Hello, here my suggestions to cyrus-sasl-1.5.11 : * SASL_SYNTAX instead of SASL_FAIL by parsing a configfile * cplus_plus - Deklaration * the des-Library in now in openssl (http://www.openssl.org) rc4 (and many others ... ) are there too. In the Makefile we need instead of -ldes the -lcrypo and the paths to the includes Please add a option --with-openssl=PATH in the configure.in It Compiles and links, but I have 2 problems with DIGEST-MD5 - the minssf seems not work - a prompt is not found (sasl is really complicated) Greetings Rudolf Weber Informatik- und Netzwerkverein Ravensburg e.V http://www.infnet.verein.de --- ./include/sasl.h.orig Sun Oct 17 02:22:03 1999 +++ ./include/sasl.h Fri Nov 19 19:19:39 1999 @@ -87,6 +87,10 @@ #ifndef SASL_H #define SASL_H 1 +#ifdef __cplusplus +extern "C" { +#endif + #define SASL_VERSION_MAJOR 1 #define SASL_VERSION_MINOR 5 #define SASL_VERSION_STEP 11 @@ -147,7 +151,7 @@ #define SASL_PWLOCK (-21) /* password locked */ #define SASL_NOCHANGE (-22) /* requested change was not needed */ #define SASL_BADVERS (-23) /* version mismatch with plug-in */ - +#define SASL_SYNTAX (-24) /* Syntaxerror in Configfile */ #define SASL_NOPATH (-25) /* path not set */ /* max size of a sasl mechanism name */ @@ -932,5 +936,9 @@ * SASL_FAIL -- failure */ LIBSASL_API int sasl_cred_uninstall(sasl_conn_t *conn); + +#ifdef __cplusplus +} +#endif #endif /* SASL_H */ --- ./include/saslutil.h.orig Fri Oct 1 22:27:19 1999 +++ ./include/saslutil.h Fri Nov 19 19:38:42 1999 @@ -6,6 +6,9 @@ #define SASLUTIL_H 1 #include "sasl.h" +#ifdef __cplusplus +extern "C" { +#endif /* base64 decode * in -- input data @@ -77,4 +80,11 @@ LIBSASL_API char * getpass(const char *prompt); #endif /* WIN32 */ +#ifndef HAVE_GETSUBOPT +LIBSASL_API int getsubopt(char **optionp, char * const *tokens, char **valuep); +#endif + +#ifdef __cplusplus +} +#endif #endif /* SASLUTIL_H */ --- ./lib/checkpw.c.orig Mon Sep 20 20:35:00 1999 +++ ./lib/checkpw.c Fri Nov 19 19:19:39 1999 @@ -602,7 +602,7 @@ /* set the password */ sasl_secret_t *sec = NULL; char salt[16]; - sasl_rand_t *rpool; + sasl_rand_t *rpool = NULL; sasl_server_getsecret_t *getsec; sasl_server_putsecret_t *putsec; void *context; --- ./lib/config.c.orig Fri Oct 1 22:16:47 1999 +++ ./lib/config.c Fri Nov 19 19:19:39 1999 @@ -84,14 +84,14 @@ p++; } if (*p != ':') { - return SASL_FAIL; + return SASL_SYNTAX; } *p++ = '\0'; while (*p && isspace((int) *p)) p++; if (!*p) { - return SASL_FAIL; + return SASL_SYNTAX; } if (nconfiglist == alloced) { --- ./lib/common.c.orig Fri Oct 1 22:16:47 1999 +++ ./lib/common.c Fri Nov 19 19:19:39 1999 @@ -427,6 +427,7 @@ case SASL_PWLOCK: return "password locked"; case SASL_NOCHANGE: return "requested change was not needed"; case SASL_BADVERS: return "version mismatch with plug-in"; + case SASL_SYNTAX: return "Syntaxerror in Configfile"; case SASL_NOPATH: return "path not set"; default: return "undefined error!"; } --- ./plugins/digestmd5.c.orig Fri Nov 19 20:00:24 1999 +++ ./plugins/digestmd5.c Fri Nov 19 23:00:48 1999 @@ -34,12 +34,18 @@ #include #include +#ifdef WITH_OPENSSL +#include +#include +#include +#else #ifdef WITH_DES #include #endif /* WITH_DES */ #ifdef WITH_RC4 #include #endif /* WITH_RC4 */ +#endif #ifdef WIN32 # include @@ -180,7 +186,7 @@ cipher_function_t *cipher_dec; cipher_init_t *cipher_init; -#ifdef WITH_DES +#if defined(WITH_DES) || defined(WITH_OPENSSL) des_key_schedule keysched_enc; /* key schedule for des initialization */ des_key_schedule keysched_dec; /* key schedule for des initialization */ @@ -193,6 +199,11 @@ rc4_context_t *rc4_dec_context; #endif /* WITH_RC4 */ +#ifdef WITH_OPENSSL + RC4_KEY *rc4_enc_context; + RC4_KEY *rc4_dec_context; +#endif /* WITH_OPENSSL */ + } context_t; /* this is from the rpc world */ @@ -959,7 +970,7 @@ } } -#ifdef WITH_DES +#if defined(WITH_DES) || defined(WITH_OPENSSL) /****************************** * * 3DES functions @@ -1152,6 +1163,73 @@ #endif /* WITH_DES */ +#ifdef WITH_OPENSSL +static int +init_rc4(void *v, + sasl_utils_t *utils __attribute__((unused)), + char enckey[16], + char deckey[16]) +{ + context_t *text = (context_t *) v; + + /* allocate rc4 context structures */ + text->rc4_enc_context=(RC4_KEY *) text->malloc(sizeof(RC4_KEY)); + if (text->rc4_enc_context==NULL) return SASL_NOMEM; + + text->rc4_dec_context=(RC4_KEY *) text->malloc(sizeof(RC4_KEY)); + if (text->rc4_dec_context==NULL) return SASL_NOMEM; + + /* initialize them */ + RC4_set_key(text->rc4_enc_context,16,(unsigned char *) enckey); + RC4_set_key(text->rc4_dec_context,16,(unsigned char *) deckey); + + return SASL_OK; +} + +static int +dec_rc4(context_t *text, + const char *input, + unsigned inputlen, + unsigned char digest[16], + char *output, + unsigned *outputlen) +{ + /* decrypt the text part */ + RC4(text->rc4_dec_context, inputlen-10,(unsigned char *)input, output); + + /* decrypt the HMAC part */ + RC4(text->rc4_dec_context, 10,(unsigned char *)(input+(inputlen-10)), + (char *) digest); + /* why is sizeof(digest)=16 and the HMAC-Part 10 ???? */ + + /* no padding so we just subtract the HMAC to get the text length */ + *outputlen=inputlen-10; + + return SASL_OK; +} + +static int +enc_rc4(context_t *text, + const char *input, + unsigned inputlen, + unsigned char digest[16], + char *output, + unsigned *outputlen) +{ + /* pad is zero */ + *outputlen = inputlen+10; + + /* encrypt the text part */ + RC4(text->rc4_enc_context,inputlen, (unsigned char *) input, output); + + /* encrypt the HMAC part */ + RC4(text->rc4_enc_context,10,(unsigned char *) digest, (output)+inputlen); + + return SASL_OK; +} + +#endif /* WITH_OPENSSL */ + #ifdef WITH_RC4 static int init_rc4(void *v, @@ -1873,6 +1951,10 @@ #endif /* WITH_DES */ #endif /* WITH_RC4 */ +#ifdef OPENSSL + char *qop = "auth,auth-int,auth-conf"; + char *cipheropts="3des,des,rc4,rc4-40,rc4-56"; +#endif char *charset = "utf-8"; /* char *algorithm="md5-sess"; */ @@ -2133,7 +2215,7 @@ /* check which layer/cipher to use */ if (strcmp(qop, "auth-conf") == 0) { -#ifdef WITH_DES +#if defined(WITH_DES) || defined(OPENSSL) /* for when privacy supported */ VL(("Client requested privacy layer\n")); VL(("Client cipher=%s\n",cipher)); @@ -2155,7 +2237,7 @@ if (0) { #endif /* WITH_DES */ -#ifdef WITH_RC4 +#if defined(WITH_RC4) || defined(OPENSSL) } else if (strcmp(cipher,"rc4")==0) { text->cipher_enc=(cipher_function_t *) &enc_rc4; text->cipher_dec=(cipher_function_t *) &dec_rc4; @@ -2537,7 +2619,7 @@ { { "DIGEST-MD5", -#ifdef WITH_RC4 +#if defined(WITH_RC4) || defined(OPENSSL) 128, /* max ssf */ #else #ifdef WITH_DES @@ -3292,7 +3374,7 @@ /* Client request encryption, server supports it */ /* encryption */ -#ifdef WITH_RC4 +#if defined(WITH_RC4) || defined(WITH_OPENSSL) if ((params->props.max_ssf>=128) && ((ciphers & CIPHER_RC4) == CIPHER_RC4)) { /* rc4 */ VL(("Trying to use rc4")); @@ -3306,7 +3388,7 @@ if (0) { #endif /* WITH_RC4 */ -#ifdef WITH_DES +#if defined(WITH_DES) || defined(WITH_OPENSSL) } else if ((params->props.max_ssf>=112) && ((ciphers & CIPHER_3DES) == CIPHER_3DES)) { VL(("Trying to use 3des")); cipher = "3des"; @@ -3317,7 +3399,7 @@ n=16; /* number of bits to use for privacy key */ #endif /* WITH_DES */ -#ifdef WITH_RC4 +#if defined(WITH_RC4) || defined(WITH_OPENSSL) } else if ((params->props.max_ssf>=56) && ((ciphers & CIPHER_RC456) == CIPHER_RC456)) { /* rc4-56 */ VL(("Trying to use rc4-56")); cipher = "rc4-56"; @@ -3328,7 +3410,7 @@ n = 7; #endif /* WITH_RC4 */ -#ifdef WITH_DES +#if defined(WITH_DES) || defined(WITH_OPENSSL) } else if ((params->props.max_ssf>=55) && ((ciphers & CIPHER_DES) == CIPHER_DES)) { /* des */ VL(("Trying to use des")); cipher = "des"; @@ -3339,7 +3421,7 @@ n=16; #endif /* WITH_DES */ -#ifdef WITH_RC4 +#if defined(WITH_RC4) || defined(WITH_OPENSSL) } else if ((params->props.max_ssf>=40) && ((ciphers & CIPHER_RC440) == CIPHER_RC440)) { /* rc4-40 */ VL(("Trying to use rc4-40")); cipher = "rc4-40"; @@ -3649,7 +3731,7 @@ { { "DIGEST-MD5", -#ifdef WITH_RC4 +#if defined(WITH_RC4) || defined(WITH_OPENSSL) 128, /* max ssf */ #else #ifdef WITH_DES