forked from ClickHouse/cyrus-sasl
-
Notifications
You must be signed in to change notification settings - Fork 0
/
ChangeLog
3490 lines (2780 loc) · 138 KB
/
ChangeLog
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
2016-10-18 Ken Murchison <[email protected]>
* Fixed potential DoS attack on saslauthd/doors (from Oracle)
2016-06-30 Ken Murchison <[email protected]>
* plugins/ntlm.c, otp.c: support OpenSSL 1.1
2016-06-14 Ken Murchison <[email protected]>
* plugins/digestmd5.c: Fix memory leak in client step 2
2016-03-24 Ken Murchison <[email protected]>
* auth_rimap.c: Don't hang when IMAP server closes connection
2016-01-29 Ken Murchison <[email protected]>
* Build fixes from Ignacio Casal Quinteiro
2015-12-26 Ken Murchison <[email protected]>
* Build fixes from Ignacio Casal Quinteiro
2015-11-16 Ken Murchison <[email protected]>
* Build fixes from Ignacio Casal Quinteiro
2015-10-14 Ken Murchison <[email protected]>
* Build fixes from Ignacio Casal Quinteiro
2015-07-17 Ken Murchison <[email protected]>
* auth_krb5.c: added krb5_conv_krb4_instance option
2014-11-17 Ken Murchison <[email protected]>
* plugins/digestmd5.c: Fix memory leaks
2014-11-17 Ken Murchison <[email protected]>
* plugins/digestmd5.c: prevent going from step 3 to step 2
2013-09-13 Alexey Melnikov <[email protected]>
* Fix memory leaks in DIGEST
2013-08-30 Ken Murchison <[email protected]>
* plugins/digestmd5.c: only locate reauth cache when reauth is
enabled
2013-07-11 Alexey Melnikov <[email protected]>
* Treat SCRAM and DIGEST as more secure than PLAIN when selecting
client-side mechanism
2013-07-11 Alexey Melnikov <[email protected]>
* Handle NULL return from crypt()
2012-11-20 Alexey Melnikov <[email protected]>
* Added support for lmdb
2012-11-19 Alexey Melnikov <[email protected]>
* Final 2.1.26 tagged and released by Ken.
2012-07-06 Alexey Melnikov <[email protected]>
* saslauthd/auth_krb5.c: Fixed a crash in the auth_krb5.c
(bug # 2706). Patch by Nalin Dahyabhai.
2012-07-03 Alexey Melnikov <[email protected]>
* config/ltconfig: Fixed incorrect Darwin version matching in ltconfig
(bug # 3713). Patch by Joshua Root.
2012-06-08 Alexey Melnikov <[email protected]>
* Fixed PLAIN/LOGIN authentication failure when using saslauthd
with no auxprop plugins (bug # 3590).
2012-06-08 Alexey Melnikov <[email protected]>
* Added generation of pkg-config .pc file for Cyrus SASL.
Patch by Dilyan Palauzov.
2012-06-03 Alexey Melnikov <[email protected]>
* Correctly updated libtool version for libsasl and its plugins due
to ABI changes (bug # 3692).
2012-06-02 Alexey Melnikov <[email protected]>
* Better error reporting from auth_getpwent.c/auth_shadow.c
(bug # 3134). Based on a patch by Greg A. Woods.
2012-06-02 Alexey Melnikov <[email protected]>
* Improved error logging on failure to load plugins.
Patch by Greg A. Woods.
2012-05-30 Alexey Melnikov <[email protected]>
* plugins/otp.c, plugins/srp.c: Removed calling of EVP_cleanup()
on SRP/OTP plugin shutdown
2012-05-30 Alexey Melnikov <[email protected]>
* saslauthd/auth_httpform.c: Encode the parameter values passed to
auth_httpform, not the whole POST data.
2012-05-30 Alexey Melnikov <[email protected]>
* lib/config.c, saslauthd/cfile.c: Fixed file descriptor leaks
throughout the code (bug # 3702). Slightly reformatted patch
by Manfred Weichel.
2012-05-29 Alexey Melnikov <[email protected]>
* bug in "saslauthd -a rimap" - not reading the whole IMAP greeting
(bug # 3211). Patch from Lutz Mark (via Red Hat)
2012-05-29 Alexey Melnikov <[email protected]>
* Modernize SASL malloc/realloc callback prototypes
2012-05-29 Alexey Melnikov <[email protected]>
* lib/saslutil.c: Fixed broken logic in get_fqhostname() when
abort_if_no_fqdn is 0 (bug # 3589). Patch by [email protected]
2012-05-28 Alexey Melnikov <[email protected]>
* sasldb/db_berkeley.c, utils/dbconverter-2.c: Added support for
BerkleyDB 5.X or later (Patch by Howard Chu)
2012-04-20 Alexey Melnikov <[email protected]>
* lib/client.c, lib/server.c, lib/saslint.h: Make server and client
side global callbacks private to server.c/client.c respectively
2012-02-10 Ken Murchison <[email protected]>
* plugins/digestmd5.c: better handling of HTTP reauth cases.
