Hello,
here my suggestions to cyrus-sasl-1.5.11 :
* SASL_SYNTAX instead of SASL_FAIL by parsing a configfile
* cplus_plus - Deklaration
* the des-Library in now in openssl (http://www.openssl.org)
rc4 (and many others ... ) are there too.
In the Makefile we need instead of -ldes the -lcrypo
and the paths to the includes
Please add a option --with-openssl=PATH in the configure.in
It Compiles and links, but I have 2 problems with DIGEST-MD5
- the minssf seems not work
- a prompt is not found
(sasl is really complicated)
Greetings
Rudolf Weber
Informatik- und Netzwerkverein Ravensburg e.V
http://www.infnet.verein.de
--- ./include/sasl.h.orig Sun Oct 17 02:22:03 1999
+++ ./include/sasl.h Fri Nov 19 19:19:39 1999
@@ -87,6 +87,10 @@
#ifndef SASL_H
#define SASL_H 1
+#ifdef __cplusplus
+extern "C" {
+#endif
+
#define SASL_VERSION_MAJOR 1
#define SASL_VERSION_MINOR 5
#define SASL_VERSION_STEP 11
@@ -147,7 +151,7 @@
#define SASL_PWLOCK (-21) /* password locked */
#define SASL_NOCHANGE (-22) /* requested change was not needed */
#define SASL_BADVERS (-23) /* version mismatch with plug-in */
-
+#define SASL_SYNTAX (-24) /* Syntaxerror in Configfile */
#define SASL_NOPATH (-25) /* path not set */
/* max size of a sasl mechanism name */
@@ -932,5 +936,9 @@
* SASL_FAIL -- failure
*/
LIBSASL_API int sasl_cred_uninstall(sasl_conn_t *conn);
+
+#ifdef __cplusplus
+}
+#endif
#endif /* SASL_H */
--- ./include/saslutil.h.orig Fri Oct 1 22:27:19 1999
+++ ./include/saslutil.h Fri Nov 19 19:38:42 1999
@@ -6,6 +6,9 @@
#define SASLUTIL_H 1
#include "sasl.h"
+#ifdef __cplusplus
+extern "C" {
+#endif
/* base64 decode
* in -- input data
@@ -77,4 +80,11 @@
LIBSASL_API char * getpass(const char *prompt);
#endif /* WIN32 */
+#ifndef HAVE_GETSUBOPT
+LIBSASL_API int getsubopt(char **optionp, char * const *tokens, char **valuep);
+#endif
+
+#ifdef __cplusplus
+}
+#endif
#endif /* SASLUTIL_H */
--- ./lib/checkpw.c.orig Mon Sep 20 20:35:00 1999
+++ ./lib/checkpw.c Fri Nov 19 19:19:39 1999
@@ -602,7 +602,7 @@
/* set the password */
sasl_secret_t *sec = NULL;
char salt[16];
- sasl_rand_t *rpool;
+ sasl_rand_t *rpool = NULL;
sasl_server_getsecret_t *getsec;
sasl_server_putsecret_t *putsec;
void *context;
--- ./lib/config.c.orig Fri Oct 1 22:16:47 1999
+++ ./lib/config.c Fri Nov 19 19:19:39 1999
@@ -84,14 +84,14 @@
p++;
}
if (*p != ':') {
- return SASL_FAIL;
+ return SASL_SYNTAX;
}
*p++ = '\0';
while (*p && isspace((int) *p)) p++;
if (!*p) {
- return SASL_FAIL;
+ return SASL_SYNTAX;
}
if (nconfiglist == alloced) {
--- ./lib/common.c.orig Fri Oct 1 22:16:47 1999
+++ ./lib/common.c Fri Nov 19 19:19:39 1999
@@ -427,6 +427,7 @@
case SASL_PWLOCK: return "password locked";
case SASL_NOCHANGE: return "requested change was not needed";
