/ cyrus_sasl / ChangeLog
ChangeLog
1 2012-10-12 Alexey Melnikov <alexey.melnikov@isode.com> 2 * Getting ready for 2.1.25. 3 4 2012-07-06 Alexey Melnikov <alexey.melnikov@isode.com> 5 * saslauthd/auth_krb5.c: Fixed a crash in the auth_krb5.c 6 (bug # 2706). Patch by Nalin Dahyabhai. 7 8 2012-07-03 Alexey Melnikov <alexey.melnikov@isode.com> 9 * config/ltconfig: Fixed incorrect Darwin version matching in ltconfig 10 (bug # 3713). Patch by Joshua Root. 11 12 2012-06-08 Alexey Melnikov <alexey.melnikov@isode.com> 13 * Fixed PLAIN/LOGIN authentication failure when using saslauthd 14 with no auxprop plugins (bug # 3590). 15 16 2012-06-08 Alexey Melnikov <alexey.melnikov@isode.com> 17 * Added generation of pkg-config .pc file for Cyrus SASL. 18 Patch by Dilyan Palauzov. 19 20 2012-06-03 Alexey Melnikov <alexey.melnikov@isode.com> 21 * Correctly updated libtool version for libsasl and its plugins due 22 to ABI changes (bug # 3692). 23 24 2012-06-02 Alexey Melnikov <alexey.melnikov@isode.com> 25 * Better error reporting from auth_getpwent.c/auth_shadow.c 26 (bug # 3134). Based on a patch by Greg A. Woods. 27 28 2012-06-02 Alexey Melnikov <alexey.melnikov@isode.com> 29 * Improved error logging on failure to load plugins. 30 Patch by Greg A. Woods. 31 32 2012-05-30 Alexey Melnikov <alexey.melnikov@isode.com> 33 * plugins/otp.c, plugins/srp.c: Removed calling of EVP_cleanup() 34 on SRP/OTP plugin shutdown 35 36 2012-05-30 Alexey Melnikov <alexey.melnikov@isode.com> 37 * saslauthd/auth_httpform.c: Encode the parameter values passed to 38 auth_httpform, not the whole POST data. 39 40 2012-05-30 Alexey Melnikov <alexey.melnikov@isode.com> 41 * lib/config.c, saslauthd/cfile.c: Fixed file descriptor leaks 42 throughout the code (bug # 3702). Slightly reformatted patch 43 by Manfred Weichel. 44 45 2012-05-29 Alexey Melnikov <alexey.melnikov@isode.com> 46 * bug in "saslauthd -a rimap" - not reading the whole IMAP greeting 47 (bug # 3211). Patch from Lutz Mark (via Red Hat) 48 49 2012-05-29 Alexey Melnikov <alexey.melnikov@isode.com> 50 * Modernize SASL malloc/realloc callback prototypes 51 52 2012-05-29 Alexey Melnikov <alexey.melnikov@isode.com> 53 * lib/saslutil.c: Fixed broken logic in get_fqhostname() when 54 abort_if_no_fqdn is 0 (bug # 3589). Patch by baggins@pld-linux.org 55 56 2012-05-28 Alexey Melnikov <alexey.melnikov@isode.com> 57 * sasldb/db_berkeley.c, utils/dbconverter-2.c: Added support for 58 BerkleyDB 5.X or later (Patch by Howard Chu) 59 60 2012-04-20 Alexey Melnikov <alexey.melnikov@isode.com> 61 * lib/client.c, lib/server.c, lib/saslint.h: Make server and client 62 side global callbacks private to server.c/client.c respectively 63 64 2012-02-10 Ken Murchison <murch@andrew.cmu.edu> 65 * plugins/digestmd5.c: better handling of HTTP reauth cases. 66 67 2012-01-28 Ken Murchison <murch@andrew.cmu.edu> 68 * plugins/digestmd5.c: Correctly send "stale" directive to prevent 69 clients from (re)promtping for password 70 71 2011-11-25 Alexey Melnikov <alexey.melnikov@isode.com> 72 * plugins/gs2.c: Updated GS2 plugin not to lose minor GSS-API 73 status codes on errors (based on a patch from Ralf Haferkamp 74 <rhafer@suse.de>) 75 76 2011-11-21 Alexey Melnikov <alexey.melnikov@isode.com> 77 * plugins/gssapi.c: Only check out_flags once authentication is 78 successfully completed 79 80 2011-11-09 Ken Murchison <murch@andrew.cmu.edu> 81 * cmulocal/sasl2.m4, plugins/gssapi.c, utils/testsuite.c: 82 Added GSS-SPNEGO plugin which can also be used for HTTP 83 Negotiate authentication (RFC 4559) 84 85 2011-11-08 Ken Murchison <murch@andrew.cmu.edu> 86 * plugins/ntlm.c: Flag client-side of NTLM plugin as HTTP-ready 87 88 2011-11-08 Ken Murchison <murch@andrew.cmu.edu> 89 * include/saslutil.h, lib/config.c, lib/server.c 90 Added sasl_config_done() to plug a memory leak when using an 91 application specific config file 92 93 2011-10-07 Alexey Melnikov <alexey.melnikov@isode.com> 94 * plugins/gssapi.c: Fixed a segfault in gssapi.c 95 (patch by Phil Pennock) 96 97 2011-09-22 Alexey Melnikov <alexey.melnikov@isode.com> 98 * config/ltconfig, saslauthd/config/ltconfig: Fixed Cyrus SASL 99 build on some versions of Mac OS. 100 101 2011-09-22 Alexey Melnikov <alexey.melnikov@isode.com> 102 * saslauthd/auth_rimap.c: qstring incorrectly appending 103 the closing double quote. (Merge from RedHat) 104 105 2011-09-22 Alexey Melnikov <alexey.melnikov@isode.com> 106 * lib/common.c: unlock the mutex in sasl_dispose if the context 107 was freed by another thread. (Merge from RedHat) 108 109 2011-09-22 Alexey Melnikov <alexey.melnikov@isode.com> 110 * Makefile.am: "lib" should be built before "plugins" 111 (Patch from marcandre.lureau@redhat.com) 112 113 2011-09-22 Alexey Melnikov <alexey.melnikov@isode.com> 114 * lib/saslutil.c: MINGW32 doesn't have rand_s 115 (Patch from marcandre.lureau@redhat.com) 116 117 2011-09-22 Alexey Melnikov <alexey.melnikov@isode.com> 118 * configure.in: Various build fixes for MINGW32 119 (including defining sleep()) 120 (Patch from marcandre.lureau@redhat.com) 121 122 2011-09-15 Alexey Melnikov <alexey.melnikov@isode.com> 123 * sample/client.c: Added additional typecasts to kill warnings 124 about incompatible callback types 125 126 2011-09-13 Alexey Melnikov <alexey.melnikov@isode.com> 127 * configure.in, config/ltconfig, config/ltmain.sh: 128 MacOS X related build fixes: use .plugin when building 129 SASL plugins, fixed version number calculation, 130 don't generate multiple symlinks. 131 Also use LD_RUN_PATH as rpath. (patches by Chris Ridd) 132 133 2011-09-12 Alexey Melnikov <alexey.melnikov@isode.com> 134 * win32/common.mak: Add _CRT_SECURE_NO_DEPRECATE define 135 to suppress warnings about use of strdup, snprintf, etc. 136 137 2011-09-12 Alexey Melnikov <alexey.melnikov@isode.com> 138 * sasldb/db_berkeley.c: 139 Fixed warnings about incompatible callback types. 140 141 2011-09-12 Alexey Melnikov <alexey.melnikov@isode.com> 142 * lib/NTMakefile plugins/NTMakefile: 143 Make sure that copied .c files are only rebuilt when changed. 144 145 2011-09-07 Ken Murchison <murch@andrew.cmu.edu> 146 * plugins/scram.c: 147 Fixed 3 memory leaks in SCRAM. Final 2.1.25. 148 149 2011-09-07 Alexey Melnikov <alexey.melnikov@isode.com> 150 * configure.in, plugins/NTMakefile, plugins/cram.c: 151 Allow use of cmusaslsecretCRAM-MD5 property to be disabled. 152 153 2011-09-02 Alexey Melnikov <alexey.melnikov@isode.com> 154 * config/config.guess, config/config.sub, 155 saslauthd/config/config.guess, saslauthd/config/config.sub: 156 Updated config to the latest GNU snapshot. 157 158 2011-09-01 Alexey Melnikov <alexey.melnikov@isode.com> 159 * lib/server.c: Make sure that a failed authorization doesn't preclude 160 further SASL authentication attempts from working. 161 162 2011-09-01 Alexey Melnikov <alexey.melnikov@isode.com> 163 * lib/server.c: Fixed some aspects of mech_avail callback handling 164 in the server side SASL code. 165 166 2011-09-01 Alexey Melnikov <alexey.melnikov@isode.com> 167 * config/ltconfig, saslauthd/config/ltconfig: Fix SASL's libtool 168 MacOS/X 64-bit file magic. (Patch by Kurt Zeilenga) 169 170 2011-09-01 Alexey Melnikov <alexey.melnikov@isode.com> 171 * plugins/scram.c: Fixed some additional Windows warnings and 172 a memory leak in SCRAM. 173 174 2011-09-01 Alexey Melnikov <alexey.melnikov@isode.com> 175 * plugins/scram.c: Fix size_t * v. unsigned * bug. 176 (Patch by Kurt Zeilenga) 177 178 2011-09-01 Alexey Melnikov <alexey.melnikov@isode.com> 179 * lib/server.c: Fixed a crash caused by aborted SASL authentication 180 and initiation of another one using the same SASL context. 181 182 2011-09-01 Alexey Melnikov <alexey.melnikov@isode.com> 183 * include/md5.h, include/sasl.h, include/saslplug.h, lib/auxprop.c, 184 lib/canonusr.c, lib/client.c, lib/common.c, lib/saslint.h, lib/server.c, 185 lib/seterror.c, plugins/otp.c, plugins/plugin_common.c, 186 sasldb/db_berkeley.c, sample/sample-client.c, sample/sample-server.c, 187 utils/pluginviewer.c, utils/sasldblistusers.c, utils/saslpasswd.c, 188 utils/testsuite.c: Many of the SASL includes define function pointers 189 without specifying arguments. In C, the () is treated as unspecified, 190 rather than (void), hence this is technically not a prototype, 191 and gcc warns about it. (Patch by Dave Cridland and Alexey Melnikov) 192 193 2011-09-01 Alexey Melnikov <alexey.melnikov@isode.com> 194 * lib/server.c: Better server plugin API mismatch reporting 195 196 2011-05-23 Alexey Melnikov <alexey.melnikov@isode.com> 197 * plugins/gs2.c, plugins/gs2_token.c, plugins/gs2_token.h, 198 cmulocal/sasl2.m4: Use draft-josefsson-gss-capsulate-01 if present. 199 Negative SASL errors are fatal. (Patch from Luke Howard.) 200 201 2011-05-13 Ken Murchison <murch@andrew.cmu.edu> 202 * include/sasl.h, plugins/digest-md5.c: 203 Allow for non-persistent connections when using DIGEST-MD5 plugin 204 for server-side HTTP Digest (RFC 2617). Also make sure that an 205 HTTP request is handed to plugin when required. 206 207 2011-04-19 Alexey Melnikov <alexey.melnikov@isode.com> 208 * plugins/gssapi.c: Fix to build GSSAPI with Heimdal (patch from 209 Russ Allbery from Debian) 210 211 2011-04-18 Alexey Melnikov <alexey.melnikov@isode.com> 212 * plugins/gs2_token.h: Added gs2_token.h for the "make dist" target 213 (patch by Dan White) 214 215 2011-04-13 Alexey Melnikov <alexey.melnikov@isode.com> 216 * cmulocal/sasl2.m4: Only enable GS2 plugin if 217 gss_inquire_mech_for_saslname is defined in gssapi.h 218 219 2011-04-12 Alexey Melnikov <alexey.melnikov@isode.com> 220 * plugins/Makefile.am, plugins/makeinit.sh, plugins/ldapdb.c: 221 LDAPDB build fixes from Dan White 222 223 2011-04-05 Alexey Melnikov <alexey.melnikov@isode.com> 224 * configure.in, plugins/Makefile.am, plugins/NTMakefile, 225 plugins/makeinit.sh, lib/staticopen.h, win32/include/config.h: 226 Enabled SCRAM plugin build 227 228 2011-03-25 Alexey Melnikov <alexey.melnikov@isode.com> 229 * plugins/Makefile.am, plugins/makeinit.sh, plugins/gs2_token.h, 230 plugins/gs2_token.c, README.GS2, cmulocal/sasl2.m4: GS2 plugin 231 from Luke Howard 232 233 2011-01-25 Ken Murchison <murch@andrew.cmu.edu> 234 * include/sasl.h, include/saslplug.h, lib/client.c, lib/common.c, 235 plugins/digest-md5.c sample/http_digest_client.c: 236 Allow DIGEST-MD5 plugin to be used for client-side 237 HTTP Digest (RFC 2617) 238 239 2011-01-21 Alexey Melnikov <alexey.melnikov@isode.com> 240 * plugins/scram.c: Added support for channel bindings to SCRAM-SHA-1. 241 242 2011-01-21 Alexey Melnikov <alexey.melnikov@isode.com> 243 * lib/client.c, lib/server.c, lib/common.c, lib/saslint.h: Fixed libsasl 244 to accept *-PLUS SASL mechanism names in client_mech_list/mech_list 245 options. As *-PLUS mechanism names were synthesized and didn't 246 correspond to real plugin names, setting client_mech_list to 247 "SCRAM-SHA-1-PLUS" (for example) was resulting in authentication 248 failure due to inability to find a matching SASL plugin. 249 250 2011-01-21 Alexey Melnikov <alexey.melnikov@isode.com> 251 * include/saslplug.h, lib/client.c: Fixed handling of channel bindings 252 on the client side. The client side was failing to select a suitable 253 SASL mechanism when the application specified channel bindings, but 254 didn't make them mandatory to use. In such a configuration, if a 255 non channel binding capable mechanism was selected through 256 "client_mech_list" SASL option, sasl_client_start would fail. 257 For example if the server supports both SCRAM-SHA-1[-PLUS] and 258 PLAIN and "client_mech_list" was set to "PLAIN", authentication 259 would never work. 260 261 2011-01-21 Alexey Melnikov <alexey.melnikov@isode.com> 262 * lib/client.c, lib/server.c: Better default ordering of SASL mechanisms. 263 Ordering by plugins max_ssf produces wrong result in case an application 264 using SASL doesn't care about SASL security layers. Before this change 265 DIGEST-MD5 was always preferred over SCRAM-SHA-1[-PLUS]. In particular 266 this change takes support for channel bindings into considerations. 267 268 2011-01-19 Ken Murchison <murch@andrew.cmu.edu> 269 * include/sasl.h, include/saslplug.h, 270 lib/common.c, lib/server.c, plugins/digest-md5.c: 271 Changed server-side of HTTP Digest so that the application 272 must pass an HTTP Request structure (Method/URI/Entity-Body) 273 rather than just the HTTP Method 274 275 2011-01-19 Alexey Melnikov <alexey.melnikov@isode.com> 276 * lib/server.c: Server side SASL context should list *-PLUS SASL 277 mechanisms before the corresponding non-PLUS mechanisms for naive 278 SASL clients. 279 280 2011-01-19 Alexey Melnikov <alexey.melnikov@isode.com> 281 * lib/common.c: Fixed some Windows warnings in SASL security layer 282 handling. 283 284 2011-01-19 Alexey Melnikov <alexey.melnikov@isode.com> 285 * plugins/scram.c: Made the default number of SCRAM hash iterations 286 configurable using a new SASL option called "scram_iteration_counter". 287 Also fixed a couple of error messages. 288 289 2011-01-19 Alexey Melnikov <alexey.melnikov@isode.com> 290 * utils/pluginviewer.c: Fixed some Linux warnings in pluginviewer. 291 292 2011-01-19 Alexey Melnikov <alexey.melnikov@isode.com> 293 * plugins/scram.c: Added support for storing SCRAM secrets in 294 authPassword attribute. Also added the "scram_secret_generate" option 295 for controlling if authPassword SCRAM secret should be generated 296 or not. By default (when not specified) the authPassword SCRAM secret 297 is NOT generated. 298 299 2011-01-19 Alexey Melnikov <alexey.melnikov@isode.com> 300 * plugins/scram.c: Updated the SCRAM plugin not to use the hardcoded 301 SCRAM-SHA-1 plugin name in logging. 302 303 2011-01-18 Alexey Melnikov <alexey.melnikov@isode.com> 304 * plugins/digestmd5.c: Use the same username for reauthentication 305 cache lookup and update. Thanks to Ken for pointing out the 306 problem. 307 308 2011-01-14 Ken Murchison <murch@andrew.cmu.edu> 309 * plugins/ntlm.c: Flag NTLM plugin as HTTP-ready 310 311 2011-01-14 Ken Murchison <murch@andrew.cmu.edu> 312 * include/sasl.h, include/saslplug.h, 313 lib/common.c, lib/server.c, plugins/digest-md5.c: 314 Allow DIGEST-MD5 plugin to be used for server-side 315 HTTP Digest (RFC 2617) 316 317 2010-12-01 Alexey Melnikov <alexey.melnikov@isode.com> 318 * lib/server.c: Some reformatting and safer handling of 'free 319 after SASL server shutdown' condition in server_dispose. 320 321 2010-12-01 Alexey Melnikov <alexey.melnikov@isode.com> 322 * lib/server.c: server_idle needs to obey server's SASL mechanism 323 list from the server context. 324 325 2010-12-01 Alexey Melnikov <alexey.melnikov@isode.com> 326 * lib/client.c, lib/saslint.h: Added support for ordering 327 SASL mechanisms by strength (on the client side), 328 or using the client_mech_list option. 329 330 2010-12-01 Alexey Melnikov <alexey.melnikov@isode.com> 331 * include/sasl.h, include/saslplug.h, lib/client.c, lib/common.c, 332 lib/saslint.h, lib/server.c, sample/Makefile.am, sample/client.c, 333 sample/server.c: Added support for channel bindings 334 (patch by Luke Howard). 335 336 2010-12-01 Alexey Melnikov <alexey.melnikov@isode.com> 337 * lib/saslutil.c: Fixed the random number generator on Windows 338 to actually produce random output on each run. 339 340 2010-12-01 Alexey Melnikov <alexey.melnikov@isode.com> 341 * lib/common.c: Updated textual representations of some error 342 messages 343 344 2010-11-30 Alexey Melnikov <alexey.melnikov@isode.com> 345 * plugins/digestmd5.c: Eliminated some "signed/unsigned mismatch" 346 warnings. 347 348 2010-11-30 Alexey Melnikov <alexey.melnikov@isode.com> 349 * plugins/digestmd5.c, plugins/srp.c, plugins/otp.c, 350 plugins/ntlm.c, plugins/login.c, plugins/cram.c: 351 Be protective against calling sasl_server_step 352 once authentication has failed. 353 354 2010-11-30 Alexey Melnikov <alexey.melnikov@isode.com> 355 * plugins/digestmd5.c: Minimize the number of auxprop lookups 356 in the server side DIGEST-MD5 plugin for the most common 357 case when authentication and authorization identities are 358 the same. 359 360 2010-11-30 Alexey Melnikov <alexey.melnikov@isode.com> 361 * plugins/digestmd5.c: Updated digestmd5_server_mech_step2() 362 to be more defensive against empty client input. 363 364 2010-11-30 Alexey Melnikov <alexey.melnikov@isode.com> 365 * plugins/digestmd5.c: Fixed some memory leaks on failed 366 plugin initialization. Prevent potential race condition 367 when freeding plugin state. Set the freed reauthentication 368 cache mutex to NULL, to make errors due to mutex access 369 after free more obvious. 370 371 2010-11-30 Alexey Melnikov <alexey.melnikov@isode.com> 372 * plugins/digestmd5.c: Test against broken UTF-8 based hashes 373 if calculation using special ISO-8859-1 code fails. 374 This affected some XMPP clients. Patch by Dave Cridland 375 <dave.cridland@isode.com>. 376 377 2010-11-30 Alexey Melnikov <alexey.melnikov@isode.com> 378 * plugins/digestmd5.c: Fixed an interop problem with some 379 LDAP clients ignoring server advertised realm 380 and providing their own. 381 382 2009-08-14 Alexey Melnikov <alexey.melnikov@isode.com> 383 * saslauthd/auth_shadow.c: Rolled back the previous commit 384 (#define _XOPEN_SOURCE before including unistd.h), 385 as this seems to break Solaris 8 build. Note that crypt.h 386 should be present on a Solaris 8 machine, as well is on Debian, 387 so this shouldn't be a problem. 388 389 2009-08-04 Alexey Melnikov <alexey.melnikov@isode.com> 390 * plugins/gssapi.c: Properly set serveroutlen to 0 in one place. 391 Don't send empty challenge once server context establishment is done, 392 as this is in violation of the RFC 2222 and its successor. 393 394 2009-07-24 Alexey Melnikov <alexey.melnikov@isode.com> 395 * plugins/gssapi.c: Don't send maxbuf, if no security layer 396 can be established. Added additional checks for buffer lengths. 397 398 2009-05-20 Ken Murchison <murch@andrew.cmu.edu> 399 * configure.in, cmulocal/sasl2.m4, 400 config/kerberos_v4.m4, config/plain.m4, config/sasldb.m4, 401 lib/Makefile.am: Fixes to allow static libs to be built in the 402 CMU build environment 403 404 2009-05-07 Ken Murchison <murch@andrew.cmu.edu> 405 * configure.in, include/sasl.h, lib/Makefile.am, 406 plugins/Makefile.am, saslauthd/configure.in, sasldb/Makefile.am, 407 win32/common.mak, win32/include/config.h: 2.1.24 408 409 2009-05-03 Alexey Melnikov <alexey.melnikov@isode.com> 410 * sample/sample-client.c, sample/sample-server.c, utils/smtptest.c: 411 Fixed bug # 2895 (passing LF to sasl_decode64) 412 413 2009-05-03 Alexey Melnikov <alexey.melnikov@isode.com> 414 * lib/NTMakefile: Disabled annoying warnings about use of 415 deprecated standard C library functions, enabled 416 warnings about Windows64 portability 417 418 2009-05-03 Alexey Melnikov <alexey.melnikov@isode.com> 419 * configure.in: Added support for SQLite3 420 (patch by Maxim Gorbachyov) 421 422 2009-04-27 Ken Murchison <murch@andrew.cmu.edu> 423 * lib/saslutil.c: Fixed CERT VU#238019 (make sure sasl_encode64() 424 always NUL terminates output or returns SASL_BUFOVER). 