2012-01-28 Ken Murchison <[email protected]>
* plugins/digestmd5.c: Correctly send "stale" directive to prevent
clients from (re)promtping for password
2011-11-25 Alexey Melnikov <[email protected]>
* plugins/gs2.c: Updated GS2 plugin not to lose minor GSS-API
status codes on errors (based on a patch from Ralf Haferkamp
2011-11-21 Alexey Melnikov <[email protected]>
* plugins/gssapi.c: Only check out_flags once authentication is
successfully completed
2011-11-09 Ken Murchison <[email protected]>
* cmulocal/sasl2.m4, plugins/gssapi.c, utils/testsuite.c:
Added GSS-SPNEGO plugin which can also be used for HTTP
Negotiate authentication (RFC 4559)
2011-11-08 Ken Murchison <[email protected]>
* plugins/ntlm.c: Flag client-side of NTLM plugin as HTTP-ready
2011-11-08 Ken Murchison <[email protected]>
* include/saslutil.h, lib/config.c, lib/server.c
Added sasl_config_done() to plug a memory leak when using an
application specific config file
2011-10-07 Alexey Melnikov <[email protected]>
* plugins/gssapi.c: Fixed a segfault in gssapi.c
(patch by Phil Pennock)
2011-09-22 Alexey Melnikov <[email protected]>
* config/ltconfig, saslauthd/config/ltconfig: Fixed Cyrus SASL
build on some versions of Mac OS.
2011-09-22 Alexey Melnikov <[email protected]>
* saslauthd/auth_rimap.c: qstring incorrectly appending
the closing double quote. (Merge from RedHat)
2011-09-22 Alexey Melnikov <[email protected]>
* lib/common.c: unlock the mutex in sasl_dispose if the context
was freed by another thread. (Merge from RedHat)
2011-09-22 Alexey Melnikov <[email protected]>
* Makefile.am: "lib" should be built before "plugins"
(Patch from [email protected])
2011-09-22 Alexey Melnikov <[email protected]>
* lib/saslutil.c: MINGW32 doesn't have rand_s
(Patch from [email protected])
2011-09-22 Alexey Melnikov <[email protected]>
* configure.in: Various build fixes for MINGW32
(including defining sleep())
(Patch from [email protected])
2011-09-15 Alexey Melnikov <[email protected]>
* sample/client.c: Added additional typecasts to kill warnings
about incompatible callback types
2011-09-13 Alexey Melnikov <[email protected]>
* configure.in, config/ltconfig, config/ltmain.sh:
MacOS X related build fixes: use .plugin when building
SASL plugins, fixed version number calculation,
don't generate multiple symlinks.
Also use LD_RUN_PATH as rpath. (patches by Chris Ridd)
2011-09-12 Alexey Melnikov <[email protected]>
* win32/common.mak: Add _CRT_SECURE_NO_DEPRECATE define
to suppress warnings about use of strdup, snprintf, etc.
2011-09-12 Alexey Melnikov <[email protected]>
* sasldb/db_berkeley.c:
Fixed warnings about incompatible callback types.
2011-09-12 Alexey Melnikov <[email protected]>
* lib/NTMakefile plugins/NTMakefile:
Make sure that copied .c files are only rebuilt when changed.
2011-09-07 Ken Murchison <[email protected]>
* plugins/scram.c:
Fixed 3 memory leaks in SCRAM. Final 2.1.25.
2011-09-07 Alexey Melnikov <[email protected]>
* configure.in, plugins/NTMakefile, plugins/cram.c:
Allow use of cmusaslsecretCRAM-MD5 property to be disabled.
2011-09-02 Alexey Melnikov <[email protected]>
* config/config.guess, config/config.sub,
saslauthd/config/config.guess, saslauthd/config/config.sub:
Updated config to the latest GNU snapshot.
2011-09-01 Alexey Melnikov <[email protected]>
* lib/server.c: Make sure that a failed authorization doesn't preclude
further SASL authentication attempts from working.
2011-09-01 Alexey Melnikov <[email protected]>
* lib/server.c: Fixed some aspects of mech_avail callback handling
in the server side SASL code.
2011-09-01 Alexey Melnikov <[email protected]>
* config/ltconfig, saslauthd/config/ltconfig: Fix SASL's libtool
MacOS/X 64-bit file magic. (Patch by Kurt Zeilenga)
2011-09-01 Alexey Melnikov <[email protected]>
* plugins/scram.c: Fixed some additional Windows warnings and
a memory leak in SCRAM.
2011-09-01 Alexey Melnikov <[email protected]>
* plugins/scram.c: Fix size_t * v. unsigned * bug.
(Patch by Kurt Zeilenga)
2011-09-01 Alexey Melnikov <[email protected]>
* lib/server.c: Fixed a crash caused by aborted SASL authentication
and initiation of another one using the same SASL context.
2011-09-01 Alexey Melnikov <[email protected]>
* include/md5.h, include/sasl.h, include/saslplug.h, lib/auxprop.c,
lib/canonusr.c, lib/client.c, lib/common.c, lib/saslint.h, lib/server.c,
lib/seterror.c, plugins/otp.c, plugins/plugin_common.c,
sasldb/db_berkeley.c, sample/sample-client.c, sample/sample-server.c,
utils/pluginviewer.c, utils/sasldblistusers.c, utils/saslpasswd.c,
utils/testsuite.c: Many of the SASL includes define function pointers
without specifying arguments. In C, the () is treated as unspecified,
rather than (void), hence this is technically not a prototype,
and gcc warns about it. (Patch by Dave Cridland and Alexey Melnikov)
2011-09-01 Alexey Melnikov <[email protected]>
* lib/server.c: Better server plugin API mismatch reporting
2011-05-23 Alexey Melnikov <[email protected]>
* plugins/gs2.c, plugins/gs2_token.c, plugins/gs2_token.h,
cmulocal/sasl2.m4: Use draft-josefsson-gss-capsulate-01 if present.
Negative SASL errors are fatal. (Patch from Luke Howard.)
