1 2009-04-27 Ken Murchison <murch@andrew.cmu.edu>
4 2009-04-27 Ken Murchison <murch@andrew.cmu.edu>
5 * lib/saslutil.c: Fixed CERT VU#238019 (make sure sasl_encode64()
6 always NUL terminates output or returns SASL_BUFOVER).
8 2006-05-19 Ken Murchison <murch@andrew.cmu.edu>
9 * Makefile.am: include INSTALL.TXT in distro
12 2006-05-18 Ken Murchison <murch@andrew.cmu.edu>
13 * cmulocal/sasl2.m4: patch to compile with MIT krb5 1.4.3
14 (Philip Guenther <guenther@sendmail.com>)
16 2006-05-18 Alexey Melnikov <alexey.melnikov@isode.com>
17 * configure.in: Fixed default value in help for the
18 --with-authdaemond command line option (Philip Guenther).
20 2006-05-17 Alexey Melnikov <alexey.melnikov@isode.com>
21 * NEWS: Ready for 2.1.22
23 2006-05-17 Alexey Melnikov <alexey.melnikov@isode.com>
24 * utils/Makefile.am: enable pluginviewer in the default build.
26 2006-04-26 Ken Murchison <murch@andrew.cmu.edu>
27 * lib/server.c: call do_authorization() after successful APOP
29 2006-04-26 Alexey Melnikov <alexey.melnikov@isode.com>
30 * plugins/digestmd5.c: If neither DES nor RC4 cipher is selected,
31 advertise maxssf of 1 (integrity protection).
33 2006-04-26 Alexey Melnikov <alexey.melnikov@isode.com>
34 * utils/pluginviewer.c: Must set fully qualified domain name
35 in sasl_client_new, or some plugins will not be shown.
37 2006-04-26 Alexey Melnikov <alexey.melnikov@isode.com>
38 * lib/client.c: Replaced wrong "break" statement with
39 "continue" in the client side list function.
41 2006-04-25 Alexey Melnikov <alexey.melnikov@isode.com>
42 * plugins/NTMakefile: Enable RC4 cipher in Windows build.
44 2006-04-25 Alexey Melnikov <alexey.melnikov@isode.com>
45 * plugins/digestmd5.c: Make sure that SASL packets
46 shorter than 16 bytes don't cause buffer overrun.
47 Also prevent an error report from BoundsChecker
48 regarding pointer being out of range.
50 2006-04-25 Alexey Melnikov <alexey.melnikov@isode.com>
51 * win32/common.mak: Fixed bug of not setting CODEGEN
52 (code generation option) if STATIC is set.
54 2006-04-24 Alexey Melnikov <alexey.melnikov@isode.com>
55 * plugins/passdss.c, plugins/srp.c: Added include files required
56 by OpenSSL 0.9.8 (original patch by Dan Nicholson).
58 2006-04-24 Alexey Melnikov <alexey.melnikov@isode.com>
59 * utils/NTMakefile: testsuite.exe doesn't depend on saslSASLDB.dll.
61 2006-04-24 Alexey Melnikov <alexey.melnikov@isode.com>
62 * doc/windows.html: Updated Windows build instructions.
64 2006-04-20 Alexey Melnikov <alexey.melnikov@isode.com>
65 * utils/testsuite.c: Removed sasl_encode test which is no longer
66 valid due to changed in sasl_encodev.
67 Also properly terminated all property request lists with NULL.
69 2006-04-19 Ken Murchison <murch@andrew.cmu.edu>
70 * saslauthd/auth_shadow.c, saslauthd/configure.in: Check for 4/5
71 argument versions of getXXname_r().
73 2006-04-19 Alexey Melnikov <alexey.melnikov@isode.com>
74 * lib/common.c: Andrey V. Malyshev pointed out that the SASL
75 context is always NULL when the default logging callback
76 _sasl_syslog is called. In particular this means that
77 the log_level configuration option is always ignored.
79 2006-04-19 Alexey Melnikov <alexey.melnikov@isode.com>
80 * configure.in: Search for application configuration
81 files in /usr/lib/sasl2 by default and fall back to
82 /etc/sasl2 if not found.
84 2006-04-19 Alexey Melnikov <alexey.melnikov@isode.com>
85 * plugins/digestmd5.c: Handle missing realm option from
86 the client as the empty string. This match the behavior
87 prescribed in RFC 2831.
89 2006-04-19 Alexey Melnikov <alexey.melnikov@isode.com>
90 * saslauthd/Makefile.am: Enable testsaslauthd build
93 2006-04-18 Alexey Melnikov <alexey.melnikov@isode.com>
94 * lib/saslint.h, lib/common.c: Added support for spliting
95 big data blocks (bigger than maxbuf) into multiple SASL
96 packets in sasl_encodev.
98 2006-04-10 Alexey Melnikov <alexey.melnikov@isode.com>
99 * utils/Makefile.am: Added the pluginviewer man page.
100 Reordered link dependencies for saslpasswds/sasldblistusers2.
102 2006-04-10 Alexey Melnikov <alexey.melnikov@isode.com>
103 * utils/pluginviewer.8: Added man page for pluginviewer.
105 2006-04-10 Alexey Melnikov <alexey.melnikov@isode.com>
106 * utils/pluginviewer.c: Deleted unused command line parameters
107 and cleaned up usage output.
109 2006-04-10 Alexey Melnikov <alexey.melnikov@isode.com>
110 * include/gai.h: Use HAVE_GETADDRINFO (instead of HAVE_GETNAMEINFO)
111 to protect definition of getaddrinfo().
113 2006-04-10 Alexey Melnikov <alexey.melnikov@isode.com>
114 * include/sasl.h: Allocated some GSSAPI specific properties
115 for Nico Williams (Sun)
117 2006-04-10 Alexey Melnikov <alexey.melnikov@isode.com>
118 * lib/common.c: Free default_plugin_path and
119 default_conf_path variables in sasl_done.
121 2006-04-10 Alexey Melnikov <alexey.melnikov@isode.com>
122 * sasldb/allockey.c: Cleaned up some warnings
124 2006-04-10 Alexey Melnikov <alexey.melnikov@isode.com>
125 * win32/include/config.h: Deleted a misleading comment
127 2006-04-06 Jeffrey Teaton <jeaton@cmu.edu>
128 * saslauthd/auth_rimap.c: patch from Dale Sedivec to prevent
129 segfault when saslauth free()s returned string
130 * plugins/sql.c: patch from Matthew Hardin to do better
131 error checking for mysql_real_query
133 2006-04-03 Alexey Melnikov <alexey.melnikov@isode.com>
134 * configure.in, plugins/NTMakefile, plugins/sasldb.c,
135 sasldb/db_berkeley.c, sasldb/sasldb.h:
136 Patch to keep BerkleyDB handle open between operations
137 (for performance reason). New behavior can be enabled
138 with --enable-keep-db-open. Original patch by Curtis King.
140 2006-03-14 Alexey Melnikov <alexey.melnikov@isode.com>
141 * lib/server.c: Fixed bug # 2796: load_config now
142 looks in all directories for the config file,
143 not just in the first one.
145 2006-03-14 Alexey Melnikov <alexey.melnikov@isode.com>
146 * include/saslplug.h, lib/auxprop.c, lib/client.c
147 lib/server.c, utils/Makefile.am, utils/NTMakefile,
148 utils/pluginviewer.c [new]:
149 Added support for reporting information about
150 loaded auxprop plugins. Changed the first parameter
151 to sasl_server_plugin_info/sasl_client_plugin_info
152 to be "const char *". Added new utility for
153 reporting information about client and server side
154 authentication plugins and auxprop plugins (e.g.
155 supported features, methods, etc.).
157 2006-03-13 Alexey Melnikov <alexey.melnikov@isode.com>
158 * saslauthd/Makefile.am, saslauthd/auth_httpform.c,
159 saslauthd/auth_httpform.h, saslauthd/configure.in,
160 saslauthd/mechanisms.c, saslauthd/mechanisms.h:
161 Added support for HTTP POST password validation
162 in saslauthd (patch by Joe Ammann <joe@pyx.ch>)
164 2006-03-13 Alexey Melnikov <alexey.melnikov@isode.com>
165 * cmulocal/openldap.m4: Allow for compilation
168 2006-03-13 Alexey Melnikov <alexey.melnikov@isode.com>
169 * lib/saslutil.c, utils/testsuite.c: Various
170 fixes to sasl_decode64: don't ignore partial
171 base64 data, don't allow any data after the '='
174 2006-03-13 Alexey Melnikov <alexey.melnikov@isode.com>
175 * lib/saslint.h: Increase canonicalization buffer
176 size to 1024 bytes, as Luke Howard has reported
177 that 256 is too small for some certificates.
179 2006-03-13 Alexey Melnikov <alexey.melnikov@isode.com>
180 * lib/NTMakefile: Include Cyrus version of
181 getnameinfo() when compiling with Visual Studio 6,
182 as Windows SDK emulation is not available.
184 2006-02-13 Alexey Melnikov <alexey.melnikov@isode.com>
185 * include/sasl.h, lib/common.c: Added sasl_set_path
186 function (for a more convenient way of setting
187 plugin and config paths. Changed the default
188 sasl_getpath_t/sasl_getconfpath_t callbacks to
189 calculate the value only once and cache it
192 2006-02-13 Alexey Melnikov <alexey.melnikov@isode.com>
193 * configure.in, include/sasl.h, lib/common.c,
194 lib/saslinit.h, lib/server.c, man/Makefile.am,
195 man/sasl_callbacks.3, man/sasl_getconfpath_t.3,
196 win32/include/config.h: Added a new sasl_getconf_t
197 callback for specifying where SASL configuration files
198 can be found. Based on patch from Artur Frysiak
199 <wiget@pld.org.pl> for SASL v1, updated by Gentoo
200 folks for SASL v2 and further modified by
201 Andreas Hasenack <andreas@conectiva.com.br>.
203 2006-01-31 Alexey Melnikov <alexey.melnikov@isode.com>
204 * INSTALL, INSTALL.TXT: Renamed INSTALL to INSTALL.TXT
205 as the former conflicts with Windows "install" target
206 (and Windows file names are case-insensitive).
208 2005-08-11 Alexey Melnikov <alexey.melnikov@isode.com>
209 * plugins/sasldb.c: Return SASL_NOUSER only if all calls to
210 _sasldb_putdata() return SASL_NOUSER. This prevents spurious
213 2005-07-07 Alexey Melnikov <alexey.melnikov@isode.com>
214 * plugins/ntlm.c: Added <openssl/md5.h> include in order to fix
215 building with OpenSSL 0.9.8.
217 2005-05-19 Derrick Brashear <shadow@andrew.cmu.edu>
218 * config/libtool.m4: do proper quoting, from Andreas Winkelmann
219 * configure.in: clean up enable switches, from Patrick Welche
220 * config/sasldb.m4: fix macro names, from Andreas Winkelmann
221 * lib/client.c: deal with gcc4 strictness, from Steven Simon
223 2005-05-16 Derrick Brashear <shadow@andrew.cmu.edu>
224 * configure.in, include/sasl.h, lib/Makefile.am,
225 plugins/Makefile.am, saslauthd/configure.in, sasldb/Makefile.am,
226 win32/common.mak, win32/include/config.h: 2.1.21
227 * Makefile.am: fix dist-hook to run makeinit.sh in plugins/
229 2005-05-15 Derrick Brashear <shadow@andrew.cmu.edu>
230 * saslauthd/lak.c: leak fix from Igor Brezac
232 2005-05-15 Alexey Melnikov <alexey.melnikov@isode.com>
233 * plugins/NTMakefile: ldapdb on Windows might depend on OpenSSL.
235 2005-05-06 Derrick Brashear <shadow@andrew.cmu.edu>
236 * configure.in, saslauthd/auth_pam.c: detect pam header location also
237 where MacOS provides it, and use it there
238 * utils/Makefile.am: change link order for MacOS
239 * configure.in: provide option to disable installing MacOS SASL2
241 * configure.in, config/kerberos_v4.m4, config/plain.m4,
242 config/sasldb.m4, lib/Makefile.am, sasldb/Makefile.am,
243 (cmulocal/sasl2.m4): fix case where we are building
244 --enable-static --with-dblib=none causing automake's dependancy
245 stuff to screw us when we try to build files with .. in their path
247 2005-04-11 Derrick Brashear <shadow@andrew.cmu.edu>
248 * configure.in, plugins/digestmd5.c: detect and include des.h if it
249 exists, otherwise assume we don't need it (Solaris 9)
251 2005-04-11 Derrick Brashear <shadow@andrew.cmu.edu>
252 * sasldb/Makefile.am, config/sasldb.m4: work around HP-UX make's
253 inability to have pipes in $(shell ...) by setting
254 LOCAL_SASL_DB_BACKEND_STATIC at the same time as
255 SASL_DB_BACKEND_STATIC.
257 2005-03-15 Alexey Melnikov <alexey.melnikov@isode.com>
258 * lib/dlopen.c: log the reason for opendir() failure
261 2005-03-08 Alexey Melnikov <alexey.melnikov@isode.com>
262 * man/sasl_auxprop.3, man/sasl_auxprop_getctx.3,
263 man/sasl_auxprop_request.3, man/sasl_canon_user_t.3,
264 man/sasl_client_init.3, man/sasl_client_new.3,
265 man/sasl_client_start.3, man/sasl_client_step.3,
266 man/sasl_decode.3, man/sasl_errdetail.3, man/sasl_errstring.3,
267 man/sasl_getpath_t.3, man/sasl_getrealm_t.3,
268 man/sasl_getsecret_t.3, man/sasl_server_init.3,
269 man/sasl_server_new.3, man/sasl_server_start.3,
270 man/sasl_server_step.3, man/sasl_setpass.3,
271 man/sasl_user_exists.3, man/sasl_verifyfile_t.3: multiple
272 spelling corrections from Steven Simon <steven_si@sbcglobal.net>.
274 2005-03-07 Alexey Melnikov <alexey.melnikov@isode.com>
275 * utils/saslpasswd2.8, utils/sasldblistusers2.8: updated manpages.
277 2005-03-01 Derrick Brashear <shadow@andrew.cmu.edu>
278 * lib/common.c: honor log level setting
280 2005-02-28 Derrick Brashear <shadow@andrew.cmu.edu>
281 * README.ldapdb: ldapdb license info
283 2005-02-25 Alexey Melnikov <alexey.melnikov@isode.com>
284 * include/sasl.h, lib/common.c: Added SASL_VERSION_FULL
287 2005-02-22 Alexey Melnikov <alexey.melnikov@isode.com>
288 * plugins/NTMakefile, win32/common.mak: Windows build of the ldapdb
291 2005-02-16 Derrick Brashear <shadow@andrew.cmu.edu>
292 * configure.in, doc/install.html, doc/options.html, doc/readme.html,
293 doc/sysadmin.html, lib/staticopen.h, plugins/Makefile.am,
294 plugins/ldapdb.c, plugins/makeinit.sh: pull in ldapdb auxprop
295 plugin, from Igor Brezac (Howard Chu's plugin)
297 2005-02-14 Derrick Brashear <shadow@andrew.cmu.edu>
298 * saslauthd/krbtf.c: updated from CMUCS
299 * saslauthd/auth_krb5.c: log the krb5 error return if get_creds fails
301 2005-02-01 Alexey Melnikov <alexey.melnikov@isode.com>
302 * win32/include/config.h: Updated to match gai.h changes.