425 426 2009-04-11 Alexey Melnikov <alexey.melnikov@isode.com> 427 * plugins/sql.c: Fixed SQLite lookup function. 428 Also fixed SASL PLAIN authentication when used with 429 SQLite auxprop backend. 430 431 2009-04-11 Alexey Melnikov <alexey.melnikov@isode.com> 432 * lib/dlopen.c: Updated to use .plugin extension on MacOS 433 434 2009-04-08 Alexey Melnikov <alexey.melnikov@isode.com> 435 * lib/client.c, lib/server.c: Removed unused mutexes 436 (bug # 3141) 437 438 2009-03-10 Alexey Melnikov <alexey.melnikov@isode.com> 439 * include/sasl.h, include/saslplug.h, lib/canonusr.c, 440 lib/checkpw.c, plugins/sasldb.c, plugins/sql.c: 441 Added direct support for hashed password to auxprop API 442 443 2009-03-10 Alexey Melnikov <alexey.melnikov@isode.com> 444 * include/sasl.h, lib/canonusr.c, lib/external.c, 445 plugins/gssapi.c, plugins/kerberos4.c: Make auxprop lookup 446 calls in SASL GSSAPI/EXTERNAL optional 447 448 2009-03-10 Alexey Melnikov <alexey.melnikov@isode.com> 449 * plugins/sasldb.c: A better fix for spurious 'user not found' 450 errors caused by an attempt to delete a non-existent property 451 452 2009-02-21 Alexey Melnikov <alexey.melnikov@isode.com> 453 * include/saslutil.h, lib/saslint.h: Made sasl_config_init public 454 455 2009-02-20 Alexey Melnikov <alexey.melnikov@isode.com> 456 * lib/saslint.h, lib/client.c, lib/common.c, lib/server.c: 457 Make sure that sasl_set_alloc() has no effect once sasl_client_init() 458 or sasl_server_init() is called [patch from Debian by 459 fabbe@debian.org] 460 461 2009-02-20 Alexey Melnikov <alexey.melnikov@isode.com> 462 * plugins/digestmd5.c: GCC 4.4 requires that the #elif 463 preprocessor directive have a test condition [patch from Debian by 464 fabbe@paniq.net] 465 466 2009-02-20 Alexey Melnikov <alexey.melnikov@isode.com> 467 * saslauthd/lak.c: Define LDAP_DEPRECATED so that ldap_get_values 468 is properly defined when compiling [patch from Debian by 469 Dann Frazier <dannf@debian.org>] 470 471 2009-02-20 Alexey Melnikov <alexey.melnikov@isode.com> 472 * saslauthd/auth_sasldb.c: pid_file_lock is created with a mask 473 of 644 instead of 0644 [patch from Debian by Sam Hocevar <sam@zoy.org>] 474 475 2009-02-20 Alexey Melnikov <alexey.melnikov@isode.com> 476 * saslauthd/auth_sasldb.c: Include config.h so that MAXHOSTNAMELEN 477 is available when building on hurd-i386 [patch from Debian 478 by mbanck@debian.org] 479 480 2009-02-20 Alexey Melnikov <alexey.melnikov@isode.com> 481 * saslauthd/auth_shadow.c: Define _XOPEN_SOURCE before including 482 unistd.h, so that crypt is correctly defined [patch from Debian 483 by dannf@debian.org] 484 485 2009-02-14 Alexey Melnikov <alexey.melnikov@isode.com> 486 * utils/pluginviewer.c: Code cleanup, improved human readable messages 487 488 2009-02-14 Alexey Melnikov <alexey.melnikov@isode.com> 489 * lib/config.c: Strip trailing spaces from config file option 490 values (bug # 3139, bug # 3041) 491 492 2009-02-14 Alexey Melnikov <alexey.melnikov@isode.com> 493 * plugins/otp.c: Don't use a stack variable for an OTP prompt 494 (bug # 2822) 495 496 2009-02-13 Alexey Melnikov <alexey.melnikov@isode.com> 497 * saslauthd/auth_getpwent.c: Fixed Solaris build (patch by Leena 498 Heino for bug # 2666) 499 500 2009-02-13 Alexey Melnikov <alexey.melnikov@isode.com> 501 * include/saslplug.h, lib/server.c, plugins/anonymous.c, 502 plugins/gssapi.c, plugins/otp.c: Partial support for the 503 SASL_FEAT_DONTUSE_USERPASSWD feature 504 505 2009-01-28 Alexey Melnikov <alexey.melnikov@isode.com> 506 * include/sasl.h, lib/auxprop.c, lib/common.c, lib/server.c: 507 Don't treat a constraint violation as an error to store an auxprop 508 property 509 510 2009-01-28 Alexey Melnikov <alexey.melnikov@isode.com> 511 * include/sasl.h, lib/server.c: Extended libsasl (auxprop) to support 512 user deletion 513 514 2009-01-28 Alexey Melnikov <alexey.melnikov@isode.com> 515 * plugins/otp.c: Downgrade the failure to store OTP secret to debug level 516 517 2009-01-25 Alexey Melnikov <alexey.melnikov@isode.com> 518 * lib/windlopen.c: Free handles of shared libraries on Windows 519 that were loaded but are not SASL plugins (patch by Petr Prazak) 520 [Bug # 2089]. 521 522 2008-11-23 Alexey Melnikov <alexey.melnikov@isode.com> 523 * plugins/NTMakefile, win32/common.mak: Added support for building 524 SQLite3 on Windows. 525 526 2008-11-23 Alexey Melnikov <alexey.melnikov@isode.com> 527 * plugins/ldapdb.c: Updated LDAPDB lookup function to match auxprop 528 API changes 529 530 2008-11-15 Alexey Melnikov <alexey.melnikov@isode.com> 531 * plugins/sql.c: Added SQLITE3 support (patch by Maxim Gorbachyov) 532 533 2008-10-31 Ken Murchison <murch@andrew.cmu.edu> 534 * lib/saslint.h, lib/server.c: order advertised mechanisms 535 per the specified 'mech_list' option or by relative "strength" 536 537 2008-10-30 Alexey Melnikov <alexey.melnikov@isode.com> 538 * plugins/digestmd5.c: Fixed more portability warnings. 539 Fixed some rare memory leaks. More detailed error reporting. 540 541 2008-10-30 Alexey Melnikov <alexey.melnikov@isode.com> 542 * win32/include/config.h, lib/canonusr.c, lib/config.c, 543 sasldb/allockey.c, utils/saslpasswd.c, utils/testsuite.c, 544 sample/sample-server.c, plugins/anonymous.c, plugins/digestmd5.c, 545 plugins/login.c, plugins/ntlm.c, plugins/otp.c: 546 Fixed Windows 64 portability and other types of warnings 547 548 2008-10-29 Alexey Melnikov <alexey.melnikov@isode.com> 549 * win32/common.mak: Added support for building libraries. 550 Added support for Windows64. 551 552 2008-10-29 Alexey Melnikov <alexey.melnikov@isode.com> 553 * lib/common.c: Prevent freeing of common state on a subsequent 554 call to _sasl_common_init. Make sure that the last global callback 555 always wins. 556 557 2008-10-29 Alexey Melnikov <alexey.melnikov@isode.com> 558 * lib/saslint.h, lib/canonusr.c, lib/checkpw.c, lib/client.c, 559 lib/server.c: Further fixes to auxprop lookup and _sasl_canon_user 560 cleanup 561 562 2008-10-29 Alexey Melnikov <alexey.melnikov@isode.com> 563 * include/saslplug.h, lib/auxprop.c, lib/canonusr.c, lib/saslint.h, 564 plugins/sasldb.c, plugins/sql.c: 565 Extended SASL auxprop_lookup to return error code 566 567 2008-10-29 Alexey Melnikov <alexey.melnikov@isode.com> 568 * lib/saslutil.c: Fixed Mac OS X 10.3 build. 569 570 2008-10-29 Alexey Melnikov <alexey.melnikov@isode.com> 571 * plugins/sql.c: Uninitialized variables cause crash when 572 the searched user is not found (patch from 573 Maxim Gorbachyov <maxim.gorbachyov@gmail.com>) 574 575 2008-10-23 Alexey Melnikov <alexey.melnikov@isode.com> 576 * sasldb/db_berkeley.c: Return SASL_NOUSER instead of SASL_FAIL 577 when the database file doesn't exist 578 579 2008-10-23 Alexey Melnikov <alexey.melnikov@isode.com> 580 * lib/checkpw.c: Updated sasl_user_exists so that it can handle 581 passwordless accounts (e.g. disabled) 582 583 2008-10-23 Alexey Melnikov <alexey.melnikov@isode.com> 584 * include/saslutil.h, lib/saslint.h, lib/client.c, lib/common.c, 585 lib/saslutil.c, lib/server.c: Added hostname canonicalization 586 587 2008-10-22 Alexey Melnikov <alexey.melnikov@isode.com> 588 * lib/NTMakefile, utils/NTMakefile, sample/NTMakefile, 589 plugins/NTMakefile: Updated to build with VC 8.0 (VC++ 2005) 590 591 2008-10-22 Alexey Melnikov <alexey.melnikov@isode.com> 592 * lib/NTMakefile: Don't install .exp and .manifest files. 593 Updated build dependencies. 594 595 2008-10-21 Alexey Melnikov <alexey.melnikov@isode.com> 596 * lib/saslint.h, lib/client.c, lib/common.c, lib/server.c: 597 Implemented sasl_client_done/sasl_server_done 598 599 2008-10-19 Alexey Melnikov <alexey.melnikov@isode.com> 600 * plugins/login.c, plugins/plain.c: Advertise 601 SASL_SEC_PASS_CREDENTIALS feature in PLAIN and LOGIN 602 603 2008-10-02 Ken Murchison <murch@andrew.cmu.edu> 604 * lib/checkpw.c: Fixed potential buffer overflow in 605 saslautd_verify_password(). 606 607 2008-09-30 Alexey Melnikov <alexey.melnikov@isode.com> 608 * lib/common.c: Fixed sasl_set_mutex() to disallow changing 609 mutex management functions once sasl_server_init/ 610 sasl_client_init is called. Failure to do this is causing 611 a crash while locking mutexes. [Bug # 3083] 612 613 2008-01-24 Ken Murchison <murch@andrew.cmu.edu> 614 * plugins/ntlm.c: Fixed crash in calculating NTv2 reponse 615 (patch from Tim Costen from Isode) 616 617 2008-01-23 Ken Murchison <murch@andrew.cmu.edu> 618 * plugins/ntlm.c, doc/options.html: allow a comma separated 619 list of servernames in 'ntlm_server' option 620 (patch from Enrico Persiani <enrico@ninfea-soft.org>) 621 622 2008-01-23 Ken Murchison <murch@andrew.cmu.edu> 623 * plugins/ldapdb.c, plugins/makeinit.sh, doc/options.html: 624 Added code to extend ldapdb into a canon_user plugin 625 in addition to its existing auxprop plugin functionality 626 (patch from Howard Chu <hyc@symas.com> 627 and Torsten Schlabach <tschlabach@gmx.net>) 628 629 2008-01-23 Ken Murchison <murch@andrew.cmu.edu> 630 * saslauthd/auth_rimap.c: fixed bug counting double-quotes in 631 username/password. Also fixed bug zeroing password. 632 (patch from Robert Sanderson <rwsiv1@gmail.com>) 633 634 2008-01-23 Ken Murchison <murch@andrew.cmu.edu> 635 * saslauthd/auth_krb.c: improved diagnostic in the 636 k5support_verify_tgt() function. Now, detailed krb5 error 637 information will be given out in the LOG_DEBUG syslog 638 channel (based on patch from Enrico Scholz 639 <enrico.scholz@informatik.tu-chemnitz.de>) 640 641 2007-06-13 Alexey Melnikov <alexey.melnikov@isode.com> 642 * lib/dlopen.c: 64bit HP-UX uses .so for shared libraries 643 (patch by Nathan Kinder <nkinder@redhat.com>). 644 645 2007-06-13 Alexey Melnikov <alexey.melnikov@isode.com> 646 * plugins/digestmd5.c: Fixed a memory leak in the DIGEST-MD5 647 security layer (based on patch from Nathan Kinder 648 <nkinder@redhat.com>). 649 650 2007-05-14 Alexey Melnikov <alexey.melnikov@isode.com> 651 * man/*: updated to reference RFC 4422 instead of 652 RFC 2222. 653 654 2007-03-02 Alexey Melnikov <alexey.melnikov@isode.com> 655 * plugins/sasldb.c, plugins/sql.c: Ignore properties 656 starting with '*' in the auxprop store function. 657 658 2007-02-14 Alexey Melnikov <alexey.melnikov@isode.com> 659 * plugins/digestmd5.c: Fixed parsing of challenges/ 660 responses with extra commas. 661 662 2007-01-29 Alexey Melnikov <alexey.melnikov@isode.com> 663 * plugins/gssapi.c: Check that params->serverFQDN is 664 not NULL before using strlen on it (reported by 665 Steven Simon <simon.s@apple.com>) 666 667 2006-12-01 Alexey Melnikov <alexey.melnikov@isode.com> 668 * lib/common.c: Typecast iov_base to (char *), 669 in case it is defined as "void *" on a platform 670 like HPUX (Olaf Flebbe). 671 672 2006-11-27 Alexey Melnikov <alexey.melnikov@isode.com> 673 * plugins/digestmd5.c: Cleaned up comments and 674 some error messages. 675 676 2006-08-24 Alexey Melnikov <alexey.melnikov@isode.com> 677 * lib/dlopen.c: Fixed segfault in dlclose on HPUX, 678 based on feedback from <biswatosh2001@yahoo.com>. 679 680 2006-07-16 Alexey Melnikov <alexey.melnikov@isode.com> 681 * win32/common.mak: Abstracted out compiler command 682 line options for exception handling. 683 684 2006-07-04 Alexey Melnikov <alexey.melnikov@isode.com> 685 * saslauthd/auth_shadow.c: Include crypt.h, so that crypt() 686 is defined. This fixes crash on x64 Suse where 687 sizeof(int) != sizeof(char *). Based on patch from 688 rhafer@suse.de. 689 690 2006-06-26 Alexey Melnikov <alexey.melnikov@isode.com> 691 * plugins/digestmd5.c: Allow for multiple qop options 692 from the server and require a single qop option 693 from the client. 694 695 2006-05-19 Ken Murchison <murch@andrew.cmu.edu> 696 * Makefile.am: include INSTALL.TXT in distro 697 *** Ready for 2.1.22 698 699 2006-05-18 Ken Murchison <murch@andrew.cmu.edu> 700 * cmulocal/sasl2.m4: patch to compile with MIT krb5 1.4.3 701 (Philip Guenther <guenther@sendmail.com>) 702 703 2006-05-18 Alexey Melnikov <alexey.melnikov@isode.com> 704 * configure.in: Fixed default value in help for the 705 --with-authdaemond command line option (Philip Guenther). 706 707 2006-05-17 Alexey Melnikov <alexey.melnikov@isode.com> 708 * NEWS: Ready for 2.1.22 709 710 2006-05-17 Alexey Melnikov <alexey.melnikov@isode.com> 711 * utils/Makefile.am: enable pluginviewer in the default build. 712 713 2006-04-26 Ken Murchison <murch@andrew.cmu.edu> 714 * lib/server.c: call do_authorization() after successful APOP 715 716 2006-04-26 Alexey Melnikov <alexey.melnikov@isode.com> 717 * plugins/digestmd5.c: If neither DES nor RC4 cipher is selected, 718 advertise maxssf of 1 (integrity protection). 719 720 2006-04-26 Alexey Melnikov <alexey.melnikov@isode.com> 721 * utils/pluginviewer.c: Must set fully qualified domain name 722 in sasl_client_new, or some plugins will not be shown. 723 724 2006-04-26 Alexey Melnikov <alexey.melnikov@isode.com> 725 * lib/client.c: Replaced wrong "break" statement with 726 "continue" in the client side list function. 727 728 2006-04-25 Alexey Melnikov <alexey.melnikov@isode.com> 729 * plugins/NTMakefile: Enable RC4 cipher in Windows build. 730 731 2006-04-25 Alexey Melnikov <alexey.melnikov@isode.com> 732 * plugins/digestmd5.c: Make sure that SASL packets 733 shorter than 16 bytes don't cause buffer overrun. 734 Also prevent an error report from BoundsChecker 735 regarding pointer being out of range. 736 737 2006-04-25 Alexey Melnikov <alexey.melnikov@isode.com> 738 * win32/common.mak: Fixed bug of not setting CODEGEN 739 (code generation option) if STATIC is set. 740 741 2006-04-24 Alexey Melnikov <alexey.melnikov@isode.com> 742 * plugins/passdss.c, plugins/srp.c: Added include files required 743 by OpenSSL 0.9.8 (original patch by Dan Nicholson). 744 745 2006-04-24 Alexey Melnikov <alexey.melnikov@isode.com> 746 * utils/NTMakefile: testsuite.exe doesn't depend on saslSASLDB.dll. 747 748 2006-04-24 Alexey Melnikov <alexey.melnikov@isode.com> 749 * doc/windows.html: Updated Windows build instructions. 750 751 2006-04-20 Alexey Melnikov <alexey.melnikov@isode.com> 752 * utils/testsuite.c: Removed sasl_encode test which is no longer 753 valid due to changed in sasl_encodev. 754 Also properly terminated all property request lists with NULL. 755 756 2006-04-19 Ken Murchison <murch@andrew.cmu.edu> 757 * saslauthd/auth_shadow.c, saslauthd/configure.in: Check for 4/5 758 argument versions of getXXname_r(). 759 760 2006-04-19 Alexey Melnikov <alexey.melnikov@isode.com> 761 * lib/common.c: Andrey V. Malyshev pointed out that the SASL 762 context is always NULL when the default logging callback 763 _sasl_syslog is called. In particular this means that 764 the log_level configuration option is always ignored. 765 766 2006-04-19 Alexey Melnikov <alexey.melnikov@isode.com> 767 * configure.in: Search for application configuration 768 files in /usr/lib/sasl2 by default and fall back to 769 /etc/sasl2 if not found. 770 771 2006-04-19 Alexey Melnikov <alexey.melnikov@isode.com> 772 * plugins/digestmd5.c: Handle missing realm option from 773 the client as the empty string. This match the behavior 774 prescribed in RFC 2831. 775 776 2006-04-19 Alexey Melnikov <alexey.melnikov@isode.com> 777 * saslauthd/Makefile.am: Enable testsaslauthd build 778 by default. 779 780 2006-04-18 Alexey Melnikov <alexey.melnikov@isode.com> 781 * lib/saslint.h, lib/common.c: Added support for spliting 782 big data blocks (bigger than maxbuf) into multiple SASL 783 packets in sasl_encodev. 784 785 2006-04-10 Alexey Melnikov <alexey.melnikov@isode.com> 786 * utils/Makefile.am: Added the pluginviewer man page. 787 Reordered link dependencies for saslpasswds/sasldblistusers2. 788 789 2006-04-10 Alexey Melnikov <alexey.melnikov@isode.com> 790 * utils/pluginviewer.8: Added man page for pluginviewer. 791 792 2006-04-10 Alexey Melnikov <alexey.melnikov@isode.com> 793 * utils/pluginviewer.c: Deleted unused command line parameters 794 and cleaned up usage output. 795 796 2006-04-10 Alexey Melnikov <alexey.melnikov@isode.com> 797 * include/gai.h: Use HAVE_GETADDRINFO (instead of HAVE_GETNAMEINFO) 798 to protect definition of getaddrinfo(). 799 800 2006-04-10 Alexey Melnikov <alexey.melnikov@isode.com> 801 * include/sasl.h: Allocated some GSSAPI specific properties 802 for Nico Williams (Sun) 803 804 2006-04-10 Alexey Melnikov <alexey.melnikov@isode.com> 805 * lib/common.c: Free default_plugin_path and 806 default_conf_path variables in sasl_done. 807 808 2006-04-10 Alexey Melnikov <alexey.melnikov@isode.com> 809 * sasldb/allockey.c: Cleaned up some warnings 810 811 2006-04-10 Alexey Melnikov <alexey.melnikov@isode.com> 812 * win32/include/config.h: Deleted a misleading comment 813 814 2006-04-06 Jeffrey Teaton <jeaton@cmu.edu> 815 * saslauthd/auth_rimap.c: patch from Dale Sedivec to prevent 816 segfault when saslauth free()s returned string 817 * plugins/sql.c: patch from Matthew Hardin to do better 818 error checking for mysql_real_query 819 820 2006-04-03 Alexey Melnikov <alexey.melnikov@isode.com> 821 * configure.in, plugins/NTMakefile, plugins/sasldb.c, 822 sasldb/db_berkeley.c, sasldb/sasldb.h: 823 Patch to keep BerkleyDB handle open between operations 824 (for performance reason). New behavior can be enabled 825 with --enable-keep-db-open. Original patch by Curtis King. 826 827 2006-03-14 Alexey Melnikov <alexey.melnikov@isode.com> 828 * lib/server.c: Fixed bug # 2796: load_config now 829 looks in all directories for the config file, 830 not just in the first one. 831 832 2006-03-14 Alexey Melnikov <alexey.melnikov@isode.com> 833 * include/saslplug.h, lib/auxprop.c, lib/client.c 834 lib/server.c, utils/Makefile.am, utils/NTMakefile, 835 utils/pluginviewer.c [new]: 836 Added support for reporting information about 837 loaded auxprop plugins. Changed the first parameter 838 to sasl_server_plugin_info/sasl_client_plugin_info 839 to be "const char *". Added new utility for 840 reporting information about client and server side 841 authentication plugins and auxprop plugins (e.g. 842 supported features, methods, etc.). 843 844 2006-03-13 Alexey Melnikov <alexey.melnikov@isode.com> 845 * saslauthd/Makefile.am, saslauthd/auth_httpform.c, 846 saslauthd/auth_httpform.h, saslauthd/configure.in, 847 saslauthd/mechanisms.c, saslauthd/mechanisms.h: 848 Added support for HTTP POST password validation 849 in saslauthd (patch by Joe Ammann <joe@pyx.ch>) 850 851 2006-03-13 Alexey Melnikov <alexey.melnikov@isode.com> 852 * cmulocal/openldap.m4: Allow for compilation 853 with OpenLDAP 2.3+. 