2011-05-13 Ken Murchison <[email protected]>
* include/sasl.h, plugins/digest-md5.c:
Allow for non-persistent connections when using DIGEST-MD5 plugin
for server-side HTTP Digest (RFC 2617). Also make sure that an
HTTP request is handed to plugin when required.
2011-04-19 Alexey Melnikov <[email protected]>
* plugins/gssapi.c: Fix to build GSSAPI with Heimdal (patch from
Russ Allbery from Debian)
2011-04-18 Alexey Melnikov <[email protected]>
* plugins/gs2_token.h: Added gs2_token.h for the "make dist" target
(patch by Dan White)
2011-04-13 Alexey Melnikov <[email protected]>
* cmulocal/sasl2.m4: Only enable GS2 plugin if
gss_inquire_mech_for_saslname is defined in gssapi.h
2011-04-12 Alexey Melnikov <[email protected]>
* plugins/Makefile.am, plugins/makeinit.sh, plugins/ldapdb.c:
LDAPDB build fixes from Dan White
2011-04-05 Alexey Melnikov <[email protected]>
* configure.in, plugins/Makefile.am, plugins/NTMakefile,
plugins/makeinit.sh, lib/staticopen.h, win32/include/config.h:
Enabled SCRAM plugin build
2011-03-25 Alexey Melnikov <[email protected]>
* plugins/Makefile.am, plugins/makeinit.sh, plugins/gs2_token.h,
plugins/gs2_token.c, README.GS2, cmulocal/sasl2.m4: GS2 plugin
from Luke Howard
2011-01-25 Ken Murchison <[email protected]>
* include/sasl.h, include/saslplug.h, lib/client.c, lib/common.c,
plugins/digest-md5.c sample/http_digest_client.c:
Allow DIGEST-MD5 plugin to be used for client-side
HTTP Digest (RFC 2617)
2011-01-21 Alexey Melnikov <[email protected]>
* plugins/scram.c: Added support for channel bindings to SCRAM-SHA-1.
2011-01-21 Alexey Melnikov <[email protected]>
* lib/client.c, lib/server.c, lib/common.c, lib/saslint.h: Fixed libsasl
to accept *-PLUS SASL mechanism names in client_mech_list/mech_list
options. As *-PLUS mechanism names were synthesized and didn't
correspond to real plugin names, setting client_mech_list to
"SCRAM-SHA-1-PLUS" (for example) was resulting in authentication
failure due to inability to find a matching SASL plugin.
2011-01-21 Alexey Melnikov <[email protected]>
* include/saslplug.h, lib/client.c: Fixed handling of channel bindings
on the client side. The client side was failing to select a suitable
SASL mechanism when the application specified channel bindings, but
didn't make them mandatory to use. In such a configuration, if a
non channel binding capable mechanism was selected through
"client_mech_list" SASL option, sasl_client_start would fail.
For example if the server supports both SCRAM-SHA-1[-PLUS] and
PLAIN and "client_mech_list" was set to "PLAIN", authentication
would never work.
2011-01-21 Alexey Melnikov <[email protected]>
* lib/client.c, lib/server.c: Better default ordering of SASL mechanisms.
Ordering by plugins max_ssf produces wrong result in case an application
using SASL doesn't care about SASL security layers. Before this change
DIGEST-MD5 was always preferred over SCRAM-SHA-1[-PLUS]. In particular
this change takes support for channel bindings into considerations.
2011-01-19 Ken Murchison <[email protected]>
* include/sasl.h, include/saslplug.h,
lib/common.c, lib/server.c, plugins/digest-md5.c:
Changed server-side of HTTP Digest so that the application
must pass an HTTP Request structure (Method/URI/Entity-Body)
rather than just the HTTP Method
2011-01-19 Alexey Melnikov <[email protected]>
* lib/server.c: Server side SASL context should list *-PLUS SASL
mechanisms before the corresponding non-PLUS mechanisms for naive
SASL clients.
2011-01-19 Alexey Melnikov <[email protected]>
* lib/common.c: Fixed some Windows warnings in SASL security layer
handling.
2011-01-19 Alexey Melnikov <[email protected]>
* plugins/scram.c: Made the default number of SCRAM hash iterations
configurable using a new SASL option called "scram_iteration_counter".
Also fixed a couple of error messages.
2011-01-19 Alexey Melnikov <[email protected]>
* utils/pluginviewer.c: Fixed some Linux warnings in pluginviewer.
2011-01-19 Alexey Melnikov <[email protected]>
* plugins/scram.c: Added support for storing SCRAM secrets in
authPassword attribute. Also added the "scram_secret_generate" option
for controlling if authPassword SCRAM secret should be generated
or not. By default (when not specified) the authPassword SCRAM secret
is NOT generated.
2011-01-19 Alexey Melnikov <[email protected]>
* plugins/scram.c: Updated the SCRAM plugin not to use the hardcoded
SCRAM-SHA-1 plugin name in logging.
2011-01-18 Alexey Melnikov <[email protected]>
* plugins/digestmd5.c: Use the same username for reauthentication
cache lookup and update. Thanks to Ken for pointing out the
problem.
2011-01-14 Ken Murchison <[email protected]>
* plugins/ntlm.c: Flag NTLM plugin as HTTP-ready
2011-01-14 Ken Murchison <[email protected]>
* include/sasl.h, include/saslplug.h,
lib/common.c, lib/server.c, plugins/digest-md5.c:
Allow DIGEST-MD5 plugin to be used for server-side
HTTP Digest (RFC 2617)
2010-12-01 Alexey Melnikov <[email protected]>
* lib/server.c: Some reformatting and safer handling of 'free
after SASL server shutdown' condition in server_dispose.