303 * win32/include/config.h: added define for the OTP plugin.
305 2005-01-27 Derrick Brashear <shadow@andrew.cmu.edu>
306 * configure.in, include/gai.h: move AI_NUMERICHOSTS definitions
307 to config.h because gai.h is not always included.
309 2005-01-10 Derrick Brashear <shadow@andrew.cmu.edu>
310 * saslauthd/auth_krb5.c, saslauthd/auth_krb4.c,
311 saslauthd/krbtf.h (added), saslauthd/krbtf.c (added),
312 saslauthd/cfile.h (added), saslauthd/cfile.c (added),
313 saslauthd/Makefile.am: Kerberos V4/V5 alternate keytab
314 in saslauthd, plus common code merging (from David Eckhardt
317 2004-12-08 Alexey Melnikov <alexey.melnikov@isode.com>
318 * doc/windows.html: Updated as per recent build changes.
319 * plugins/ntlm.c: Fixed NTLM build on Windows,
320 as compiler was complaining about array size not being
322 * lib/NTMakefile, plugins/NTMakefile, win32/common.mak,
323 win32/include/config.h: Use native IPv6 support on Windows,
324 falling back to Microsoft emulation. Cleaner support
327 2004-11-24 Ken Murchison <ken@oceana.com>
328 * plugins/sql.c: squashed unused parameter warnings
330 2004-11-24 Ken Murchison <ken@oceana.com>
331 * plugins/passdss.c: added; PASSDSS-3DES-1 implementation
332 * configure.in, plugins/Makefile.am, plugins/makeinit.sh:
333 added support for PASSDSS
334 * doc/draft-newman-sasl-passdss-xx.txt: added
335 * doc/index.html, doc/Makefile.am: added PASSDSS draft
337 2004-11-19 Derrick Brashear <shadow@andrew.cmu.edu>
338 * saslauthd/auth_krb5.c: verify against the service we
339 were passed. needs to be made configurable.
341 2004-11-10 Alexey Melnikov <alexey.melnikov@isode.com>
342 * doc/draft-burdis-cat-srp-sasl-08.txt: deleted
343 * doc/draft-ietf-sasl-anon-02.txt: deleted
344 * doc/draft-ietf-sasl-crammd5-01.txt: deleted
345 * doc/draft-ietf-sasl-gssapi-00.txt: deleted
346 * doc/draft-ietf-sasl-plain-03.txt: deleted
347 * doc/draft-ietf-sasl-rfc2222bis-03.txt: deleted
348 * doc/draft-ietf-sasl-rfc2831bis-02.txt: deleted
349 * doc/draft-ietf-sasl-saslprep-04.txt: deleted
350 * doc/draft-newman-sasl-c-api-01.txt: deleted
351 * doc/draft-burdis-cat-srp-sasl-xx.txt: added
352 * doc/draft-ietf-sasl-anon-xx.txt: added
353 * doc/draft-ietf-sasl-crammd5-xx.txt: added
354 * doc/draft-ietf-sasl-gssapi-xx.txt: added
355 * doc/draft-ietf-sasl-plain-xx.txt: added
356 * doc/draft-ietf-sasl-rfc2222bis-xx.txt: added
357 * doc/draft-ietf-sasl-rfc2831bis-xx.txt: added
358 * doc/draft-ietf-sasl-saslprep-xx.txt: added
359 * doc/draft-newman-sasl-c-api-xx.txt: added
360 * doc/index.html, doc/Makefile.am: Renamed the files
362 2004-11-02 Alexey Melnikov <alexey.melnikov@isode.com>
363 * include/saslplug.h, lib/common.c, lib/saslint.h,
364 lib/client.c: Added sasl_client_plugin_info().
366 2004-10-26 Alexey Melnikov <alexey.melnikov@isode.com>
367 * sample/sample-client.c, sample/sample-server.c: Fixed several
368 64 bit portability warnings.
369 * utils/testsuite.c: Fixed several 64 bit portability warnings.
370 * utils/saslpasswd.c: Fixed typo in an auxprop name.
371 * include/saslplug.h, lib/common.c, lib/saslint.h,
372 lib/server.c: Added sasl_server_plugin_info().
374 2004-10-24 Derrick Brashear <shadow@andrew.cmu.edu>
375 * lib/common.c: initialize path in case caller didn't.
377 2004-10-24 Derrick Brashear <shadow@andrew.cmu.edu>
380 2004-10-19 Derrick Brashear <shadow@dementia.org>
381 * Makefile.am, saslauthd/Makefile.am: require automake 1.7;
382 prior versions require AM_CONFIG_HEADER and dislike AM_LDFLAGS
384 2004-10-14 Ken Murchison <ken@oceana.com>
385 * plugins/ntlm.c: portability fixes from Alexey, and squashed a
386 signed/unsigned warning
388 2004-10-14 Alexey Melnikov <alexey.melnikov@isode.com>
389 * lib/NTMakefile: Don't install intermediate file libsasl.res
391 2004-09-22 Derrick Brashear <shadow@andrew.cmu.edu>
392 * lib/common.c: don't honor SASL_PATH in setuid environment.
395 2004-09-08 Alexey Melnikov <alexey.melnikov@isode.com>
396 * plugins/cram.c, plugins/anonymous.c, plugins/login.c,
397 plugins/plain.c, plugins/sasldb.c: Fixed several 64 bit
400 2004-09-02 Derrick Brashear <shadow@andrew.cmu.edu>
401 * plugins/kerberosv4.c: simple explanation in the code of one
402 possible error you might see in strange circumstances;
403 i should probably make openssl's des unable to be used if
404 mit krb5 is being used.
406 2004-08-06 Derrick Brashear <shadow@andrew.cmu.edu>
407 * plugins/cram.c: initialize authid to null so stack garbage
408 is not pushed into _sasl_canon_user
410 2004-07-29 Rob Siemborski <rjs3@andrew.cmu.edu>
411 * plugins/digestmd5.c: Fix handling of client realm callback
412 (Alexey Melnikov <Alexey.Melnikov@isode.com>)
414 2004-07-21 Rob Siemborski <rjs3@andrew.cmu.edu>
415 * plugins/gssapi.c: Memory management cleanup
416 (Alexey Melnikov <Alexey.Melnikov@isode.com>)
418 2004-07-15 Rob Siemborski <rjs3@andrew.cmu.edu>
419 * configure.in, plugins/gssapi.c: Wrap all GSS calls
420 in mutexes when required by the implementation.
421 (based on a patch by Simon Wilkinson <simon@sxw.org.uk>)
423 2004-07-06 Rob Siemborski <rjs3@andrew.cmu.edu>
424 * plugins/digestmd5.c: Fix potential buffer overflow, call
425 add_to_challenge in 2 more places (Alexey Melnikov
426 <Alexey.Melnikov@isode.com>)
427 * lib/server.c, lib/saslint.h, lib/common.c: don't directly
428 store buffers in the params structure
429 * plugins/gssapi.c: Fix server side maxoutbuf calculation
430 (Sam Hartman <hartmans@mit.edu>)
431 * plugins/gssapi.c: Use gss_wrap_size_limit on client side too
434 2004-07-01 Rob Siemborski <rjs3@andrew.cmu.edu>
437 2004-06-30 Rob Siemborski <rjs3@andrew.cmu.edu>
438 * saslauthd/auth_rimap.c: Fix Tru64 compilation problem
439 * plugins/sql.c: Don't leak settings variable if init fails
440 * utils/testsuite.c: Update for current library
441 * plugins/digestmd5.c: Quoting fixes for client side
442 (Alexey Melnikov <Alexey.Melnikov@isode.com>)
444 2004-06-23 Rob Siemborski <rjs3@andrew.cmu.edu>
445 * saslauthd/lak.c: Minor bugfixes, support %R token
446 (Igor Brezac <igor@ypass.net>)
447 * plugins/otp.c: Use plugin supplied authid for mech calculations
448 (Alexey Melnikov <Alexey.Melnikov@isode.com>)
449 * lib/auxprop.c: Use getopt callback from connection context when
450 storing auxprops (Alexey Melnikov <Alexey.Melnikov@isode.com>)
451 * plugins/otp.c, plugins/srp.c, plugins/plugin_common.c: Use correct
452 form of userid (user@realm) when running setpass methods
453 (Alexey Melnikov <Alexey.Melnikov@isode.com>)
454 * saslauthd/configure.in: Handle LTLIBOBJS
456 2004-06-18 Rob Siemborski <rjs3@andrew.cmu.edu>
457 * plugins/NTMakefile: Remove only recognized (generated) .rc files,
458 not just *.rc. This will allow for plugins with own resource files.
459 Also corrected spelling mistake in OPENSSL (Alexey Melnikov
460 <Alexey.Melnikov@isode.com>)
461 * lib/server.c, include/sasl.h: Support for SASL_SET_CURMECH_ONLY
462 flag to sasl_setpass() (Alexey Melnikov <Alexey.Melnikov@isode.com>)
464 2004-06-16 Ken Murchison <ken@oceana.com>
465 * lib/server.c: use more accurate errors codes for mech_permitted()
467 2004-06-16 Ken Murchison <ken@oceana.com>
468 * plugins/srp.c: don't used the parsed authid for calculations
469 (Alexey Melnikov <alexey.melnikov@isode.com>)
471 2004-06-16 Rob Siemborski <rjs3@andrew.cmu.edu>
472 * Support for forwarding of GSSAPI credentials
473 (Morten Olsen <mso@medical-insight.com &
474 Alexey Melnikov <alexey.melnikov@isode.com>)
476 2004-06-03 Rob Siemborski <rjs3@andrew.cmu.edu>
477 * win32/config.mak: Remove unneeded libraries
478 (Alexey Melnikov <alexey.melnikov@isode.com>)
480 2004-06-02 Rob Siemborski <rjs3@andrew.cmu.edu>
481 * Spelling Fixes (selsky@columbia.edu)
483 2004-05-27 Rob Siemborski <rjs3@andrew.cmu.edu>
484 * SQLite support (Norikatsu Shigemura <nork@ninth-nine.com>)
485 * SQLite support on windows (Alexey Melnikov
486 <Alexey.Melnikov@isode.com>)
488 2004-05-25 Ken Murchison <ken@oceana.com>
489 * plugins/digest-md5.c: use separate global contexts for client/server
491 2004-05-21 Rob Siemborski <rjs3@andrew.cmu.edu>
492 * configure.in, lib/Makefile.am: Better handling of -ldoor library
493 addition (only add it to base library, don't add -lpthread)
494 * saslauthd/auth_krb5.c: zero out the krb5_data structure
497 2004-05-20 Rob Siemborski <rjs3@andrew.cmu.edu>
498 * include/sasl.h, lib/common.c, lib/saslint.h, lib/server.c:
499 Add SASL_APPNAME to sasl_getprop/sasl_setprop for further
500 compatibilty with SASL C API draft
501 (Alexey Melnikov <Alexey.Melnikov@isode.com>)
503 2004-05-18 Ken Murchison <ken@oceana.com>
504 * plugins/digest-md5.c: made the global context a struct
505 containing the reauth_cache so we can NULL it after we free it
507 2004-05-07 Ken Murchison <ken@oceana.com>
508 * contrib/stripplus_canonuser.patch: added
510 2004-04-27 Rob Siemborski <rjs3@andrew.cmu.edu>
511 * saslauthd/auth_shadow.c: Make thread-safe
512 (Steve Barber <steveb@cme.nist.gov>)
514 2004-04-26 Rob Siemborski <rjs3@andrew.cmu.edu>
515 * saslauthd/auth_krb5.c: Alternate realm support for Kerberos 5
517 2004-04-16 Ken Murchison <ken@oceana.com>
518 * plugins/ntlm.c: Mac OS X fix
519 (Chris Ridd <chris.ridd@isode.com>)
521 2004-04-14 Ken Murchison <ken@oceana.com>
522 * plugins/plain.c: don't include authzid in response unless
525 2004-03-29 Rob Siemborski <rjs3@andrew.cmu.edu>
526 * sample/server.c: Ensure that len has a value
528 2004-03-25 Rob Siemborski <rjs3@andrew.cmu.edu>
529 * saslauthd/saslauthd-main.c: add -r option to saslauthd for combining
530 user and realm into user@realm (for the userid). Based on a patch
531 by Jeremy Rumpf <jrumpf@heavyload.net>.