854 855 2006-03-13 Alexey Melnikov <alexey.melnikov@isode.com> 856 * lib/saslutil.c, utils/testsuite.c: Various 857 fixes to sasl_decode64: don't ignore partial 858 base64 data, don't allow any data after the '=' 859 sign, etc.). 860 861 2006-03-13 Alexey Melnikov <alexey.melnikov@isode.com> 862 * lib/saslint.h: Increase canonicalization buffer 863 size to 1024 bytes, as Luke Howard has reported 864 that 256 is too small for some certificates. 865 866 2006-03-13 Alexey Melnikov <alexey.melnikov@isode.com> 867 * lib/NTMakefile: Include Cyrus version of 868 getnameinfo() when compiling with Visual Studio 6, 869 as Windows SDK emulation is not available. 870 871 2006-02-13 Alexey Melnikov <alexey.melnikov@isode.com> 872 * include/sasl.h, lib/common.c: Added sasl_set_path 873 function (for a more convenient way of setting 874 plugin and config paths. Changed the default 875 sasl_getpath_t/sasl_getconfpath_t callbacks to 876 calculate the value only once and cache it 877 for later use. 878 879 2006-02-13 Alexey Melnikov <alexey.melnikov@isode.com> 880 * configure.in, include/sasl.h, lib/common.c, 881 lib/saslinit.h, lib/server.c, man/Makefile.am, 882 man/sasl_callbacks.3, man/sasl_getconfpath_t.3, 883 win32/include/config.h: Added a new sasl_getconf_t 884 callback for specifying where SASL configuration files 885 can be found. Based on patch from Artur Frysiak 886 <wiget@pld.org.pl> for SASL v1, updated by Gentoo 887 folks for SASL v2 and further modified by 888 Andreas Hasenack <andreas@conectiva.com.br>. 889 890 2006-01-31 Alexey Melnikov <alexey.melnikov@isode.com> 891 * INSTALL, INSTALL.TXT: Renamed INSTALL to INSTALL.TXT 892 as the former conflicts with Windows "install" target 893 (and Windows file names are case-insensitive). 894 895 2005-08-11 Alexey Melnikov <alexey.melnikov@isode.com> 896 * plugins/sasldb.c: Return SASL_NOUSER only if all calls to 897 _sasldb_putdata() return SASL_NOUSER. This prevents spurious 898 SASL_NOUSER errors. 899 900 2005-07-07 Alexey Melnikov <alexey.melnikov@isode.com> 901 * plugins/ntlm.c: Added <openssl/md5.h> include in order to fix 902 building with OpenSSL 0.9.8. 903 904 2005-05-19 Derrick Brashear <shadow@andrew.cmu.edu> 905 * config/libtool.m4: do proper quoting, from Andreas Winkelmann 906 * configure.in: clean up enable switches, from Patrick Welche 907 * config/sasldb.m4: fix macro names, from Andreas Winkelmann 908 * lib/client.c: deal with gcc4 strictness, from Steven Simon 909 910 2005-05-16 Derrick Brashear <shadow@andrew.cmu.edu> 911 * configure.in, include/sasl.h, lib/Makefile.am, 912 plugins/Makefile.am, saslauthd/configure.in, sasldb/Makefile.am, 913 win32/common.mak, win32/include/config.h: 2.1.21 914 * Makefile.am: fix dist-hook to run makeinit.sh in plugins/ 915 916 2005-05-15 Derrick Brashear <shadow@andrew.cmu.edu> 917 * saslauthd/lak.c: leak fix from Igor Brezac 918 919 2005-05-15 Alexey Melnikov <alexey.melnikov@isode.com> 920 * plugins/NTMakefile: ldapdb on Windows might depend on OpenSSL. 921 922 2005-05-06 Derrick Brashear <shadow@andrew.cmu.edu> 923 * configure.in, saslauthd/auth_pam.c: detect pam header location also 924 where MacOS provides it, and use it there 925 * utils/Makefile.am: change link order for MacOS 926 * configure.in: provide option to disable installing MacOS SASL2 927 framework 928 * configure.in, config/kerberos_v4.m4, config/plain.m4, 929 config/sasldb.m4, lib/Makefile.am, sasldb/Makefile.am, 930 (cmulocal/sasl2.m4): fix case where we are building 931 --enable-static --with-dblib=none causing automake's dependancy 932 stuff to screw us when we try to build files with .. in their path 933 934 2005-04-11 Derrick Brashear <shadow@andrew.cmu.edu> 935 * configure.in, plugins/digestmd5.c: detect and include des.h if it 936 exists, otherwise assume we don't need it (Solaris 9) 937 938 2005-04-11 Derrick Brashear <shadow@andrew.cmu.edu> 939 * sasldb/Makefile.am, config/sasldb.m4: work around HP-UX make's 940 inability to have pipes in $(shell ...) by setting 941 LOCAL_SASL_DB_BACKEND_STATIC at the same time as 942 SASL_DB_BACKEND_STATIC. 943 944 2005-03-15 Alexey Melnikov <alexey.melnikov@isode.com> 945 * lib/dlopen.c: log the reason for opendir() failure 946 when loading plugin. 947 948 2005-03-08 Alexey Melnikov <alexey.melnikov@isode.com> 949 * man/sasl_auxprop.3, man/sasl_auxprop_getctx.3, 950 man/sasl_auxprop_request.3, man/sasl_canon_user_t.3, 951 man/sasl_client_init.3, man/sasl_client_new.3, 952 man/sasl_client_start.3, man/sasl_client_step.3, 953 man/sasl_decode.3, man/sasl_errdetail.3, man/sasl_errstring.3, 954 man/sasl_getpath_t.3, man/sasl_getrealm_t.3, 955 man/sasl_getsecret_t.3, man/sasl_server_init.3, 956 man/sasl_server_new.3, man/sasl_server_start.3, 957 man/sasl_server_step.3, man/sasl_setpass.3, 958 man/sasl_user_exists.3, man/sasl_verifyfile_t.3: multiple 959 spelling corrections from Steven Simon <steven_si@sbcglobal.net>. 960 961 2005-03-07 Alexey Melnikov <alexey.melnikov@isode.com> 962 * utils/saslpasswd2.8, utils/sasldblistusers2.8: updated manpages. 963 964 2005-03-01 Derrick Brashear <shadow@andrew.cmu.edu> 965 * lib/common.c: honor log level setting 966 967 2005-02-28 Derrick Brashear <shadow@andrew.cmu.edu> 968 * README.ldapdb: ldapdb license info 969 970 2005-02-25 Alexey Melnikov <alexey.melnikov@isode.com> 971 * include/sasl.h, lib/common.c: Added SASL_VERSION_FULL 972 define 973 974 2005-02-22 Alexey Melnikov <alexey.melnikov@isode.com> 975 * plugins/NTMakefile, win32/common.mak: Windows build of the ldapdb 976 auxprop plugin 977 978 2005-02-16 Derrick Brashear <shadow@andrew.cmu.edu> 979 * configure.in, doc/install.html, doc/options.html, doc/readme.html, 980 doc/sysadmin.html, lib/staticopen.h, plugins/Makefile.am, 981 plugins/ldapdb.c, plugins/makeinit.sh: pull in ldapdb auxprop 982 plugin, from Igor Brezac (Howard Chu's plugin) 983 984 2005-02-14 Derrick Brashear <shadow@andrew.cmu.edu> 985 * saslauthd/krbtf.c: updated from CMUCS 986 * saslauthd/auth_krb5.c: log the krb5 error return if get_creds fails 987 988 2005-02-01 Alexey Melnikov <alexey.melnikov@isode.com> 989 * win32/include/config.h: Updated to match gai.h changes. 990 * win32/include/config.h: added define for the OTP plugin. 991 992 2005-01-27 Derrick Brashear <shadow@andrew.cmu.edu> 993 * configure.in, include/gai.h: move AI_NUMERICHOSTS definitions 994 to config.h because gai.h is not always included. 995 996 2005-01-10 Derrick Brashear <shadow@andrew.cmu.edu> 997 * saslauthd/auth_krb5.c, saslauthd/auth_krb4.c, 998 saslauthd/krbtf.h (added), saslauthd/krbtf.c (added), 999 saslauthd/cfile.h (added), saslauthd/cfile.c (added), 1000 saslauthd/Makefile.am: Kerberos V4/V5 alternate keytab 1001 in saslauthd, plus common code merging (from David Eckhardt 1002 via Dale Moore) 1003 1004 2004-12-08 Alexey Melnikov <alexey.melnikov@isode.com> 1005 * doc/windows.html: Updated as per recent build changes. 1006 * plugins/ntlm.c: Fixed NTLM build on Windows, 1007 as compiler was complaining about array size not being 1008 a const. 1009 * lib/NTMakefile, plugins/NTMakefile, win32/common.mak, 1010 win32/include/config.h: Use native IPv6 support on Windows, 1011 falling back to Microsoft emulation. Cleaner support 1012 for Visual Studio 6. 1013 1014 2004-11-24 Ken Murchison <ken@oceana.com> 1015 * plugins/sql.c: squashed unused parameter warnings 1016 1017 2004-11-24 Ken Murchison <ken@oceana.com> 1018 * plugins/passdss.c: added; PASSDSS-3DES-1 implementation 1019 * configure.in, plugins/Makefile.am, plugins/makeinit.sh: 1020 added support for PASSDSS 1021 * doc/draft-newman-sasl-passdss-xx.txt: added 1022 * doc/index.html, doc/Makefile.am: added PASSDSS draft 1023 1024 2004-11-19 Derrick Brashear <shadow@andrew.cmu.edu> 1025 * saslauthd/auth_krb5.c: verify against the service we 1026 were passed. needs to be made configurable. 1027 1028 2004-11-10 Alexey Melnikov <alexey.melnikov@isode.com> 1029 * doc/draft-burdis-cat-srp-sasl-08.txt: deleted 1030 * doc/draft-ietf-sasl-anon-02.txt: deleted 1031 * doc/draft-ietf-sasl-crammd5-01.txt: deleted 1032 * doc/draft-ietf-sasl-gssapi-00.txt: deleted 1033 * doc/draft-ietf-sasl-plain-03.txt: deleted 1034 * doc/draft-ietf-sasl-rfc2222bis-03.txt: deleted 1035 * doc/draft-ietf-sasl-rfc2831bis-02.txt: deleted 1036 * doc/draft-ietf-sasl-saslprep-04.txt: deleted 1037 * doc/draft-newman-sasl-c-api-01.txt: deleted 1038 * doc/draft-burdis-cat-srp-sasl-xx.txt: added 1039 * doc/draft-ietf-sasl-anon-xx.txt: added 1040 * doc/draft-ietf-sasl-crammd5-xx.txt: added 1041 * doc/draft-ietf-sasl-gssapi-xx.txt: added 1042 * doc/draft-ietf-sasl-plain-xx.txt: added 1043 * doc/draft-ietf-sasl-rfc2222bis-xx.txt: added 1044 * doc/draft-ietf-sasl-rfc2831bis-xx.txt: added 1045 * doc/draft-ietf-sasl-saslprep-xx.txt: added 1046 * doc/draft-newman-sasl-c-api-xx.txt: added 1047 * doc/index.html, doc/Makefile.am: Renamed the files 1048 1049 2004-11-02 Alexey Melnikov <alexey.melnikov@isode.com> 1050 * include/saslplug.h, lib/common.c, lib/saslint.h, 1051 lib/client.c: Added sasl_client_plugin_info(). 1052 1053 2004-10-26 Alexey Melnikov <alexey.melnikov@isode.com> 1054 * sample/sample-client.c, sample/sample-server.c: Fixed several 1055 64 bit portability warnings. 1056 * utils/testsuite.c: Fixed several 64 bit portability warnings. 1057 * utils/saslpasswd.c: Fixed typo in an auxprop name. 1058 * include/saslplug.h, lib/common.c, lib/saslint.h, 1059 lib/server.c: Added sasl_server_plugin_info(). 1060 1061 2004-10-24 Derrick Brashear <shadow@andrew.cmu.edu> 1062 * lib/common.c: initialize path in case caller didn't. 1063 1064 2004-10-24 Derrick Brashear <shadow@andrew.cmu.edu> 1065 * Prep for 2.1.20 1066 1067 2004-10-19 Derrick Brashear <shadow@dementia.org> 1068 * Makefile.am, saslauthd/Makefile.am: require automake 1.7; 1069 prior versions require AM_CONFIG_HEADER and dislike AM_LDFLAGS 1070 1071 2004-10-14 Ken Murchison <ken@oceana.com> 1072 * plugins/ntlm.c: portability fixes from Alexey, and squashed a 1073 signed/unsigned warning 1074 1075 2004-10-14 Alexey Melnikov <alexey.melnikov@isode.com> 1076 * lib/NTMakefile: Don't install intermediate file libsasl.res 1077 1078 2004-09-22 Derrick Brashear <shadow@andrew.cmu.edu> 1079 * lib/common.c: don't honor SASL_PATH in setuid environment. 1080 from Gentoo 1081 1082 2004-09-08 Alexey Melnikov <alexey.melnikov@isode.com> 1083 * plugins/cram.c, plugins/anonymous.c, plugins/login.c, 1084 plugins/plain.c, plugins/sasldb.c: Fixed several 64 bit 1085 portability warnings 1086 1087 2004-09-02 Derrick Brashear <shadow@andrew.cmu.edu> 1088 * plugins/kerberosv4.c: simple explanation in the code of one 1089 possible error you might see in strange circumstances; 1090 i should probably make openssl's des unable to be used if 1091 mit krb5 is being used. 1092 1093 2004-08-06 Derrick Brashear <shadow@andrew.cmu.edu> 1094 * plugins/cram.c: initialize authid to null so stack garbage 1095 is not pushed into _sasl_canon_user 1096 1097 2004-07-29 Rob Siemborski <rjs3@andrew.cmu.edu> 1098 * plugins/digestmd5.c: Fix handling of client realm callback 1099 (Alexey Melnikov <Alexey.Melnikov@isode.com>) 1100 1101 2004-07-21 Rob Siemborski <rjs3@andrew.cmu.edu> 1102 * plugins/gssapi.c: Memory management cleanup 1103 (Alexey Melnikov <Alexey.Melnikov@isode.com>) 1104 1105 2004-07-15 Rob Siemborski <rjs3@andrew.cmu.edu> 1106 * configure.in, plugins/gssapi.c: Wrap all GSS calls 1107 in mutexes when required by the implementation. 1108 (based on a patch by Simon Wilkinson <simon@sxw.org.uk>) 1109 1110 2004-07-06 Rob Siemborski <rjs3@andrew.cmu.edu> 1111 * plugins/digestmd5.c: Fix potential buffer overflow, call 1112 add_to_challenge in 2 more places (Alexey Melnikov 1113 <Alexey.Melnikov@isode.com>) 1114 * lib/server.c, lib/saslint.h, lib/common.c: don't directly 1115 store buffers in the params structure 1116 * plugins/gssapi.c: Fix server side maxoutbuf calculation 1117 (Sam Hartman <hartmans@mit.edu>) 1118 * plugins/gssapi.c: Use gss_wrap_size_limit on client side too 1119 * Ready for 2.1.19 1120 1121 2004-07-01 Rob Siemborski <rjs3@andrew.cmu.edu> 1122 * Prep for 2.1.19 1123 1124 2004-06-30 Rob Siemborski <rjs3@andrew.cmu.edu> 1125 * saslauthd/auth_rimap.c: Fix Tru64 compilation problem 1126 * plugins/sql.c: Don't leak settings variable if init fails 1127 * utils/testsuite.c: Update for current library 1128 * plugins/digestmd5.c: Quoting fixes for client side 1129 (Alexey Melnikov <Alexey.Melnikov@isode.com>) 1130 1131 2004-06-23 Rob Siemborski <rjs3@andrew.cmu.edu> 1132 * saslauthd/lak.c: Minor bugfixes, support %R token 1133 (Igor Brezac <igor@ypass.net>) 1134 * plugins/otp.c: Use plugin supplied authid for mech calculations 1135 (Alexey Melnikov <Alexey.Melnikov@isode.com>) 1136 * lib/auxprop.c: Use getopt callback from connection context when 1137 storing auxprops (Alexey Melnikov <Alexey.Melnikov@isode.com>) 1138 * plugins/otp.c, plugins/srp.c, plugins/plugin_common.c: Use correct 1139 form of userid (user@realm) when running setpass methods 1140 (Alexey Melnikov <Alexey.Melnikov@isode.com>) 1141 * saslauthd/configure.in: Handle LTLIBOBJS 1142 1143 2004-06-18 Rob Siemborski <rjs3@andrew.cmu.edu> 1144 * plugins/NTMakefile: Remove only recognized (generated) .rc files, 1145 not just *.rc. This will allow for plugins with own resource files. 1146 Also corrected spelling mistake in OPENSSL (Alexey Melnikov 1147 <Alexey.Melnikov@isode.com>) 1148 * lib/server.c, include/sasl.h: Support for SASL_SET_CURMECH_ONLY 1149 flag to sasl_setpass() (Alexey Melnikov <Alexey.Melnikov@isode.com>) 1150 1151 2004-06-16 Ken Murchison <ken@oceana.com> 1152 * lib/server.c: use more accurate errors codes for mech_permitted() 1153 1154 2004-06-16 Ken Murchison <ken@oceana.com> 1155 * plugins/srp.c: don't used the parsed authid for calculations 1156 (Alexey Melnikov <alexey.melnikov@isode.com>) 1157 1158 2004-06-16 Rob Siemborski <rjs3@andrew.cmu.edu> 1159 * Support for forwarding of GSSAPI credentials 1160 (Morten Olsen <mso@medical-insight.com & 1161 Alexey Melnikov <alexey.melnikov@isode.com>) 1162 1163 2004-06-03 Rob Siemborski <rjs3@andrew.cmu.edu> 1164 * win32/config.mak: Remove unneeded libraries 1165 (Alexey Melnikov <alexey.melnikov@isode.com>) 1166 1167 2004-06-02 Rob Siemborski <rjs3@andrew.cmu.edu> 1168 * Spelling Fixes (selsky@columbia.edu) 1169 1170 2004-05-27 Rob Siemborski <rjs3@andrew.cmu.edu> 1171 * SQLite support (Norikatsu Shigemura <nork@ninth-nine.com>) 1172 * SQLite support on windows (Alexey Melnikov 1173 <Alexey.Melnikov@isode.com>) 1174 1175 2004-05-25 Ken Murchison <ken@oceana.com> 1176 * plugins/digest-md5.c: use separate global contexts for client/server 1177 1178 2004-05-21 Rob Siemborski <rjs3@andrew.cmu.edu> 1179 * configure.in, lib/Makefile.am: Better handling of -ldoor library 1180 addition (only add it to base library, don't add -lpthread) 1181 * saslauthd/auth_krb5.c: zero out the krb5_data structure 1182 before use 1183 1184 2004-05-20 Rob Siemborski <rjs3@andrew.cmu.edu> 1185 * include/sasl.h, lib/common.c, lib/saslint.h, lib/server.c: 1186 Add SASL_APPNAME to sasl_getprop/sasl_setprop for further 1187 compatibilty with SASL C API draft 1188 (Alexey Melnikov <Alexey.Melnikov@isode.com>) 1189 1190 2004-05-18 Ken Murchison <ken@oceana.com> 1191 * plugins/digest-md5.c: made the global context a struct 1192 containing the reauth_cache so we can NULL it after we free it 1193 1194 2004-05-07 Ken Murchison <ken@oceana.com> 1195 * contrib/stripplus_canonuser.patch: added 1196 1197 2004-04-27 Rob Siemborski <rjs3@andrew.cmu.edu> 1198 * saslauthd/auth_shadow.c: Make thread-safe 1199 (Steve Barber <steveb@cme.nist.gov>) 1200 1201 2004-04-26 Rob Siemborski <rjs3@andrew.cmu.edu> 1202 * saslauthd/auth_krb5.c: Alternate realm support for Kerberos 5 1203 1204 2004-04-16 Ken Murchison <ken@oceana.com> 1205 * plugins/ntlm.c: Mac OS X fix 1206 (Chris Ridd <chris.ridd@isode.com>) 1207 1208 2004-04-14 Ken Murchison <ken@oceana.com> 1209 * plugins/plain.c: don't include authzid in response unless 1210 specified by client 1211 1212 2004-03-29 Rob Siemborski <rjs3@andrew.cmu.edu> 1213 * sample/server.c: Ensure that len has a value 1214 1215 2004-03-25 Rob Siemborski <rjs3@andrew.cmu.edu> 1216 * saslauthd/saslauthd-main.c: add -r option to saslauthd for combining 1217 user and realm into user@realm (for the userid). Based on a patch 1218 by Jeremy Rumpf <jrumpf@heavyload.net>. 1219 1220 2004-03-17 Rob Siemborski <rjs3@andrew.cmu.edu> 1221 * lib/checkpw.c: Include errno.h when HAVE_AUTHDAEMON is defined 1222 * doc/windows.html: Updates (Alexey Melnikov <Alexey.Melnikov@isode.com>) 1223 1224 2004-03-16 Rob Siemborski <rjs3@andrew.cmu.edu> 1225 * configure.in: Properly use CMU_ADD_LIBPATH_TO for pgsql and mysql 1226 1227 2004-03-10 Rob Siemborski <rjs3@andrew.cmu.edu> 1228 * lib/dlopen.c: HPUX 11 Fix (Alexey Melnikov <Alexey.Melnikov@isode.com>) 1229 * Add sasl_version_info() (Alexey Melnikov <Alexey.Melnikov@isode.com>) 1230 * Add a bunch of NTMakefile files to EXTRA_DIST in Makefile.am's 1231 * Ready for 2.1.18 1232 1233 2004-03-08 Rob Siemborski <rjs3@andrew.cmu.edu> 1234 * NI_WITHSCOPEID fixes (Hajimu UMEMOTO <ume@mahoroba.org>) - correct 1235 Solaris 9 IPLOCALPORT/IPREMOTEPORT issue 1236 1237 2004-02-24 Rob Siemborski <rjs3@andrew.cmu.edu> 1238 * acinclude.m4: move to config/libtool.m4 1239 * saslauthd/lak.