2010-12-01 Alexey Melnikov <[email protected]>
* lib/server.c: server_idle needs to obey server's SASL mechanism
list from the server context.
2010-12-01 Alexey Melnikov <[email protected]>
* lib/client.c, lib/saslint.h: Added support for ordering
SASL mechanisms by strength (on the client side),
or using the client_mech_list option.
2010-12-01 Alexey Melnikov <[email protected]>
* include/sasl.h, include/saslplug.h, lib/client.c, lib/common.c,
lib/saslint.h, lib/server.c, sample/Makefile.am, sample/client.c,
sample/server.c: Added support for channel bindings
(patch by Luke Howard).
2010-12-01 Alexey Melnikov <[email protected]>
* lib/saslutil.c: Fixed the random number generator on Windows
to actually produce random output on each run.
2010-12-01 Alexey Melnikov <[email protected]>
* lib/common.c: Updated textual representations of some error
messages
2010-11-30 Alexey Melnikov <[email protected]>
* plugins/digestmd5.c: Eliminated some "signed/unsigned mismatch"
warnings.
2010-11-30 Alexey Melnikov <[email protected]>
* plugins/digestmd5.c, plugins/srp.c, plugins/otp.c,
plugins/ntlm.c, plugins/login.c, plugins/cram.c:
Be protective against calling sasl_server_step
once authentication has failed.
2010-11-30 Alexey Melnikov <[email protected]>
* plugins/digestmd5.c: Minimize the number of auxprop lookups
in the server side DIGEST-MD5 plugin for the most common
case when authentication and authorization identities are
the same.
2010-11-30 Alexey Melnikov <[email protected]>
* plugins/digestmd5.c: Updated digestmd5_server_mech_step2()
to be more defensive against empty client input.
2010-11-30 Alexey Melnikov <[email protected]>
* plugins/digestmd5.c: Fixed some memory leaks on failed
plugin initialization. Prevent potential race condition
when freeding plugin state. Set the freed reauthentication
cache mutex to NULL, to make errors due to mutex access
after free more obvious.
2010-11-30 Alexey Melnikov <[email protected]>
* plugins/digestmd5.c: Test against broken UTF-8 based hashes
if calculation using special ISO-8859-1 code fails.
This affected some XMPP clients. Patch by Dave Cridland
2010-11-30 Alexey Melnikov <[email protected]>
* plugins/digestmd5.c: Fixed an interop problem with some
LDAP clients ignoring server advertised realm
and providing their own.
2009-08-14 Alexey Melnikov <[email protected]>
* saslauthd/auth_shadow.c: Rolled back the previous commit
(#define _XOPEN_SOURCE before including unistd.h),
as this seems to break Solaris 8 build. Note that crypt.h
should be present on a Solaris 8 machine, as well is on Debian,
so this shouldn't be a problem.
2009-08-04 Alexey Melnikov <[email protected]>
* plugins/gssapi.c: Properly set serveroutlen to 0 in one place.
Don't send empty challenge once server context establishment is done,
as this is in violation of the RFC 2222 and its successor.
2009-07-24 Alexey Melnikov <[email protected]>
* plugins/gssapi.c: Don't send maxbuf, if no security layer
can be established. Added additional checks for buffer lengths.
2009-05-20 Ken Murchison <[email protected]>
* configure.in, cmulocal/sasl2.m4,
config/kerberos_v4.m4, config/plain.m4, config/sasldb.m4,
lib/Makefile.am: Fixes to allow static libs to be built in the
CMU build environment
2009-05-07 Ken Murchison <[email protected]>
* configure.in, include/sasl.h, lib/Makefile.am,
plugins/Makefile.am, saslauthd/configure.in, sasldb/Makefile.am,
win32/common.mak, win32/include/config.h: 2.1.24
2009-05-03 Alexey Melnikov <[email protected]>
* sample/sample-client.c, sample/sample-server.c, utils/smtptest.c:
Fixed bug # 2895 (passing LF to sasl_decode64)
2009-05-03 Alexey Melnikov <[email protected]>
* lib/NTMakefile: Disabled annoying warnings about use of
deprecated standard C library functions, enabled
warnings about Windows64 portability
2009-05-03 Alexey Melnikov <[email protected]>
* configure.in: Added support for SQLite3
(patch by Maxim Gorbachyov)
2009-04-27 Ken Murchison <[email protected]>
* lib/saslutil.c: Fixed CERT VU#238019 (make sure sasl_encode64()
always NUL terminates output or returns SASL_BUFOVER).
2009-04-11 Alexey Melnikov <[email protected]>
* plugins/sql.c: Fixed SQLite lookup function.
Also fixed SASL PLAIN authentication when used with
SQLite auxprop backend.