533 2004-03-17 Rob Siemborski <rjs3@andrew.cmu.edu>
534 * lib/checkpw.c: Include errno.h when HAVE_AUTHDAEMON is defined
535 * doc/windows.html: Updates (Alexey Melnikov <Alexey.Melnikov@isode.com>)
537 2004-03-16 Rob Siemborski <rjs3@andrew.cmu.edu>
538 * configure.in: Properly use CMU_ADD_LIBPATH_TO for pgsql and mysql
540 2004-03-10 Rob Siemborski <rjs3@andrew.cmu.edu>
541 * lib/dlopen.c: HPUX 11 Fix (Alexey Melnikov <Alexey.Melnikov@isode.com>)
542 * Add sasl_version_info() (Alexey Melnikov <Alexey.Melnikov@isode.com>)
543 * Add a bunch of NTMakefile files to EXTRA_DIST in Makefile.am's
546 2004-03-08 Rob Siemborski <rjs3@andrew.cmu.edu>
547 * NI_WITHSCOPEID fixes (Hajimu UMEMOTO <ume@mahoroba.org>) - correct
548 Solaris 9 IPLOCALPORT/IPREMOTEPORT issue
550 2004-02-24 Rob Siemborski <rjs3@andrew.cmu.edu>
551 * acinclude.m4: move to config/libtool.m4
552 * saslauthd/lak.[ch]: Added filter based group membership check
553 (Paul Bender <pbender@qualcomm.com>, Igor Brezac <igor@ipass.net>)
555 2004-02-23 Rob Siemborski <rjs3@andrew.cmu.edu>
556 * plugins/NTMakefile: Enable DO_SRP_SETPASS on windows
557 (Alexey Melnikov <Alexey.Melnikov@isode.com>)
558 * doc/windows.html: Updates
559 (Alexey Melnikov <Alexey.Melnikov@isode.com>)
560 * win32/: Add version resource info to plugins
561 (Alexey Melnikov <Alexey.Melnikov@isode.com>)
562 * plugins/digestmd5.c: Comments and other cleanup
564 2004-02-20 Rob Siemborski <rjs3@andrew.cmu.edu>
565 * lib/server.c, include/saslplug.h: Allow "temporary failure"
566 return values from mech_avail
567 * lib/canonusr.c, lib/server.c: Comment Nits
568 (Alexey Melnikov <Alexey.Melnikov@isode.com>)
569 * plugins/NTMakefile, plugins/plugin_common.h,
570 plugins/plugin_common.c, plugins/otp.c: build OTP on Windows
571 (Alexey Melnikov <Alexey.Melnikov@isode.com>)
573 2004-02-19 Ken Murchison <ken@oceana.com>
574 * plugins/ntlm.c, sample/server.c, sample/client.c:
575 error checking of getnameinfo() (Paul Kranenburg <pk@cs.few.eur.nl>)
576 * plugins/ntlm.c: alignment and endian fixes in load_session_setup()
577 (Paul Kranenburg <pk@cs.few.eur.nl>)
579 2004-02-18 Rob Siemborski <rjs3@andrew.cmu.edu>
580 * doc/NTMakefile, NTMakefile: nmake install support
581 for doc/ (Alexey Melnikov <Alexey.Melnikov@isode.com>)
582 * plugins/digestmd5.c: Check that digest-uri is only sent once
583 (Alexey Melnikov <Alexey.Melnikov@isode.com>)
584 * utils/Makefile.am: add LIB_PGSQL to static link line
586 2004-02-17 Rob Siemborski <rjs3@andrew.cmu.edu>
587 * win32/include/config.h: caddr_t might be already defined
588 elsewhere (Alexey Melnikov <Alexey.Melnikov@isode.com>)
589 * lib/NTMakefile, include/saslutil.h: getopt might be already
590 defined elsewhere. The change will produce libsasl.dll which exports
591 getopt, buat a define can be used to prevent import of getopt from
592 libsasl.dll. (Alexey Melnikov <Alexey.Melnikov@isode.com>)
594 2004-02-16 Rob Siemborski <rjs3@andrew.cmu.edu>
595 * configure.in: Remove deprecated AC_PROG_RANLIB, CMU_PROG_LIBTOOL
596 (Patrick Welche <prlw1@newn.cam.ac.uk>)
597 * lib/dlopen.c: OpenBSD ELF patch (J.C. Roberts)
599 2004-02-06 Rob Siemborski <rjs3@andrew.cmu.edu>
600 * lib/NTMakefile, utils/NTMakefile: fix "clean" target
601 (Alexey Melnikov <Alexey.Melnikov@isode.com>)
602 * General winsock.h -> winsock2.h conversion
603 (Alexey Melnikov <Alexey.Melnikov@isode.com>)
604 * plugins/plugin_common.h: add extern "C" wrapper
605 (Alexey Melnikov <Alexey.Melnikov@isode.com>)
607 2004-01-23 Rob Siemborski <rjs3@andrew.cmu.edu>
608 * Remove "experimental" designation from saslauthd/ldap
609 * Correct handling of sasl_setpass errors when no
610 mechanisms implement the setpass interface
611 (Alexey Melnikov <Alexey.Melnikov@isode.com>)
613 2004-01-20 Rob Siemborski <rjs3@andrew.cmu.edu>
614 * configure.in: minor sql nit (Edward Rudd <eddie@omegaware.com>)
615 * lib/staticopen.h: MYSQL should be SQL
616 (Edward Rudd <eddie@omegaware.com>)
618 2004-01-12 Rob Siemborski <rjs3@andrew.cmu.edu>
619 * win32/include/config.h: fix VC++ 6.0 compiles
620 (Alexey Melnikov <Alexey.Melnikov@isode.com>)
621 * configure.in: Correct use of AC_LIBOBJ, quote macro names
622 defined by AC_DEFUN, Use enable_shared to determine whether
623 to enable the shared plugin.
624 (Maciej W. Rozycki <macro@ds2.pg.gda.pl>)
625 * plugins/srp.c: Fix typos
626 (Maciej W. Rozycki <macro@ds2.pg.gda.pl>)
627 * saslauthd/configure.in: Correct use of AC_LIBOBJ
628 (Maciej W. Rozycki <macro@ds2.pg.gda.pl>)
630 2004-01-08 Ken Murchison <ken@oceana.com>
631 * plugins/sql.c: better error logging
633 2004-01-07 Rob Siemborski <rjs3@andrew.cmu.edu>
634 * lib/checkpw.c & others: Support for Courier-IMAP authdaemond
635 use during password verification (Leandro Santi
636 <lesanti@uolsinectis.com.ar>)
638 2003-12-30 Rob Siemborski <rjs3@andrew.cmu.edu>
639 * saslauthd/lak.c: Fix NULL pointer dereference
640 (Simon Brady <simon.brady@otago.ac.nz>)
641 * saslauthd/lak.c, lak.h, LDAP_SASLAUTHD: Improved retry handler,
642 Improved logging/debug messages, Fixed String checks, config
643 option changes (Igor Brezac <igor@ipass.net>)
645 2003-12-22 Rob Siemborski <rjs3@andrew.cmu.edu>
646 * plugins/digestmd5.c: Fix memory leak
647 (Alexey Melnikov <Alexey.Melnikov@isode.com>)
649 2003-12-18 Rob Siemborski <rjs3@andrew.cmu.edu>
650 * plugins/plugin_common.c: Fix handling of blob unwrapping
652 * lib/checkpw.c: Fix some file descriptor leaks during failures
653 in the saslauthd code.
655 2003-12-15 Rob Siemborksi <rjs3@andrew.cmu.edu>
656 * utils/saslauthd.c: Fix Typo
657 (Alexey Melnikov <Alexey.Melnikov@isode.com>)
658 * plugins/plugin_common.c: Fix potential memory leak
659 * lib/external.c: Limit size of authzids in EXTERNAL
660 * plugins/gssapi.c: Pre-init some variables
661 * lib/cram.c: Detect possible buffer overrun
662 * lib/checkpw.c: Post-fence bug
663 (Leandro Santi <lesanti@uolsinectis.com.ar>)
665 2003-12-12 Rob Siemborski <rjs3@andrew.cmu.edu>
666 * saslauthd/lak.c: assign null to free
667 variables (Juan Felipe Garcia <fgc@usal.es>)
668 * saslauthd/lak.c: Improve retry when ldap connection is reset
669 (1st pass) (Igor Brezac <igor@ipass.net>)
671 2003-12-11 Rolf Braun <rbraun@andrew.cmu.edu>
672 * Several MacOS X Fixes
674 2003-12-06 Ken Murchison <ken@oceana.com>
675 * lib/checkpw.c, lib/server.c,
676 plugins/cram.c, plugins/digestmd5.c, plugins/ntlm.c,
677 plugins/otp.c, plugins/srp.c: erase the plaintext password
678 property from the context when we're done with it
680 2003-12-01 Ken Murchison <ken@oceana.com>
681 * doc/draft-ietf-sasl-crammd5-01.txt: added
682 * doc/draft-ietf-sasl-gssapi-00.txt: added
683 * doc/draft-ietf-sasl-plain-03.txt: added
684 * doc/draft-ietf-sasl-rfc2222bis-03.txt: added
685 * doc/draft-ietf-sasl-saslprep-04.txt: added
686 * doc/draft-ietf-sasl-crammd5-00.txt: deleted
687 * doc/draft-ietf-cat-sasl-gssapi-05.txt: deleted
688 * doc/draft-ietf-sasl-plain-02.txt: deleted
689 * doc/draft-ietf-sasl-rfc2222bis-02.txt: deleted
690 * doc/draft-ietf-sasl-saslprep-03.txt: deleted
691 * doc/index.html, doc/Makefile.am: updated to latest version of
694 2003-12-01 Rob Siemborski <rjs3@andrew.cmu.edu>
695 * Fix build nit in IRIX.
696 * Actual 2.1.17 release.
698 2003-11-28 Rob Siemborski <rjs3@andrew.cmu.edu>
701 2003-11-19 Rob Siemborski <rjs3@andrew.cmu.edu>
702 * config/kerberos_v4.m4: Disable KERBEROS_V4 support by default
704 2003-11-14 Rob Siemborski <rjs3@andrew.cmu.edu>
705 * lib/server.c: do authorization callback in sasl_checkpass()
706 (Chris Newman <chris.newman@sun.com>)
708 2003-11-11 Ken Murchison <ken@oceana.com>
709 * lib/client.c: allow serverFDQN to be NULL in sasl_client_new()
710 * plugins/digestmd5.c, gssapi.c: require that we have serverFQDN
711 for the client side of the plugin
713 2003-11-07 Rob Siemborski <rjs3@andrew.cmu.edu>
714 * --with-gss_impl configure option
715 (Alexey Melnikov <Alexey.Melnikov@isode.com>)
717 2003-11-06 Rob Siemborski <rjs3@andrew.cmu.edu>
718 * nmake install support for Win32
719 (Alexey Melnikov <Alexey.Melnikov@isode.com>)
721 2003-11-03 Ken Murchison <ken@oceana.com>
722 * include/saslplug.h, lib/server.c, plugins/cram.c,
723 plugins/digestmd5.c, plugins/ntlm.c, plugins/otp.c,
724 plugins/srp.c: return SASL_TRANS to the application where
725 appropriate (auto_transition enabled with writable auxprop)
727 2003-10-30 Rob Siemborski <rjs3@andrew.cmu.edu>
728 * saslauthd/lak.c: OpenLDAP 2.0 Compatability Fix
729 (Igor Brezac <igor@ypass.net>)
730 * saslauthd/ipc_unix.c: Fix buglet of not using saved errno
731 value (Jeremy Rumpf <jrumpf@heavyload.net>)
733 2003-10-20 Rob Siemborski <rjs3@andrew.cmu.edu>
734 * Win64 warning squashing (Alexey Melnikov <Alexey.Melnikov@isode.com>)
735 * GSSAPI cleanups and fixes (Alexey Melnikov <Alexey.Melnikov@isode.com>)
737 2003-10-14 Rob Siemborski <rjs3@andrew.cmu.edu>
738 * Ready for 2.1.16-BETA
740 2003-10-08 Rob Siemborski <rjs3@andrew.cmu.edu>
741 * Support for autoconf 2.57, automake 1.7
742 * Minor m4 quoting fixes (Patrick Welche <prlw1@cam.ac.uk>)
744 2003-10-07 Ken Murchison <ken@oceana.com>
745 * plugins/sql.c: removed sql_delete - don't DELETE rows from the
746 table, just set the properties to NULL;
747 fix a stupid logic error in my PgSQL changes
748 * doc/options.html: removed sql_delete option; clarifications
749 * doc/install.html: note that we require PostgreSQL v7.2+
751 2003-10-06 Ken Murchison <ken@oceana.com>
752 * plugins/sql.c: use the correct propctx in sql_auxprop_store()
754 2003-10-06 Maya Nigrosh <mnigrosh@andrew.cmu.edu>
755 * plugins/sql.c: tiny bugfix to begin pgsql transactions
757 2003-10-04 Ken Murchison <ken@oceana.com>
758 * plugins/sql.c: only do a txn when we have a property to fetch;
759 _pgsql_open() cleanup/fixes; more intelligient sql_usessl parsing;
760 require sql_select option
761 * doc/options.html: reorganized SQL option descriptions
763 2003-10-03 Rob Siemborski <rjs3@andrew.cmu.edu>
764 * sasldb/allockey.c, sasldb/sasldb.h, utils/sasldblistusers.c:
765 Add enumeration capability to the sasldb API
766 (Alexey Melnikov <Alexey.Melnikov@isode.com>)
768 2003-10-02 Ken Murchison <ken@oceana.com>
769 * plugins/sql.c: changed abstraction layer for transactions
771 2003-10-01 Rob Siemborski <rjs3@andrew.cmu.edu>
772 * doc/: Documentation Update
773 (Alexey Melnikov <Alexey.Melnikov@isode.com>)
774 * plugins/NTMakefile, plugins/srp.c: Win32 SRP Support
775 (Alexey Melnikov <Alexey.Melnikov@isode.com>)
777 2003-09-30 Rob Siemborski <rjs3@andrew.cmu.edu>
778 * plugins/digestmd5.c: Clean up some warnings
779 * lib/canonusr.c, win32/include/config.h, win32/common.mak,
780 include/saslplug.h: Minor Cleanup
781 (Alexey Melnikov <Alexey.Melnikov@isode.com>)
782 * utils/NTMakefile, utils/sasldblistusers.c, utils/saslpasswd.c:
783 Add version options to command line utilities
784 (Alexey Melnikov <Alexey.Melnikov@isode.com>)
786 2003-09-29 Ken Murchison <ken@oceana.com>
787 * plugins/sql.c, doc/options.html: added sql_update and sql_delete
788 for a complete auxprop_store() implementation; logic cleanup
790 2003-09-25 Rob Siemborski <rjs3@andrew.cmu.edu>
791 * utils/saslpasswd.c: Win32 perror() related patch
792 (Alexey Melnikov <Alexey.Melnikov@isode.com>)
794 2003-09-25 Ken Murchison <ken@oceana.com>
795 * plugins/sql.c: renamed sql_statement to sql_select,
798 2003-09-23 Rob Siemborski <rjs3@andrew.cmu.edu>
799 * doc/gssapi.html: Misc updates
800 (Alexey Melnikov <Alexey.Melnikov@isode.com>)
801 * lib/Makefile.am, plugins/Makefile.am, saslauthd/Makefile.am,
802 sasldb/Makefile.am: Cleanup INCLUDES for different build
803 directories. (Alexey Melnikov <Alexey.Melnikov@isode.com>)
805 2003-09-23 Maya Nigrosh <mnigrosh@andrew.cmu.edu>
806 * plugins/sql.c: put transaction handling around the entirety of
807 the queries, and not just per-property; return the result status
808 of bad postgres tuples
810 2003-09-22 Maya Nigrosh <mnigrosh@andrew.cmu.edu>
811 * plugins/sql.c: added semicolon at the end of each sql statement
813 2003-09-19 Maya Nigrosh <mnigrosh@andrew.cmu.edu>
814 * plugins/sql.c: moved transaction handling to a more useful place,
817 2003-09-18 Ken Murchison <ken@oceana.com>
818 * lib/server.c: log a message when no password change is attempted
819 (Alexey Melnikov <Alexey.Melnikov@isode.com>)
821 2003-09-17 Ken Murchison <ken@oceana.com>
822 * plugins/sql.c: misc fixes from Patrick Welche <prlw1@newn.cam.ac.uk>
824 2003-09-16 Ken Murchison <ken@oceana.com>
825 * doc/mechanisms.html: updated to latest versions of LOGIN and
828 2003-09-15 Ken Murchison <ken@oceana.com>
829 * doc/draft-ietf-sasl-rfc2222bis-02.txt: added
830 * doc/draft-ietf-sasl-rfc2222bis-01.txt: deleted
831 * doc/index.html, doc/Makefile.am: updated to latest version of
834 2003-09-14 Ken Murchison <ken@oceana.com>
835 * plugins/ntlm.c, plugins/plugin_common.[ch]: Win32 support
836 (Alexey Melnikov <Alexey.Melnikov@isode.com>)
838 2003-09-12 Rob Siemborski <rjs3@andrew.cmu.edu>
839 * plugins/sql.c: Log errors on connect failures
840 (based on patch from Bruce M Simpson <bms@spc.org>)
841 * plugins/NTMakefile: Add support for GSSAPI=CyberSafe
842 (Alexey Melnikov <Alexey.Melnikov@isode.com>)
844 2003-09-10 Maya Nigrosh <mnigrosh@andrew.cmu.edu>
845 * plugins/sql.c: created generic sql store function, added
846 transaction handling to sql statements
847 * doc/options.html: put pretty new options in the documentation
849 2003-09-10 Rob Siemborski <rjs3@andrew.cmu.edu>
850 * plugins/gssapi.c, win32/config.mak, sample/: Win32 Fixes
851 (Alexey Melnikov <Alexey.Melnikov@isode.com>)
853 2003-09-09 Rob Siemborski <rjs3@andrew.cmu.edu>
854 * lib/NTMakefile: Minor nit
855 (Alexey Melnikov <Alexey.Melnikov@isode.com>)
857 2003-09-09 Ken Murchison <ken@oceana.com>
858 * plugins/ntlm.c: use retry_read() instead of just read()
859 * lib/checkpw.c, plugins/ntlm.c, saslauthd/utils.c:
860 squash signed/unsigned warning
862 2003-09-08 Ken Murchison <ken@oceana.com>
863 * plugins/ntlm.c: fix byte-alignment and password handling problems
865 2003-09-03 Rob Siemborski <rjs3@andrew.cmu.edu>
866 * lib/checkpw.c: Check return value of door_call
867 (Gary Mills <mills@cc.umanitoba.ca>)
868 * saslauthd/ipc_doors.c: Implement thread limiting,
869 minor cleanup and error checking
870 (Gary Mills <mills@cc.umanitoba.ca>)
871 * plugins/digestmd5.c: Fix minor interop issues, limit maxbuf
872 (Alexey Melnikov <Alexey.Melnikov@isode.com>)
874 2003-09-02 Ken Murchison <ken@oceana.com>
875 * plugins/ntlm.c, doc/options.html: added support for NTLMv2 responses;
876 fixed potential buffer overflow
878 2003-09-02 Rob Siemborski <rjs3@andrew.cmu.edu>
879 * lib/common.c, lib/server.c, lib/NTMakefile, include/md5.h:
880 more windows compatibility
881 (Alexey Melnikov <Alexey.Melnikov@isode.com>)
882 * plugins/NTMakefile: Add ability to build NTLM plugin under
883 Win32 (Alexey Melnikov <Alexey.Melnikov@isode.com>)
884 * utils/NTMakefile: Add ability to build testsuite
885 (Alexey Melnikov <Alexey.Melnikov@isode.com>)
886 * saslauthd/lak.c: Minor error message fix
887 (Igor Brezac <igor@ypass.net>)
889 2003-08-29 Ken Murchison <ken@oceana.com>
890 * doc/draft-murchison-sasl-login-00.txt: added
891 * doc/draft-sasl-login.txt: deleted
892 * doc/index.html, doc/Makefile.am: updated to "official" LOGIN draft
894 2003-08-29 Rob Siemborski <rjs3@andrew.cmu.edu>
895 * plugins/gssapi.c: properly compute GSSAPI MAXOUTBUF
896 (Paul Turgyan <pturgyan@umich.edu>)
897 * Further Win32 cleanup + HIER_DELIMITER usage
898 (Alexey Melnikov <Alexey.Melnikov@isode.com>)
900 2003-08-28 Rob Siemborski <rjs3@andrew.cmu.edu>
901 * include/md5.h, lib/md5.c: Misc cleanup
902 (Alexey Melnikov <Alexey.Melnikov@isode.com>)
903 * utils/sasldblistusers.c: UI Cleanup, Win32 support
904 (Alexey Melnikov <Alexey.Melnikov@isode.com>)
905 * acconfig.h: add HIER_DELIMITER
907 2003-08-27 Ken Murchison <ken@oceana.com>
908 * plugins/digestmd5.c: handle OpenSSL 0.9.7+ w/o old DES support
910 2003-08-26 Ken Murchison <ken@oceana.com>
911 * plugins/ntlm.c: only send one NT/LM response to server
912 (NT preferred); don't use canonified authid when proxying
914 2003-08-24 Ken Murchison <ken@oceana.com>
915 * plugins/ntlm.c, doc/options.html: allow NTLM authentication to
916 be optionally proxied to an NT server (ntlm_server option)
918 2003-08-24 Ken Murchison <ken@oceana.com>
919 * lib/common.c: added support for unsigned int types in _sasl_log()
921 2003-08-18 Rob Siemborski <rjs3@andrew.cmu.edu>
922 * Improvements in Win32 build system from Alexey Melnikov
923 <Alexey.Melnikov@isode.com>
925 2003-08-14 Rob Siemborski <rjs3@andrew.cmu.edu>
926 * doc/*: Massive documentation updates.