case SASL_BADVERS: return "version mismatch with plug-in";
+ case SASL_SYNTAX: return "Syntaxerror in Configfile";
case SASL_NOPATH: return "path not set";
default: return "undefined error!";
}
--- ./plugins/digestmd5.c.orig Fri Nov 19 20:00:24 1999
+++ ./plugins/digestmd5.c Fri Nov 19 23:00:48 1999
@@ -34,12 +34,18 @@
#include <sys/stat.h>
#include <fcntl.h>
+#ifdef WITH_OPENSSL
+#include<openssl/crypto.h>
+#include<openssl/des.h>
+#include<openssl/rc4.h>
+#else
#ifdef WITH_DES
#include <des.h>
#endif /* WITH_DES */
#ifdef WITH_RC4
#include <rc4.h>
#endif /* WITH_RC4 */
+#endif
#ifdef WIN32
# include <winsock.h>
@@ -180,7 +186,7 @@
cipher_function_t *cipher_dec;
cipher_init_t *cipher_init;
-#ifdef WITH_DES
+#if defined(WITH_DES) || defined(WITH_OPENSSL)
des_key_schedule keysched_enc; /* key schedule for des initialization */
des_key_schedule keysched_dec; /* key schedule for des initialization */
@@ -193,6 +199,11 @@
rc4_context_t *rc4_dec_context;
#endif /* WITH_RC4 */
+#ifdef WITH_OPENSSL
+ RC4_KEY *rc4_enc_context;
+ RC4_KEY *rc4_dec_context;
+#endif /* WITH_OPENSSL */
+
} context_t;
/* this is from the rpc world */
@@ -959,7 +970,7 @@
}
}
-#ifdef WITH_DES
+#if defined(WITH_DES) || defined(WITH_OPENSSL)
/******************************
*
* 3DES functions
@@ -1152,6 +1163,73 @@
#endif /* WITH_DES */
+#ifdef WITH_OPENSSL
+static int
+init_rc4(void *v,
+ sasl_utils_t *utils __attribute__((unused)),
+ char enckey[16],
+ char deckey[16])
+{
+ context_t *text = (context_t *) v;
+
+ /* allocate rc4 context structures */
+ text->rc4_enc_context=(RC4_KEY *) text->malloc(sizeof(RC4_KEY));
+ if (text->rc4_enc_context==NULL) return SASL_NOMEM;
+
+ text->rc4_dec_context=(RC4_KEY *) text->malloc(sizeof(RC4_KEY));
+ if (text->rc4_dec_context==NULL) return SASL_NOMEM;
+
+ /* initialize them */
+ RC4_set_key(text->rc4_enc_context,16,(unsigned char *) enckey);
+ RC4_set_key(text->rc4_dec_context,16,(unsigned char *) deckey);
+
+ return SASL_OK;
+}
+
+static int
+dec_rc4(context_t *text,
+ const char *input,
+ unsigned inputlen,
+ unsigned char digest[16],
+ char *output,
+ unsigned *outputlen)
+{
+ /* decrypt the text part */
+ RC4(text->rc4_dec_context, inputlen-10,(unsigned char *)input, output);
+
+ /* decrypt the HMAC part */
+ RC4(text->rc4_dec_context, 10,(unsigned char *)(input+(inputlen-10)),
+ (char *) digest);
+ /* why is sizeof(digest)=16 and the HMAC-Part 10 ???? */
+
+ /* no padding so we just subtract the HMAC to get the text length */
+ *outputlen=inputlen-10;
+
+ return SASL_OK;
+}
+
+static int
+enc_rc4(context_t *text,
+ const char *input,
+ unsigned inputlen,
+ unsigned char digest[16],
+ char *output,
+ unsigned *outputlen)
+{
+ /* pad is zero */