2009-04-11 Alexey Melnikov <[email protected]>
* lib/dlopen.c: Updated to use .plugin extension on MacOS
2009-04-08 Alexey Melnikov <[email protected]>
* lib/client.c, lib/server.c: Removed unused mutexes
(bug # 3141)
2009-03-10 Alexey Melnikov <[email protected]>
* include/sasl.h, include/saslplug.h, lib/canonusr.c,
lib/checkpw.c, plugins/sasldb.c, plugins/sql.c:
Added direct support for hashed password to auxprop API
2009-03-10 Alexey Melnikov <[email protected]>
* include/sasl.h, lib/canonusr.c, lib/external.c,
plugins/gssapi.c, plugins/kerberos4.c: Make auxprop lookup
calls in SASL GSSAPI/EXTERNAL optional
2009-03-10 Alexey Melnikov <[email protected]>
* plugins/sasldb.c: A better fix for spurious 'user not found'
errors caused by an attempt to delete a non-existent property
2009-02-21 Alexey Melnikov <[email protected]>
* include/saslutil.h, lib/saslint.h: Made sasl_config_init public
2009-02-20 Alexey Melnikov <[email protected]>
* lib/saslint.h, lib/client.c, lib/common.c, lib/server.c:
Make sure that sasl_set_alloc() has no effect once sasl_client_init()
or sasl_server_init() is called [patch from Debian by
2009-02-20 Alexey Melnikov <[email protected]>
* plugins/digestmd5.c: GCC 4.4 requires that the #elif
preprocessor directive have a test condition [patch from Debian by
2009-02-20 Alexey Melnikov <[email protected]>
* saslauthd/lak.c: Define LDAP_DEPRECATED so that ldap_get_values
is properly defined when compiling [patch from Debian by
Dann Frazier <[email protected]>]
2009-02-20 Alexey Melnikov <[email protected]>
* saslauthd/auth_sasldb.c: pid_file_lock is created with a mask
of 644 instead of 0644 [patch from Debian by Sam Hocevar <[email protected]>]
2009-02-20 Alexey Melnikov <[email protected]>
* saslauthd/auth_sasldb.c: Include config.h so that MAXHOSTNAMELEN
is available when building on hurd-i386 [patch from Debian
2009-02-20 Alexey Melnikov <[email protected]>
* saslauthd/auth_shadow.c: Define _XOPEN_SOURCE before including
unistd.h, so that crypt is correctly defined [patch from Debian
2009-02-14 Alexey Melnikov <[email protected]>
* utils/pluginviewer.c: Code cleanup, improved human readable messages
2009-02-14 Alexey Melnikov <[email protected]>
* lib/config.c: Strip trailing spaces from config file option
values (bug # 3139, bug # 3041)
2009-02-14 Alexey Melnikov <[email protected]>
* plugins/otp.c: Don't use a stack variable for an OTP prompt
(bug # 2822)
2009-02-13 Alexey Melnikov <[email protected]>
* saslauthd/auth_getpwent.c: Fixed Solaris build (patch by Leena
Heino for bug # 2666)
2009-02-13 Alexey Melnikov <[email protected]>
* include/saslplug.h, lib/server.c, plugins/anonymous.c,
plugins/gssapi.c, plugins/otp.c: Partial support for the
SASL_FEAT_DONTUSE_USERPASSWD feature
2009-01-28 Alexey Melnikov <[email protected]>
* include/sasl.h, lib/auxprop.c, lib/common.c, lib/server.c:
Don't treat a constraint violation as an error to store an auxprop
property
2009-01-28 Alexey Melnikov <[email protected]>
* include/sasl.h, lib/server.c: Extended libsasl (auxprop) to support
user deletion
2009-01-28 Alexey Melnikov <[email protected]>
* plugins/otp.c: Downgrade the failure to store OTP secret to debug level
2009-01-25 Alexey Melnikov <[email protected]>
* lib/windlopen.c: Free handles of shared libraries on Windows
that were loaded but are not SASL plugins (patch by Petr Prazak)
[Bug # 2089].
2008-11-23 Alexey Melnikov <[email protected]>
* plugins/NTMakefile, win32/common.mak: Added support for building
SQLite3 on Windows.
2008-11-23 Alexey Melnikov <[email protected]>
* plugins/ldapdb.c: Updated LDAPDB lookup function to match auxprop
API changes
2008-11-15 Alexey Melnikov <[email protected]>
* plugins/sql.c: Added SQLITE3 support (patch by Maxim Gorbachyov)
2008-10-31 Ken Murchison <[email protected]>
* lib/saslint.h, lib/server.c: order advertised mechanisms
per the specified 'mech_list' option or by relative "strength"
2008-10-30 Alexey Melnikov <[email protected]>
* plugins/digestmd5.c: Fixed more portability warnings.
Fixed some rare memory leaks. More detailed error reporting.
2008-10-30 Alexey Melnikov <[email protected]>
* win32/include/config.h, lib/canonusr.c, lib/config.c,
sasldb/allockey.c, utils/saslpasswd.c, utils/testsuite.c,
sample/sample-server.c, plugins/anonymous.c, plugins/digestmd5.c,
plugins/login.c, plugins/ntlm.c, plugins/otp.c:
Fixed Windows 64 portability and other types of warnings
2008-10-29 Alexey Melnikov <[email protected]>
* win32/common.mak: Added support for building libraries.
Added support for Windows64.
2008-10-29 Alexey Melnikov <[email protected]>
* lib/common.c: Prevent freeing of common state on a subsequent
call to _sasl_common_init. Make sure that the last global callback
always wins.
2008-10-29 Alexey Melnikov <[email protected]>
* lib/saslint.h, lib/canonusr.c, lib/checkpw.c, lib/client.c,
lib/server.c: Further fixes to auxprop lookup and _sasl_canon_user
cleanup
2008-10-29 Alexey Melnikov <[email protected]>
* include/saslplug.h, lib/auxprop.c, lib/canonusr.c, lib/saslint.h,
plugins/sasldb.c, plugins/sql.c:
Extended SASL auxprop_lookup to return error code
2008-10-29 Alexey Melnikov <[email protected]>
* lib/saslutil.c: Fixed Mac OS X 10.3 build.