928 2003-08-13 Ken Murchison <ken@oceana.com>
929 * doc/index.html: added reference to a CIFS (SMB/NTLM) document
931 2003-08-12 Ken Murchison <ken@oceana.com>
932 * doc/index.html: added reference to a good NTLM document
934 2003-07-29 Ken Murchison <ken@oceana.com>
935 * plugins/cram.c: don't truncate long secrets to 64 bytes on the
936 client-side of CRAM-MD5 (jiang_xiong@yahoo.com)
938 2003-07-28 Rob Siemborski <rjs3@andrew.cmu.edu>
939 * plugins/gssapi.c: another missed pointer init
940 (Will Fiveash <william.fiveash@sun.com>)
942 2003-07-26 Rob Siemborski <rjs3@andrew.cmu.edu>
943 * lib/server.c: Missed pointer initialization fix
944 ("Dave Cridland [Home]" <dave@cridland.net>)
946 2003-07-26 Ken Murchison <ken@oceana.com>
947 * plugins/digestmd5.c: merged privacy and integrity security layer
948 code and removed use of tmp buffers for security layer
950 2003-07-25 Ken Murchison <ken@oceana.com>
951 * plugins/srp.c: removed use of tmp buffer for security layer;
952 don't make a big buffer out of iovecs when encoding
953 * lib/server.c, plugins/login.c, plugins/plain.c: better handling
954 of auto_transition -- doesn't try to transition from auxprop to
957 2003-07-25 Rob Siemborski <rjs3@andrew.cmu.edu>
958 * configure.in: Fix up some mysql/pgsql detection
959 * plugins/gssapi.c: improved error reporting
960 (William Fiveash <William.Fiveash@sun.com>)
961 * cmulocal/sasl2.m4, saslauthd/mechanisms.h: Improved
962 GSSAPI detection (don't default to MIT, require HAVE_KRB5_H
963 for the kerberos5 saslauthd module)
964 (Rainer Orth <ro@TechFak.Uni-Bielefeld.DE>)
966 2003-07-24 Ken Murchison <ken@oceana.com>
967 * plugins/srp.c: updated security layer code to be closer to draft -08
969 2003-07-23 Rob Siemborksi <rjs3@andrew.cmu.edu>
970 * saslauthd/utils.[ch], saslauthd/configure.in: Detect/replace
971 strlcpy and strlcat (based on ideas from
972 Igor Brezac <igor@ipass.net>)
974 2003-07-22 Ken Murchison <ken@oceana.com>
975 * plugins/digestmd5.c, plugins/gssapi.c, plugins/kerberos4.c,
976 plugins/plugin_common.[ch]: moved encoded packet buffering into
979 2003-07-21 Ken Murchison <ken@oceana.com>
980 * plugins/srp.c: updated auth code to draft -08 (layers still need
982 * configure.in, plugins/srp.c: use auxprop_store() instead of
985 2003-07-21 Rob Siemborski <rjs3@andrew.cmu.edu>
986 * configure.in: add runpath information for MySQL and Postgres;
987 better behavior for the interaction of --enable-sql and
988 --with-mysql / --with-pgsql
989 * saslauthd/lak.[ch]: %d to be derived from %u if it can be,
990 otherwise use %r (to account for the recent change in the
991 core library). Add ldap_default_realm parameter
992 (Igor Brezac <igor@ipass.net>)
994 2003-07-18 Rob Siemborski <rjs3@andrew.cmu.edu>
995 * plugins/digestmd5.c: Client side of digest md5 doesn't
996 have quotes around its cypher= directive (Bug 2113).
997 * saslauthd/lak.[ch]: support for ldap sasl binds,
998 support for tls (Igor Brezac <igor@ipass.net>)
1000 2003-07-17 Ken Murchison <ken@oceana.com>
1001 * include/sasl.h, include/saslplug.h,
1002 * lib/auxprop.c, lib/common.c, lib/server.c, plugins/sasldb.c:
1003 implemented writable auxprops
1004 * configure.in, plugins/otp.c, utils/saslpasswd: use
1005 auxprop_store() instead of direct sasldb access
1006 * doc/options.html, lib/server.c: implemented 'noplain' option for
1009 2003-07-17 Rob Siemborski <rjs3@andrew.cmu.edu>
1010 * lib/config.c: Remove sasl_config_getint and sasl_config_getswitch
1011 because they are unused and confusing
1012 * lib/checkpw.c: Correctly split realm from username in
1013 saslauthd_verify_password
1015 2003-07-15 Ken Murchison <ken@oceana.com>
1016 * plugins/sql.c, doc/options.html: added sql_usessl option
1018 2003-07-15 Ken Murchison <ken@oceana.com>
1019 * plugins/mysql.c: deleted
1020 * plugins/sql.c: added
1021 * acconfig.h, configure.in,
1022 doc/components.html, doc/options.html, doc/sysadmin.html,
1023 plugins/Makefile.am, plugins/makeinit.sh: deprecated MySQL plugin
1024 in favor of a new generic SQL plugin (currently supports MySQL and
1027 2003-07-15 Rob Siemborski <rjs3@andrew.cmu.edu>
1030 2003-07-03 Rob Siemborski <rjs3@andrew.cmu.edu>
1031 * doc/components.html: added in the hopes that this gives a better
1032 description of how all the components interact
1034 2003-07-02 Ken Murchison <ken@oceana.com>
1035 * doc/draft-ietf-sasl-anon-02.txt: added
1036 * doc/draft-ietf-sasl-plain-02.txt: added
1037 * doc/draft-ietf-sasl-saslprep-03.txt: added
1038 * doc/draft-ietf-sasl-anon-01.txt: deleted
1039 * doc/draft-ietf-sasl-plain-01.txt: deleted
1040 * doc/index.html, doc/Makefile.am: updated to latest versions of
1041 PLAIN, ANONYMOUS, SASLprep drafts
1043 2003-07-02 Rob Siemborski <rjs3@andrew.cmu.edu>
1044 * acconfig.h, cmulocal/sasl2.m4, plugins/gssapi.c:
1045 Properly detect HAVE_GSS_C_NT_USER_NAME
1046 (Rainer Orth <ro@TechFak.Uni-Bielefeld.DE>)
1048 2003-07-01 Rob Siemborski <rjs3@andrew.cmu.edu>
1049 * plugins/kerberos4.c: Fix some maxoutbuf handling issues
1051 2003-07-01 Rob Siemborski <rjs3@andrew.cmu.edu>
1052 * plugins/mysql.c: Check return value of mysql_init
1053 (Ivan Kelly <ivan@ivankelly.net>)
1055 2003-07-01 Ken Murchison <ken@oceana.com>
1056 * doc/draft-burdis-cat-srp-sasl-08.txt: added
1057 * doc/draft-ietf-sasl-rfc2222bis-01.txt: added
1058 * doc/draft-ietf-sasl-rfc2831bis-02.txt: added
1059 * doc/draft-burdis-cat-srp-sasl-06.txt: deleted
1060 * doc/draft-ietf-sasl-rfc2222bis-00.txt: deleted
1061 * doc/draft-ietf-sasl-rfc2831bis-01.txt: deleted
1062 * doc/index.html, doc/Makefile.am: updated to latest versions of
1063 SASL, SRP, DIGEST-MD5 drafts
1065 2003-06-30 Rob Siemborski <rjs3@andrew.cmu.edu>
1066 * plugins/mysql.c: Call mysql_init() too
1067 (Hajimu UMEMOTO <ume@mahoroba.org>)
1069 2003-06-28 Rob Siemborski <rjs3@andrew.cmu.edu>
1070 * doc/sysadmin.html: Add more text about how to use realms.
1072 2003-06-27 Rob Siemborski <rjs3@andrew.cmu.edu>
1075 2003-06-11 Rolf Braun <rbraun@andrew.cmu.edu>
1076 * config/kerberos_v4.m4:
1077 fix fallback to -lkrb4 when --enable-krb4 is specified
1080 make the darwin libtool work on OS X v10.2
1081 (bash/zsh shell syntax, and don't link bundles with extra args)
1082 * dlcompat-20010505/dlopen.c: back out bogus delimiter change
1083 * doc/macosx.html: update for 10.2 and add known problems section
1084 * mac/osx_cfm_glue/cfmglue.c: fix sasl_done followed by client_init
1086 2003-06-11 Rob Siemborski <rjs3@andrew.cmu.edu>
1087 * man/sasl_client_new.3, man/sasl_server_new.3:
1088 Security flags don't belong here, connection flags do.
1090 2003-06-10 Ken Murchison <ken@oceana.com>
1091 * doc/draft-ietf-sasl-crammd5-00.txt: added
1092 * doc/draft-nerenberg-sasl-crammd5-03.txt: deleted
1093 * doc/index.html, doc/Makefile.am: updated to WG version of
1096 2003-05-30 Rob Siemborski <rjs3@andrew.cmu.edu>
1097 * plugins/gssapi.c: If we get an empty output token back
1098 from gss_accept_sec_context, return
1099 an empty string to transmit to the client.
1101 2003-05-30 Ken Murchison <ken@oceana.com>
1102 * doc/draft-ietf-sasl-rfc2831bis-01.txt: added
1103 * doc/draft-ietf-sasl-rfc2831bis-00.txt: deleted
1104 * doc/index.html, doc/Makefile.am: updated to latest version of
1107 2003-05-28 Ken Murchison <ken@oceana.com>
1108 * doc/draft-ietf-sasl-anon-01.txt: added
1109 * doc/draft-ietf-sasl-plain-01.txt: added
1110 * doc/draft-ietf-sasl-rfc2222bis-00.txt: added
1111 * doc/draft-ietf-sasl-anon-00.txt: deleted
1112 * doc/draft-ietf-sasl-plain-00.txt: deleted
1113 * doc/draft-myers-saslrev-02.txt: deleted
1114 * doc/index.html, doc/Makefile.am: updated to latest versions of
1115 SASL, PLAIN, ANONYMOUS drafts
1117 2003-05-21 Rob Siemborski <rjs3@andrew.cmu.edu>
1118 * saslauthd/ipc_unix.c: Accept File Descriptor Locking
1119 Fixes (found by Leena Heino <Leena.Heino@uta.fi>)
1120 * saslauthd/cache.c: Similar fixes
1121 (Jeremy Rumpf <jrumpf@heavyload.net>)
1123 2003-05-15 Rob Siemborski <rjs3@andrew.cmu.edu>
1124 * configure.in: Actually listen to --disable-java
1125 (Maciej W. Rozycki <macro@ds2.pg.gda.pl>)
1126 * saslauthd/saslauthd-main.h: Increase listen backlog to
1127 match Cyrus master process (Igor Brezac <igor@ipass.net>)
1129 2003-05-14 Rob Siemborski <rjs3@andrew.cmu.edu>
1130 * config/kerberos_v4.m4: Minor nit
1131 (Carlos Velasco <carlosev@newipnet.com>)
1132 * plugins/gssapi.c: Use GSS_C_NT_USER_NAME
1133 to work around Solaris 8/9 libgss bug.