[ch]: Added filter based group membership check 1240 (Paul Bender <pbender@qualcomm.com>, Igor Brezac <igor@ipass.net>) 1241 1242 2004-02-23 Rob Siemborski <rjs3@andrew.cmu.edu> 1243 * plugins/NTMakefile: Enable DO_SRP_SETPASS on windows 1244 (Alexey Melnikov <Alexey.Melnikov@isode.com>) 1245 * doc/windows.html: Updates 1246 (Alexey Melnikov <Alexey.Melnikov@isode.com>) 1247 * win32/: Add version resource info to plugins 1248 (Alexey Melnikov <Alexey.Melnikov@isode.com>) 1249 * plugins/digestmd5.c: Comments and other cleanup 1250 1251 2004-02-20 Rob Siemborski <rjs3@andrew.cmu.edu> 1252 * lib/server.c, include/saslplug.h: Allow "temporary failure" 1253 return values from mech_avail 1254 * lib/canonusr.c, lib/server.c: Comment Nits 1255 (Alexey Melnikov <Alexey.Melnikov@isode.com>) 1256 * plugins/NTMakefile, plugins/plugin_common.h, 1257 plugins/plugin_common.c, plugins/otp.c: build OTP on Windows 1258 (Alexey Melnikov <Alexey.Melnikov@isode.com>) 1259 1260 2004-02-19 Ken Murchison <ken@oceana.com> 1261 * plugins/ntlm.c, sample/server.c, sample/client.c: 1262 error checking of getnameinfo() (Paul Kranenburg <pk@cs.few.eur.nl>) 1263 * plugins/ntlm.c: alignment and endian fixes in load_session_setup() 1264 (Paul Kranenburg <pk@cs.few.eur.nl>) 1265 1266 2004-02-18 Rob Siemborski <rjs3@andrew.cmu.edu> 1267 * doc/NTMakefile, NTMakefile: nmake install support 1268 for doc/ (Alexey Melnikov <Alexey.Melnikov@isode.com>) 1269 * plugins/digestmd5.c: Check that digest-uri is only sent once 1270 (Alexey Melnikov <Alexey.Melnikov@isode.com>) 1271 * utils/Makefile.am: add LIB_PGSQL to static link line 1272 1273 2004-02-17 Rob Siemborski <rjs3@andrew.cmu.edu> 1274 * win32/include/config.h: caddr_t might be already defined 1275 elsewhere (Alexey Melnikov <Alexey.Melnikov@isode.com>) 1276 * lib/NTMakefile, include/saslutil.h: getopt might be already 1277 defined elsewhere. The change will produce libsasl.dll which exports 1278 getopt, buat a define can be used to prevent import of getopt from 1279 libsasl.dll. (Alexey Melnikov <Alexey.Melnikov@isode.com>) 1280 1281 2004-02-16 Rob Siemborski <rjs3@andrew.cmu.edu> 1282 * configure.in: Remove deprecated AC_PROG_RANLIB, CMU_PROG_LIBTOOL 1283 (Patrick Welche <prlw1@newn.cam.ac.uk>) 1284 * lib/dlopen.c: OpenBSD ELF patch (J.C. Roberts) 1285 1286 2004-02-06 Rob Siemborski <rjs3@andrew.cmu.edu> 1287 * lib/NTMakefile, utils/NTMakefile: fix "clean" target 1288 (Alexey Melnikov <Alexey.Melnikov@isode.com>) 1289 * General winsock.h -> winsock2.h conversion 1290 (Alexey Melnikov <Alexey.Melnikov@isode.com>) 1291 * plugins/plugin_common.h: add extern "C" wrapper 1292 (Alexey Melnikov <Alexey.Melnikov@isode.com>) 1293 1294 2004-01-23 Rob Siemborski <rjs3@andrew.cmu.edu> 1295 * Remove "experimental" designation from saslauthd/ldap 1296 * Correct handling of sasl_setpass errors when no 1297 mechanisms implement the setpass interface 1298 (Alexey Melnikov <Alexey.Melnikov@isode.com>) 1299 1300 2004-01-20 Rob Siemborski <rjs3@andrew.cmu.edu> 1301 * configure.in: minor sql nit (Edward Rudd <eddie@omegaware.com>) 1302 * lib/staticopen.h: MYSQL should be SQL 1303 (Edward Rudd <eddie@omegaware.com>) 1304 1305 2004-01-12 Rob Siemborski <rjs3@andrew.cmu.edu> 1306 * win32/include/config.h: fix VC++ 6.0 compiles 1307 (Alexey Melnikov <Alexey.Melnikov@isode.com>) 1308 * configure.in: Correct use of AC_LIBOBJ, quote macro names 1309 defined by AC_DEFUN, Use enable_shared to determine whether 1310 to enable the shared plugin. 1311 (Maciej W. Rozycki <macro@ds2.pg.gda.pl>) 1312 * plugins/srp.c: Fix typos 1313 (Maciej W. Rozycki <macro@ds2.pg.gda.pl>) 1314 * saslauthd/configure.in: Correct use of AC_LIBOBJ 1315 (Maciej W. Rozycki <macro@ds2.pg.gda.pl>) 1316 1317 2004-01-08 Ken Murchison <ken@oceana.com> 1318 * plugins/sql.c: better error logging 1319 1320 2004-01-07 Rob Siemborski <rjs3@andrew.cmu.edu> 1321 * lib/checkpw.c & others: Support for Courier-IMAP authdaemond 1322 use during password verification (Leandro Santi 1323 <lesanti@uolsinectis.com.ar>) 1324 1325 2003-12-30 Rob Siemborski <rjs3@andrew.cmu.edu> 1326 * saslauthd/lak.c: Fix NULL pointer dereference 1327 (Simon Brady <simon.brady@otago.ac.nz>) 1328 * saslauthd/lak.c, lak.h, LDAP_SASLAUTHD: Improved retry handler, 1329 Improved logging/debug messages, Fixed String checks, config 1330 option changes (Igor Brezac <igor@ipass.net>) 1331 1332 2003-12-22 Rob Siemborski <rjs3@andrew.cmu.edu> 1333 * plugins/digestmd5.c: Fix memory leak 1334 (Alexey Melnikov <Alexey.Melnikov@isode.com>) 1335 1336 2003-12-18 Rob Siemborski <rjs3@andrew.cmu.edu> 1337 * plugins/plugin_common.c: Fix handling of blob unwrapping 1338 in _plug_decode 1339 * lib/checkpw.c: Fix some file descriptor leaks during failures 1340 in the saslauthd code. 1341 1342 2003-12-15 Rob Siemborksi <rjs3@andrew.cmu.edu> 1343 * utils/saslauthd.c: Fix Typo 1344 (Alexey Melnikov <Alexey.Melnikov@isode.com>) 1345 * plugins/plugin_common.c: Fix potential memory leak 1346 * lib/external.c: Limit size of authzids in EXTERNAL 1347 * plugins/gssapi.c: Pre-init some variables 1348 * lib/cram.c: Detect possible buffer overrun 1349 * lib/checkpw.c: Post-fence bug 1350 (Leandro Santi <lesanti@uolsinectis.com.ar>) 1351 1352 2003-12-12 Rob Siemborski <rjs3@andrew.cmu.edu> 1353 * saslauthd/lak.c: assign null to free 1354 variables (Juan Felipe Garcia <fgc@usal.es>) 1355 * saslauthd/lak.c: Improve retry when ldap connection is reset 1356 (1st pass) (Igor Brezac <igor@ipass.net>) 1357 1358 2003-12-11 Rolf Braun <rbraun@andrew.cmu.edu> 1359 * Several MacOS X Fixes 1360 1361 2003-12-06 Ken Murchison <ken@oceana.com> 1362 * lib/checkpw.c, lib/server.c, 1363 plugins/cram.c, plugins/digestmd5.c, plugins/ntlm.c, 1364 plugins/otp.c, plugins/srp.c: erase the plaintext password 1365 property from the context when we're done with it 1366 1367 2003-12-01 Ken Murchison <ken@oceana.com> 1368 * doc/draft-ietf-sasl-crammd5-01.txt: added 1369 * doc/draft-ietf-sasl-gssapi-00.txt: added 1370 * doc/draft-ietf-sasl-plain-03.txt: added 1371 * doc/draft-ietf-sasl-rfc2222bis-03.txt: added 1372 * doc/draft-ietf-sasl-saslprep-04.txt: added 1373 * doc/draft-ietf-sasl-crammd5-00.txt: deleted 1374 * doc/draft-ietf-cat-sasl-gssapi-05.txt: deleted 1375 * doc/draft-ietf-sasl-plain-02.txt: deleted 1376 * doc/draft-ietf-sasl-rfc2222bis-02.txt: deleted 1377 * doc/draft-ietf-sasl-saslprep-03.txt: deleted 1378 * doc/index.html, doc/Makefile.am: updated to latest version of 1379 SASL drafts 1380 1381 2003-12-01 Rob Siemborski <rjs3@andrew.cmu.edu> 1382 * Fix build nit in IRIX. 1383 * Actual 2.1.17 release. 1384 1385 2003-11-28 Rob Siemborski <rjs3@andrew.cmu.edu> 1386 * Ready for 2.1.17 1387 1388 2003-11-19 Rob Siemborski <rjs3@andrew.cmu.edu> 1389 * config/kerberos_v4.m4: Disable KERBEROS_V4 support by default 1390 1391 2003-11-14 Rob Siemborski <rjs3@andrew.cmu.edu> 1392 * lib/server.c: do authorization callback in sasl_checkpass() 1393 (Chris Newman <chris.newman@sun.com>) 1394 1395 2003-11-11 Ken Murchison <ken@oceana.com> 1396 * lib/client.c: allow serverFDQN to be NULL in sasl_client_new() 1397 * plugins/digestmd5.c, gssapi.c: require that we have serverFQDN 1398 for the client side of the plugin 1399 1400 2003-11-07 Rob Siemborski <rjs3@andrew.cmu.edu> 1401 * --with-gss_impl configure option 1402 (Alexey Melnikov <Alexey.Melnikov@isode.com>) 1403 1404 2003-11-06 Rob Siemborski <rjs3@andrew.cmu.edu> 1405 * nmake install support for Win32 1406 (Alexey Melnikov <Alexey.Melnikov@isode.com>) 1407 1408 2003-11-03 Ken Murchison <ken@oceana.com> 1409 * include/saslplug.h, lib/server.c, plugins/cram.c, 1410 plugins/digestmd5.c, plugins/ntlm.c, plugins/otp.c, 1411 plugins/srp.c: return SASL_TRANS to the application where 1412 appropriate (auto_transition enabled with writable auxprop) 1413 1414 2003-10-30 Rob Siemborski <rjs3@andrew.cmu.edu> 1415 * saslauthd/lak.c: OpenLDAP 2.0 Compatability Fix 1416 (Igor Brezac <igor@ypass.net>) 1417 * saslauthd/ipc_unix.c: Fix buglet of not using saved errno 1418 value (Jeremy Rumpf <jrumpf@heavyload.net>) 1419 1420 2003-10-20 Rob Siemborski <rjs3@andrew.cmu.edu> 1421 * Win64 warning squashing (Alexey Melnikov <Alexey.Melnikov@isode.com>) 1422 * GSSAPI cleanups and fixes (Alexey Melnikov <Alexey.Melnikov@isode.com>) 1423 1424 2003-10-14 Rob Siemborski <rjs3@andrew.cmu.edu> 1425 * Ready for 2.1.16-BETA 1426 1427 2003-10-08 Rob Siemborski <rjs3@andrew.cmu.edu> 1428 * Support for autoconf 2.57, automake 1.7 1429 * Minor m4 quoting fixes (Patrick Welche <prlw1@cam.ac.uk>) 1430 1431 2003-10-07 Ken Murchison <ken@oceana.com> 1432 * plugins/sql.c: removed sql_delete - don't DELETE rows from the 1433 table, just set the properties to NULL; 1434 fix a stupid logic error in my PgSQL changes 1435 * doc/options.html: removed sql_delete option; clarifications 1436 * doc/install.html: note that we require PostgreSQL v7.2+ 1437 1438 2003-10-06 Ken Murchison <ken@oceana.com> 1439 * plugins/sql.c: use the correct propctx in sql_auxprop_store() 1440 1441 2003-10-06 Maya Nigrosh <mnigrosh@andrew.cmu.edu> 1442 * plugins/sql.c: tiny bugfix to begin pgsql transactions 1443 1444 2003-10-04 Ken Murchison <ken@oceana.com> 1445 * plugins/sql.c: only do a txn when we have a property to fetch; 1446 _pgsql_open() cleanup/fixes; more intelligient sql_usessl parsing; 1447 require sql_select option 1448 * doc/options.html: reorganized SQL option descriptions 1449 1450 2003-10-03 Rob Siemborski <rjs3@andrew.cmu.edu> 1451 * sasldb/allockey.c, sasldb/sasldb.h, utils/sasldblistusers.c: 1452 Add enumeration capability to the sasldb API 1453 (Alexey Melnikov <Alexey.Melnikov@isode.com>) 1454 1455 2003-10-02 Ken Murchison <ken@oceana.com> 1456 * plugins/sql.c: changed abstraction layer for transactions 1457 1458 2003-10-01 Rob Siemborski <rjs3@andrew.cmu.edu> 1459 * doc/: Documentation Update 1460 (Alexey Melnikov <Alexey.Melnikov@isode.com>) 1461 * plugins/NTMakefile, plugins/srp.c: Win32 SRP Support 1462 (Alexey Melnikov <Alexey.Melnikov@isode.com>) 1463 1464 2003-09-30 Rob Siemborski <rjs3@andrew.cmu.edu> 1465 * plugins/digestmd5.c: Clean up some warnings 1466 * lib/canonusr.c, win32/include/config.h, win32/common.mak, 1467 include/saslplug.h: Minor Cleanup 1468 (Alexey Melnikov <Alexey.Melnikov@isode.com>) 1469 * utils/NTMakefile, utils/sasldblistusers.c, utils/saslpasswd.c: 1470 Add version options to command line utilities 1471 (Alexey Melnikov <Alexey.Melnikov@isode.com>) 1472 1473 2003-09-29 Ken Murchison <ken@oceana.com> 1474 * plugins/sql.c, doc/options.html: added sql_update and sql_delete 1475 for a complete auxprop_store() implementation; logic cleanup 1476 1477 2003-09-25 Rob Siemborski <rjs3@andrew.cmu.edu> 1478 * utils/saslpasswd.c: Win32 perror() related patch 1479 (Alexey Melnikov <Alexey.Melnikov@isode.com>) 1480 1481 2003-09-25 Ken Murchison <ken@oceana.com> 1482 * plugins/sql.c: renamed sql_statement to sql_select, 1483 cleanup and bugfixes 1484 1485 2003-09-23 Rob Siemborski <rjs3@andrew.cmu.edu> 1486 * doc/gssapi.html: Misc updates 1487 (Alexey Melnikov <Alexey.Melnikov@isode.com>) 1488 * lib/Makefile.am, plugins/Makefile.am, saslauthd/Makefile.am, 1489 sasldb/Makefile.am: Cleanup INCLUDES for different build 1490 directories. (Alexey Melnikov <Alexey.Melnikov@isode.com>) 1491 1492 2003-09-23 Maya Nigrosh <mnigrosh@andrew.cmu.edu> 1493 * plugins/sql.c: put transaction handling around the entirety of 1494 the queries, and not just per-property; return the result status 1495 of bad postgres tuples 1496 1497 2003-09-22 Maya Nigrosh <mnigrosh@andrew.cmu.edu> 1498 * plugins/sql.c: added semicolon at the end of each sql statement 1499 1500 2003-09-19 Maya Nigrosh <mnigrosh@andrew.cmu.edu> 1501 * plugins/sql.c: moved transaction handling to a more useful place, 1502 minor bugfixes 1503 1504 2003-09-18 Ken Murchison <ken@oceana.com> 1505 * lib/server.c: log a message when no password change is attempted 1506 (Alexey Melnikov <Alexey.Melnikov@isode.com>) 1507 1508 2003-09-17 Ken Murchison <ken@oceana.com> 1509 * plugins/sql.c: misc fixes from Patrick Welche <prlw1@newn.cam.ac.uk> 1510 1511 2003-09-16 Ken Murchison <ken@oceana.com> 1512 * doc/mechanisms.html: updated to latest versions of LOGIN and 1513 SRP drafts 1514 1515 2003-09-15 Ken Murchison <ken@oceana.com> 1516 * doc/draft-ietf-sasl-rfc2222bis-02.txt: added 1517 * doc/draft-ietf-sasl-rfc2222bis-01.txt: deleted 1518 * doc/index.html, doc/Makefile.am: updated to latest version of 1519 SASL draft 1520 1521 2003-09-14 Ken Murchison <ken@oceana.com> 1522 * plugins/ntlm.c, plugins/plugin_common.[ch]: Win32 support 1523 (Alexey Melnikov <Alexey.Melnikov@isode.com>) 1524 1525 2003-09-12 Rob Siemborski <rjs3@andrew.cmu.edu> 1526 * plugins/sql.c: Log errors on connect failures 1527 (based on patch from Bruce M Simpson <bms@spc.org>) 1528 * plugins/NTMakefile: Add support for GSSAPI=CyberSafe 1529 (Alexey Melnikov <Alexey.Melnikov@isode.com>) 1530 1531 2003-09-10 Maya Nigrosh <mnigrosh@andrew.cmu.edu> 1532 * plugins/sql.c: created generic sql store function, added 1533 transaction handling to sql statements 1534 * doc/options.html: put pretty new options in the documentation 1535 1536 2003-09-10 Rob Siemborski <rjs3@andrew.cmu.edu> 1537 * plugins/gssapi.c, win32/config.mak, sample/: Win32 Fixes 1538 (Alexey Melnikov <Alexey.Melnikov@isode.com>) 1539 1540 2003-09-09 Rob Siemborski <rjs3@andrew.cmu.edu> 1541 * lib/NTMakefile: Minor nit 1542 (Alexey Melnikov <Alexey.Melnikov@isode.com>) 1543 1544 2003-09-09 Ken Murchison <ken@oceana.com> 1545 * plugins/ntlm.c: use retry_read() instead of just read() 1546 * lib/checkpw.c, plugins/ntlm.c, saslauthd/utils.c: 1547 squash signed/unsigned warning 1548 1549 2003-09-08 Ken Murchison <ken@oceana.com> 1550 * plugins/ntlm.c: fix byte-alignment and password handling problems 1551 1552 2003-09-03 Rob Siemborski <rjs3@andrew.cmu.edu> 1553 * lib/checkpw.c: Check return value of door_call 1554 (Gary Mills <mills@cc.umanitoba.ca>) 1555 * saslauthd/ipc_doors.c: Implement thread limiting, 1556 minor cleanup and error checking 1557 (Gary Mills <mills@cc.umanitoba.ca>) 1558 * plugins/digestmd5.c: Fix minor interop issues, limit maxbuf 1559 (Alexey Melnikov <Alexey.Melnikov@isode.com>) 1560 1561 2003-09-02 Ken Murchison <ken@oceana.com> 1562 * plugins/ntlm.c, doc/options.html: added support for NTLMv2 responses; 1563 fixed potential buffer overflow 1564 1565 2003-09-02 Rob Siemborski <rjs3@andrew.cmu.edu> 1566 * lib/common.c, lib/server.c, lib/NTMakefile, include/md5.h: 1567 more windows compatibility 1568 (Alexey Melnikov <Alexey.Melnikov@isode.com>) 1569 * plugins/NTMakefile: Add ability to build NTLM plugin under 1570 Win32 (Alexey Melnikov <Alexey.Melnikov@isode.com>) 1571 * utils/NTMakefile: Add ability to build testsuite 1572 (Alexey Melnikov <Alexey.Melnikov@isode.com>) 1573 * saslauthd/lak.c: Minor error message fix 1574 (Igor Brezac <igor@ypass.net>) 1575 1576 2003-08-29 Ken Murchison <ken@oceana.com> 1577 * doc/draft-murchison-sasl-login-00.txt: added 1578 * doc/draft-sasl-login.txt: deleted 1579 * doc/index.html, doc/Makefile.am: updated to "official" LOGIN draft 1580 1581 2003-08-29 Rob Siemborski <rjs3@andrew.cmu.edu> 1582 * plugins/gssapi.c: properly compute GSSAPI MAXOUTBUF 1583 (Paul Turgyan <pturgyan@umich.edu>) 1584 * Further Win32 cleanup + HIER_DELIMITER usage 1585 (Alexey Melnikov <Alexey.Melnikov@isode.com>) 1586 1587 2003-08-28 Rob Siemborski <rjs3@andrew.cmu.edu> 1588 * include/md5.h, lib/md5.c: Misc cleanup 1589 (Alexey Melnikov <Alexey.Melnikov@isode.com>) 1590 * utils/sasldblistusers.c: UI Cleanup, Win32 support 1591 (Alexey Melnikov <Alexey.Melnikov@isode.com>) 1592 * acconfig.h: add HIER_DELIMITER 1593 1594 2003-08-27 Ken Murchison <ken@oceana.com> 1595 * plugins/digestmd5.c: handle OpenSSL 0.9.7+ w/o old DES support 1596 1597 2003-08-26 Ken Murchison <ken@oceana.com> 1598 * plugins/ntlm.c: only send one NT/LM response to server 1599 (NT preferred); don't use canonified authid when proxying 1600 1601 2003-08-24 Ken Murchison <ken@oceana.com> 1602 * plugins/ntlm.c, doc/options.html: allow NTLM authentication to 1603 be optionally proxied to an NT server (ntlm_server option) 1604 1605 2003-08-24 Ken Murchison <ken@oceana.com> 1606 * lib/common.c: added support for unsigned int types in _sasl_log() 1607 1608 2003-08-18 Rob Siemborski <rjs3@andrew.cmu.edu> 1609 * Improvements in Win32 build system from Alexey Melnikov 1610 <Alexey.Melnikov@isode.com> 1611 1612 2003-08-14 Rob Siemborski <rjs3@andrew.cmu.edu> 1613 * doc/*: Massive documentation updates. 1614 1615 2003-08-13 Ken Murchison <ken@oceana.com> 1616 * doc/index.html: added reference to a CIFS (SMB/NTLM) document 1617 1618 2003-08-12 Ken Murchison <ken@oceana.com> 1619 * doc/index.html: added reference to a good NTLM document 1620 1621 2003-07-29 Ken Murchison <ken@oceana.com> 1622 * plugins/cram.c: don't truncate long secrets to 64 bytes on the 1623 client-side of CRAM-MD5 (jiang_xiong@yahoo.com) 1624 1625 2003-07-28 Rob Siemborski <rjs3@andrew.cmu.edu> 1626 * plugins/gssapi.c: another missed pointer init 1627 (Will Fiveash <william.fiveash@sun.com>) 1628 1629 2003-07-26 Rob Siemborski <rjs3@andrew.cmu.edu> 1630 * lib/server.c: Missed pointer initialization fix 1631 ("Dave Cridland [Home]" <dave@cridland.net>) 1632 1633 2003-07-26 Ken Murchison <ken@oceana.com> 1634 * plugins/digestmd5.c: merged privacy and integrity security layer 1635 code and removed use of tmp buffers for security layer 1636 1637 2003-07-25 Ken Murchison <ken@oceana.com> 1638 * plugins/srp.c: removed use of tmp buffer for security layer; 1639 don't make a big buffer out of iovecs when encoding 1640 * lib/server.c, plugins/login.c, plugins/plain.c: better handling 1641 of auto_transition -- doesn't try to transition from auxprop to 1642 auxprop 1643 1644 2003-07-25 Rob Siemborski <rjs3@andrew.cmu.edu> 1645 * configure.in: Fix up some mysql/pgsql detection 1646 * plugins/gssapi.c: improved error reporting 1647 (William Fiveash <William.Fiveash@sun.com>) 1648 * cmulocal/sasl2.m4, saslauthd/mechanisms.h: Improved 1649 GSSAPI detection (don't default to MIT, require HAVE_KRB5_H 1650 for the kerberos5 saslauthd module) 1651 (Rainer Orth <ro@TechFak.Uni-Bielefeld.DE>) 1652 1653 2003-07-24 Ken Murchison <ken@oceana.com> 1654 * plugins/srp.c: updated security layer code to be closer to draft -08 1655 1656 2003-07-23 Rob Siemborksi <rjs3@andrew.cmu.edu> 1657 * saslauthd/utils.[ch], saslauthd/configure.in: Detect/replace 1658 strlcpy and strlcat (based on ideas from 1659 Igor Brezac <igor@ipass.net>) 1660 1661 2003-07-22 Ken Murchison <ken@oceana.com> 1662 * plugins/digestmd5.c, plugins/gssapi.c, plugins/kerberos4.c, 1663 plugins/plugin_common.[ch]: moved encoded packet buffering into 1664 _plug_decode() 1665 1666 2003-07-21 Ken Murchison <ken@oceana.com> 1667 * plugins/srp.c: updated auth code to draft -08 (layers still need 1668 to be updated) 1669 * configure.in, plugins/srp.c: use auxprop_store() instead of 1670 direct sasldb access 1671 1672 2003-07-21 Rob Siemborski <rjs3@andrew.cmu.edu> 1673 * configure.in: add runpath information for MySQL and Postgres; 1674 better behavior for the interaction of --enable-sql and 1675 --with-mysql / --with-pgsql 1676 * saslauthd/lak.[ch]: %d to be derived from %u if it can be, 1677 otherwise use %r (to account for the recent change in the 1678 core library). Add ldap_default_realm parameter 1679 (Igor Brezac <igor@ipass.net>) 1680 1681 2003-07-18 Rob Siemborski <rjs3@andrew.cmu.edu> 1682 * plugins/digestmd5.c: Client side of digest md5 doesn't 1683 have quotes around its cypher= directive (Bug 2113). 1684 * saslauthd/lak.