2008-10-29 Alexey Melnikov <[email protected]>
* plugins/sql.c: Uninitialized variables cause crash when
the searched user is not found (patch from
Maxim Gorbachyov <[email protected]>)
2008-10-23 Alexey Melnikov <[email protected]>
* sasldb/db_berkeley.c: Return SASL_NOUSER instead of SASL_FAIL
when the database file doesn't exist
2008-10-23 Alexey Melnikov <[email protected]>
* lib/checkpw.c: Updated sasl_user_exists so that it can handle
passwordless accounts (e.g. disabled)
2008-10-23 Alexey Melnikov <[email protected]>
* include/saslutil.h, lib/saslint.h, lib/client.c, lib/common.c,
lib/saslutil.c, lib/server.c: Added hostname canonicalization
2008-10-22 Alexey Melnikov <[email protected]>
* lib/NTMakefile, utils/NTMakefile, sample/NTMakefile,
plugins/NTMakefile: Updated to build with VC 8.0 (VC++ 2005)
2008-10-22 Alexey Melnikov <[email protected]>
* lib/NTMakefile: Don't install .exp and .manifest files.
Updated build dependencies.
2008-10-21 Alexey Melnikov <[email protected]>
* lib/saslint.h, lib/client.c, lib/common.c, lib/server.c:
Implemented sasl_client_done/sasl_server_done
2008-10-19 Alexey Melnikov <[email protected]>
* plugins/login.c, plugins/plain.c: Advertise
SASL_SEC_PASS_CREDENTIALS feature in PLAIN and LOGIN
2008-10-02 Ken Murchison <[email protected]>
* lib/checkpw.c: Fixed potential buffer overflow in
saslautd_verify_password().
2008-09-30 Alexey Melnikov <[email protected]>
* lib/common.c: Fixed sasl_set_mutex() to disallow changing
mutex management functions once sasl_server_init/
sasl_client_init is called. Failure to do this is causing
a crash while locking mutexes. [Bug # 3083]
2008-01-24 Ken Murchison <[email protected]>
* plugins/ntlm.c: Fixed crash in calculating NTv2 reponse
(patch from Tim Costen from Isode)
2008-01-23 Ken Murchison <[email protected]>
* plugins/ntlm.c, doc/options.html: allow a comma separated
list of servernames in 'ntlm_server' option
(patch from Enrico Persiani <[email protected]>)
2008-01-23 Ken Murchison <[email protected]>
* plugins/ldapdb.c, plugins/makeinit.sh, doc/options.html:
Added code to extend ldapdb into a canon_user plugin
in addition to its existing auxprop plugin functionality
(patch from Howard Chu <[email protected]>
and Torsten Schlabach <[email protected]>)
2008-01-23 Ken Murchison <[email protected]>
* saslauthd/auth_rimap.c: fixed bug counting double-quotes in
username/password. Also fixed bug zeroing password.
(patch from Robert Sanderson <[email protected]>)
2008-01-23 Ken Murchison <[email protected]>
* saslauthd/auth_krb.c: improved diagnostic in the
k5support_verify_tgt() function. Now, detailed krb5 error
information will be given out in the LOG_DEBUG syslog
channel (based on patch from Enrico Scholz
2007-06-13 Alexey Melnikov <[email protected]>
* lib/dlopen.c: 64bit HP-UX uses .so for shared libraries
(patch by Nathan Kinder <[email protected]>).
2007-06-13 Alexey Melnikov <[email protected]>
* plugins/digestmd5.c: Fixed a memory leak in the DIGEST-MD5
security layer (based on patch from Nathan Kinder
2007-05-14 Alexey Melnikov <[email protected]>
* man/*: updated to reference RFC 4422 instead of
RFC 2222.
2007-03-02 Alexey Melnikov <[email protected]>
* plugins/sasldb.c, plugins/sql.c: Ignore properties
starting with '*' in the auxprop store function.
2007-02-14 Alexey Melnikov <[email protected]>
* plugins/digestmd5.c: Fixed parsing of challenges/
responses with extra commas.
2007-01-29 Alexey Melnikov <[email protected]>
* plugins/gssapi.c: Check that params->serverFQDN is
not NULL before using strlen on it (reported by
Steven Simon <[email protected]>)
2006-12-01 Alexey Melnikov <[email protected]>
* lib/common.c: Typecast iov_base to (char *),
in case it is defined as "void *" on a platform
like HPUX (Olaf Flebbe).
2006-11-27 Alexey Melnikov <[email protected]>
* plugins/digestmd5.c: Cleaned up comments and
some error messages.
2006-08-24 Alexey Melnikov <[email protected]>
* lib/dlopen.c: Fixed segfault in dlclose on HPUX,
based on feedback from <[email protected]>.
2006-07-16 Alexey Melnikov <[email protected]>
* win32/common.mak: Abstracted out compiler command
line options for exception handling.
2006-07-04 Alexey Melnikov <[email protected]>
* saslauthd/auth_shadow.c: Include crypt.h, so that crypt()
is defined. This fixes crash on x64 Suse where
sizeof(int) != sizeof(char *). Based on patch from
2006-06-26 Alexey Melnikov <[email protected]>
* plugins/digestmd5.c: Allow for multiple qop options
from the server and require a single qop option
from the client.