+ *outputlen = inputlen+10;
+
+ /* encrypt the text part */
+ RC4(text->rc4_enc_context,inputlen, (unsigned char *) input, output);
+
+ /* encrypt the HMAC part */
+ RC4(text->rc4_enc_context,10,(unsigned char *) digest, (output)+inputlen);
+
+ return SASL_OK;
+}
+
+#endif /* WITH_OPENSSL */
+
#ifdef WITH_RC4
static int
init_rc4(void *v,
@@ -1873,6 +1951,10 @@
#endif /* WITH_DES */
#endif /* WITH_RC4 */
+#ifdef OPENSSL
+ char *qop = "auth,auth-int,auth-conf";
+ char *cipheropts="3des,des,rc4,rc4-40,rc4-56";
+#endif
char *charset = "utf-8";
/* char *algorithm="md5-sess"; */
@@ -2133,7 +2215,7 @@
/* check which layer/cipher to use */
if (strcmp(qop, "auth-conf") == 0) {
-#ifdef WITH_DES
+#if defined(WITH_DES) || defined(OPENSSL)
/* for when privacy supported */
VL(("Client requested privacy layer\n"));
VL(("Client cipher=%s\n",cipher));
@@ -2155,7 +2237,7 @@
if (0) {
#endif /* WITH_DES */
-#ifdef WITH_RC4
+#if defined(WITH_RC4) || defined(OPENSSL)
} else if (strcmp(cipher,"rc4")==0) {
text->cipher_enc=(cipher_function_t *) &enc_rc4;
text->cipher_dec=(cipher_function_t *) &dec_rc4;
@@ -2537,7 +2619,7 @@
{
{
"DIGEST-MD5",
-#ifdef WITH_RC4
+#if defined(WITH_RC4) || defined(OPENSSL)
128, /* max ssf */
#else
#ifdef WITH_DES
@@ -3292,7 +3374,7 @@
/* Client request encryption, server supports it */
/* encryption */
-#ifdef WITH_RC4
+#if defined(WITH_RC4) || defined(WITH_OPENSSL)
if ((params->props.max_ssf>=128) &&
((ciphers & CIPHER_RC4) == CIPHER_RC4)) { /* rc4 */
VL(("Trying to use rc4"));
@@ -3306,7 +3388,7 @@
if (0) {
#endif /* WITH_RC4 */
-#ifdef WITH_DES
+#if defined(WITH_DES) || defined(WITH_OPENSSL)
} else if ((params->props.max_ssf>=112) && ((ciphers & CIPHER_3DES) == CIPHER_3DES)) {
VL(("Trying to use 3des"));
cipher = "3des";
@@ -3317,7 +3399,7 @@
n=16; /* number of bits to use for privacy key */
#endif /* WITH_DES */
-#ifdef WITH_RC4
+#if defined(WITH_RC4) || defined(WITH_OPENSSL)
} else if ((params->props.max_ssf>=56) && ((ciphers & CIPHER_RC456) == CIPHER_RC456)) { /* rc4-56 */
VL(("Trying to use rc4-56"));
cipher = "rc4-56";
@@ -3328,7 +3410,7 @@
n = 7;
#endif /* WITH_RC4 */
-#ifdef WITH_DES
+#if defined(WITH_DES) || defined(WITH_OPENSSL)
} else if ((params->props.max_ssf>=55) && ((ciphers & CIPHER_DES) == CIPHER_DES)) { /* des */
VL(("Trying to use des"));
cipher = "des";
@@ -3339,7 +3421,7 @@
n=16;
#endif /* WITH_DES */
-#ifdef WITH_RC4
+#if defined(WITH_RC4) || defined(WITH_OPENSSL)
} else if ((params->props.max_ssf>=40) && ((ciphers & CIPHER_RC440) == CIPHER_RC440)) { /* rc4-40 */
VL(("Trying to use rc4-40"));
cipher = "rc4-40";
@@ -3649,7 +3731,7 @@
{
{
"DIGEST-MD5",
-#ifdef WITH_RC4
+#if defined(WITH_RC4) || defined(WITH_OPENSSL)
128, /* max ssf */
#else
#ifdef WITH_DES