *
-mech_cyrus_sasl_new(struct auth_client_connection *conn,
-		    struct auth_client_request_new *request,
-		    const unsigned char *data,
-		    mech_callback_t *callback);
-
 void auth_request_ref(struct auth_request *request);
 int auth_request_unref(struct auth_request *request);
 
--- a/src/lib-index/mail-index-view.c	Sat Oct 09 17:22:14 2004 +0300
+++ b/src/lib-index/mail-index-view.c	Sun Oct 10 16:55:09 2004 +0300
@@ -167,13 +167,13 @@
 
 void mail_index_view_unref_maps(struct mail_index_view *view)
 {
-	struct mail_index_map **maps;
+	struct mail_index_map *const *maps;
 	size_t i, size;
 
 	if (view->map_refs == NULL)
 		return;
 
-	maps = buffer_get_modifyable_data(view->map_refs, &size);
+	maps = buffer_get_data(view->map_refs, &size);
 	size /= sizeof(*maps);
 
 	for (i = 0; i < size; i++)
--- a/src/master/auth-process.c	Sat Oct 09 17:22:14 2004 +0300
+++ b/src/master/auth-process.c	Sun Oct 10 16:55:09 2004 +0300
@@ -397,8 +397,6 @@
 					&as->master);
 	}
 
-	if (group->set->use_cyrus_sasl)
-		env_put("USE_CYRUS_SASL=1");
 	if (group->set->verbose)
 		env_put("VERBOSE=1");
 	if (group->set->debug)
--- a/src/master/master-settings.c	Sat Oct 09 17:22:14 2004 +0300
+++ b/src/master/master-settings.c	Sun Oct 10 16:55:09 2004 +0300
@@ -146,7 +146,6 @@
 	DEF(SET_STR, username_translation),
 	DEF(SET_STR, anonymous_username),
 
-	DEF(SET_BOOL, use_cyrus_sasl),
 	DEF(SET_BOOL, verbose),
 	DEF(SET_BOOL, debug),
 	DEF(SET_BOOL, ssl_require_client_cert),
@@ -318,7 +317,6 @@
 	MEMBER(username_translation) "",
 	MEMBER(anonymous_username) "anonymous",
 
-	MEMBER(use_cyrus_sasl) FALSE,
 	MEMBER(verbose) FALSE,
 	MEMBER(debug) FALSE,
 	MEMBER(ssl_require_client_cert) FALSE,
--- a/src/master/master-settings.h	Sat Oct 09 17:22:14 2004 +0300
+++ b/src/master/master-settings.h	Sun Oct 10 16:55:09 2004 +0300
@@ -136,7 +136,7 @@
 	const char *username_translation;
 	const char *anonymous_username;
 
-	int use_cyrus_sasl, verbose, debug;
+	int verbose, debug;
 	int ssl_require_client_cert;
 
 	unsigned int count;