add a ldapsimple pwcheck plugin

.gitignore

@@ -11,3 +11,6 @@ libtool
 config.status
 stamp-h1
 Makefile
+*.pyc
+docsrc/.doctrees/
+docsrc/build/

ChangeLog

@@ -1,3 +1,53 @@
+2016-10-18  Ken Murchison <[email protected]>
+	* Fixed potential DoS attack on saslauthd/doors (from Oracle)
+
+2016-06-30  Ken Murchison <[email protected]>
+	* plugins/ntlm.c, otp.c: support OpenSSL 1.1
+
+2016-06-14  Ken Murchison <[email protected]>
+	* plugins/digestmd5.c: Fix memory leak in client step 2
+
+2016-03-24  Ken Murchison <[email protected]>
+	* auth_rimap.c: Don't hang when IMAP server closes connection
+
+2016-01-29  Ken Murchison <[email protected]>
+	* Build fixes from Ignacio Casal Quinteiro
+
+2015-12-26  Ken Murchison <[email protected]>
+	* Build fixes from Ignacio Casal Quinteiro
+
+2015-11-16  Ken Murchison <[email protected]>
+	* Build fixes from Ignacio Casal Quinteiro
+
+2015-10-14  Ken Murchison <[email protected]>
+	* Build fixes from Ignacio Casal Quinteiro
+
+2015-07-17  Ken Murchison <[email protected]>
+	* auth_krb5.c: added krb5_conv_krb4_instance option
+
+2014-11-17  Ken Murchison <[email protected]>
+	* plugins/digestmd5.c: Fix memory leaks
+
+2014-11-17  Ken Murchison <[email protected]>
+	* plugins/digestmd5.c: prevent going from step 3 to step 2
+
+2013-09-13  Alexey Melnikov <[email protected]>
+	* Fix memory leaks in DIGEST
+
+2013-08-30  Ken Murchison <[email protected]>
+	* plugins/digestmd5.c: only locate reauth cache when reauth is
+	  enabled
+
+2013-07-11  Alexey Melnikov <[email protected]>
+	* Treat SCRAM and DIGEST as more secure than PLAIN when selecting
+	  client-side mechanism
+
+2013-07-11  Alexey Melnikov <[email protected]>
+	* Handle NULL return from crypt()
+
+2012-11-20  Alexey Melnikov <[email protected]>
+	* Added support for lmdb
+
 2012-11-19  Alexey Melnikov <[email protected]>
 	* Final 2.1.26 tagged and released by Ken.
 

NEWS

@@ -1,3 +1,17 @@
+New in 2.1.27
+-------------
+
+* Added support for OpenSSL 1.1
+* Fixed potential DoS attack on saslauthd/doors (from Oracle)
+* Added support for lmdb (from Howard Chu)
+* Lots of build fixes (from Ignacio Casal Quinteiro)
+* DIGEST-MD5 plugin:
+ - Fixed memory leaks
+ - Fixed a segfault when looking for non-existent reauth cache
+ - Prevent client from going from step 3 back to step 2
+* Added krb5_conv_krb4_instance option to saslauthd/kerberos5
+* Treat SCRAM and DIGEST-MD5 as more secure than PLAIN when selecting client mech
+
 New in 2.1.26
 -------------
 

configure.ac

@@ -42,17 +42,17 @@ dnl AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
 dnl OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 dnl
 
-AC_PREREQ(2.63.2)
+AC_PREREQ(2.63)
 
 dnl
 dnl REMINDER: When changing the version number here, please also update
 dnl the values in win32/include/config.h and include/sasl.h as well.
 dnl
 AC_INIT([cyrus-sasl],
-        [2.1.26],
-        [https://git.cyrus.foundation/maniphest/],
+        [2.1.27],
+        [https://github.com/cyrusimap/cyrus-sasl/issues],
         [cyrus-sasl],
-        [https://docs.cyrus.foundation])
+        [http://cyrusimap.org])
 
 AC_CONFIG_MACRO_DIR([m4])
 
@@ -67,7 +67,7 @@ AC_CONFIG_AUX_DIR(config)
 AC_CANONICAL_HOST
 AC_CANONICAL_TARGET
 
-AM_INIT_AUTOMAKE([1.11 tar-ustar dist-xz no-dist-gzip -Wno-portability subdir-objects])
+AM_INIT_AUTOMAKE([1.11 tar-ustar dist-bzip2 -Wno-portability subdir-objects])
 
 DIRS=""
 
@@ -226,10 +226,10 @@ AC_SUBST(SASL_DL_LIB)
 
 dnl /dev/random ?
 