[ch]: support for ldap sasl binds, 1685 support for tls (Igor Brezac <igor@ipass.net>) 1686 1687 2003-07-17 Ken Murchison <ken@oceana.com> 1688 * include/sasl.h, include/saslplug.h, 1689 * lib/auxprop.c, lib/common.c, lib/server.c, plugins/sasldb.c: 1690 implemented writable auxprops 1691 * configure.in, plugins/otp.c, utils/saslpasswd: use 1692 auxprop_store() instead of direct sasldb access 1693 * doc/options.html, lib/server.c: implemented 'noplain' option for 1694 auto_transition 1695 1696 2003-07-17 Rob Siemborski <rjs3@andrew.cmu.edu> 1697 * lib/config.c: Remove sasl_config_getint and sasl_config_getswitch 1698 because they are unused and confusing 1699 * lib/checkpw.c: Correctly split realm from username in 1700 saslauthd_verify_password 1701 1702 2003-07-15 Ken Murchison <ken@oceana.com> 1703 * plugins/sql.c, doc/options.html: added sql_usessl option 1704 1705 2003-07-15 Ken Murchison <ken@oceana.com> 1706 * plugins/mysql.c: deleted 1707 * plugins/sql.c: added 1708 * acconfig.h, configure.in, 1709 doc/components.html, doc/options.html, doc/sysadmin.html, 1710 plugins/Makefile.am, plugins/makeinit.sh: deprecated MySQL plugin 1711 in favor of a new generic SQL plugin (currently supports MySQL and 1712 PostgreSQL) 1713 1714 2003-07-15 Rob Siemborski <rjs3@andrew.cmu.edu> 1715 * Ready for 2.1.15 1716 1717 2003-07-03 Rob Siemborski <rjs3@andrew.cmu.edu> 1718 * doc/components.html: added in the hopes that this gives a better 1719 description of how all the components interact 1720 1721 2003-07-02 Ken Murchison <ken@oceana.com> 1722 * doc/draft-ietf-sasl-anon-02.txt: added 1723 * doc/draft-ietf-sasl-plain-02.txt: added 1724 * doc/draft-ietf-sasl-saslprep-03.txt: added 1725 * doc/draft-ietf-sasl-anon-01.txt: deleted 1726 * doc/draft-ietf-sasl-plain-01.txt: deleted 1727 * doc/index.html, doc/Makefile.am: updated to latest versions of 1728 PLAIN, ANONYMOUS, SASLprep drafts 1729 1730 2003-07-02 Rob Siemborski <rjs3@andrew.cmu.edu> 1731 * acconfig.h, cmulocal/sasl2.m4, plugins/gssapi.c: 1732 Properly detect HAVE_GSS_C_NT_USER_NAME 1733 (Rainer Orth <ro@TechFak.Uni-Bielefeld.DE>) 1734 1735 2003-07-01 Rob Siemborski <rjs3@andrew.cmu.edu> 1736 * plugins/kerberos4.c: Fix some maxoutbuf handling issues 1737 1738 2003-07-01 Rob Siemborski <rjs3@andrew.cmu.edu> 1739 * plugins/mysql.c: Check return value of mysql_init 1740 (Ivan Kelly <ivan@ivankelly.net>) 1741 1742 2003-07-01 Ken Murchison <ken@oceana.com> 1743 * doc/draft-burdis-cat-srp-sasl-08.txt: added 1744 * doc/draft-ietf-sasl-rfc2222bis-01.txt: added 1745 * doc/draft-ietf-sasl-rfc2831bis-02.txt: added 1746 * doc/draft-burdis-cat-srp-sasl-06.txt: deleted 1747 * doc/draft-ietf-sasl-rfc2222bis-00.txt: deleted 1748 * doc/draft-ietf-sasl-rfc2831bis-01.txt: deleted 1749 * doc/index.html, doc/Makefile.am: updated to latest versions of 1750 SASL, SRP, DIGEST-MD5 drafts 1751 1752 2003-06-30 Rob Siemborski <rjs3@andrew.cmu.edu> 1753 * plugins/mysql.c: Call mysql_init() too 1754 (Hajimu UMEMOTO <ume@mahoroba.org>) 1755 1756 2003-06-28 Rob Siemborski <rjs3@andrew.cmu.edu> 1757 * doc/sysadmin.html: Add more text about how to use realms. 1758 1759 2003-06-27 Rob Siemborski <rjs3@andrew.cmu.edu> 1760 * Ready for 2.1.14 1761 1762 2003-06-11 Rolf Braun <rbraun@andrew.cmu.edu> 1763 * config/kerberos_v4.m4: 1764 fix fallback to -lkrb4 when --enable-krb4 is specified 1765 * config/ltconfig: 1766 * config/ltmain.sh: 1767 make the darwin libtool work on OS X v10.2 1768 (bash/zsh shell syntax, and don't link bundles with extra args) 1769 * dlcompat-20010505/dlopen.c: back out bogus delimiter change 1770 * doc/macosx.html: update for 10.2 and add known problems section 1771 * mac/osx_cfm_glue/cfmglue.c: fix sasl_done followed by client_init 1772 1773 2003-06-11 Rob Siemborski <rjs3@andrew.cmu.edu> 1774 * man/sasl_client_new.3, man/sasl_server_new.3: 1775 Security flags don't belong here, connection flags do. 1776 1777 2003-06-10 Ken Murchison <ken@oceana.com> 1778 * doc/draft-ietf-sasl-crammd5-00.txt: added 1779 * doc/draft-nerenberg-sasl-crammd5-03.txt: deleted 1780 * doc/index.html, doc/Makefile.am: updated to WG version of 1781 CRAM-MD5 draft 1782 1783 2003-05-30 Rob Siemborski <rjs3@andrew.cmu.edu> 1784 * plugins/gssapi.c: If we get an empty output token back 1785 from gss_accept_sec_context, return 1786 an empty string to transmit to the client. 1787 1788 2003-05-30 Ken Murchison <ken@oceana.com> 1789 * doc/draft-ietf-sasl-rfc2831bis-01.txt: added 1790 * doc/draft-ietf-sasl-rfc2831bis-00.txt: deleted 1791 * doc/index.html, doc/Makefile.am: updated to latest version of 1792 DIGEST-MD5 draft 1793 1794 2003-05-28 Ken Murchison <ken@oceana.com> 1795 * doc/draft-ietf-sasl-anon-01.txt: added 1796 * doc/draft-ietf-sasl-plain-01.txt: added 1797 * doc/draft-ietf-sasl-rfc2222bis-00.txt: added 1798 * doc/draft-ietf-sasl-anon-00.txt: deleted 1799 * doc/draft-ietf-sasl-plain-00.txt: deleted 1800 * doc/draft-myers-saslrev-02.txt: deleted 1801 * doc/index.html, doc/Makefile.am: updated to latest versions of 1802 SASL, PLAIN, ANONYMOUS drafts 1803 1804 2003-05-21 Rob Siemborski <rjs3@andrew.cmu.edu> 1805 * saslauthd/ipc_unix.c: Accept File Descriptor Locking 1806 Fixes (found by Leena Heino <Leena.Heino@uta.fi>) 1807 * saslauthd/cache.c: Similar fixes 1808 (Jeremy Rumpf <jrumpf@heavyload.net>) 1809 1810 2003-05-15 Rob Siemborski <rjs3@andrew.cmu.edu> 1811 * configure.in: Actually listen to --disable-java 1812 (Maciej W. Rozycki <macro@ds2.pg.gda.pl>) 1813 * saslauthd/saslauthd-main.h: Increase listen backlog to 1814 match Cyrus master process (Igor Brezac <igor@ipass.net>) 1815 1816 2003-05-14 Rob Siemborski <rjs3@andrew.cmu.edu> 1817 * config/kerberos_v4.m4: Minor nit 1818 (Carlos Velasco <carlosev@newipnet.com>) 1819 * plugins/gssapi.c: Use GSS_C_NT_USER_NAME 1820 to work around Solaris 8/9 libgss bug. 1821 (gssapi_client_mech_step): Pass GSS_C_NO_BUFFER to first 1822 invocation of gss_init_sec_context to work around Solaris 8/9 1823 mech_krb5 bug. (Rainer Orth <ro@TechFak.Uni-Bielefeld.DE>) 1824 * cmulocal/sasl2.m4: Check for Sun SEAM GSS-API implementation 1825 (Rainer Orth <ro@TechFak.Uni-Bielefeld.DE>) 1826 * saslauthd/configure.in: Check for krb5.h. Don't define if GSSAPI 1827 is present. (Rainer Orth <ro@TechFak.Uni-Bielefeld.DE>) 1828 * saslauthd/mechanisms.h: Test for HAVE_KRB5_H instead of HAVE_GSSAPI_H 1829 to activate AUTH_KRB5. (Rainer Orth <ro@TechFak.Uni-Bielefeld.DE>) 1830 * plugins/mysql.c: Use mysql_real_connect() instead of mysql_connect() 1831 (Petri Riihikallio <Petri.Riihikallio@Metis.fi>) 1832 * saslauthd/: Misc ANSI C cleanups (Jeremy Rumpf <jrumpf@heavyload.net>) 1833 1834 2003-05-13 Rob Siemborski <rjs3@andrew.cmu.edu> 1835 * config/sasldb.m4, utils/Makefile.am: fix installation of man 1836 pages that are homed in the utils/ directory 1837 * include/*.h: Add extern "C" blocks for C++ compiles 1838 1839 2003-05-06 Rob Siemborski <rjs3@andrew.cmu.edu> 1840 * saslauthd/saslauthd-main.c: misc spelling and UI cleanups 1841 1842 2003-04-16 Rob Siemborski <rjs3@andrew.cmu.edu> 1843 * saslauthd/saslauthd-main.c: Don't set the auth mech until 1844 all options have been processed. (Peter Stamfest <peter@stamfest.at>) 1845 * lib/client.c, lib/common.c, lib/saslint.h, lib/server.c: Do 1846 reference counting of the number of times sasl has been inited/doned. 1847 1848 2003-04-15 Rob Siemborski <rjs3@andrew.cmu.edu> 1849 * config/ltmain.sh: fix some portability problems in the use of expr 1850 (Oliver Eikemeier <eikemeier@fillmore-labs.com>) 1851 1852 2003-04-14 Rob Siemborski <rjs3@andrew.cmu.edu> 1853 * Ready for 2.1.13 1854 1855 2003-04-08 Rob Siemborski <rjs3@andrew.cmu.edu> 1856 * lib/external.c, lib/server.c: use mech_avail to disable 1857 EXTERNAL instead of special casing it (Chris Newman 1858 <Chris.Newman@Sun.COM>) 1859 1860 2003-03-31 Rob Siemborski <rjs3@andrew.cmu.edu> 1861 * saslauthd/ipc_unix.c, saslauthd/saslauthd-main.c, 1862 saslauthd/saslauthd-main.h: use the pidfile locking from 1863 the Cyrus IMAPd master process (implemented for saslauthd by 1864 Igor Brezac <igor@ipass.net>) 1865 * configure.in, acconfig.h: Add configure option to set what 1866 we use for /dev/random 1867 1868 2003-03-28 Rob Siemborski <rjs3@andrew.cmu.edu> 1869 * saslauthd/: Unify the source files so that the IPC methods 1870 are broken out into a separate API. Cacheing of authentication 1871 credentials is also available as a command-line option. 1872 Other changes include: Remove Time of Day Flag, omit 1873 SO_REUSEADDR on AF_UNIX sockets, make using the accept-socket 1874 locking runtime configurable, and misc other cleanup. 1875 (Jeremy Rumpf <jrumpf@heavyload.net>) 1876 1877 2003-03-26 Rob Siemborski <rjs3@andrew.cmu.edu> 1878 * plugins/plain.c: Defend against memory leak on canon_user 1879 failure (Chris Newman <chris.newman@sun.com>) 1880 1881 2003-03-19 Rob Siemborski <rjs3@andrew.cmu.edu> 1882 * lib/auxprop.c, lib/checkpw.c, lib/common.c, lib/saslutil.c, 1883 lib/server.c: Assorted minor fixes from Sun Microsystems 1884 (provided by Chris Newman <chris.newman@sun.com>) 1885 1886 2003-03-13 Rob Siemborski <rjs3@andrew.cmu.edu> 1887 * saslauthd/lak.c: Fix a memset length. (Igor Brezac <igor@ipass.net>) 1888 1889 2003-03-06 Rob Siemborski <rjs3@andrew.cmu.edu> 1890 * plugins/digestmd5.c: fix parity of digest-uri test 1891 * lib/client.c, common.c, saslint.h, server.c: Pass global 1892 callbacks to global utils structure 1893 (Howard Chu <hyc@highlandsun.com>) 1894 * saslauthd/auth_krb5.c: Fix memory/file descriptor leak 1895 in krb5 authentication (Jonathen Chen <jon@spock.org>) 1896 * saslauthd/lak.c, lak.h, LDAP_SASLAUTHD: Remove ldap_cache 1897 code, and rename MAX() to LAK_MAX() 1898 1899 2003-02-20 Ken Murchison <ken@oceana.com> 1900 * doc/draft-ietf-sasl-rfc2831bis-00.txt: added 1901 * doc/draft-melnikov-rfc2831bis-02.txt: deleted 1902 * doc/draft-newman-sasl-c-api-01.txt: added 1903 * doc/draft-newman-sasl-c-api-00.txt: deleted 1904 * doc/index.html: updated to WG version of DIGEST-MD5 draft, 1905 updated to latest C API draft 1906 * doc/Makefile.am: updated to WG version of DIGEST-MD5 draft, 1907 updated to latest C API draft 1908 1909 2003-02-12 Lawrence Greenfield <leg+@andrew.cmu.edu> 1910 * plugins/digestmd5.c: verify the service component of digest-uri 1911 1912 2003-02-11 Ken Murchison <ken@oceana.com> 1913 * doc/draft-ietf-sasl-anon-00.txt: added 1914 * doc/draft-ietf-sasl-plain-00.txt: added 1915 * doc/draft-zeilenga-sasl-anon-01.txt: deleted 1916 * doc/draft-zeilenga-sasl-plain-01.txt: deleted 1917 * doc/index.html: updated to WG versions of ANONYMOUS, PLAIN drafts 1918 1919 2003-02-03 Rob Siemborski <rjs3@andrew.cmu.edu> 1920 * cmulocal/sasl2.m4: Don't use -ldes to check for Heimdal 1921 * saslauthd/auth_krb4.c, saslauthd/auth_shadow.c, 1922 saslauthd/auth_getpwent.c, lib/kerberos4.c: 1923 Smarter checking of #includs for des.h 1924 (Mark Keasling <mark@air.co.jp>) 1925 * saslauthd/testsaslauthd.c, saslauthd/saslauthd-doors.c: 1926 retry_read() should use a char * buffer not a void * 1927 buffer (Mark Keasling <mark@air.co.jp>) 1928 * cmulocal/berkdb.m4: Set CPPFLAGS around tests 1929 (based on patch from Leena Heino <Leena.Heino@uta.fi>) 1930 * config/sasldb.m4: Actually use results of Berkeley DB tests 1931 (Leena Heino <Leena.Heino@uta.fi>) 1932 * Ready for 2.1.12 1933 1934 2003-01-31 Rob Siemborski <rjs3@andrew.cmu.edu> 1935 * Ready for 2.1.11 1936 * utils/Makefile.am: Ensure that dbconverter-2 can see the sasldb 1937 include directory. 1938 1939 2003-01-29 Rob Siemborski <rjs3@andrew.cmu.edu> 1940 * plugins/digestmd5.c: Fix a situation where the realm wasn't 1941 being set for the client context, causing a segfault 1942 * config/kerberos_v4.m4: first check des_* then check DES_* 1943 during OpenSSL tests (based on ideas from 1944 Leena Heino <Leena.Heino@uta.fi>) 1945 1946 2003-01-28 Rob Siemborski <rjs3@andrew.cmu.edu> 1947 * config/sasldb.m4: Don't build sasldb plugin if compiling 1948 --with-dblib=none, since it will only fail to load anyway. 1949 1950 2003-01-27 Rob Siemborski <rjs3@andrew.cmu.edu> 1951 * saslauthd/configure.in: use CMU_ADD_LIBPATH for LDAP support 1952 (Simon Brady <simon.brady@otago.ac.nz>) 1953 1954 2003-01-23 Rob Siemborski <rjs3@andrew.cmu.edu> 1955 * saslauthd/acconfig.h: protect file from being included more than 1956 once (reported by Jeremy Rumpf <jrumpf@heavyload.net>) 1957 * saslauthd/configure.in, configure.in: Move OpenSSL detection into 1958 cmulocal, detect openssl for use with lak.c 1959 1960 2003-01-21 Ken Murchison <ken@oceana.com> 1961 * plugins/ntlm.c: only _require_ one response (LM and/or NT), not both 1962 1963 2003-01-09 Rob Siemborski <rjs3@andrew.cmu.edu> 1964 * saslauthd/lak.c, saslauthd/lak.h: Add the fastbind auth method 1965 (Simon Brady <simon.brady@otago.ac.nz>) 1966 1967 2003-01-01 Ken Murchison <ken@oceana.com> 1968 * saslauthd/configure.in, saslauthd/Makefile.am: don't make 1969 -lcrypt dependent upon --enable-plain 1970 1971 2002-12-11 Ken Murchison <ken@oceana.com> 1972 * plugins/otp.c: set SASL_FEAT_ALLOWS_PROXY on client side 1973 1974 2002-12-10 Ken Murchison <ken@oceana.com> 1975 * plugins/otp.c: explicitly #include <openssl/md5.h> to resolve 1976 OpenBSD/OpenSSL cruftiness 1977 1978 2002-12-10 Rob Siemborksi <rjs3@andrew.cmu.edu> 1979 * saslauthd/saslauthd-doors.c: Fix a potential memory leak when 1980 we call door_return() 1981 1982 2002-12-09 Rob Siemborski <rjs3@andrew.cmu.edu> 1983 * lib/auxprop.c: Correct leak in prop_clear, also update list_end 1984 in prop_request. 1985 * doc/options.html: Update use of saslauthd_path to be correct 1986 1987 2002-12-06 Rob Siemborski <rjs3@andrew.cmu.edu> 1988 * Ready for 2.1.10 1989 1990 2002-12-05 Larry Greenfield <leg@andrew.cmu.edu> 1991 * plugins/digestmd5.c: DES key fixes. stupid DES libraries want 1992 the key in the stupid DES parity format. 1993 * plugins/digestmd5.c: refactored some of the cipher code so that 1994 there isn't RC4 state around when we're using DES and vice versa 1995 1996 2002-12-05 Rob Siemborski <rjs3@andrew.cmu.edu> 1997 * saslauthd/lak.c: Allocate a large enough buffer to account for 1998 a completely escaped username. (lak_escape and lak_filter) 1999 * lib/common.c: Ensure there is enough space for the trailing \0 2000 in _sasl_log 2001 2002 2002-12-04 Rob Siemborski <rjs3@andrew.cmu.edu> 2003 * lib/canonusr.c: Check for potential buffer overflow 2004 2005 2002-12-03 Ken Murchison <ken@oceana.com> 2006 * plugins/digestmd5.c: major fast reauth rewrite, mech_step cleanup 2007 * doc/options.html: server-side reauth is disabled by default 2008 2009 2002-11-24 Ken Murchison <ken@oceana.com> 2010 * plugins/login.c: allow authid to be passed in initial response 2011 * doc/draft-sasl-login.txt, doc/mechanisms.html: 2012 documentation updates re: initial response 2013 2014 2002-11-07 Ken Murchison <ken@oceana.com> 2015 * doc/draft-nerenberg-sasl-crammd5-03.txt: added 2016 * doc/draft-nerenberg-sasl-crammd5-02.txt: deleted 2017 * doc/draft-zeilenga-sasl-anon-01.txt: added 2018 * doc/draft-zeilenga-sasl-anon-00.txt: deleted 2019 * doc/draft-zeilenga-sasl-plain-01.txt: added 2020 * doc/draft-zeilenga-sasl-plain-00.txt: deleted 2021 * doc/index.html: updated to latest CRAM-MD5, ANONYMOUS, PLAIN drafts 2022 2023 2002-11-01 Rob Siemborski <rjs3@andrew.cmu.edu> 2024 * plugins/kerberos4.c: Make at most 1 canon_user call, not two. 2025 (Howard Chu <hyc@highlandsun.com>) 2026 2027 2002-10-25 Rob Siemborski <rjs3@andrew.cmu.edu> 2028 * saslauthd/lak.c: minor cleanups 2029 2030 2002-10-24 Rob Siemborski <rjs3@andrew.cmu.edu> 2031 * saslauthd/lak.c: fix problem where saslauthd stops LDAP 2032 authentications when ldap_auth_method is bind. 2033 (Igor Brezac <igor@ypass.net>) 2034 * doc/sysadmin.html, doc/options.html, saslauthd/saslauthd.mdoc: 2035 documentation updates re: saslauthd mux path 2036 2037 2002-10-23 Ken Murchison <ken@oceana.com> 2038 * lib/external.c: added SASL_SEC_NOANONYMOUS to client side 2039 (Howard Chu, <hyc@highlandsun.com>) 2040 2041 2002-10-21 Ken Murchison <ken@oceana.com> 2042 * plugins/ntlm.c: NTLM probably doesn't offer perfect forward secrecy 2043 * doc/mechanisms: added table of properties/features 2044 2045 2002-10-20 Ken Murchison <ken@oceana.com> 2046 * saslauthd/lak.ch: consolidated hashed password checking code 2047 2048 2002-10-18 Rob Siemborski <rjs3@andrew.cmu.edu> 2049 * saslauthd/lak.[ch], saslauthd/auth_ldap.c: 2050 Code cleanup, now support {SHA}, {SSHA}, {MD5}, and {SMD5} hashes, 2051 misc other cleanup. (Igor Brezac <igor@ypass.net> and 2052 Thomas Lussnig <thomas.lussnig@bewegungsmelder.de>) 2053 2054 2002-10-17 Ken Murchison <ken@oceana.com> 2055 * doc/draft-melnikov-rfc2831bis-02.txt: added 2056 * doc/draft-melnikov-rfc2831bis-01.txt: deleted 2057 * doc/index.html: updated to latest RFC 2831bis draft 2058 2059 2002-10-11 Rob Siemborski <rjs3@andrew.cmu.edu> 2060 * lib/Makefile.am: add missing staticopen.h to EXTRA_DIST, 2061 fix some dependencies 2062 * Ready for 2.1.9 2063 2064 2002-10-10 Rob Siemborski <rjs3@andrew.cmu.edu> 2065 * Ready for 2.1.8 2066 2067 2002-10-09 Rob Siemborski <rjs3@andrew.cmu.edu> 2068 * lib/client.c: Allow plaintext mechanisms under an external security 2069 layer. 2070 2071 2002-10-07 Rob Siemborski <rjs3@andrew.cmu.edu> 2072 * sample/server.c: Fix some IPV6 defines 2073 (Marshall Rose <mrose@dbc.mtview.ca.us>) 2074 2075 2002-10-02 Ken Murchison <ken@oceana.com> 2076 * lib/checkpw.c: return SASL_NOUSER when we can't find APOP secret 2077 * lib/server.c: plug APOP memory leak and consolidate canonification 2078 * configure.in: force the use of a cache file 2079 (Carlos Velasco <carlosev@newipnet.com>) 2080 2081 2002-10-02 Rob Siemborski <rjs3@andrew.cmu.edu> 2082 * lib/checkpw.c: Fix some misuses of sasl_seterror 2083 (Martin Exler <m.exler@gmx.at>) 2084 2085 2002-09-24 Rob Siemborski <rjs3@andrew.cmu.edu> 2086 * config/sasl2.m4, saslauthd/Makefile.am: GSSAPI doesn't need 2087 to link ndbm. Also cleanup some sasldb linking in saslauthd. 2088 2089 2002-09-23 Rob Siemborski <rjs3@andrew.cmu.edu> 2090 * config/kerberos_v4.m4: Don't compile with kerberos unless we 2091 have both the libs and the headers (Carlos Velasco 2092 <carlosv@newipnet.com>) 2093 2094 2002-09-19 Rob Siemborski <rjs3@andrew.cmu.edu> 2095 * plugins/gssapi.c: endinaness corrections 2096 * sasldb/db_berkeley.c, utils/dbconverter-2.c: Berkley DB 4.1 2097 support (Mika Iisakkila <mika.iisakkila@pingrid.fi>) 2098 2099 2002-09-19 Ken Murchison <ken@oceana.com> 2100 * plugins/plugin_common.[ch]: make SASL_CB_USER and result optional 2101 * plugins/anonymous.c: use SASL_CB_USER for fetching trace info, 2102 don't require SASL_CB_AUTHNAME 2103 * plugins/gssapi.c, plugins/kerberos.c: don't require SASL_CB_USER 2104 * lib/external.c: define SASL_FEAT_ALLOWS_PROXY for this mechanism, 2105 don't require SASL_CB_USER 2106 2107 2002-09-18 Rob Siemborski <rjs3@andrew.cmu.edu> 2108 * plugins/srp.c, plugins/kerberos4.c: correct maxoutbuf handling 2109 * plugins/digestmd5.c: correct maxoutbuf handling, actually 2110 send maxbuf to the remote. 