1134 (gssapi_client_mech_step): Pass GSS_C_NO_BUFFER to first
1135 invocation of gss_init_sec_context to work around Solaris 8/9
1136 mech_krb5 bug. (Rainer Orth <ro@TechFak.Uni-Bielefeld.DE>)
1137 * cmulocal/sasl2.m4: Check for Sun SEAM GSS-API implementation
1138 (Rainer Orth <ro@TechFak.Uni-Bielefeld.DE>)
1139 * saslauthd/configure.in: Check for krb5.h. Don't define if GSSAPI
1140 is present. (Rainer Orth <ro@TechFak.Uni-Bielefeld.DE>)
1141 * saslauthd/mechanisms.h: Test for HAVE_KRB5_H instead of HAVE_GSSAPI_H
1142 to activate AUTH_KRB5. (Rainer Orth <ro@TechFak.Uni-Bielefeld.DE>)
1143 * plugins/mysql.c: Use mysql_real_connect() instead of mysql_connect()
1144 (Petri Riihikallio <Petri.Riihikallio@Metis.fi>)
1145 * saslauthd/: Misc ANSI C cleanups (Jeremy Rumpf <jrumpf@heavyload.net>)
1147 2003-05-13 Rob Siemborski <rjs3@andrew.cmu.edu>
1148 * config/sasldb.m4, utils/Makefile.am: fix installation of man
1149 pages that are homed in the utils/ directory
1150 * include/*.h: Add extern "C" blocks for C++ compiles
1152 2003-05-06 Rob Siemborski <rjs3@andrew.cmu.edu>
1153 * saslauthd/saslauthd-main.c: misc spelling and UI cleanups
1155 2003-04-16 Rob Siemborski <rjs3@andrew.cmu.edu>
1156 * saslauthd/saslauthd-main.c: Don't set the auth mech until
1157 all options have been processed. (Peter Stamfest <peter@stamfest.at>)
1158 * lib/client.c, lib/common.c, lib/saslint.h, lib/server.c: Do
1159 reference counting of the number of times sasl has been inited/doned.
1161 2003-04-15 Rob Siemborski <rjs3@andrew.cmu.edu>
1162 * config/ltmain.sh: fix some portability problems in the use of expr
1163 (Oliver Eikemeier <eikemeier@fillmore-labs.com>)
1165 2003-04-14 Rob Siemborski <rjs3@andrew.cmu.edu>
1168 2003-04-08 Rob Siemborski <rjs3@andrew.cmu.edu>
1169 * lib/external.c, lib/server.c: use mech_avail to disable
1170 EXTERNAL instead of special casing it (Chris Newman
1171 <Chris.Newman@Sun.COM>)
1173 2003-03-31 Rob Siemborski <rjs3@andrew.cmu.edu>
1174 * saslauthd/ipc_unix.c, saslauthd/saslauthd-main.c,
1175 saslauthd/saslauthd-main.h: use the pidfile locking from
1176 the Cyrus IMAPd master process (implemented for saslauthd by
1177 Igor Brezac <igor@ipass.net>)
1178 * configure.in, acconfig.h: Add configure option to set what
1179 we use for /dev/random
1181 2003-03-28 Rob Siemborski <rjs3@andrew.cmu.edu>
1182 * saslauthd/: Unify the source files so that the IPC methods
1183 are broken out into a separate API. Cacheing of authentication
1184 credentials is also available as a command-line option.
1185 Other changes include: Remove Time of Day Flag, omit
1186 SO_REUSEADDR on AF_UNIX sockets, make using the accept-socket
1187 locking runtime configurable, and misc other cleanup.
1188 (Jeremy Rumpf <jrumpf@heavyload.net>)
1190 2003-03-26 Rob Siemborski <rjs3@andrew.cmu.edu>
1191 * plugins/plain.c: Defend against memory leak on canon_user
1192 failure (Chris Newman <chris.newman@sun.com>)
1194 2003-03-19 Rob Siemborski <rjs3@andrew.cmu.edu>
1195 * lib/auxprop.c, lib/checkpw.c, lib/common.c, lib/saslutil.c,
1196 lib/server.c: Assorted minor fixes from Sun Microsystems
1197 (provided by Chris Newman <chris.newman@sun.com>)
1199 2003-03-13 Rob Siemborski <rjs3@andrew.cmu.edu>
1200 * saslauthd/lak.c: Fix a memset length. (Igor Brezac <igor@ipass.net>)
1202 2003-03-06 Rob Siemborski <rjs3@andrew.cmu.edu>
1203 * plugins/digestmd5.c: fix parity of digest-uri test
1204 * lib/client.c, common.c, saslint.h, server.c: Pass global
1205 callbacks to global utils structure
1206 (Howard Chu <hyc@highlandsun.com>)
1207 * saslauthd/auth_krb5.c: Fix memory/file descriptor leak
1208 in krb5 authentication (Jonathen Chen <jon@spock.org>)
1209 * saslauthd/lak.c, lak.h, LDAP_SASLAUTHD: Remove ldap_cache
1210 code, and rename MAX() to LAK_MAX()
1212 2003-02-20 Ken Murchison <ken@oceana.com>
1213 * doc/draft-ietf-sasl-rfc2831bis-00.txt: added
1214 * doc/draft-melnikov-rfc2831bis-02.txt: deleted
1215 * doc/draft-newman-sasl-c-api-01.txt: added
1216 * doc/draft-newman-sasl-c-api-00.txt: deleted
1217 * doc/index.html: updated to WG version of DIGEST-MD5 draft,
1218 updated to latest C API draft
1219 * doc/Makefile.am: updated to WG version of DIGEST-MD5 draft,
1220 updated to latest C API draft
1222 2003-02-12 Lawrence Greenfield <leg+@andrew.cmu.edu>
1223 * plugins/digestmd5.c: verify the service component of digest-uri
1225 2003-02-11 Ken Murchison <ken@oceana.com>
1226 * doc/draft-ietf-sasl-anon-00.txt: added
1227 * doc/draft-ietf-sasl-plain-00.txt: added
1228 * doc/draft-zeilenga-sasl-anon-01.txt: deleted
1229 * doc/draft-zeilenga-sasl-plain-01.txt: deleted
1230 * doc/index.html: updated to WG versions of ANONYMOUS, PLAIN drafts
1232 2003-02-03 Rob Siemborski <rjs3@andrew.cmu.edu>
1233 * cmulocal/sasl2.m4: Don't use -ldes to check for Heimdal
1234 * saslauthd/auth_krb4.c, saslauthd/auth_shadow.c,
1235 saslauthd/auth_getpwent.c, lib/kerberos4.c:
1236 Smarter checking of #includs for des.h
1237 (Mark Keasling <mark@air.co.jp>)
1238 * saslauthd/testsaslauthd.c, saslauthd/saslauthd-doors.c:
1239 retry_read() should use a char * buffer not a void *
1240 buffer (Mark Keasling <mark@air.co.jp>)
1241 * cmulocal/berkdb.m4: Set CPPFLAGS around tests
1242 (based on patch from Leena Heino <Leena.Heino@uta.fi>)
1243 * config/sasldb.m4: Actually use results of Berkeley DB tests
1244 (Leena Heino <Leena.Heino@uta.fi>)
1247 2003-01-31 Rob Siemborski <rjs3@andrew.cmu.edu>
1249 * utils/Makefile.am: Ensure that dbconverter-2 can see the sasldb
1252 2003-01-29 Rob Siemborski <rjs3@andrew.cmu.edu>
1253 * plugins/digestmd5.c: Fix a situation where the realm wasn't
1254 being set for the client context, causing a segfault
1255 * config/kerberos_v4.m4: first check des_* then check DES_*
1256 during OpenSSL tests (based on ideas from
1257 Leena Heino <Leena.Heino@uta.fi>)
1259 2003-01-28 Rob Siemborski <rjs3@andrew.cmu.edu>
1260 * config/sasldb.m4: Don't build sasldb plugin if compiling
1261 --with-dblib=none, since it will only fail to load anyway.
1263 2003-01-27 Rob Siemborski <rjs3@andrew.cmu.edu>
1264 * saslauthd/configure.in: use CMU_ADD_LIBPATH for LDAP support
1265 (Simon Brady <simon.brady@otago.ac.nz>)
1267 2003-01-23 Rob Siemborski <rjs3@andrew.cmu.edu>
1268 * saslauthd/acconfig.h: protect file from being included more than
1269 once (reported by Jeremy Rumpf <jrumpf@heavyload.net>)
1270 * saslauthd/configure.in, configure.in: Move OpenSSL detection into
1271 cmulocal, detect openssl for use with lak.c
1273 2003-01-21 Ken Murchison <ken@oceana.com>
1274 * plugins/ntlm.c: only _require_ one response (LM and/or NT), not both
1276 2003-01-09 Rob Siemborski <rjs3@andrew.cmu.edu>
1277 * saslauthd/lak.c, saslauthd/lak.h: Add the fastbind auth method
1278 (Simon Brady <simon.brady@otago.ac.nz>)
1280 2003-01-01 Ken Murchison <ken@oceana.com>
1281 * saslauthd/configure.in, saslauthd/Makefile.am: don't make
1282 -lcrypt dependent upon --enable-plain
1284 2002-12-11 Ken Murchison <ken@oceana.com>
1285 * plugins/otp.c: set SASL_FEAT_ALLOWS_PROXY on client side
1287 2002-12-10 Ken Murchison <ken@oceana.com>
1288 * plugins/otp.c: explicitly #include <openssl/md5.h> to resolve
1289 OpenBSD/OpenSSL cruftiness
1291 2002-12-10 Rob Siemborksi <rjs3@andrew.cmu.edu>
1292 * saslauthd/saslauthd-doors.c: Fix a potential memory leak when
1293 we call door_return()
1295 2002-12-09 Rob Siemborski <rjs3@andrew.cmu.edu>
1296 * lib/auxprop.c: Correct leak in prop_clear, also update list_end
1298 * doc/options.html: Update use of saslauthd_path to be correct
1300 2002-12-06 Rob Siemborski <rjs3@andrew.cmu.edu>
1303 2002-12-05 Larry Greenfield <leg@andrew.cmu.edu>
1304 * plugins/digestmd5.c: DES key fixes. stupid DES libraries want
1305 the key in the stupid DES parity format.
1306 * plugins/digestmd5.c: refactored some of the cipher code so that
1307 there isn't RC4 state around when we're using DES and vice versa
1309 2002-12-05 Rob Siemborski <rjs3@andrew.cmu.edu>
1310 * saslauthd/lak.c: Allocate a large enough buffer to account for
1311 a completely escaped username. (lak_escape and lak_filter)
1312 * lib/common.c: Ensure there is enough space for the trailing \0
1315 2002-12-04 Rob Siemborski <rjs3@andrew.cmu.edu>
1316 * lib/canonusr.c: Check for potential buffer overflow
1318 2002-12-03 Ken Murchison <ken@oceana.com>
1319 * plugins/digestmd5.c: major fast reauth rewrite, mech_step cleanup
1320 * doc/options.html: server-side reauth is disabled by default
1322 2002-11-24 Ken Murchison <ken@oceana.com>
1323 * plugins/login.c: allow authid to be passed in initial response
1324 * doc/draft-sasl-login.txt, doc/mechanisms.html:
1325 documentation updates re: initial response
1327 2002-11-07 Ken Murchison <ken@oceana.com>
1328 * doc/draft-nerenberg-sasl-crammd5-03.txt: added
1329 * doc/draft-nerenberg-sasl-crammd5-02.txt: deleted
1330 * doc/draft-zeilenga-sasl-anon-01.txt: added
1331 * doc/draft-zeilenga-sasl-anon-00.txt: deleted
1332 * doc/draft-zeilenga-sasl-plain-01.txt: added
1333 * doc/draft-zeilenga-sasl-plain-00.txt: deleted
1334 * doc/index.html: updated to latest CRAM-MD5, ANONYMOUS, PLAIN drafts
1336 2002-11-01 Rob Siemborski <rjs3@andrew.cmu.edu>
1337 * plugins/kerberos4.c: Make at most 1 canon_user call, not two.
1338 (Howard Chu <hyc@highlandsun.com>)
1340 2002-10-25 Rob Siemborski <rjs3@andrew.cmu.edu>
1341 * saslauthd/lak.c: minor cleanups
1343 2002-10-24 Rob Siemborski <rjs3@andrew.cmu.edu>
1344 * saslauthd/lak.c: fix problem where saslauthd stops LDAP
1345 authentications when ldap_auth_method is bind.
1346 (Igor Brezac <igor@ypass.net>)
1347 * doc/sysadmin.html, doc/options.html, saslauthd/saslauthd.mdoc:
1348 documentation updates re: saslauthd mux path
1350 2002-10-23 Ken Murchison <ken@oceana.com>
1351 * lib/external.c: added SASL_SEC_NOANONYMOUS to client side
1352 (Howard Chu, <hyc@highlandsun.com>)
1354 2002-10-21 Ken Murchison <ken@oceana.com>
1355 * plugins/ntlm.c: NTLM probably doesn't offer perfect forward secrecy
1356 * doc/mechanisms: added table of properties/features
1358 2002-10-20 Ken Murchison <ken@oceana.com>
1359 * saslauthd/lak.ch: consolidated hashed password checking code
1361 2002-10-18 Rob Siemborski <rjs3@andrew.cmu.edu>
1362 * saslauthd/lak.[ch], saslauthd/auth_ldap.c:
1363 Code cleanup, now support {SHA}, {SSHA}, {MD5}, and {SMD5} hashes,
1364 misc other cleanup. (Igor Brezac <igor@ypass.net> and
1365 Thomas Lussnig <thomas.lussnig@bewegungsmelder.de>)
1367 2002-10-17 Ken Murchison <ken@oceana.com>
1368 * doc/draft-melnikov-rfc2831bis-02.txt: added
1369 * doc/draft-melnikov-rfc2831bis-01.txt: deleted
1370 * doc/index.html: updated to latest RFC 2831bis draft
1372 2002-10-11 Rob Siemborski <rjs3@andrew.cmu.edu>
1373 * lib/Makefile.am: add missing staticopen.h to EXTRA_DIST,
1374 fix some dependencies
1377 2002-10-10 Rob Siemborski <rjs3@andrew.cmu.edu>
1380 2002-10-09 Rob Siemborski <rjs3@andrew.cmu.edu>
1381 * lib/client.c: Allow plaintext mechanisms under an external security
1384 2002-10-07 Rob Siemborski <rjs3@andrew.cmu.edu>
1385 * sample/server.c: Fix some IPV6 defines
1386 (Marshall Rose <mrose@dbc.mtview.ca.us>)
1388 2002-10-02 Ken Murchison <ken@oceana.com>
1389 * lib/checkpw.c: return SASL_NOUSER when we can't find APOP secret
1390 * lib/server.c: plug APOP memory leak and consolidate canonification
1391 * configure.in: force the use of a cache file
1392 (Carlos Velasco <carlosev@newipnet.com>)
1394 2002-10-02 Rob Siemborski <rjs3@andrew.cmu.edu>
1395 * lib/checkpw.c: Fix some misuses of sasl_seterror
1396 (Martin Exler <m.exler@gmx.at>)
1398 2002-09-24 Rob Siemborski <rjs3@andrew.cmu.edu>
1399 * config/sasl2.m4, saslauthd/Makefile.am: GSSAPI doesn't need
1400 to link ndbm. Also cleanup some sasldb linking in saslauthd.