2006-05-19 Ken Murchison <[email protected]>
* Makefile.am: include INSTALL.TXT in distro
*** Ready for 2.1.22
2006-05-18 Ken Murchison <[email protected]>
* cmulocal/sasl2.m4: patch to compile with MIT krb5 1.4.3
(Philip Guenther <[email protected]>)
2006-05-18 Alexey Melnikov <[email protected]>
* configure.in: Fixed default value in help for the
--with-authdaemond command line option (Philip Guenther).
2006-05-17 Alexey Melnikov <[email protected]>
* NEWS: Ready for 2.1.22
2006-05-17 Alexey Melnikov <[email protected]>
* utils/Makefile.am: enable pluginviewer in the default build.
2006-04-26 Ken Murchison <[email protected]>
* lib/server.c: call do_authorization() after successful APOP
2006-04-26 Alexey Melnikov <[email protected]>
* plugins/digestmd5.c: If neither DES nor RC4 cipher is selected,
advertise maxssf of 1 (integrity protection).
2006-04-26 Alexey Melnikov <[email protected]>
* utils/pluginviewer.c: Must set fully qualified domain name
in sasl_client_new, or some plugins will not be shown.
2006-04-26 Alexey Melnikov <[email protected]>
* lib/client.c: Replaced wrong "break" statement with
"continue" in the client side list function.
2006-04-25 Alexey Melnikov <[email protected]>
* plugins/NTMakefile: Enable RC4 cipher in Windows build.
2006-04-25 Alexey Melnikov <[email protected]>
* plugins/digestmd5.c: Make sure that SASL packets
shorter than 16 bytes don't cause buffer overrun.
Also prevent an error report from BoundsChecker
regarding pointer being out of range.
2006-04-25 Alexey Melnikov <[email protected]>
* win32/common.mak: Fixed bug of not setting CODEGEN
(code generation option) if STATIC is set.
2006-04-24 Alexey Melnikov <[email protected]>
* plugins/passdss.c, plugins/srp.c: Added include files required
by OpenSSL 0.9.8 (original patch by Dan Nicholson).
2006-04-24 Alexey Melnikov <[email protected]>
* utils/NTMakefile: testsuite.exe doesn't depend on saslSASLDB.dll.
2006-04-24 Alexey Melnikov <[email protected]>
* doc/windows.html: Updated Windows build instructions.
2006-04-20 Alexey Melnikov <[email protected]>
* utils/testsuite.c: Removed sasl_encode test which is no longer
valid due to changed in sasl_encodev.
Also properly terminated all property request lists with NULL.
2006-04-19 Ken Murchison <[email protected]>
* saslauthd/auth_shadow.c, saslauthd/configure.in: Check for 4/5
argument versions of getXXname_r().
2006-04-19 Alexey Melnikov <[email protected]>
* lib/common.c: Andrey V. Malyshev pointed out that the SASL
context is always NULL when the default logging callback
_sasl_syslog is called. In particular this means that
the log_level configuration option is always ignored.
2006-04-19 Alexey Melnikov <[email protected]>
* configure.in: Search for application configuration
files in /usr/lib/sasl2 by default and fall back to
/etc/sasl2 if not found.
2006-04-19 Alexey Melnikov <[email protected]>
* plugins/digestmd5.c: Handle missing realm option from
the client as the empty string. This match the behavior
prescribed in RFC 2831.
2006-04-19 Alexey Melnikov <[email protected]>
* saslauthd/Makefile.am: Enable testsaslauthd build
by default.
2006-04-18 Alexey Melnikov <[email protected]>
* lib/saslint.h, lib/common.c: Added support for spliting
big data blocks (bigger than maxbuf) into multiple SASL
packets in sasl_encodev.
2006-04-10 Alexey Melnikov <[email protected]>
* utils/Makefile.am: Added the pluginviewer man page.
Reordered link dependencies for saslpasswds/sasldblistusers2.
2006-04-10 Alexey Melnikov <[email protected]>
* utils/pluginviewer.8: Added man page for pluginviewer.
2006-04-10 Alexey Melnikov <[email protected]>
* utils/pluginviewer.c: Deleted unused command line parameters
and cleaned up usage output.
2006-04-10 Alexey Melnikov <[email protected]>
* include/gai.h: Use HAVE_GETADDRINFO (instead of HAVE_GETNAMEINFO)
to protect definition of getaddrinfo().
2006-04-10 Alexey Melnikov <[email protected]>
* include/sasl.h: Allocated some GSSAPI specific properties
for Nico Williams (Sun)
2006-04-10 Alexey Melnikov <[email protected]>
* lib/common.c: Free default_plugin_path and
default_conf_path variables in sasl_done.
2006-04-10 Alexey Melnikov <[email protected]>
* sasldb/allockey.c: Cleaned up some warnings
2006-04-10 Alexey Melnikov <[email protected]>
* win32/include/config.h: Deleted a misleading comment
2006-04-06 Jeffrey Teaton <[email protected]>
* saslauthd/auth_rimap.c: patch from Dale Sedivec to prevent
segfault when saslauth free()s returned string
* plugins/sql.c: patch from Matthew Hardin to do better
error checking for mysql_real_query
2006-04-03 Alexey Melnikov <[email protected]>
* configure.in, plugins/NTMakefile, plugins/sasldb.c,
sasldb/db_berkeley.c, sasldb/sasldb.h:
Patch to keep BerkleyDB handle open between operations
(for performance reason). New behavior can be enabled
with --enable-keep-db-open. Original patch by Curtis King.
2006-03-14 Alexey Melnikov <[email protected]>
* lib/server.c: Fixed bug # 2796: load_config now
looks in all directories for the config file,
not just in the first one.