-AC_ARG_WITH(devrandom, [  --with-devrandom=PATH   set the path to /dev/random [[/dev/random]] ],
+AC_ARG_WITH(devrandom, [  --with-devrandom=PATH   set the path to pseudo random number generator [[/dev/urandom]] ],
   devrandom=$withval,
-  devrandom=/dev/random)
-AC_MSG_CHECKING(/dev/random to use)
+  devrandom=/dev/urandom)
+AC_MSG_CHECKING(PRNG to use)
 AC_MSG_RESULT($devrandom)
 AC_DEFINE_UNQUOTED(SASL_DEV_RANDOM, "$devrandom", [File to use for source of randomness])
 
@@ -1321,6 +1321,28 @@ IPv6_CHECK_SOCKLEN_T()
 #AC_FUNC_VPRINTF
 AC_CHECK_FUNCS(gethostname getdomainname getpwnam getspnam gettimeofday inet_aton memcpy mkdir select socket strchr strdup strerror strspn strstr strtol jrand48 getpassphrase asprintf strlcat strlcpy)
 
+if test $ac_cv_func_getspnam = yes; then
+	AC_MSG_CHECKING(if getpwnam_r/getspnam_r take 5 arguments)
+	AC_TRY_COMPILE(
+		[
+#include <sys/types.h>
+#include <pwd.h>
+#include <shadow.h>
+		],
+		[
+struct passwd *pw;
+struct passwd pwbuf;
+char pwdata[512];
+(void) getpwnam_r("bin", &pwbuf, pwdata, sizeof(pwdata), &pw);
+		],
+		[AC_MSG_RESULT(yes)
+		 AC_DEFINE(GETXXNAM_R_5ARG, 1,
+			[Define if your getpwnam_r()/getspnam_r()
+			functions take 5 arguments])],
+		[AC_MSG_RESULT(no)]
+	)
+fi
+
 if test $enable_cmulocal = yes; then
     AC_WARN([enabling CMU local kludges])
     AC_DEFINE(KRB4_IGNORE_IP_ADDRESS,[],[Ignore IP Address in Kerberos 4 tickets?])
@@ -1332,6 +1354,25 @@ AC_EGREP_HEADER(sockaddr_storage, sys/socket.h, [
 
 AC_SUBST(DIRS)
 
+dnl documentation generation (sphinx, perl2rst)
+AC_ARG_VAR(SPHINX_BUILD, [Location of sphinx-build])
+AC_ARG_WITH([sphinx-build],
+            AS_HELP_STRING([with-sphinx-build=(yes|no|PATH)], [Look for sphinx-build in PATH]),
+            [with_sphinx_build=$withval],
+            [with_sphinx_build=yes])
+AS_CASE([$with_sphinx_build],
+        [yes],  [AC_PATH_PROG(SPHINX_BUILD, sphinx-build)],
+        [no],   [SPHINX_BUILD=''],
+        [*],    [AC_PATH_PROG(SPHINX_BUILD, sphinx-build, [], [$with_sphinx_build])])
+AS_IF([test -z "$SPHINX_BUILD"],
+      [AC_MSG_WARN([No sphinx-build, won't be able to regenerate docs])])
+AC_SUBST([SPHINX_BUILD])
+AC_PROG_PERL_MODULES([Pod::POM::View::Restructured],
+                     [have_ppvr=yes],
+                     [AC_MSG_WARN([No Pod::POM::View::Restructured, won't be able to regenerate docs])])
+AM_CONDITIONAL([HAVE_SPHINX_BUILD], [ test -n "$SPHINX_BUILD" -a x"$have_ppvr" = xyes])
+
+
 AH_TOP([
 /* acconfig.h - autoheader configuration input */
 /* 

doc/Makefile.am

@@ -43,47 +43,24 @@
 #
 ################################################################
 
-EXTRA_DIST =	rfc1321.txt \
-		rfc1939.txt \
-		rfc2104.txt \
-		rfc2195.txt \
-		rfc2222.txt \
-		rfc2243.txt \
-		rfc2245.txt \
-		rfc2289.txt \
-		rfc2444.txt \
-		rfc2595.txt \
-		rfc2831.txt \
-		rfc2945.txt \
-		rfc3174.txt \
-		testing.txt \
-		server-plugin-flow.fig \
-		draft-burdis-cat-srp-sasl-xx.txt \
-		draft-ietf-sasl-anon-xx.txt \
-		draft-ietf-sasl-crammd5-xx.txt \
-		draft-ietf-sasl-gssapi-xx.txt \
-		draft-ietf-sasl-plain-xx.txt \
-		draft-ietf-sasl-rfc2222bis-xx.txt \
-		draft-ietf-sasl-rfc2831bis-xx.txt \
-		draft-ietf-sasl-saslprep-xx.txt \
-		draft-murchison-sasl-login-xx.txt \
-		draft-newman-sasl-c-api-xx.txt \
-		draft-newman-sasl-passdss-xx.txt \
-		programming.html \
-		sysadmin.html \
+EXTRA_DIST =	advanced.html \
+		appconvert.html \
+		components.html \
 		gssapi.html \
-		advanced.html \
+		index.html \
+		install.html \
+		macosx.html \
+		mechanisms.html \
+		NTMakefile \
+		ONEWS \
 		options.html \
+		os390.html \
 		plugprog.html \
-		appconvert.html \
-		macosx.html \
-		windows.html \
+		programming.html \
 		readme.html \
-		mechanisms.html \
-		upgrading.html \
-		index.html \
-		components.html \
-		install.html \
+		server-plugin-flow.fig \
+		sysadmin.html \
+		testing.txt \
 		TODO \
-		ONEWS \
-		NTMakefile
+		upgrading.html \
+		windows.html