1402 2002-09-23 Rob Siemborski <rjs3@andrew.cmu.edu>
1403 * config/kerberos_v4.m4: Don't compile with kerberos unless we
1404 have both the libs and the headers (Carlos Velasco
1405 <carlosv@newipnet.com>)
1407 2002-09-19 Rob Siemborski <rjs3@andrew.cmu.edu>
1408 * plugins/gssapi.c: endinaness corrections
1409 * sasldb/db_berkeley.c, utils/dbconverter-2.c: Berkley DB 4.1
1410 support (Mika Iisakkila <mika.iisakkila@pingrid.fi>)
1412 2002-09-19 Ken Murchison <ken@oceana.com>
1413 * plugins/plugin_common.[ch]: make SASL_CB_USER and result optional
1414 * plugins/anonymous.c: use SASL_CB_USER for fetching trace info,
1415 don't require SASL_CB_AUTHNAME
1416 * plugins/gssapi.c, plugins/kerberos.c: don't require SASL_CB_USER
1417 * lib/external.c: define SASL_FEAT_ALLOWS_PROXY for this mechanism,
1418 don't require SASL_CB_USER
1420 2002-09-18 Rob Siemborski <rjs3@andrew.cmu.edu>
1421 * plugins/srp.c, plugins/kerberos4.c: correct maxoutbuf handling
1422 * plugins/digestmd5.c: correct maxoutbuf handling, actually
1423 send maxbuf to the remote.
1424 * lib/common.c: sanity check security properties
1426 2002-09-17 Ken Murchison <ken@oceana.com>
1427 * plugins/ntlm.c: home-grown client/server NTLM implementation
1428 * configure.in: NTLM depends on OpenSSL libcrypto
1429 * doc/sysadmin.html: added NTLM blurb
1431 2002-09-16 Rob Siemborski <rjs3@andrew.cmu.edu>
1432 * lib/canonusr.c: don't index begin_u with -1
1433 (Randy Kunkee <randy@randallkunkee.com>)
1434 * doc/sysadmin.html: cleanup
1435 * utils/saslpasswd.c: don't exit with -SASL_FAIL
1436 * saslauthd/saslauthd-unix.c: use a char* instead of a void* in
1439 2002-09-12 Ken Murchison <ken@oceana.com>
1440 * lib/common.c: NULL outbuf if we get no output from sasl_decode()
1442 2002-09-11 Rob Siemborski <rjs3@andrew.cmu.edu>
1443 * plugins/mysql.c: Actually loop through the potential servers
1444 properly (Seow Kok Heng <kokheng@jhs.com.sg>)
1445 * acinclude.m4: Added copy of the correct libtool macros as
1447 * configure.in: fix for gcc 3.x
1448 (Carlos Velasco <carlosev@newipnet.com>)
1450 2002-09-10 Rob Siemborski <rjs3@andrew.cmu.edu>
1451 * lib/server.c: Better handling of add_plugin failures
1453 2002-09-10 Ken Murchison <ken@oceana.com>
1454 * acconfig.h, configure.in: enable/disable NTLM
1455 * lib/staticopen.h, plugins/Makefile.am, makeinit.sh, ntlm.c:
1456 added NTLM support (client-side only)
1458 2002-09-07 Rob Siemborski <rjs3@andrew.cmu.edu>
1459 * saslauthd/configure.in, saslauthd/Makefile.am: don't
1460 do configure substitutions for the saslauthd_SOURCES variable
1461 (Carlos Velasco <carlosev@newipnet.com>)
1463 2002-09-05 Rob Siemborski <rjs3@andrew.cmu.edu>
1464 * doc/os390.html: added
1465 * doc/index.html: referenced os390.html and macosx.html
1466 * lib/Makefile.am: better handling of plugin_common
1468 2002-09-04 Rob Siemborski <rjs3@andrew.cmu.edu>
1469 * (throughout) Extensive cleanup of how we build static and
1470 shared versions of libsasl. Also some more portability
1471 fixes (Howard Chu <hyc@highlandsun.com>)
1473 2002-09-04 Rob Siemborski <rjs3@andrew.cmu.edu>
1474 * acconfig.h, configure.in: Actually check for sysexits.h,
1475 varargs.h, and stdarg.h
1476 * lib/checkpw.c: compatibility patch for retry_read
1477 (Howard Chu <hyc@highlandsun.com>)
1479 2002-09-03 Rob Siemborski <rjs3@andrew.cmu.edu>
1480 * (throughout) fix handling of sys/param.h
1481 * (throughout) fix handling of time.h and sys/time.h
1482 * include/exits.h: include a replacement for sysexits.h
1483 * acconfig.h: define MAXHOSTNAMELEN if it isn't
1484 * lib/getaddrinfo.c, config/ipv6.m4: minor fixes for partial
1485 getaddrinfo/getnameinfo implementations
1486 * (Above changes are all from or based on ideas from
1487 Howard Chu <hyc@highlandsun.com>)
1489 2002-08-28 Rob Siemborski <rjs3@andrew.cmu.edu>
1490 * lib/client.c, lib/saslint.h: Properly handle client-side
1491 serverFQDN and clientFQDN
1493 2002-08-19 Rob Siemborski <rjs3@andrew.cmu.edu>
1494 * lib/dlopen.c: use correct paths when a .la file is not present
1495 (Justin Gibbs <gibbs@scsiguy.com>)
1497 2002-08-13 Rob Siemborski <rjs3@andrew.cmu.edu>
1498 * doc/sysadmin.html: fix some /usr/lib/sasl references to
1499 /usr/lib/sasl2 (Andrew Jones <arjones@simultan.dyndns.org>)
1501 2002-08-09 Rob Siemborski <rjs3@andrew.cmu.edu>
1502 * saslauthd/Makefile.am: fix small parts of the saslauthd.8 build
1506 2002-08-06 Ken Murchison <ken@oceana.com>
1507 * plugins/digestmd5.c: disable/remove server-side fast reauth
1509 2002-08-02 Rob Siemborski <rjs3@andrew.cmu.edu>
1510 * include/sasl.h, lib/common.c: Add SASL_AUTHUSER as a parameter
1513 2002-08-01 Rob Siemborski <rjs3@andrew.cmu.edu>
1514 * saslauthd/lak.c: allow use of more than one %u or %r in the filter
1515 (Laurent Larquère <llarquere@aacom.fr>)
1517 2002-07-30 Rob Siemborski <rjs3@andrew.cmu.edu>
1518 * lib/client.c, lib/server.c: Add checks for SASL_NEED_PROXY and
1519 SASL_FEAT_ALLOWS_PROXY
1520 * include/sasl.h, include/saslplug.h: Add SASL_NEED_PROXY and
1521 SASL_FEAT_ALLOWS_PROXY
1522 * plugins/digestmd5.c, plugins/gssapi.c, plugins/kerberos4.c,
1523 plugins/otp.c, plugins/plain.c, plugins/srp.c: define
1524 SASL_FEAT_ALLOWS_PROXY for these mechanisms
1526 2002-07-27 Rob Siemborski <rjs3@andrew.cmu.edu>
1527 * saslauthd/auth_sasldb.c: Include mechanisms.h in a reasonable place.
1529 2002-07-24 Rob Siemborski <rjs3@andrew.cmu.edu>
1530 * saslauthd/Makefile.am: Fix DEFS to still supply -I. and -I..
1531 * configure.in: Make --with-ldap show up in top level configure script,
1532 make saslauthd compile by default
1533 * lib/saslutil.c: use read() and not fread() on /dev/random to preserve
1535 * doc/sysadmin.html: Add note about using /dev/urandom
1537 2002-07-19 Rob Siemborski <rjs3@andrew.cmu.edu>
1538 * doc/sysadmin.html, doc/readme.html, doc/upgrading.html:
1539 Misc. documentation cleanup (Joe Rhett <jrhett@isite.net>)
1541 2002-07-17 Ken Murchison <ken@oceana.com>
1542 * lib/canonusr.c: update length of user string to length of output
1545 2002-07-16 Rob Siemborski <rjs3+@andrew.cmu.edu>
1546 * plugins/cram.c: Fix a security problem in the verification of
1547 the digest string. (Andrew Jones <arjones@simultan.dyndns.org>)
1550 2002-07-06 Rob Siemborski <rjs3@andrew.cmu.edu>
1551 * plugins/mysql.c: Further memory management cleanup. (never
1552 strdup the options, and therefore don't free staticly allocated
1554 * man/sasl_getopt_t.3: Clarify semantics of memory management
1556 2002-07-05 Rob Siemborski <rjs3@andrew.cmu.edu>
1557 * saslauthd/lak.c: Better handling of downed ldap servers
1558 (Igor Brezac <igor@ipass.net>)
1559 * sasldb/db_berkeley.c, utils/dbconverter-2.c: Use db_strerror()
1560 rather than strerror() for Berkeley DB error values.
1561 (J.H.M. Dassen (Ray) <jdassen@debian.org>)
1562 * saslauthd/Makefile.am, saslauthd/auth_ldap.c: don't
1563 hardwire the saslauthd conf file
1564 (J.H.M. Dassen (Ray) <jdassen@debian.org>)
1566 2002-07-03 Rob Siemborski <rjs3@andrew.cmu.edu>
1567 * man/sasl_user_exists.3: fix sasl_idle reference
1569 2002-07-02 Rob Siemborski <rjs3@andrew.cmu.edu>
1570 * lib/auxprop.c: Can now select multiple auxprop plugins
1571 * doc/options.html: updated for above
1572 * lib/client.c: improve mechanism selection to include
1573 number of security flags
1575 2002-06-27 Ken Murchison <ken@oceana.com>
1576 * doc/draft-zeilenga-sasl-plain-00.txt: added
1577 * doc/index.html: added PLAIN draft
1579 2002-06-26 Ken Murchison <ken@oceana.com>
1580 * doc/draft-zeilenga-sasl-anon-00.txt: added
1581 * doc/index.html: added ANONYMOUS draft
1583 2002-06-20 Rob Siemborski <rjs3@andrew.cmu.edu>
1584 * lib/auxprop.c: Make "cound not find auxprop plugin" warning
1587 2002-06-19 Rob Siemborski <rjs3@andrew.cmu.edu>
1588 * plugins/digestmd5.c: create layer keys for integrity as
1590 * saslauthd/auth_ldap.[ch], saslauthd/lak.[ch]:
1591 Large rewrite (Igor Brezac <igor@ipass.net>)
1592 * lib/client.c, lib/server.c, lib/common.c:
1593 Actually set most of the sparams and cparams structures
1595 2002-06-19 Ken Murchison <ken@oceana.com>
1596 * doc/draft-melnikov-rfc2831bis-01.txt: added
1597 * doc/draft-melnikov-rfc2831bis-00.txt: deleted
1598 * doc/index.html: updated to latest RFC 2831bis draft
1600 2002-06-18 Ken Murchison <ken@oceana.com>
1601 * doc/draft-nerenberg-sasl-crammd5-02.txt: added
1602 * doc/draft-nerenberg-sasl-crammd5-01.txt: deleted
1603 * doc/index.html: updated to latest CRAM-MD5 draft
1605 2002-06-17 Rob Siemborski <rjs3@andrew.cmu.edu>
1606 * plugins/login.c, plugins/plain.c: Canonicalize username before
1609 2002-06-14 Rob Siemborski <rjs3@andrew.cmu.edu>
1610 * lib/client.c, lib/server.c, lib/saslint.h, lib/common.c.