2111 * lib/common.c: sanity check security properties 2112 2113 2002-09-17 Ken Murchison <ken@oceana.com> 2114 * plugins/ntlm.c: home-grown client/server NTLM implementation 2115 * configure.in: NTLM depends on OpenSSL libcrypto 2116 * doc/sysadmin.html: added NTLM blurb 2117 2118 2002-09-16 Rob Siemborski <rjs3@andrew.cmu.edu> 2119 * lib/canonusr.c: don't index begin_u with -1 2120 (Randy Kunkee <randy@randallkunkee.com>) 2121 * doc/sysadmin.html: cleanup 2122 * utils/saslpasswd.c: don't exit with -SASL_FAIL 2123 * saslauthd/saslauthd-unix.c: use a char* instead of a void* in 2124 retry_read 2125 2126 2002-09-12 Ken Murchison <ken@oceana.com> 2127 * lib/common.c: NULL outbuf if we get no output from sasl_decode() 2128 2129 2002-09-11 Rob Siemborski <rjs3@andrew.cmu.edu> 2130 * plugins/mysql.c: Actually loop through the potential servers 2131 properly (Seow Kok Heng <kokheng@jhs.com.sg>) 2132 * acinclude.m4: Added copy of the correct libtool macros as 2133 acinclude.m4 2134 * configure.in: fix for gcc 3.x 2135 (Carlos Velasco <carlosev@newipnet.com>) 2136 2137 2002-09-10 Rob Siemborski <rjs3@andrew.cmu.edu> 2138 * lib/server.c: Better handling of add_plugin failures 2139 2140 2002-09-10 Ken Murchison <ken@oceana.com> 2141 * acconfig.h, configure.in: enable/disable NTLM 2142 * lib/staticopen.h, plugins/Makefile.am, makeinit.sh, ntlm.c: 2143 added NTLM support (client-side only) 2144 2145 2002-09-07 Rob Siemborski <rjs3@andrew.cmu.edu> 2146 * saslauthd/configure.in, saslauthd/Makefile.am: don't 2147 do configure substitutions for the saslauthd_SOURCES variable 2148 (Carlos Velasco <carlosev@newipnet.com>) 2149 2150 2002-09-05 Rob Siemborski <rjs3@andrew.cmu.edu> 2151 * doc/os390.html: added 2152 * doc/index.html: referenced os390.html and macosx.html 2153 * lib/Makefile.am: better handling of plugin_common 2154 2155 2002-09-04 Rob Siemborski <rjs3@andrew.cmu.edu> 2156 * (throughout) Extensive cleanup of how we build static and 2157 shared versions of libsasl. Also some more portability 2158 fixes (Howard Chu <hyc@highlandsun.com>) 2159 2160 2002-09-04 Rob Siemborski <rjs3@andrew.cmu.edu> 2161 * acconfig.h, configure.in: Actually check for sysexits.h, 2162 varargs.h, and stdarg.h 2163 * lib/checkpw.c: compatibility patch for retry_read 2164 (Howard Chu <hyc@highlandsun.com>) 2165 2166 2002-09-03 Rob Siemborski <rjs3@andrew.cmu.edu> 2167 * (throughout) fix handling of sys/param.h 2168 * (throughout) fix handling of time.h and sys/time.h 2169 * include/exits.h: include a replacement for sysexits.h 2170 * acconfig.h: define MAXHOSTNAMELEN if it isn't 2171 * lib/getaddrinfo.c, config/ipv6.m4: minor fixes for partial 2172 getaddrinfo/getnameinfo implementations 2173 * (Above changes are all from or based on ideas from 2174 Howard Chu <hyc@highlandsun.com>) 2175 2176 2002-08-28 Rob Siemborski <rjs3@andrew.cmu.edu> 2177 * lib/client.c, lib/saslint.h: Properly handle client-side 2178 serverFQDN and clientFQDN 2179 2180 2002-08-19 Rob Siemborski <rjs3@andrew.cmu.edu> 2181 * lib/dlopen.c: use correct paths when a .la file is not present 2182 (Justin Gibbs <gibbs@scsiguy.com>) 2183 2184 2002-08-13 Rob Siemborski <rjs3@andrew.cmu.edu> 2185 * doc/sysadmin.html: fix some /usr/lib/sasl references to 2186 /usr/lib/sasl2 (Andrew Jones <arjones@simultan.dyndns.org>) 2187 2188 2002-08-09 Rob Siemborski <rjs3@andrew.cmu.edu> 2189 * saslauthd/Makefile.am: fix small parts of the saslauthd.8 build 2190 process. 2191 * Ready for 2.1.7 2192 2193 2002-08-06 Ken Murchison <ken@oceana.com> 2194 * plugins/digestmd5.c: disable/remove server-side fast reauth 2195 2196 2002-08-02 Rob Siemborski <rjs3@andrew.cmu.edu> 2197 * include/sasl.h, lib/common.c: Add SASL_AUTHUSER as a parameter 2198 to sasl_getprop 2199 2200 2002-08-01 Rob Siemborski <rjs3@andrew.cmu.edu> 2201 * saslauthd/lak.c: allow use of more than one %u or %r in the filter 2202 (Laurent Larqu│re <llarquere@aacom.fr>) 2203 2204 2002-07-30 Rob Siemborski <rjs3@andrew.cmu.edu> 2205 * lib/client.c, lib/server.c: Add checks for SASL_NEED_PROXY and 2206 SASL_FEAT_ALLOWS_PROXY 2207 * include/sasl.h, include/saslplug.h: Add SASL_NEED_PROXY and 2208 SASL_FEAT_ALLOWS_PROXY 2209 * plugins/digestmd5.c, plugins/gssapi.c, plugins/kerberos4.c, 2210 plugins/otp.c, plugins/plain.c, plugins/srp.c: define 2211 SASL_FEAT_ALLOWS_PROXY for these mechanisms 2212 2213 2002-07-27 Rob Siemborski <rjs3@andrew.cmu.edu> 2214 * saslauthd/auth_sasldb.c: Include mechanisms.h in a reasonable place. 2215 2216 2002-07-24 Rob Siemborski <rjs3@andrew.cmu.edu> 2217 * saslauthd/Makefile.am: Fix DEFS to still supply -I. and -I.. 2218 * configure.in: Make --with-ldap show up in top level configure script, 2219 make saslauthd compile by default 2220 * lib/saslutil.c: use read() and not fread() on /dev/random to preserve 2221 entropy 2222 * doc/sysadmin.html: Add note about using /dev/urandom 2223 2224 2002-07-19 Rob Siemborski <rjs3@andrew.cmu.edu> 2225 * doc/sysadmin.html, doc/readme.html, doc/upgrading.html: 2226 Misc. documentation cleanup (Joe Rhett <jrhett@isite.net>) 2227 2228 2002-07-17 Ken Murchison <ken@oceana.com> 2229 * lib/canonusr.c: update length of user string to length of output 2230 from callback 2231 2232 2002-07-16 Rob Siemborski <rjs3+@andrew.cmu.edu> 2233 * plugins/cram.c: Fix a security problem in the verification of 2234 the digest string. (Andrew Jones <arjones@simultan.dyndns.org>) 2235 * Ready for 2.1.6 2236 2237 2002-07-06 Rob Siemborski <rjs3@andrew.cmu.edu> 2238 * plugins/mysql.c: Further memory management cleanup. (never 2239 strdup the options, and therefore don't free staticly allocated 2240 strings) 2241 * man/sasl_getopt_t.3: Clarify semantics of memory management 2242 2243 2002-07-05 Rob Siemborski <rjs3@andrew.cmu.edu> 2244 * saslauthd/lak.c: Better handling of downed ldap servers 2245 (Igor Brezac <igor@ipass.net>) 2246 * sasldb/db_berkeley.c, utils/dbconverter-2.c: Use db_strerror() 2247 rather than strerror() for Berkeley DB error values. 2248 (J.H.M. Dassen (Ray) <jdassen@debian.org>) 2249 * saslauthd/Makefile.am, saslauthd/auth_ldap.c: don't 2250 hardwire the saslauthd conf file 2251 (J.H.M. Dassen (Ray) <jdassen@debian.org>) 2252 2253 2002-07-03 Rob Siemborski <rjs3@andrew.cmu.edu> 2254 * man/sasl_user_exists.3: fix sasl_idle reference 2255 2256 2002-07-02 Rob Siemborski <rjs3@andrew.cmu.edu> 2257 * lib/auxprop.c: Can now select multiple auxprop plugins 2258 * doc/options.html: updated for above 2259 * lib/client.c: improve mechanism selection to include 2260 number of security flags 2261 2262 2002-06-27 Ken Murchison <ken@oceana.com> 2263 * doc/draft-zeilenga-sasl-plain-00.txt: added 2264 * doc/index.html: added PLAIN draft 2265 2266 2002-06-26 Ken Murchison <ken@oceana.com> 2267 * doc/draft-zeilenga-sasl-anon-00.txt: added 2268 * doc/index.html: added ANONYMOUS draft 2269 2270 2002-06-20 Rob Siemborski <rjs3@andrew.cmu.edu> 2271 * lib/auxprop.c: Make "cound not find auxprop plugin" warning 2272 log at LOG_DEBUG 2273 2274 2002-06-19 Rob Siemborski <rjs3@andrew.cmu.edu> 2275 * plugins/digestmd5.c: create layer keys for integrity as 2276 well as privacy 2277 * saslauthd/auth_ldap.[ch], saslauthd/lak.[ch]: 2278 Large rewrite (Igor Brezac <igor@ipass.net>) 2279 * lib/client.c, lib/server.c, lib/common.c: 2280 Actually set most of the sparams and cparams structures 2281 2282 2002-06-19 Ken Murchison <ken@oceana.com> 2283 * doc/draft-melnikov-rfc2831bis-01.txt: added 2284 * doc/draft-melnikov-rfc2831bis-00.txt: deleted 2285 * doc/index.html: updated to latest RFC 2831bis draft 2286 2287 2002-06-18 Ken Murchison <ken@oceana.com> 2288 * doc/draft-nerenberg-sasl-crammd5-02.txt: added 2289 * doc/draft-nerenberg-sasl-crammd5-01.txt: deleted 2290 * doc/index.html: updated to latest CRAM-MD5 draft 2291 2292 2002-06-17 Rob Siemborski <rjs3@andrew.cmu.edu> 2293 * plugins/login.c, plugins/plain.c: Canonicalize username before 2294 doing checkpass 2295 2296 2002-06-14 Rob Siemborski <rjs3@andrew.cmu.edu> 2297 * lib/client.c, lib/server.c, lib/saslint.h, lib/common.c. 2298 lib/seterror.c: continued size_t vs unsigned cleanups 2299 2300 2002-06-13 Rob Siemborski <rjs3@andrew.cmu.edu> 2301 * saslauthd/ : remove LDAP support 2302 * Ready for 2.1.5 2303 2304 2002-06-12 Rob Siemborski <rjs3@andrew.cmu.edu> 2305 * plugins/digestmd5.c: rename get_realm to get_server_realm, and 2306 pay attention to its return value 2307 * lib/external.c, lib/seterror.c: cleanup size_t/unsigned confusion 2308 2309 2002-06-10 Rob Siemborski <rjs3@andrew.cmu.edu> 2310 * sasldb/Makefile.am: fix handling of allockey (only include it once) 2311 * plugins/kerberos4.c: fix a reference count leak 2312 * Ready for 2.1.4 2313 2314 2002-05-28 Rob Siemborski <rjs3@andrew.cmu.edu> 2315 * saslauthd/LDAP_SASLAUTHD, saslauthd/saslauthd.mdoc: 2316 Update documentation for LDAP and Saslauthd as per 2317 Igor Brezac <igor@ipass.net> 2318 2319 2002-05-22 Lawrence Greenfield <leg+@andrew.cmu.edu> 2320 * lib/checkpw.c: close door file descriptor in 2321 saslauthd_verify_password 2322 2323 2002-05-21 Rob Siemborski <rjs3@andrew.cmu.edu> 2324 * saslauthd/auth_krb5.c: fix a leak due to not 2325 calling krb5_cc_destroy on failure 2326 2327 2002-05-17 Rob Siemborski <rjs3@andrew.cmu.edu> 2328 * saslauthd/saslauthd-*.c: support a generic mechanism option -O 2329 instead of -H 2330 * saslauthd/auth_ldap.c, lak.c, et. al: auth_ldap overhaul 2331 (Igor Brezac <igor@ipass.net>) 2332 * lib/common.c, include/sasl.h: add sasl_version 2333 2334 2002-05-13 Rob Siemborski <rjs3@andrew.cmu.edu> 2335 * lib/checkpw.c: use "*cmusaslsecretPLAIN" in auxprop_verify_password 2336 (Howard Chu, <hyc@highlandsun.com>), also only make a single 2337 canon_user call. 2338 2339 2002-05-13 Ken Murchison <ken@oceana.com> 2340 * plugins/plugin_common.c: set the return code to SASL_FAIL, and 2341 NULL the results of the _plug_get_*() functions before we get 2342 started 2343 * plugins/digestmd5.c, otp.c, plain.c, srp.c: check for NULL or 2344 empty authzid from callback 2345 2346 2002-05-09 Rob Siemborski <rjs3@andrew.cmu.edu> 2347 * saslauthd/configure.in: --with-ldap now takes a path 2348 2349 2002-05-08 Rob Siemborski <rjs3@andrew.cmu.edu> 2350 * saslauthd/acconfig.h, auth_ldap.c, configure.in, lak.c, lak.h: 2351 Misc compile/portability fixes (mostly header-related) 2352 * utils/testsuite.c: minor getopt() parameter fix 2353 (Claus Assmann <ca+sasl@sendmail.org>) 2354 * lib/checkpw.c: fix some warnings 2355 2356 2002-05-07 Rob Siemborski <rjs3@andrew.cmu.edu> 2357 * Ready for 2.1.3-BETA 2358 2359 2002-05-06 Rob Siemborski <rjs3@andrew.cmu.edu> 2360 * include/saslplug.h: add name member for canon_user plugins 2361 * lib/canonusr.c: use name member 2362 2363 2002-05-06 Ken Murchison <ken@oceana.com> 2364 * plugins/digestmd5.c: added client-side reauth 2365 2366 2002-05-05 Ken Murchison <ken@oceana.com> 2367 * lib/client.c: pass global_context to mech_new() 2368 * lib/server.c: don't free global_context (the plugin should free it) 2369 * utils/testsuite: swapped serverlast tests so that the 2370 descriptions are correct 2371 2372 2002-05-03 Ken Murchison <ken@oceana.com> 2373 * plugins/digestmd5.c: added server-side reauth 2374 * doc/index.html: added Marshall Rose's SASL papers 2375 * doc/options.html: added 'reauth_timeout' 2376 2377 2002-05-03 Rob Siemborski <rjs3@andrew.cmu.edu> 2378 * plugins/kerberos4.c: fix compile errors 2379 * config/kerberos_v4.m4, plugins/digestmd5.c: fix des_cbc_encrypt 2380 interoperability problem (OpenSSL) 2381 * saslauthd/Makefile.am, acconfig.h, auth_ldap.c, auth_ldap.h, 2382 configure.in, lak.c, lak.h, mechanisms.c, mechanisms.h, 2383 saslauthd.conf: added experimental LDAP saslauthd module 2384 (by Igor Brezac <igor@ipass.net>) 2385 * include/saslplug.h: give auxprop plugins a name 2386 * plugins/sasldb.c: give sasldb plugin a name 2387 * lib/auxprop.c: allow auxprop selection 2388 * doc/options.html: document auxprop_plugin option 2389 2390 2002-05-01 Ken Murchison <ken@oceana.com> 2391 * plugins/digestmd5.c, gssapi.c, kerberos4.c, srp.c: 2392 general plugin cleanup - standardizing structure 2393 2394 2002-04-30 Rob Siemborski <rjs3@andrew.cmu.edu> 2395 * plugins/gssapi.c: Minor cleanup of struct hack in context structure 2396 2397 2002-04-30 Ken Murchison <ken@oceana.com> 2398 * plugins/plugin_common.[ch], anonymous.c, cram.c, login.c, otp.c, 2399 plain.c, sasldb.c, srp.c, 2400 lib/client.c, external.c, saslint.h, server.c: general plugin 2401 cleanup - reusing more common code, standardizing structure 2402 2403 2002-04-28 Ken Murchison <ken@oceana.com> 2404 * plugins/plugin_common.[ch], anonymous.c, cram.c, digestmd5.c, 2405 gssapi.c, kerberosv4.c, login.c, otp.c, plain.c, srp.c, 2406 lib/external.c:finalize movement of callback/interaction stuff 2407 into plugin_common 2408 2409 2002-04-27 Ken Murchison <ken@oceana.com> 2410 * plugins/plugin_common.[ch], anonymous.c, cram.c, digestmd5.c, 2411 gssapi.c, kerberosv4.c, login.c, otp.c, plain.c, srp.c, 2412 lib/external.c: move make_prompts stuff into plugin_common 2413 * utils/testsuite.c: allow for testing of EXTERNAL 2414 2415 2002-04-26 Rob Siemborski <rjs3@andrew.cmu.edu> 2416 * sasldb/allockey.c: be sure to set userPassword and not *userPassword 2417 2418 2002-04-26 Ken Murchison <ken@oceana.com> 2419 * lib/client.c, server.c: check 'doneflag' just before mech_step() 2420 * plugins/plugin_common.[ch], anonymous.c, cram.c, digestmd5.c, 2421 gssapi.c, kerberosv4.c, login.c, otp.c, plain.c, srp.c, 2422 lib/external.c, Makefile.am: move callback/interaction stuff 2423 into plugin_common 2424 * plugins/plugin_common.[ch], digestmd5.c, gssapi.c, 2425 kerberosv4.c, srp.c: move decode/concatenation of multiple 2426 packets into plugin_common 2427 * utils/testsuite.c: set SASL_AUTH_EXTERNAL so we can test EXTERNAL 2428 2429 2002-04-25 Ken Murchison <ken@oceana.com> 2430 * plugins/otp.c: don't free the secret when we get data from a 2431 callback (and don't copy it) 2432 * plugins/gssapi.c, plain.c: make sure to set 'doneflag' when done 2433 * lib/client.c, server.c: don't call mech_step() if 'doneflag' is set 2434 2435 2002-04-24 Rob Siemborski <rjs3@andrew.cmu.edu> 2436 * plugins/cram.c, digestmd5.c, login.c, plain.c, srp.c: don't 2437 free the secret when we get data from a callback (and don't copy it) 2438 2439 2002-04-22 Rob Siemborski <rjs3@andrew.cmu.edu> 2440 * include/gai.h: Fix for compatibility with older glibc versions 2441 (Howard Chu, <hyc@highlandsun.com>) 2442 * plugins/gssapi.c: Don't always send authzid on client side 2443 (Howard Chu, <hyc@highlandsun.com>) 2444 2445 2002-04-18 Rob Siemborski <rjs3@andrew.cmu.edu> 2446 * saslauthd/auth_sasldb.c: Use "use_realm" instead of "realm" 2447 for lookup of secret. (Jonas Oberg <jonas@gnu.org>) 2448 * plugins/gssapi.c: Correct handling of client-side authid and 2449 authzid (Howard Chu, <hyc@highlandsun.com>) 2450 * lib/external.c: Better handling of user canonicalization 2451 (Howard Chu, <hyc@highlandsun.com>) 2452 * plugins/cram.c, digestmd5.c, gssapi.c, kerberos4.c, 2453 login.c, otp.c, plain.c, srp.c: zero out prompt_need structures 2454 before use 2455 2456 2002-04-17 Rob Siemborski <rjs3@andrew.cmu.edu> 2457 * plugins/cram.c, digestmd5.c, srp.c: Adjust cmusaslsecretFOO to 2458 *cmusaslsecretFOO 2459 * plugins/sasldb.c: correctly handle *(property) 2460 * lib/canonusr.c, server.c: Lookup authzid and authid auxprops 2461 correctly (and in the same place). 2462 * include/sasl.h, saslplug.h: Fix auxprop lookups 2463 (e.g. SASL_AUXPROP_AUTHZID) 2464 2465 2002-04-15 Rob Siemborski <rjs3@andrew.cmu.edu> 2466 * plugins/gssapi.c: Handle null authzid's correctly 2467 * lib/server.c: fix a strcmp() that should be a memcmp() 2468 2469 2002-04-15 Rob Siemborski <rjs3@andrew.cmu.edu> 2470 * plugins/gssapi.c: fix how name_token and name_without_realm are 2471 freed. 2472 2473 2002-04-12 Ken Murchison <ken@oceana.com> 2474 * doc/draft-melnikov-rfc2831bis-00.txt: added 2475 * doc/draft-myers-saslrev-02.txt: moved TOC 2476 * doc/draft-myers-saslrev-02.txt: added 2477 * doc/draft-myers-saslrev-01.txt: deleted 2478 * doc/index.html: changed link to updated saslrev draft, 2479 added KERBEROS_V4 notation, 2480 added link to rfc2831bis draft 2481 2482 2002-04-08 Ken Murchison <ken@oceana.com> 2483 * lib/server.c, doc/options.html: allow multiple pwcheck_methods 2484 2485 2002-04-03 Rob Siemborski <rjs3+@andrew.cmu.edu> 2486 * saslauthd/configure.in: properly define AUTH_KRB5 2487 * saslauthd/auth_krb5.c: changes for MIT KRB5 2488 2489 2002-03-27 Rob Siemborski <rjs3+@andrew.cmu.edu> 2490 * Removed check for db3/db.h (people can just use --with-bdb-incdir) 2491 2492 2002-03-26 Rob Siemborski <rjs3+@andrew.cmu.edu> 2493 * Ready for 2.1.2 2494 2495 2002-03-11 Rob Siemborski <rjs3+@andrew.cmu.edu> 2496 * plugins/kerberos4.c: Fix a race condition during mutex allocation 2497 2498 2002-03-04 Rob Siemborski <rjs3+@andrew.cmu.edu> 2499 * lib/checkpw.c: Stop logging "authentication failed" message 2500 * plugins/gssapi.c: Reduce log level of "gss_accept_context" message 2501 2502 2002-02-27 Rob Siemborski <rjs3+@andrew.cmu.edu> 2503 * saslauthd/saslauthd.mdoc: Clarify that sasldb with saslauthd 2504 is not what you want to be doing. 2505 * doc/sysadmin.html: Update "sasldb" verifier to "auxprop" 2506 2507 2002-02-22 Rob Siemborski <rjs3+@andrew.cmu.edu> 2508 * lib/checkpw.c: made retry_read static 2509 2510 2002-02-21 Rob Siemborski <rjs3+@andrew.cmu.edu> 2511 * lib/checkpw.c (auxprop_verify_password) report SASL_NOUSER instead 2512 of SASL_FAIL. 2513 * lib/client.c, lib/server.c: More Complete returning of SASL_NOTINIT 2514 * utils/testsuite.c: Better checking for SASL_NOTINIT 2515 2516 2002-02-11 Ken Murchison <ken@oceana.com> 2517 * plugins/srp.c: removed OpenSSL 0.9.6 dependencies, small bugfix 2518 * configure.in: cleaned up OpenSSL (libcrypto) check 2519 2520 2002-02-05 Rob Siemborski <rjs3+@andrew.cmu.edu> 2521 * contrib/tclsasl: Add Marshall Rose's <mrose@dbc.mtview.ca.us> 2522 tclsasl patch. 2523 * plugins/anonymous.c: No longer append extra NUL to client response 2524 2525 2002-02-04 Rob Siemborski <rjs3+@andrew.cmu.edu> 2526 * utils/saslpasswd.c: Added -n option (Ken Murchison) 2527 * lib/dlopen.c: Removed confusing entry point message. 