2006-03-14 Alexey Melnikov <[email protected]>
* include/saslplug.h, lib/auxprop.c, lib/client.c
lib/server.c, utils/Makefile.am, utils/NTMakefile,
utils/pluginviewer.c [new]:
Added support for reporting information about
loaded auxprop plugins. Changed the first parameter
to sasl_server_plugin_info/sasl_client_plugin_info
to be "const char *". Added new utility for
reporting information about client and server side
authentication plugins and auxprop plugins (e.g.
supported features, methods, etc.).
2006-03-13 Alexey Melnikov <[email protected]>
* saslauthd/Makefile.am, saslauthd/auth_httpform.c,
saslauthd/auth_httpform.h, saslauthd/configure.in,
saslauthd/mechanisms.c, saslauthd/mechanisms.h:
Added support for HTTP POST password validation
in saslauthd (patch by Joe Ammann <[email protected]>)
2006-03-13 Alexey Melnikov <[email protected]>
* cmulocal/openldap.m4: Allow for compilation
with OpenLDAP 2.3+.
2006-03-13 Alexey Melnikov <[email protected]>
* lib/saslutil.c, utils/testsuite.c: Various
fixes to sasl_decode64: don't ignore partial
base64 data, don't allow any data after the '='
sign, etc.).
2006-03-13 Alexey Melnikov <[email protected]>
* lib/saslint.h: Increase canonicalization buffer
size to 1024 bytes, as Luke Howard has reported
that 256 is too small for some certificates.
2006-03-13 Alexey Melnikov <[email protected]>
* lib/NTMakefile: Include Cyrus version of
getnameinfo() when compiling with Visual Studio 6,
as Windows SDK emulation is not available.
2006-02-13 Alexey Melnikov <[email protected]>
* include/sasl.h, lib/common.c: Added sasl_set_path
function (for a more convenient way of setting
plugin and config paths. Changed the default
sasl_getpath_t/sasl_getconfpath_t callbacks to
calculate the value only once and cache it
for later use.
2006-02-13 Alexey Melnikov <[email protected]>
* configure.in, include/sasl.h, lib/common.c,
lib/saslinit.h, lib/server.c, man/Makefile.am,
man/sasl_callbacks.3, man/sasl_getconfpath_t.3,
win32/include/config.h: Added a new sasl_getconf_t
callback for specifying where SASL configuration files
can be found. Based on patch from Artur Frysiak
<[email protected]> for SASL v1, updated by Gentoo
folks for SASL v2 and further modified by
Andreas Hasenack <[email protected]>.
2006-01-31 Alexey Melnikov <[email protected]>
* INSTALL, INSTALL.TXT: Renamed INSTALL to INSTALL.TXT
as the former conflicts with Windows "install" target
(and Windows file names are case-insensitive).
2005-08-11 Alexey Melnikov <[email protected]>
* plugins/sasldb.c: Return SASL_NOUSER only if all calls to
_sasldb_putdata() return SASL_NOUSER. This prevents spurious
SASL_NOUSER errors.
2005-07-07 Alexey Melnikov <[email protected]>
* plugins/ntlm.c: Added <openssl/md5.h> include in order to fix
building with OpenSSL 0.9.8.
2005-05-19 Derrick Brashear <[email protected]>
* config/libtool.m4: do proper quoting, from Andreas Winkelmann
* configure.in: clean up enable switches, from Patrick Welche
* config/sasldb.m4: fix macro names, from Andreas Winkelmann
* lib/client.c: deal with gcc4 strictness, from Steven Simon
2005-05-16 Derrick Brashear <[email protected]>
* configure.in, include/sasl.h, lib/Makefile.am,
plugins/Makefile.am, saslauthd/configure.in, sasldb/Makefile.am,
win32/common.mak, win32/include/config.h: 2.1.21
* Makefile.am: fix dist-hook to run makeinit.sh in plugins/
2005-05-15 Derrick Brashear <[email protected]>
* saslauthd/lak.c: leak fix from Igor Brezac
2005-05-15 Alexey Melnikov <[email protected]>
* plugins/NTMakefile: ldapdb on Windows might depend on OpenSSL.
2005-05-06 Derrick Brashear <[email protected]>
* configure.in, saslauthd/auth_pam.c: detect pam header location also
where MacOS provides it, and use it there
* utils/Makefile.am: change link order for MacOS
* configure.in: provide option to disable installing MacOS SASL2
framework
* configure.in, config/kerberos_v4.m4, config/plain.m4,
config/sasldb.m4, lib/Makefile.am, sasldb/Makefile.am,
(cmulocal/sasl2.m4): fix case where we are building
--enable-static --with-dblib=none causing automake's dependancy
stuff to screw us when we try to build files with .. in their path
2005-04-11 Derrick Brashear <[email protected]>
* configure.in, plugins/digestmd5.c: detect and include des.h if it
exists, otherwise assume we don't need it (Solaris 9)
2005-04-11 Derrick Brashear <[email protected]>
* sasldb/Makefile.am, config/sasldb.m4: work around HP-UX make's
inability to have pipes in $(shell ...) by setting
LOCAL_SASL_DB_BACKEND_STATIC at the same time as
SASL_DB_BACKEND_STATIC.
2005-03-15 Alexey Melnikov <[email protected]>
* lib/dlopen.c: log the reason for opendir() failure
when loading plugin.
2005-03-08 Alexey Melnikov <[email protected]>
* man/sasl_auxprop.3, man/sasl_auxprop_getctx.3,
man/sasl_auxprop_request.3, man/sasl_canon_user_t.3,