2528 * Ready for 2.1.1 2529 2530 2002-02-01 Ken Murchison <ken@oceana.com> 2531 * plugins/srp.c: fixed srp_setpass() 2532 2533 2002-01-31 Ken Murchison <ken@oceana.com> 2534 * include/sasl.h, lib/server.c, 2535 plugins/digestmd5.c, gssapi.c, kerberos4.c, srp.c: 2536 added SASL_SEC_MUTUAL_AUTH 2537 * plugins/srp.c: cleanup error messages and return codes 2538 2539 2002-01-30 Ken Murchison <ken@oceana.com> 2540 * plugins/otp.c, plugins/otp.h: added non-OPIE client/server 2541 implementation (requires OpenSSL) 2542 * configure.in: OTP now requires OpenSSL, OPIE is optional 2543 * doc/options.html, doc/readme.html, doc/sysadmin.html, doc/TODO: 2544 updated for new OTP implementation 2545 2546 2002-01-25 Rob Siemborski <rjs3+@andrew.cmu.edu> 2547 * saslauthd/Makefile.am: Correct multiple EXTRA_DIST bug 2548 * saslauthd/Makefile.am: small typo fixed (Leena Heino <liinu@uta.fi>) 2549 2550 2002-01-23 Rob Siemborski <rjs3+@andrew.cmu.edu> 2551 * utils/dbconverter-2.c (main): More intelligent default paths 2552 * acconfig.h: #ifndef's for _GNU_SOURCE (Assar <assar@permabit.com>) 2553 2554 2002-01-22 Rob Siemborski <rjs3+@andrew.cmu.edu> 2555 * lib/common.c: Complete definition of sasl_global_listmech 2556 (from Love <lha@stacken.kth.se>) 2557 * lib/client.c: added checks for _sasl_client_active to 2558 sasl_client_new and sasl_client_start 2559 2560 2002-01-21 Ken Murchison <ken@oceana.com> 2561 * doc/draft-myers-saslrev-01.txt: moved TOC 2562 * doc/draft-ietf-cat-sasl-gssapi-05.txt: moved TOC 2563 * doc/draft-nerenberg-sasl-crammd5-01.txt: added 2564 * doc/draft-nerenberg-sasl-crammd5-00.txt: deleted 2565 * doc/index.html: changed link to updated draft 2566 * plugins/login.c (login_client_mech_step): fix client-first 2567 handling 2568 2569 2002-01-21 Rob Siemborski <rjs3+@andrew.cmu.edu> 2570 * lib/server.c (sasl_server_start): null out *serverout and 2571 *serveroutlen, just in case. 2572 * lib/external.c: Added correct required_prompts 2573 * saslauthd/testsaslauthd.c: Added simple saslauthd client 2574 * saslauthd/Makefile.am: rules for testsaslauthd 2575 * doc/sysadmin.html: updated to reference testsaslauthd 2576 * saslauthd/saslauthd.c: allow -n 0 (for fork-per-connection) 2577 * saslauthd/saslauthd.mdoc: documentation of -n 0 2578 * plugins/cram.c (crammd5_client_mech_step): fix client-first 2579 handling 2580 * sasldb/db_gdbm.c: improved error reporting 2581 (Courtesy Marshall T. Rose <mrose@dbc.mtview.ca.us> 2582 * config/sasldb.m4: improved gdbm configure handling 2583 (Courtesy Marshall T. Rose <mrose@dbc.mtview.ca.us> 2584 * config/kerberos_v4.m4: Detect OpenSSL libdes first. 2585 (Courtesy Marshall T. Rose <mrose@dbc.mtview.ca.us> 2586 * plugins/cram.c, digestmd5.c, kervberos4.c, login.c, 2587 lib/client.c, server.c, include/saslplug.h: 2588 Cleaner client-first ABI. 2589 2590 2002-01-19 Ken Murchison <ken@oceana.com> 2591 * plugins/otp.c: set serverout to NULL where we have nothing to 2592 send instead of the empty string 2593 * plugins/srp.c: let glue code handle client-last/server-last 2594 situation by setting serverout appropriately 2595 2596 2002-01-19 Rob Siemborski <rjs3+@andrew.cmu.edu> 2597 * plugins/plain.c, plugins/login.c, plugins/digestmd5.c: 2598 set serverout to NULL where we have nothing to send instead of 2599 the empty string 2600 * include/saslplug.h, lib/client.c, lib/server.c: eliminated 2601 SASL_FEAT_WANT_SERVER_LAST in favor of clever setting of serverout 2602 * plugins/digestmd5.c: removed SASL_FEAT_WANT_SERVER_LAST 2603 2604 2002-01-18 Ken Murchison <ken@oceana.com> 2605 * plugins/srp.c: updated to draft-burdis-cat-srp-sasl-06 2606 * plugins/srp.c: server uses external SSF 2607 * plugins/srp.c: server sends mandatory options based on min SSF 2608 * doc/draft-burdis-cat-srp-sasl-06.txt: added 2609 * doc/draft-burdis-cat-srp-sasl-05.txt: deleted 2610 * doc/index.html: changed link to updated draft 2611 2612 2002-01-17 Rob Siemborski <rjs3+@andrew.cmu.edu> 2613 * plugins/kerberos4.c: Actually allocate a mutex on the client side 2614 2615 2002-01-16 Rob Siemborski <rjs3+@andrew.cmu.edu> 2616 * lib/server.c (mech_permitted): fixed incorrect return value of 2617 SASL_NOMECH that should have been 0. 2618 * lib/common.c (sasl_errdetail): fixed core if passed in conn is NULL 2619 * plugins/digestmd5.c (encode_tmp_buf): removed unneeded buffer 2620 2621 2002-01-16 Ken Murchison <ken@oceana.com> 2622 * plugins/srp.c: fixed layer decoding to handle multiple packets 2623 * plugins/srp.c: plugged memory leaks (now passes testsuite) 2624 * plugins/srp.c: more logging 2625 * plugins/srp.c: lots of other nits, bug fixes 2626 * utils/testsuite.c: added SSF=0/56 test 2627 2628 2002-01-14 Rob Siemborski <rjs3+@andrew.cmu.edu> 2629 * saslauthd/auth_krb4.c (auth_krb4): fix tf_name memory leak, 2630 and other efficency fixes 2631 2632 2002-01-11 Rob Siemborski <rjs3+@andrew.cmu.edu> 2633 * include/saslplug.h: Add flags member to params structures 2634 * lib/client.c, lib/server.c: flags parameter to sasl_*_new 2635 now gets to the plugins 2636 2637 2002-01-10 Rob Siemborski <rjs3+@andrew.cmu.edu> 2638 * include/sasl.h: Update for sasl_global_listmech API 2639 * lib/common.c, lib/client.c, lib/server.c: sasl_global_listmech() 2640 * lib/dlopen.c (_parse_la): fix parseing of dlname= line 2641 * Ready for 2.1.0 2642 2643 2002-01-09 Ken Murchison <ken@oceana.com> 2644 * plugins/otp.c: fixed security_flags 2645 * plugins/srp.c: corrected integrity layer encoding 2646 * plugins/srp.c: finished maxbuffersize handling 2647 * plugins/srp.c: fixed security_flags 2648 * doc/index.html: added reference to SRP paper 2649 2650 2002-01-09 Rob Siemborski <rjs3+@andrew.cmu.edu> 2651 * lib/common.c (sasl_decode): Removed maxoutbuf check 2652 * man/sasl_setprop.3: Minor clarifications 2653 * plugins/digestmd5.c, plugins/gssapi.c, plugins/kerberos4.c: 2654 Assorted security layer fixes (maxoutbuf setting, mech_ssf setting) 2655 * lib/common.c, lib/client.c, lib/server.c, lib/saslint.h: 2656 Allowed client-side sasl_listmech calls. 2657 * include/sasl.h: Minor cosmetic fix to comments 2658 * doc/programming.html: Interaction memory management clarifications 2659 * lib/common.c: Fix several crash problems in getprop 2660 (Courtesy Marshall T. Rose <mrose@dbc.mtview.ca.us>) 2661 2662 2002-01-05 Lawrence Greenfield <leg+@andrew.cmu.edu> 2663 * saslauthd/saslauthd.c: F_SETLK doesn't block; F_SETLKW does 2664 * saslauthd/saslauthd.c: detect errors somewhat better 2665 2666 2002-01-04 Rob Siemborski <rjs3+@andrew.cmu.edu> 2667 * lib/common.c: Allow sasl_setprop for SASL_DEFUSERREALM 2668 2669 2002-01-04 Ken Murchison <ken@oceana.com> 2670 * plugins/srp.c: don't send M2 if using a confidentiality layer 2671 * plugins/srp.c: more constraint checks 2672 * plugins/otp.c: improve standard hex/word response detection 2673 * doc/install.html, doc/sysadmin.html, contrib/opie-2.4-fixes: 2674 add patch for OPIE 2.4 to enable extended responses 2675 2676 2002-01-03 Ken Murchison <ken@oceana.com> 2677 * configure.in: removed check fpr gmp 2678 * plugins/srp.c: migrated to OpenSSL's BN (removed GNU MP dependency) 2679 2680 2001-12-20 Rob Siemborski <rjs3+@andrew.cmu.edu> 2681 * sasldb/db_ndbm.c: Fixed small memory leak 2682 (Courtesy Howard Chu <hyc@highlandsun.com>) 2683 2684 2001-12-18 Ken Murchison <ken@oceana.com> 2685 * plugins/srp.c: more constraint checks 2686 2687 2001-12-17 Rob Siemborski <rjs3+@andrew.cmu.edu> 2688 * saslauthd/saslauthd.c: Prefork a number of processes to handle 2689 connections. 2690 * saslauthd/auth_krb4.c: Handle concurrent accesses better. 2691 2692 2001-12-15 Ken Murchison <ken@oceana.com> 2693 * plugins/srp.c: added confidentiality layers 2694 2695 2001-12-14 Ken Murchison <ken@oceana.com> 2696 * plugins/srp.c: improved client/server layer option handling 2697 * plugins/srp.c: added client-side support for mandatory options 2698 * plugins/srp.c: added framework for confidentiality layers 2699 * plugins/srp.c: added some data sanity checking (thanks to 2700 Tom Holroyd <tomh@po.crl.go.jp> for feedback) 2701 2702 2001-12-13 Rob Siemborski <rjs3+@andrew.cmu.edu> 2703 * lib/server.c, lib/common.c: Fix handling of 2704 global callbacks so that plugin_list works again 2705 2706 2001-12-12 Rob Siemborski <rjs3+@andrew.cmu.edu> 2707 * pwcheck/Makefile.am: Added include of ../lib 2708 (from Hajimu UMEMOTO <ume@mahoroba.org>) 2709 2710 2001-12-11 Rob Siemborski <rjs3+@andrew.cmu.edu> 2711 * sasldb/db_ndbm.c: fix call to dbm_nextkey, from 2712 Scot W. Hetzel <scot@genroco.com> 2713 2714 2001-12-10 Rob Siemborski <rjs3+@andrew.cmu.edu> 2715 * doc/plugprog.html: Update for new user canonicalization usage. 2716 * man/sasl_canon_user.3: Update for new user canonicalization usage. 2717 * configure.in: Actually set STATIC_GSSAPIV2 when necessary 2718 2719 2001-12-08 Ken Murchison <ken@oceana.com> 2720 * plugins/srp.c: make sure we have the HMAC before trying to use it 2721 * plugins/srp.c: don't advertise server integrity w/o HMAC-SHA-1 2722 * plugins/srp.c: move EVP_cleanup() to mech_free so mech can be reused 2723 2724 2001-12-07 Ken Murchison <ken@oceana.com> 2725 * configure.in: SRP now requires OpenSSL 2726 * plugins/srp.c: migrated to OpenSSL's MDA/cipher abstraction API 2727 * plugins/srp.c: added RIPEMD-160 support 2728 * plugins/srp.c: using "standard ACSII names" for MDA-names as 2729 documented by [SCAN] (until determined otherwise) 2730 * plugins/srp.c: using updated canon_user API to allow separate 2731 canonicalization of authid and authzid. 2732 2733 2001-12-06 Rob Siemborski <rjs3+@andrew.cmu.edu> 2734 * lib/canonusr.c: Better logging when desired plugin is not found. 2735 * lib/checkpw.c: spelling error fixed. 2736 * lib/canonusr.c, lib/checkpw.c, lib/client.c, lib/external.c, 2737 lib/saslint.h, lib/server.c, include/sasl.h, include/saslplug.h, 2738 plugins/*.c: Updated canon_user API to allow separate 2739 canonicalization of authid and authzid. 2740 2741 2001-12-05 Rob Siemborski <rjs3+@andrew.cmu.edu> 2742 * saslauthd/Makefile.am, saslauthd/acconfig.h, saslauthd/configure.in: 2743 Solaris 7 and FreeBSD (FreeBSD is courtesy of Claus Assmann 2744 <ca+sasl@sendmail.org>) 2745 * sasldb/Makefile.am: link order fix (Courtesy Claus Assmann 2746 <ca+sasl@sendmail.org>) 2747 2748 2001-12-05 Ken Murchison <ken@oceana.com> 2749 * configure.in: 2750 * plugins/Makefile.am: only build SRP with sasldb libs when 2751 srp_setpass() is enabled 2752 * plugins/srp.c: added HMAC-SHA-160 integrity layer 2753 * plugins/srp.c: don't offer integrity layers unless HMAC-SHA-160 2754 is available (mandatory) 2755 * plugins/srp.c: fixed multiple integrity/confidentiality layer 2756 client-side bug 2757 * plugins/srp.c: fixed delete SRP secret bug 2758 * plugins/srp.c: removed VL() stuff 2759 2760 2001-12-04 Rob Siemborski <rjs3+@andrew.cmu.edu> 2761 * utils/Makefile.am, config/sasldb.m4: Build sasldblistusers2 2762 and saslpasswd2. Default database now /etc/sasldb2 2763 * INSTALL, README, doc/index.html, doc/upgrading.html: Update 2764 with upgrading instructions in preparation for release. 2765 * doc/, /: Documentation reorganization, convert README and INSTALL to 2766 HTML format. 2767 * Bumped appropriate version numbers, Ready for 2.0.5-BETA 2768 2769 2001-12-04 Ken Murchison <ken@oceana.com> 2770 * acconfig.h, configure.in: dependency checking for SRP 2771 * acconfig.h, configure.in: 2772 * plugins/srp.c: made srp_setpass() a compile-time option (default=off) 2773 * plugins/srp.c: use auxprop to fetch cmusaslsecretSRP/userPassword 2774 * plugins/srp.c: code cleanup 2775 * acconfig.h, configure.in: 2776 * doc/sysadmin.html: 2777 * plugins/otp.c: made otp_setpass() a compile-time option (default=off) 2778 2779 2001-12-02 Ken Murchison <ken@oceana.com> 2780 * plugins/srp.c: fixed SHA1 support 2781 * plugins/srp.c: changed calculation of 'x' to coincide with draft -05 2782 * plugins/srp.c: code cleanup 2783 2784 2001-12-01 Ken Murchison <ken@oceana.com> 2785 * plugins/srp.c: abstracted MDA interface 2786 * plugins/srp.c: added SHA1 support (not working) 2787 2788 2001-11-30 Ken Murchison <ken@oceana.com> 2789 * plugins/srp.c: renumbered steps to start at 1 2790 * plugins/srp.c: check plugin API version instead of SRP_VERSION 2791 * plugins/srp.c: changed data exchanges to conform to draft -05 2792 2793 2001-11-29 Ken Murchison <ken@oceana.com> 2794 * plugins/srp.c: code now compiles and runs 2795 * plugins/Makefile.am: added sasldb libs to SRP build 2796 2797 2001-11-24 Ken Murchison <ken@oceana.com> 2798 * lib/external.c: made EXTERNAL a client-send-first mechanism 2799 * doc/index.html: added CRAM-MD5 draft 2800 2801 2001-11-22 Ken Murchison <ken@oceana.com> 2802 * plugins/otp.c: fixed otp_setpass() bug 2803 * doc/sysadmin.html: OTP additions/changes 2804 2805 2001-11-19 Rob Siemborski <rjs3+@andrew.cmu.edu> 2806 * utils/saslpasswd.c: Corrected disable handling 2807 2808 2001-11-17 Ken Murchison <ken@oceana.com> 2809 * doc/index.html, rfc2945.txt, rfc3174.txt: specification additions 2810 * doc/Makefile.am: Updated included RFCs and IDs 2811 2812 2001-11-14 Ken Murchison <ken@oceana.com> 2813 * lib/server.c, doc/options.html: added 'mech_list' option 2814 2815 2001-11-14 Rob Siemborski <rjs3+@andrew.cmu.edu> 2816 * sasldb/allockey.c: removed an assert() call 2817 * sasldb/db_ndmb.c, sasldb/db_gdbm.c: Fixed cntxt's to be conn's 2818 2819 2001-11-13 Ken Murchison <ken@oceana.com> 2820 * acconfig.h, configure.in: 2821 * plugins/otp.c: support client-side OTP without OPIE 2822 2823 2001-11-08 Ken Murchison <ken@oceana.com> 2824 * plugins/otp.c: allow entry of one-time password via 2825 SASL_CB_ECHOPROMPT callback 2826 * plugins/otp.c: code cleanup 2827 * doc/index.html, draft*.txt: specification updates/additions 2828 2829 2001-11-08 Rob Siemborski <rjs3+@andrew.cmu.edu> 2830 * plugins/cram.c, digestmd5.c, sasldb.c: Removed all assert() 2831 calls from supported plugins. 2832 2833 2001-11-07 Rob Siemborski <rjs3+@andrew.cmu.edu> 2834 * utils/testsuite.c: added proxy policy checks 2835 * lib/checkpw.c (_sasl_auxprop_verify_apop): correct handling 2836 of seterror calls 2837 2838 2001-11-06 Rob Siemborski <rjs3+@andrew.cmu.edu> 2839 * lib/canonusr.c (_canonuser_internal): added necessary seterror calls 2840 * doc/Makefile.am: Updated included RFCs and IDs 2841 * lib/canonusr.c, lib/server.c: Corrected authzid/authid handling 2842 * plugins/digestmd5.c: Unconfused authzid/authid in server call to 2843 canon_user 2844 2845 2001-11-01 Rob Siemborski <rjs3+@andrew.cmu.edu> 2846 * plugins/gssapi.c, plugins/kerberos4.c: Get rid of unnecessary 2847 buffer copy in security layer encodes. 2848 2849 2001-10-24 Ken Murchison <ken@oceana.com> 2850 * plugins/otp.c: added otp_setpass() so that saslpasswd can 2851 be used instead of opiepasswd on closed systems 2852 * doc/sysadmin.html: OTP additions/changes 2853 2854 2001-10-22 Ken Murchison <ken@oceana.com> 2855 * acconfig.h, configure.in: detect OPIE, enable/disable OTP 2856 * plugins/Makefile.am, makeinit.sh, otp.c: added OTP support 2857 (still need work on RFC2444 compliance - depends on OPIE changes) 2858 * doc/index.html, options.html, sysadmin.html, rfc*.txt: 2859 OTP additions/changes 2860 2861 2001-10-18 Rob Siemborski <rjs3+@andrew.cmu.edu> 2862 * utils/testsuite.c: Test DES harder for DIGEST-MD5 2863 * plugins/digestmd5.c (enc_des): Get rid of one buffer copy. 2864 * plugins/digestmd5.c (dec_des, dec_3des): correct handling of 2865 padding length check. 2866 2867 2001-10-17 Rob Siemborski <rjs3+@andrew.cmu.edu> 2868 * config/sasldb.m4: detect berkeley db 4 2869 * plugins/gssapi.c, cram.c, kerberos4.c, digestmd5.c: have dispose 2870 calls deal with the possibility of a null context 2871 2872 2001-10-16 Rob Siemborski <rjs3+@andrew.cmu.edu> 2873 * saslauthd/Makefile.am: Link LIB_PAM as well, if needed 2874 * plugins/digestmd5.c: Don't send a trailing nul on challenge and 2875 responses. 2876 * lib/server.c (sasl_server_start, sasl_server_step): Deal with 2877 authentication failures better. (Reported by Larry Rosenbaum 2878 <lmr@ornl.gov>) 2879 2880 2001-10-02 Rob Siemborski <rjs3+@andrew.cmu.edu> 2881 * saslauthd/Makefile.am, saslauthd/auth_sasldb.c, 2882 saslauthd/configure.in: Changes to allow extraction of saslauthd 2883 as needed. 2884 2885 2001-09-19 Rob Siemborski <rjs3+@andrew.cmu.edu> 2886 * lib/getaddrinfo.c (getaddrinfo): Correct fix for 2887 AI_PASSIVE bug from Hajimu UMEMOTO <ume@mahoroba.org> 2888 * plugins/plugin_common.c, lib/common.c (_*_ipfromstring): 2889 revert to previous versions. 2890 2891 * plugins/Makefile.am: Include necessry compatibility objects 2892 as needed. 2893 * lib/Makefile.am: compatibility code for static libsasl 2894 * configure.in: small changes to make compatibility objects easy 2895 to use. 2896 2897 2001-09-18 Rob Siemborski <rjs3+@andrew.cmu.edu> 2898 * plugins/plugin_common.c, lib/common.c (_*_ipfromstring): 2899 no longer use AI_PASSIVE hint for getaddrinfo 2900 2901 2001-09-13 Rob Siemborski <rjs3+@andrew.cmu.edu> 2902 * saslauthd/auth_sasldb.c, saslauthd/auth_sasldb.h: 2903 Added experimental sasldb saslauthd module 2904 * saslauthd/configure.in: sasldb related config changes, 2905 do not config if disabled 2906 2907 2001-09-12 Rob Siemborski <rjs3+@andrew.cmu.edu> 2908 * saslauthd/*, lib/checkpw.c (saslauthd_verify_password): 2909 merged new saslauthd protocol from Ken Murchison <ken@oceana.com> 2910 2911 2001-08-30 Rob Siemborski <rjs3+@andrew.cmu.edu> 2912 2913 * configure.in, saslauthd/configure.in: check for inet_aton 2914 in libresolv.so, so as to link it if necessary 2915 2916 * config/sasldb.m4 (BERKELEY_DB_CHK_LIB): set runpath of library 2917 if necessary 2918 2919 2001-08-29 Rob Siemborski <rjs3+@andrew.cmu.edu> 2920 2921 * utils/testsuite.c: Minor testsuite fix (include paths) 2922 2923 * Ready for 2.0.4-BETA 2924 2925 2001-08-24 Rolf Braun <rbraun+@andrew.cmu.edu> 2926 2927 * Mac OS 9 and X support, including Carbon 2928 Mac OS 9 Classic support based on the SASL v1 code 2929 by Aaron Wohl <n3liw+@andrew.cmu.edu> 2930 2931 * updated ltconfig and ltmain.sh 2932 * acconfig.h: 2933 * configure.in: 2934 * lib/saslutil.c: use random() when jrand48() isn't available 2935 2936 * dlcompat-20010505: 2937 dlcompat included for OS X support, compiles separately 2938 * lib/dlopen.c: prefix symbols with underscore on OS X, as on OpenBSD 2939 note that this is also detected automatically by configure, 2940 this only helps when cross-compiling (for OS X?) 2941 2942 * acconfig.h: 2943 * configure.in: 2944 * config/kerberos_v4.m4 2945 look for libdes524 when libdes doesn't exist. 2946 look for libkrb4 when libkrb doesn't exist. 2947 2948 * lib/saslint.h: 2949 * lib/common.c: 2950 * lib/seterror.c: 2951 * lib/Makefile.am: 2952 split sasl_seterror() into a new file. 2953 add_string -> _sasl_add_string and made this non-static 2954 so seterror can use it. 2955 added _sasl_get_errorbuf to go into the conn_t struct 2956 so we don't have to know the format of that struct when 2957 seterror.c is linked from glue code (i.e., the Mac OS X CFM glue) 2958 2959 * acconfig.h: 2960 fix the order of the fake iovec struct for systems that 2961 don't have it (like Mac OS 9) so it's the same order as 2962 most Unixes that do (like Mac OS X) -- the CFM glue needs this 2963 2964 * acconfig.h: 2965 include <sys/types.h> before we include <sys/uio.h> 2966 2967 * plugins/kerberos4.c: 2968 * lib/checkpw.c: 2969 * acconfig.h: 2970 * configure.in: 2971 check for krb_get_err_txt in the kerberos 4 library, 2972 and use it instead of the krb_err_txt[] array if available 2973 2974 * plugins/kerberos4.c: 2975 define KEYFILE to "/etc/srvtab" if not already defined 2976 by the kerberos 4 headers (needed for MIT KfM 4.0) 2977 2978 * doc/macosx.html: added this 2979 * README: point Mac OS X users to doc/macosx.html 2980 * doc/Makefile.am: add doc/macosx.html to distfiles 2981 2982 * Makefile.am: 2983 * lib/Makefile.am: 2984 * include/Makefile.am: 2985 * config/Info.plist: 2986 * configure.in: 2987 when building on Mac OS X, install a framework 2988 in /Library/Frameworks 2989 2990 * mac/*: 2991 projects and support files for Mac OS 9, classic and Carbon 2992 * mac/osx_cfm_glue: 2993 the glue to allow CFM Carbon applications under Mac OS X 2994 call the Unix-layer SASL library 2995 2996 * lib/common.c: 2997 * lib/canonusr.c: 2998 don't do the auxprop stuff on Mac OS 9 2999 3000 * lib/getaddrinfo.c: 3001 don't look up hostnames on Mac OS 9 (we only officially 3002 support passing IP address strings anyway) 3003 3004 * lib/getaddrinfo.c: 3005 * plugins/plugin_common.c: 3006 * plugins/plugin_common.h: 3007 don't include headers on Mac OS 9 that we don't have. 3008 3009 * sample/sample-client.c: 3010 add a cast for Mac OS 9 (different type handling of char) 3011 3012 * plugins/makeinit.sh: 3013 include the stub header to export the right symbols on Mac OS 9 3014 3015 2001-08-20 Rob Siemborski <rjs3+@andrew.cmu.edu> 3016 * plugins/gssapi.c (gssapi_server_mech_step): fixed accidental 3017 back link into glue code 3018 3019 * config/kerberos4.m4: Actually link in -lkrb 3020 3021 2001-08-15 Rob Siemborski <rjs3+@andrew.cmu.edu> 3022 * lib/common.c (_sasl_iptostring): #if 0'd out. 3023 3024 * lib/server.c (sasl_user_exists): only check the verifier we 3025 are using 3026 3027 * config/kerberos_v4.m4 (SASL_DES_CHK): added 3028 * config/kerberos_v4.m4 (SASL_KERBEROS_V4_CHK): included 3029 entire check from configure.in 3030 * configure.in: moved kerberos 4 code completely out. 3031 * saslauthd/acconfig.h (WITH_DES, WITH_SSL_DES): Added 3032 DES-related symbols 3033 3034 2001-08-14 Rob Siemborski <rjs3+@andrew.cmu.edu> 3035 * configure.in: Check for sys/uio.h 3036 * saslauthd/configure.in: Check for sys/uio.h 3037 * config.h: Do the Right Thing for struct iovec (and 3038 no longer include sys/uio.h elsewhere) 3039 * saslauthd/config.h: Do the Right Thing for struct iovec (and 3040 no longer include sys/uio.h elsewhere) 3041 3042 2001-08-13 Rob Siemborski <rjs3+@andrew.cmu.edu> 3043 * plugins/digestmd5.c (init_des, init_3des, enc_des, dec_des, 3044 enc_3des, dec_3des): fixed interoperability problems, 3045 3des was not decrypting with correct key and des was not 3046 setting up the initial vector. 3047 3048 * lib/checkpw.c (always_true): log users who log in via this verifier 3049 3050 2001-08-13 Rob Siemborski <rjs3+@andrew.cmu.edu> 3051 * utils/testsuite.c (giveokpath): fix memory leak 3052 3053 * lib/common.c (sasl_ipfromstring): add call to freeaddrinfo() 3054 * plugins/plugin_common.c (_plug_ipfromstring): add call to 3055 freeaddrinfo() 3056 3057 * lib/saslutil.c (sasl_randseed): actually initialize the randpool 3058 3059 * saslauthd/auth_getpwent.c (auth_getpwent): clear a warning 3060 * saslauthd/auth_shadow.c (auth_shadow): clear a similar warning 3061 3062 * utils/Makefile.am (EXTRA_DIST): Actually include the needed files 3063 3064 * saslauthd/configure.in: Handle shadow passwords correctly 3065 * saslauthd/acconfig.h: Handle shadow passwords correctly 3066 3067 * lib/checkpw.c (always_true): added 3068 * configure.in: added check for alwaystrue verifier 3069 * acconfig.h: added HAVE_ALWAYSTRUE 3070 * doc/options.html: alwaystrue verifier documented 3071 3072 2001-08-11 Rob Siemborski <rjs3+@andrew.cmu.edu> 3073 * saslauthd/: Now configures separately from SASL, so as 3074 to localize tests for that package within that package 3075 3076 * utils/dbconverter-2.c (listusers_cb): fix handling of APOP 3077 3078 2001-08-10 Rob Siemborski <rjs3+@andrew.cmu.edu> 3079 * saslauthd/Makefile.am (install-data-local): 3080 correct handling of $(DESTDIR) (and create the directory if it 3081 isn't there) [Amos Gouaux <amos@utdallas.edu>] 3082 3083 * lib/server.c (sasl_server_init): Added plugname to add_plugin 3084 call for EXTERNAL 3085 3086 * doc/index.html: updated 3087 * doc/appconvert.html: cleaned up 3088 3089 2001-08-09 Rob Siemborski <rjs3+@andrew.cmu.edu> 3090 * plugins/digestmd5.c (digestmd5_client_mech_step): handle 3091 missing authorization name 3092 * plugins/plain.c (plain_client_mech_step): handle 3093 missing authorization name 3094 3095 * include/sasl.h: better documentation of SASL_CB_CANON_USER 3096 3097 2001-08-08 Rob Siemborski <rjs3+@andrew.cmu.edu> 3098 * saslauthd/saslauthd.mdoc: updated re: pam 3099 * saslauthd/saslauthd.8: regenerated 3100 * saslauthd/Makefile.am: Link against PLAIN_LIBS also 3101 (from Ken Murchison <ken@oceana.com>) 3102 3103 2001-08-07 Rob Siemborski <rjs3+@andrew.cmu.edu> 3104 * lib/client.c (sasl_server_step): corrected maxoutbuf handleing 3105 * lib/server.c (sasl_server_step): corrected maxoutbuf handleing 3106 * lib/saslint.h (DEFAULT_MAXOUTBUF): removed 3107 3108 * lib/common.c (sasl_encodev, sasl_decode): maxbufsize checking 3109 3110 * utils/testsuite.c (testseclayer,doauth): more security layer 3111 checking. Added parameter to doauth to disable fatal() calls, 3112 updated all callers. 3113 3114 * utils/smtptest.c (main): added ability to support LMTP 3115 3116 * plugins/gssapi.c: conform with draft-ietf-cat-sasl-gssapi-05.txt 3117 3118 * doc/draft-ietf-cat-sasl-gssapi-05.txt: added 3119 * doc/Makefile.am (EXTRA_DIST): added above to EXTRA_DIST 3120 3121 2001-08-06 Rob Siemborski <rjs3+@andrew.cmu.edu> 3122 * utils/dbconverter-2.c (listusers_cb): handle PLAIN-APOP 3123 3124 * lib/client.c (sasl_client_add_plugin, client_done): 3125 save plugin name 3126 * lib/server.c (sasl_server_add_plugin, server_done): 3127 save plugin name 3128 * lib/dlopen.c (_sasl_plugin_load): correctly pass pluginname 3129 * lib/common.c (sasl_getprop): implement SASL_AUTHSOURCE properly 3130 * lib/saslint.h (cmechanism_t, mechanism_t): added plugname field 3131 * lib/canonusr.c (internal_canonuser_init): no longer limit 3132 based on plugname 3133 * plugins/sasldb.c (sasldb_auxprop_plug_init): no longer limit 3134 based on plugname 3135 3136 2001-08-01 Rob Siemborski <rjs3+@andrew.cmu.edu> 3137 * utils/smtptest.c (iptostring): better behaved w.r.t endianness 3138 3139 * plugins/cram.c (crammd5_server_mech_step): support for old-style 3140 secrets 3141 * plugins/digestmd5.c (digestmd5_server_mech_step): support for 3142 old-style secrets 3143 * lib/checkpw.c (auxprop_verify_password,_sasl_make_plain_secret): 3144 support for old-style secrets 3145 * utils/dbconverter-2.c: added 3146 * utils/sasldblistusers.c (listusers): Print out property names 3147 as well as username@realm format. 3148 * utils/saslpasswd.c (_sasl_sasldb_set_pass): Correctly handle updates 3149 that concern old-style secrets 3150 3151 * sasldb/allockey.c: Added a missing null to propName in key parser 3152 3153 2001-07-31 Rob Siemborski <rjs3+@andrew.cmu.edu> 3154 * plugins/kerberos4.c (mech_avail): made static 3155 3156 * plugins/kerberos4.c (mech_avail): fixed ipv4 check 3157 (patch from Hajimu UMEMOTO <ume@mahoroba.org>) 3158 3159 * doc/appconvert.html: vague guide documenting our experience 3160 porting Cyrus IMAPd to use SASLv2 3161 * doc/Makefile.am: added appconvert.html 3162 3163 * lib/client.c (sasl_client_new): fixed ip address setting to hit 3164 relevant params structures as well 3165 * lib/server.c (sasl_server_new): fixed ip address setting to hit 3166 relevant params structures as well 3167 * lib/common.c (sasl_setprop): fixed ip address setting to hit 3168 relevant params structures as well 3169 3170 * lib/common.c (sasl_seterror): fixed spelling error 3171 3172 2001-07-30 Rob Siemborski <rjs3+@andrew.cmu.edu> 3173 * sasldb/db_berkeley.c: utils->seterror() calls 3174 * sasldb/db_gdbm.c: utils->seterror() calls 3175 * sasldb/db_ndbm.c: utils->seterror() calls 3176 * sasldb/allockey.c: utils->seterror() calls 3177 3178 * lib/common.c (sasl_seterror): still call logging callback with a 3179 null sasl_conn_t 3180 3181 * plugins/sasldb.c (sasldb_auxprop_lookup): support for multiple 3182 properties 3183 3184 * plugins/Makefile.am: added -module to LDFLAGS 3185 3186 * config/sasldb.m4: Allow specification of exact berkeley db 3187 lib and include paths 3188 * sasldb/Makefile.am: Add proper include directory 3189 3190 * sasldb/sasldb.m4 (SASL_DB_BACKEND_STATIC): include allockey.o 3191 3192 * Ready for 2.0.3-BETA 3193 3194 * plugins/kerberos4.c (kerberos4_server_plug_init): reset 3195 srvtab when we do not load correctly. 3196 3197 * lib/staticopen.c (_sasl_load_plugins): do not fail 3198 if a single plugin load fails 3199 3200 * include/sasl.h (SASL_CLIENT_FALLBACK): removed 3201 3202 2001-07-27 Rob Siemborski <rjs3+@andrew.cmu.edu> 3203 * configure.in: extracted SASLDB-related checking 3204 * config/sasldb.m4: added 3205 3206 * configure.in: now cache the JNI include directory path 3207 3208 * utils/testsuite.c: switch some sasl_errstrings to sasl_errdetail 3209 * plugins/gssapi.c: Fix error reporting 3210 3211 * plugins/gssapi.c: Required SASL_CB_USER instead of SASL_CB_AUTHNAME 3212 3213 * plugins/anonymous.c: Function name standardization 3214 * plugins/cram.c: Function name standardization 3215 * plugins/digestmd5.c: Function name standardization 3216 * plugins/gssapi.c: Function name standardization 3217 * plugins/kerberos.c: Function name standardization 3218 * plugins/login.c: Function name standardization 3219 * plugins/plain.c: Function name standardization 3220 3221 * sasldb/allockey.c: Generalized SASLdb API 3222 * sasldb/db_berkeley.c: Generalized SASLdb API 3223 * sasldb/db_gdbm.c: Generalized SASLdb API 3224 * sasldb/db_ndbm.c: Generalized SASLdb API 3225 * sasldb/db_none.c: Generalized SASLdb API 3226 * sasldb/db_testw32.c: Added #error to block compile so the API will 3227 be fixed when we do the Win 32 port 3228 * plugins/sasldb.c: Use new SASLdb API 3229 * utils/saslpasswd.c: Use new SASLdb API 3230 3231 2001-07-26 Rob Siemborski <rjs3+@andrew.cmu.edu> 3232 * lib/common.c (_sasl_getcallback): fixed reference to 3233 possibly NULL conn 3234 3235 * configure.in: only build saslpasswd and sasldblistusers 3236 if we have a meaningfull libsasldb (e.g. not db_none), 3237 * utils/Makefile.am: only build saslpasswd and sasldblistusers 3238 if we have a meaningfull libsasldb (e.g. not db_none), 3239 3240 * configure.in: conditionally build smtptest 3241 * utils/Makefile.am: conditionally build smtptest 3242 3243 * sasldb/allockey.c (_sasldb_parse_key): added 3244 3245 * sasldb/sasldb.h: New key list access API, added parameter to 3246 sasl_check_db (all callers updated, all callees updated) 3247 * sasldb/db_berkeley.c: Implement key list access API 3248 * sasldb/db_gdbm.c: Implement key list access API 3249 * sasldb/db_ndbm.c: Implement key list access API 3250 * sasldb/db_none.c: Implement key list access API 3251 3252 * utils/sasldblistuser.c: Use libsasldb instead of internal 3253 functions. 3254 3255 * utils/saslpasswd.c: No longer have separate global_utils, 3256 call sasl_dispose and sasl_done 3257 3258 * acconfig.h: check for inttypes.h 3259 * configure.in: check for inttypes.h 3260 * plugins/plugin_common.c: include, if necessary, inttypes.h, 3261 reference uint32_t instead of u_int32_t 3262 3263 2001-07-25 Rob Siemborski <rjs3+@andrew.cmu.edu> 3264 * lib/saslint.h: changed "sasldb" verifier to "auxprop" 3265 * lib/server.c: changed "sasldb" verifier to "auxprop" 3266 * lib/checkpw.c: changed "sasldb" verifier to "auxprop" 3267 * utils/testsuite.c: changed "sasldb" verifier to "auxprop" 3268 * doc/options.html: changed "sasldb" verifier to "auxprop" 3269 3270 * README: updated upgrade information 3271 3272 * utils/Makefile.am (CLEANFILES): added 3273 3274 * sasldb/allockey.c (alloc_key): single place for alloc_key() 3275 Removed alloc_key from other source files. 3276 * sasldb/sasldb.h: added declaration of alloc_key() 3277 3278 * configure.in: added checks for db-3.3 and db3.3 3279 3280 * plugins/digestmd5.c (get_realm): now error on empty user_realm 3281 3282 * plugins/cram.c (client_required_prompts): removed redundant 3283 required_prompts 3284 3285 * plugins/plain.c (client_continue_step): server-send-last error 3286 3287 * utils/testsuite.c (main): detailed client-send-first, 3288 server-send-last checking 3289 3290 2001-07-24 Rob Siemborski <rjs3+@andrew.cmu.edu> 3291 * plugins/sasldb.c: Cleaned up calls into the glue code 3292 3293 * java/Test/*: Cleaned up java test utilities 3294 3295 * configure.in: Minor GSSAPI configure changes 3296 3297 * utils/saslpasswd.c: Clarfied -d option for saslpasswd 3298 * utils/saslpasswd.8: Clarfied -d option for saslpasswd 3299 3300 * doc/plugprog.html: Added plugin programmer's guide 3301 * doc/index.html: linked to plugin programmer's guide 3302 3303 * configure.in: corrected configure checking of Berkeley DB 3304 (from Scot W. Hetzel <scot@genroco.com>) 3305 3306 * configure.in: corrected checking for libcom_err 3307 (from Scot W. Hetzel <scot@genroco.com>) 3308 3309 2001-07-23 Rob Siemborski <rjs3+@andrew.cmu.edu> 3310 * configure.in: Added check for db3/db.h 3311 3312 * plugins/kerberos4.c Added mech_avail (checks for IP info) 3313 3314 * lib/common.c: Fixed setting of serverFQDN in _sasl_conn_init 3315 3316 * lib/server.c: Fully Implemented mech_avail calls in glue code 3317 3318 * lib/server.c: Fixed allocation/destruction of sasl_conn_t's 3319 * lib/client.c: Fixed allocation/destruction of sasl_conn_t's 3320 * lib/common.c: Rely on earlier initialization in server.c and client.c 3321 3322 * doc/options.html: added 3323 3324 * ChangeLog: back to standard format 3325 3326 2001-07-20 Rob Siemborski <rjs3+@andrew.cmu.edu> 3327 * Can now deal with variable client-first mechs such as 3328 DIGEST-MD5, though this interface is subject to change 3329 * Modified parseuser to deal better with default realms 3330 * Simplified realm handling in DIGEST-MD5 (getrealm callback 3331 is no longer required). 3332 * Cleaned up some memory management issues in DIGEST-MD5 3333 3334 2001-07-19 Rob Siemborski <rjs3+@andrew.cmu.edu> 3335 * Fixed prototype of sasl_getpath_t to be in conformance with 3336 memory allocation rules 3337 * Fixed up samples directory 3338 * Try to dlopen using information in .la file if available 3339 (based on patch from 3340 Stoned Elipot <Stoned.Elipot@script.jussieu.fr>) 3341 * Resolution of most of the server-send-first and client-send-last 3342 issues (using mechanism feature flags) 3343 3344 2001-07-18 Rob Siemborski <rjs3+@andrew.cmu.edu> 3345 * Updated config.guess and config.sub 3346 * Better underscore checking for dlsym 3347 * Resolved possible global_utils namespace collision 3348 * Updated sasldb library to be expandable to multiple properties 3349 if the need arises in the future. 3350 * IPv6 support from Hajimu UMEMOTO <ume@mahoroba.org> 3351 3352 2001-07-17 Rob Siemborski <rjs3+@andrew.cmu.edu> 3353 * Extricated sasldb support to an auxprop plugin only. 3354 sasldb modifications can now only be done through the saslpasswd 3355 interface. 3356 3357 2001-07-13 Rob Siemborski <rjs3+@andrew.cmu.edu> 3358 * Fixed buffer overrun problem in sasldb auxprop plugin 3359 * Removed severe memory leak from testsuite 3360 * Version 2.0.2-ALPHA Released 3361 3362 2001-07-11 Rob Siemborski <rjs3+@andrew.cmu.edu> 3363 * error reporting in KERBEROS_V4 plugin 3364 * vague handling of SASL_AUTHSOURCE for getprop 3365 * random misc error reporting bugs 3366 * basic error messages for GSSAPI plugin 3367 3368 2001-07-10 Rob Siemborski <rjs3+@andrew.cmu.edu> 3369 * added client-send-first logic in glue code 3370 * removed some client-send-first logic in mechanisms 3371 * removed IPv4 specifics from sasl_conn_t 3372 * Much gluecode error revamping (store the error code 3373 in sasl_conn_t) 3374 3375 2001-07-09 Rob Siemborski <rjs3+@andrew.cmu.edu> 3376 * Removed dependency on "name" in canonuser plugin structure 3377 * Update configure.in from a new configure.scan 3378 * Update copyright info in man pages, finished all API man pages 3379 * Added auxprop tests to testsuite 3380 * Added userdb callback support 3381 3382 2001-07-09 Rob Siemborski <rjs3+@andrew.cmu.edu> 3383 * First attempt at making the java code work again 3384 * Minor memory and byte order bugfixes 3385 * Added testing support for dmalloc (--with-dmalloc) 3386 3387 2001-07-06 Rob Siemborski <rjs3+@andrew.cmu.edu> 3388 * Loading of auxprop and canonuser plugins from DSOs 3389 (This still sucks performance wise, and will be fixed soon) 3390 * Fixed some lack of indirection in the plugins 3391 * Reverted to the v1 entry points for the plugins 3392 * Cleaned up a good deal of the library loading code so it 3393 now only gets called from the sasl_*_init functions, and 3394 all the cleanup happens in the common sasl_done function 3395 * Added SASL_IPREMOTEPORT and SASL_IPLOCALPORT to setprop, 3396 and now _sasl_conn_init calls it to do the same work. 3397 3398 2001-07-05 Rob Siemborski <rjs3+@andrew.cmu.edu> 3399 * Working libsfsasl and smtptest program (--with-sfio) 3400 * Fixed sasldblistusers (atleast for Berkeley DB) 3401 * seterror() calls in ANONYMOUS, CRAM, PLAIN and LOGIN 3402 * Some new manpages 3403 3404 2001-07-03 Rob Siemborski <rjs3+@andrew.cmu.edu> 3405 * Static library compilation now optional (--with-staticsasl) 3406 Note that this is different from --enable-static, which causes 3407 libtool to build static versions of everything is is almost 3408 certainly NOT what you want. 3409 * Removed all references to the ancient NANA code. 3410 * Updated some documentation. 3411 3412 2001-07-02 Rob Siemborski <rjs3+@andrew.cmu.edu> 3413 * Improved allocation efficiency of KERBEROS_V4, DIGEST-MD5, 3414 and GSSAPI security layers. 3415 * Fixed a decode bug in DIGEST-MD5 (and testsuite improvements to 3416 help find similar ones) 3417 * Fixed a number of solaris compiler warnings 3418 * Static Library Build Support 3419 3420 2001-06-30 Rob Siemborski <rjs3+@andrew.cmu.edu> 3421 * Cleanup of some man pages (added sasl_errors.3) 3422 3423 2001-06-29 Rob Siemborski <rjs3+@andrew.cmu.edu> 3424 * Cleanup of APOP Code + new man page (Ken Murchison <ken@oceana.com>) 3425 * Cleanup of comments in some files (Ken Murchison <ken@oceana.com>) 3426 * Fixed some compiler errors on Solaris using /opt/SUNWspro/bin/cc 3427 (Reported by Mei-Hui Su <mei@ISI.EDU> 3428 3429 2001-06-28 Rob Siemborski <rjs3+@andrew.cmu.edu> 3430 * Improved memory allocation in default sasl_decode handler 3431 * Added ability to disable sasl_checkapop (--disable-checkapop) 3432 * Re-initialized kerberos mutex to NULL after it was freed 3433 3434 2001-06-28 Rob Siemborski <rjs3+@andrew.cmu.edu> 3435 * Fixed a severe bug in DIGEST-MD5 Plugin 3436 * KERBEROS_V4 plugin now thread safe 3437 * Version 2.0.1-ALPHA Released (due to DIGEST-MD5 problem) 3438 3439 2001-06-27 Rob Siemborski <rjs3+@andrew.cmu.edu> 3440 * Version 2.0.0-ALPHA Released