1611 lib/seterror.c: continued size_t vs unsigned cleanups
1613 2002-06-13 Rob Siemborski <rjs3@andrew.cmu.edu>
1614 * saslauthd/ : remove LDAP support
1617 2002-06-12 Rob Siemborski <rjs3@andrew.cmu.edu>
1618 * plugins/digestmd5.c: rename get_realm to get_server_realm, and
1619 pay attention to its return value
1620 * lib/external.c, lib/seterror.c: cleanup size_t/unsigned confusion
1622 2002-06-10 Rob Siemborski <rjs3@andrew.cmu.edu>
1623 * sasldb/Makefile.am: fix handling of allockey (only include it once)
1624 * plugins/kerberos4.c: fix a reference count leak
1627 2002-05-28 Rob Siemborski <rjs3@andrew.cmu.edu>
1628 * saslauthd/LDAP_SASLAUTHD, saslauthd/saslauthd.mdoc:
1629 Update documentation for LDAP and Saslauthd as per
1630 Igor Brezac <igor@ipass.net>
1632 2002-05-22 Lawrence Greenfield <leg+@andrew.cmu.edu>
1633 * lib/checkpw.c: close door file descriptor in
1634 saslauthd_verify_password
1636 2002-05-21 Rob Siemborski <rjs3@andrew.cmu.edu>
1637 * saslauthd/auth_krb5.c: fix a leak due to not
1638 calling krb5_cc_destroy on failure
1640 2002-05-17 Rob Siemborski <rjs3@andrew.cmu.edu>
1641 * saslauthd/saslauthd-*.c: support a generic mechanism option -O
1643 * saslauthd/auth_ldap.c, lak.c, et. al: auth_ldap overhaul
1644 (Igor Brezac <igor@ipass.net>)
1645 * lib/common.c, include/sasl.h: add sasl_version
1647 2002-05-13 Rob Siemborski <rjs3@andrew.cmu.edu>
1648 * lib/checkpw.c: use "*cmusaslsecretPLAIN" in auxprop_verify_password
1649 (Howard Chu, <hyc@highlandsun.com>), also only make a single
1652 2002-05-13 Ken Murchison <ken@oceana.com>
1653 * plugins/plugin_common.c: set the return code to SASL_FAIL, and
1654 NULL the results of the _plug_get_*() functions before we get
1656 * plugins/digestmd5.c, otp.c, plain.c, srp.c: check for NULL or
1657 empty authzid from callback
1659 2002-05-09 Rob Siemborski <rjs3@andrew.cmu.edu>
1660 * saslauthd/configure.in: --with-ldap now takes a path
1662 2002-05-08 Rob Siemborski <rjs3@andrew.cmu.edu>
1663 * saslauthd/acconfig.h, auth_ldap.c, configure.in, lak.c, lak.h:
1664 Misc compile/portability fixes (mostly header-related)
1665 * utils/testsuite.c: minor getopt() parameter fix
1666 (Claus Assmann <ca+sasl@sendmail.org>)
1667 * lib/checkpw.c: fix some warnings
1669 2002-05-07 Rob Siemborski <rjs3@andrew.cmu.edu>
1670 * Ready for 2.1.3-BETA
1672 2002-05-06 Rob Siemborski <rjs3@andrew.cmu.edu>
1673 * include/saslplug.h: add name member for canon_user plugins
1674 * lib/canonusr.c: use name member
1676 2002-05-06 Ken Murchison <ken@oceana.com>
1677 * plugins/digestmd5.c: added client-side reauth
1679 2002-05-05 Ken Murchison <ken@oceana.com>
1680 * lib/client.c: pass global_context to mech_new()
1681 * lib/server.c: don't free global_context (the plugin should free it)
1682 * utils/testsuite: swapped serverlast tests so that the
1683 descriptions are correct
1685 2002-05-03 Ken Murchison <ken@oceana.com>
1686 * plugins/digestmd5.c: added server-side reauth
1687 * doc/index.html: added Marshall Rose's SASL papers
1688 * doc/options.html: added 'reauth_timeout'
1690 2002-05-03 Rob Siemborski <rjs3@andrew.cmu.edu>
1691 * plugins/kerberos4.c: fix compile errors
1692 * config/kerberos_v4.m4, plugins/digestmd5.c: fix des_cbc_encrypt
1693 interoperability problem (OpenSSL)
1694 * saslauthd/Makefile.am, acconfig.h, auth_ldap.c, auth_ldap.h,
1695 configure.in, lak.c, lak.h, mechanisms.c, mechanisms.h,
1696 saslauthd.conf: added experimental LDAP saslauthd module
1697 (by Igor Brezac <igor@ipass.net>)
1698 * include/saslplug.h: give auxprop plugins a name
1699 * plugins/sasldb.c: give sasldb plugin a name
1700 * lib/auxprop.c: allow auxprop selection
1701 * doc/options.html: document auxprop_plugin option
1703 2002-05-01 Ken Murchison <ken@oceana.com>
1704 * plugins/digestmd5.c, gssapi.c, kerberos4.c, srp.c:
1705 general plugin cleanup - standardizing structure
1707 2002-04-30 Rob Siemborski <rjs3@andrew.cmu.edu>
1708 * plugins/gssapi.c: Minor cleanup of struct hack in context structure
1710 2002-04-30 Ken Murchison <ken@oceana.com>
1711 * plugins/plugin_common.[ch], anonymous.c, cram.c, login.c, otp.c,
1712 plain.c, sasldb.c, srp.c,
1713 lib/client.c, external.c, saslint.h, server.c: general plugin
1714 cleanup - reusing more common code, standardizing structure
1716 2002-04-28 Ken Murchison <ken@oceana.com>
1717 * plugins/plugin_common.[ch], anonymous.c, cram.c, digestmd5.c,
1718 gssapi.c, kerberosv4.c, login.c, otp.c, plain.c, srp.c,
1719 lib/external.c:finalize movement of callback/interaction stuff
1722 2002-04-27 Ken Murchison <ken@oceana.com>
1723 * plugins/plugin_common.[ch], anonymous.c, cram.c, digestmd5.c,
1724 gssapi.c, kerberosv4.c, login.c, otp.c, plain.c, srp.c,
1725 lib/external.c: move make_prompts stuff into plugin_common
1726 * utils/testsuite.c: allow for testing of EXTERNAL
1728 2002-04-26 Rob Siemborski <rjs3@andrew.cmu.edu>
1729 * sasldb/allockey.c: be sure to set userPassword and not *userPassword
1731 2002-04-26 Ken Murchison <ken@oceana.com>
1732 * lib/client.c, server.c: check 'doneflag' just before mech_step()
1733 * plugins/plugin_common.[ch], anonymous.c, cram.c, digestmd5.c,
1734 gssapi.c, kerberosv4.c, login.c, otp.c, plain.c, srp.c,
1735 lib/external.c, Makefile.am: move callback/interaction stuff
1737 * plugins/plugin_common.[ch], digestmd5.c, gssapi.c,
1738 kerberosv4.c, srp.c: move decode/concatenation of multiple
1739 packets into plugin_common
1740 * utils/testsuite.c: set SASL_AUTH_EXTERNAL so we can test EXTERNAL
1742 2002-04-25 Ken Murchison <ken@oceana.com>
1743 * plugins/otp.c: don't free the secret when we get data from a
1744 callback (and don't copy it)
1745 * plugins/gssapi.c, plain.c: make sure to set 'doneflag' when done
1746 * lib/client.c, server.c: don't call mech_step() if 'doneflag' is set
1748 2002-04-24 Rob Siemborski <rjs3@andrew.cmu.edu>
1749 * plugins/cram.c, digestmd5.c, login.c, plain.c, srp.c: don't
1750 free the secret when we get data from a callback (and don't copy it)
1752 2002-04-22 Rob Siemborski <rjs3@andrew.cmu.edu>
1753 * include/gai.h: Fix for compatibility with older glibc versions
1754 (Howard Chu, <hyc@highlandsun.com>)
1755 * plugins/gssapi.c: Don't always send authzid on client side
1756 (Howard Chu, <hyc@highlandsun.com>)
1758 2002-04-18 Rob Siemborski <rjs3@andrew.cmu.edu>
1759 * saslauthd/auth_sasldb.c: Use "use_realm" instead of "realm"
1760 for lookup of secret. (Jonas Oberg <jonas@gnu.org>)
1761 * plugins/gssapi.c: Correct handling of client-side authid and
1762 authzid (Howard Chu, <hyc@highlandsun.com>)
1763 * lib/external.c: Better handling of user canonicalization
1764 (Howard Chu, <hyc@highlandsun.com>)
1765 * plugins/cram.c, digestmd5.c, gssapi.c, kerberos4.c,
1766 login.c, otp.c, plain.c, srp.c: zero out prompt_need structures
1769 2002-04-17 Rob Siemborski <rjs3@andrew.cmu.edu>
1770 * plugins/cram.c, digestmd5.c, srp.c: Adjust cmusaslsecretFOO to
1772 * plugins/sasldb.c: correctly handle *(property)
1773 * lib/canonusr.c, server.c: Lookup authzid and authid auxprops
1774 correctly (and in the same place).
1775 * include/sasl.h, saslplug.h: Fix auxprop lookups
1776 (e.g. SASL_AUXPROP_AUTHZID)
1778 2002-04-15 Rob Siemborski <rjs3@andrew.cmu.edu>
1779 * plugins/gssapi.c: Handle null authzid's correctly
1780 * lib/server.c: fix a strcmp() that should be a memcmp()
1782 2002-04-15 Rob Siemborski <rjs3@andrew.cmu.edu>
1783 * plugins/gssapi.c: fix how name_token and name_without_realm are
1786 2002-04-12 Ken Murchison <ken@oceana.com>
1787 * doc/draft-melnikov-rfc2831bis-00.txt: added
1788 * doc/draft-myers-saslrev-02.txt: moved TOC
1789 * doc/draft-myers-saslrev-02.txt: added
1790 * doc/draft-myers-saslrev-01.txt: deleted
1791 * doc/index.html: changed link to updated saslrev draft,
1792 added KERBEROS_V4 notation,
1793 added link to rfc2831bis draft
1795 2002-04-08 Ken Murchison <ken@oceana.com>
1796 * lib/server.c, doc/options.html: allow multiple pwcheck_methods
1798 2002-04-03 Rob Siemborski <rjs3+@andrew.cmu.edu>
1799 * saslauthd/configure.in: properly define AUTH_KRB5
1800 * saslauthd/auth_krb5.c: changes for MIT KRB5
1802 2002-03-27 Rob Siemborski <rjs3+@andrew.cmu.edu>
1803 * Removed check for db3/db.h (people can just use --with-bdb-incdir)
1805 2002-03-26 Rob Siemborski <rjs3+@andrew.cmu.edu>
1808 2002-03-11 Rob Siemborski <rjs3+@andrew.cmu.edu>
1809 * plugins/kerberos4.c: Fix a race condition during mutex allocation
1811 2002-03-04 Rob Siemborski <rjs3+@andrew.cmu.edu>
1812 * lib/checkpw.c: Stop logging "authentication failed" message
1813 * plugins/gssapi.c: Reduce log level of "gss_accept_context" message
1815 2002-02-27 Rob Siemborski <rjs3+@andrew.cmu.edu>
1816 * saslauthd/saslauthd.mdoc: Clarify that sasldb with saslauthd
1817 is not what you want to be doing.
1818 * doc/sysadmin.html: Update "sasldb" verifier to "auxprop"
1820 2002-02-22 Rob Siemborski <rjs3+@andrew.cmu.edu>
1821 * lib/checkpw.c: made retry_read static
1823 2002-02-21 Rob Siemborski <rjs3+@andrew.cmu.edu>
1824 * lib/checkpw.c (auxprop_verify_password) report SASL_NOUSER instead
1826 * lib/client.c, lib/server.c: More Complete returning of SASL_NOTINIT
1827 * utils/testsuite.c: Better checking for SASL_NOTINIT
1829 2002-02-11 Ken Murchison <ken@oceana.com>
1830 * plugins/srp.c: removed OpenSSL 0.9.6 dependencies, small bugfix
1831 * configure.in: cleaned up OpenSSL (libcrypto) check
1833 2002-02-05 Rob Siemborski <rjs3+@andrew.cmu.edu>
1834 * contrib/tclsasl: Add Marshall Rose's <mrose@dbc.mtview.ca.us>
1836 * plugins/anonymous.c: No longer append extra NUL to client response
1838 2002-02-04 Rob Siemborski <rjs3+@andrew.cmu.edu>
1839 * utils/saslpasswd.c: Added -n option (Ken Murchison)
1840 * lib/dlopen.c: Removed confusing entry point message.
1843 2002-02-01 Ken Murchison <ken@oceana.com>
1844 * plugins/srp.c: fixed srp_setpass()
1846 2002-01-31 Ken Murchison <ken@oceana.com>
1847 * include/sasl.h, lib/server.c,
1848 plugins/digestmd5.c, gssapi.c, kerberos4.c, srp.c:
1849 added SASL_SEC_MUTUAL_AUTH
1850 * plugins/srp.c: cleanup error messages and return codes
1852 2002-01-30 Ken Murchison <ken@oceana.com>
1853 * plugins/otp.c, plugins/otp.h: added non-OPIE client/server
1854 implementation (requires OpenSSL)
1855 * configure.in: OTP now requires OpenSSL, OPIE is optional
1856 * doc/options.html, doc/readme.html, doc/sysadmin.html, doc/TODO:
1857 updated for new OTP implementation
1859 2002-01-25 Rob Siemborski <rjs3+@andrew.cmu.edu>
1860 * saslauthd/Makefile.am: Correct multiple EXTRA_DIST bug
1861 * saslauthd/Makefile.am: small typo fixed (Leena Heino <liinu@uta.fi>)
1863 2002-01-23 Rob Siemborski <rjs3+@andrew.cmu.edu>
1864 * utils/dbconverter-2.c (main): More intelligent default paths
1865 * acconfig.h: #ifndef's for _GNU_SOURCE (Assar <assar@permabit.com>)
1867 2002-01-22 Rob Siemborski <rjs3+@andrew.cmu.edu>
1868 * lib/common.c: Complete definition of sasl_global_listmech
1869 (from Love <lha@stacken.kth.se>)
1870 * lib/client.c: added checks for _sasl_client_active to
1871 sasl_client_new and sasl_client_start
1873 2002-01-21 Ken Murchison <ken@oceana.com>
1874 * doc/draft-myers-saslrev-01.txt: moved TOC
1875 * doc/draft-ietf-cat-sasl-gssapi-05.txt: moved TOC
1876 * doc/draft-nerenberg-sasl-crammd5-01.txt: added
1877 * doc/draft-nerenberg-sasl-crammd5-00.txt: deleted
1878 * doc/index.html: changed link to updated draft
1879 * plugins/login.c (login_client_mech_step): fix client-first
1882 2002-01-21 Rob Siemborski <rjs3+@andrew.cmu.edu>
1883 * lib/server.c (sasl_server_start): null out *serverout and
1884 *serveroutlen, just in case.
1885 * lib/external.c: Added correct required_prompts
1886 * saslauthd/testsaslauthd.c: Added simple saslauthd client
1887 * saslauthd/Makefile.am: rules for testsaslauthd
1888 * doc/sysadmin.html: updated to reference testsaslauthd
1889 * saslauthd/saslauthd.c: allow -n 0 (for fork-per-connection)
1890 * saslauthd/saslauthd.mdoc: documentation of -n 0
1891 * plugins/cram.c (crammd5_client_mech_step): fix client-first
1893 * sasldb/db_gdbm.c: improved error reporting
1894 (Courtesy Marshall T. Rose <mrose@dbc.mtview.ca.us>
1895 * config/sasldb.m4: improved gdbm configure handling
1896 (Courtesy Marshall T. Rose <mrose@dbc.mtview.ca.us>
1897 * config/kerberos_v4.m4: Detect OpenSSL libdes first.
1898 (Courtesy Marshall T. Rose <mrose@dbc.mtview.ca.us>
1899 * plugins/cram.c, digestmd5.c, kervberos4.c, login.c,
1900 lib/client.c, server.c, include/saslplug.h:
1901 Cleaner client-first ABI.
1903 2002-01-19 Ken Murchison <ken@oceana.com>
1904 * plugins/otp.c: set serverout to NULL where we have nothing to
1905 send instead of the empty string
1906 * plugins/srp.c: let glue code handle client-last/server-last
1907 situation by setting serverout appropriately
1909 2002-01-19 Rob Siemborski <rjs3+@andrew.cmu.edu>
1910 * plugins/plain.c, plugins/login.c, plugins/digestmd5.c:
1911 set serverout to NULL where we have nothing to send instead of
1913 * include/saslplug.h, lib/client.c, lib/server.c: eliminated
1914 SASL_FEAT_WANT_SERVER_LAST in favor of clever setting of serverout
1915 * plugins/digestmd5.c: removed SASL_FEAT_WANT_SERVER_LAST
1917 2002-01-18 Ken Murchison <ken@oceana.com>
1918 * plugins/srp.c: updated to draft-burdis-cat-srp-sasl-06
1919 * plugins/srp.c: server uses external SSF
1920 * plugins/srp.c: server sends mandatory options based on min SSF
1921 * doc/draft-burdis-cat-srp-sasl-06.txt: added
1922 * doc/draft-burdis-cat-srp-sasl-05.txt: deleted
1923 * doc/index.html: changed link to updated draft
1925 2002-01-17 Rob Siemborski <rjs3+@andrew.cmu.edu>
1926 * plugins/kerberos4.c: Actually allocate a mutex on the client side
1928 2002-01-16 Rob Siemborski <rjs3+@andrew.cmu.edu>
1929 * lib/server.c (mech_permitted): fixed incorrect return value of
1930 SASL_NOMECH that should have been 0.
1931 * lib/common.c (sasl_errdetail): fixed core if passed in conn is NULL
1932 * plugins/digestmd5.c (encode_tmp_buf): removed unneeded buffer
1934 2002-01-16 Ken Murchison <ken@oceana.com>
1935 * plugins/srp.c: fixed layer decoding to handle multiple packets
1936 * plugins/srp.c: plugged memory leaks (now passes testsuite)
1937 * plugins/srp.c: more logging
1938 * plugins/srp.c: lots of other nits, bug fixes
1939 * utils/testsuite.c: added SSF=0/56 test
1941 2002-01-14 Rob Siemborski <rjs3+@andrew.cmu.edu>
1942 * saslauthd/auth_krb4.c (auth_krb4): fix tf_name memory leak,
1943 and other efficency fixes
1945 2002-01-11 Rob Siemborski <rjs3+@andrew.cmu.edu>
1946 * include/saslplug.h: Add flags member to params structures
1947 * lib/client.c, lib/server.c: flags parameter to sasl_*_new
1948 now gets to the plugins
1950 2002-01-10 Rob Siemborski <rjs3+@andrew.cmu.edu>
1951 * include/sasl.h: Update for sasl_global_listmech API
1952 * lib/common.c, lib/client.c, lib/server.c: sasl_global_listmech()
1953 * lib/dlopen.c (_parse_la): fix parseing of dlname= line
1956 2002-01-09 Ken Murchison <ken@oceana.com>
1957 * plugins/otp.c: fixed security_flags
1958 * plugins/srp.c: corrected integrity layer encoding
1959 * plugins/srp.c: finished maxbuffersize handling
1960 * plugins/srp.c: fixed security_flags
1961 * doc/index.html: added reference to SRP paper
1963 2002-01-09 Rob Siemborski <rjs3+@andrew.cmu.edu>
1964 * lib/common.c (sasl_decode): Removed maxoutbuf check
1965 * man/sasl_setprop.3: Minor clarifications
1966 * plugins/digestmd5.c, plugins/gssapi.c, plugins/kerberos4.c:
1967 Assorted security layer fixes (maxoutbuf setting, mech_ssf setting)
1968 * lib/common.c, lib/client.c, lib/server.c, lib/saslint.h:
1969 Allowed client-side sasl_listmech calls.
1970 * include/sasl.h: Minor cosmetic fix to comments
1971 * doc/programming.html: Interaction memory management clarifications
1972 * lib/common.c: Fix several crash problems in getprop
1973 (Courtesy Marshall T. Rose <mrose@dbc.mtview.ca.us>)
1975 2002-01-05 Lawrence Greenfield <leg+@andrew.cmu.edu>
1976 * saslauthd/saslauthd.c: F_SETLK doesn't block; F_SETLKW does
1977 * saslauthd/saslauthd.c: detect errors somewhat better
1979 2002-01-04 Rob Siemborski <rjs3+@andrew.cmu.edu>
1980 * lib/common.c: Allow sasl_setprop for SASL_DEFUSERREALM
1982 2002-01-04 Ken Murchison <ken@oceana.com>
1983 * plugins/srp.c: don't send M2 if using a confidentiality layer
1984 * plugins/srp.c: more constraint checks
1985 * plugins/otp.c: improve standard hex/word response detection
1986 * doc/install.html, doc/sysadmin.html, contrib/opie-2.4-fixes:
1987 add patch for OPIE 2.4 to enable extended responses
1989 2002-01-03 Ken Murchison <ken@oceana.com>
1990 * configure.in: removed check fpr gmp
1991 * plugins/srp.c: migrated to OpenSSL's BN (removed GNU MP dependency)
1993 2001-12-20 Rob Siemborski <rjs3+@andrew.cmu.edu>
1994 * sasldb/db_ndbm.c: Fixed small memory leak
1995 (Courtesy Howard Chu <hyc@highlandsun.com>)
1997 2001-12-18 Ken Murchison <ken@oceana.com>
1998 * plugins/srp.c: more constraint checks
2000 2001-12-17 Rob Siemborski <rjs3+@andrew.cmu.edu>
2001 * saslauthd/saslauthd.c: Prefork a number of processes to handle
2003 * saslauthd/auth_krb4.c: Handle concurrent accesses better.
2005 2001-12-15 Ken Murchison <ken@oceana.com>
2006 * plugins/srp.c: added confidentiality layers
2008 2001-12-14 Ken Murchison <ken@oceana.com>
2009 * plugins/srp.c: improved client/server layer option handling
2010 * plugins/srp.c: added client-side support for mandatory options
2011 * plugins/srp.c: added framework for confidentiality layers
2012 * plugins/srp.c: added some data sanity checking (thanks to
2013 Tom Holroyd <tomh@po.crl.go.jp> for feedback)
2015 2001-12-13 Rob Siemborski <rjs3+@andrew.cmu.edu>
2016 * lib/server.c, lib/common.c: Fix handling of
2017 global callbacks so that plugin_list works again
2019 2001-12-12 Rob Siemborski <rjs3+@andrew.cmu.edu>
2020 * pwcheck/Makefile.am: Added include of ../lib
2021 (from Hajimu UMEMOTO <ume@mahoroba.org>)
2023 2001-12-11 Rob Siemborski <rjs3+@andrew.cmu.edu>
2024 * sasldb/db_ndbm.c: fix call to dbm_nextkey, from
2025 Scot W. Hetzel <scot@genroco.com>
2027 2001-12-10 Rob Siemborski <rjs3+@andrew.cmu.edu>
2028 * doc/plugprog.html: Update for new user canonicalization usage.
2029 * man/sasl_canon_user.3: Update for new user canonicalization usage.
2030 * configure.in: Actually set STATIC_GSSAPIV2 when necessary
2032 2001-12-08 Ken Murchison <ken@oceana.com>
2033 * plugins/srp.c: make sure we have the HMAC before trying to use it
2034 * plugins/srp.c: don't advertise server integrity w/o HMAC-SHA-1
2035 * plugins/srp.c: move EVP_cleanup() to mech_free so mech can be reused
2037 2001-12-07 Ken Murchison <ken@oceana.com>
2038 * configure.in: SRP now requires OpenSSL
2039 * plugins/srp.c: migrated to OpenSSL's MDA/cipher abstraction API
2040 * plugins/srp.c: added RIPEMD-160 support
2041 * plugins/srp.c: using "standard ACSII names" for MDA-names as
2042 documented by [SCAN] (until determined otherwise)
2043 * plugins/srp.c: using updated canon_user API to allow separate
2044 canonicalization of authid and authzid.
2046 2001-12-06 Rob Siemborski <rjs3+@andrew.cmu.edu>
2047 * lib/canonusr.c: Better logging when desired plugin is not found.
2048 * lib/checkpw.c: spelling error fixed.
2049 * lib/canonusr.c, lib/checkpw.c, lib/client.c, lib/external.c,
2050 lib/saslint.h, lib/server.c, include/sasl.h, include/saslplug.h,
2051 plugins/*.c: Updated canon_user API to allow separate
2052 canonicalization of authid and authzid.
2054 2001-12-05 Rob Siemborski <rjs3+@andrew.cmu.edu>
2055 * saslauthd/Makefile.am, saslauthd/acconfig.h, saslauthd/configure.in:
2056 Solaris 7 and FreeBSD (FreeBSD is courtesy of Claus Assmann
2057 <ca+sasl@sendmail.org>)
2058 * sasldb/Makefile.am: link order fix (Courtesy Claus Assmann
2059 <ca+sasl@sendmail.org>)
2061 2001-12-05 Ken Murchison <ken@oceana.com>
2063 * plugins/Makefile.am: only build SRP with sasldb libs when
2064 srp_setpass() is enabled
2065 * plugins/srp.c: added HMAC-SHA-160 integrity layer
2066 * plugins/srp.c: don't offer integrity layers unless HMAC-SHA-160
2067 is available (mandatory)
2068 * plugins/srp.c: fixed multiple integrity/confidentiality layer
2070 * plugins/srp.c: fixed delete SRP secret bug
2071 * plugins/srp.c: removed VL() stuff
2073 2001-12-04 Rob Siemborski <rjs3+@andrew.cmu.edu>
2074 * utils/Makefile.am, config/sasldb.m4: Build sasldblistusers2
2075 and saslpasswd2. Default database now /etc/sasldb2
2076 * INSTALL, README, doc/index.html, doc/upgrading.html: Update
2077 with upgrading instructions in preparation for release.
2078 * doc/, /: Documentation reorganization, convert README and INSTALL to
2080 * Bumped appropriate version numbers, Ready for 2.0.5-BETA
2082 2001-12-04 Ken Murchison <ken@oceana.com>
2083 * acconfig.h, configure.in: dependency checking for SRP
2084 * acconfig.h, configure.in:
2085 * plugins/srp.c: made srp_setpass() a compile-time option (default=off)
2086 * plugins/srp.c: use auxprop to fetch cmusaslsecretSRP/userPassword
2087 * plugins/srp.c: code cleanup
2088 * acconfig.h, configure.in:
2089 * doc/sysadmin.html:
2090 * plugins/otp.c: made otp_setpass() a compile-time option (default=off)
2092 2001-12-02 Ken Murchison <ken@oceana.com>
2093 * plugins/srp.c: fixed SHA1 support
2094 * plugins/srp.c: changed calculation of 'x' to coincide with draft -05
2095 * plugins/srp.c: code cleanup
2097 2001-12-01 Ken Murchison <ken@oceana.com>
2098 * plugins/srp.c: abstracted MDA interface
2099 * plugins/srp.c: added SHA1 support (not working)
2101 2001-11-30 Ken Murchison <ken@oceana.com>
2102 * plugins/srp.c: renumbered steps to start at 1
2103 * plugins/srp.c: check plugin API version instead of SRP_VERSION
2104 * plugins/srp.c: changed data exchanges to conform to draft -05
2106 2001-11-29 Ken Murchison <ken@oceana.com>
2107 * plugins/srp.c: code now compiles and runs
2108 * plugins/Makefile.am: added sasldb libs to SRP build
2110 2001-11-24 Ken Murchison <ken@oceana.com>
2111 * lib/external.c: made EXTERNAL a client-send-first mechanism
2112 * doc/index.html: added CRAM-MD5 draft
2114 2001-11-22 Ken Murchison <ken@oceana.com>
2115 * plugins/otp.c: fixed otp_setpass() bug
2116 * doc/sysadmin.html: OTP additions/changes
2118 2001-11-19 Rob Siemborski <rjs3+@andrew.cmu.edu>
2119 * utils/saslpasswd.c: Corrected disable handling
2121 2001-11-17 Ken Murchison <ken@oceana.com>
2122 * doc/index.html, rfc2945.txt, rfc3174.txt: specification additions
2123 * doc/Makefile.am: Updated included RFCs and IDs
2125 2001-11-14 Ken Murchison <ken@oceana.com>
2126 * lib/server.c, doc/options.html: added 'mech_list' option
2128 2001-11-14 Rob Siemborski <rjs3+@andrew.cmu.edu>
2129 * sasldb/allockey.c: removed an assert() call
2130 * sasldb/db_ndmb.c, sasldb/db_gdbm.c: Fixed cntxt's to be conn's
2132 2001-11-13 Ken Murchison <ken@oceana.com>
2133 * acconfig.h, configure.in:
2134 * plugins/otp.c: support client-side OTP without OPIE
2136 2001-11-08 Ken Murchison <ken@oceana.com>
2137 * plugins/otp.c: allow entry of one-time password via
2138 SASL_CB_ECHOPROMPT callback
2139 * plugins/otp.c: code cleanup
2140 * doc/index.html, draft*.txt: specification updates/additions
2142 2001-11-08 Rob Siemborski <rjs3+@andrew.cmu.edu>
2143 * plugins/cram.c, digestmd5.c, sasldb.c: Removed all assert()
2144 calls from supported plugins.
2146 2001-11-07 Rob Siemborski <rjs3+@andrew.cmu.edu>
2147 * utils/testsuite.c: added proxy policy checks
2148 * lib/checkpw.c (_sasl_auxprop_verify_apop): correct handling
2151 2001-11-06 Rob Siemborski <rjs3+@andrew.cmu.edu>
2152 * lib/canonusr.c (_canonuser_internal): added necessary seterror calls
2153 * doc/Makefile.am: Updated included RFCs and IDs
2154 * lib/canonusr.c, lib/server.c: Corrected authzid/authid handling
2155 * plugins/digestmd5.c: Unconfused authzid/authid in server call to
2158 2001-11-01 Rob Siemborski <rjs3+@andrew.cmu.edu>
2159 * plugins/gssapi.c, plugins/kerberos4.c: Get rid of unnecessary
2160 buffer copy in security layer encodes.
2162 2001-10-24 Ken Murchison <ken@oceana.com>
2163 * plugins/otp.c: added otp_setpass() so that saslpasswd can
2164 be used instead of opiepasswd on closed systems
2165 * doc/sysadmin.html: OTP additions/changes
2167 2001-10-22 Ken Murchison <ken@oceana.com>
2168 * acconfig.h, configure.in: detect OPIE, enable/disable OTP
2169 * plugins/Makefile.am, makeinit.sh, otp.c: added OTP support
2170 (still need work on RFC2444 compliance - depends on OPIE changes)
2171 * doc/index.html, options.html, sysadmin.html, rfc*.txt:
2172 OTP additions/changes
2174 2001-10-18 Rob Siemborski <rjs3+@andrew.cmu.edu>
2175 * utils/testsuite.c: Test DES harder for DIGEST-MD5
2176 * plugins/digestmd5.c (enc_des): Get rid of one buffer copy.
2177 * plugins/digestmd5.c (dec_des, dec_3des): correct handling of
2178 padding length check.
2180 2001-10-17 Rob Siemborski <rjs3+@andrew.cmu.edu>
2181 * config/sasldb.m4: detect berkeley db 4
2182 * plugins/gssapi.c, cram.c, kerberos4.c, digestmd5.c: have dispose
2183 calls deal with the possibility of a null context
2185 2001-10-16 Rob Siemborski <rjs3+@andrew.cmu.edu>
2186 * saslauthd/Makefile.am: Link LIB_PAM as well, if needed
2187 * plugins/digestmd5.c: Don't send a trailing nul on challenge and
2189 * lib/server.c (sasl_server_start, sasl_server_step): Deal with
2190 authentication failures better. (Reported by Larry Rosenbaum
2193 2001-10-02 Rob Siemborski <rjs3+@andrew.cmu.edu>
2194 * saslauthd/Makefile.am, saslauthd/auth_sasldb.c,
2195 saslauthd/configure.in: Changes to allow extraction of saslauthd
2198 2001-09-19 Rob Siemborski <rjs3+@andrew.cmu.edu>
2199 * lib/getaddrinfo.c (getaddrinfo): Correct fix for
2200 AI_PASSIVE bug from Hajimu UMEMOTO <ume@mahoroba.org>
2201 * plugins/plugin_common.c, lib/common.c (_*_ipfromstring):
2202 revert to previous versions.
2204 * plugins/Makefile.am: Include necessry compatibility objects
2206 * lib/Makefile.am: compatibility code for static libsasl
2207 * configure.in: small changes to make compatibility objects easy
2210 2001-09-18 Rob Siemborski <rjs3+@andrew.cmu.edu>
2211 * plugins/plugin_common.c, lib/common.c (_*_ipfromstring):
2212 no longer use AI_PASSIVE hint for getaddrinfo
2214 2001-09-13 Rob Siemborski <rjs3+@andrew.cmu.edu>
2215 * saslauthd/auth_sasldb.c, saslauthd/auth_sasldb.h:
2216 Added experimental sasldb saslauthd module
2217 * saslauthd/configure.in: sasldb related config changes,
2218 do not config if disabled
2220 2001-09-12 Rob Siemborski <rjs3+@andrew.cmu.edu>
2221 * saslauthd/*, lib/checkpw.c (saslauthd_verify_password):
2222 merged new saslauthd protocol from Ken Murchison <ken@oceana.com>
2224 2001-08-30 Rob Siemborski <rjs3+@andrew.cmu.edu>
2226 * configure.in, saslauthd/configure.in: check for inet_aton
2227 in libresolv.so, so as to link it if necessary
2229 * config/sasldb.m4 (BERKELEY_DB_CHK_LIB): set runpath of library
2232 2001-08-29 Rob Siemborski <rjs3+@andrew.cmu.edu>
2234 * utils/testsuite.c: Minor testsuite fix (include paths)
2236 * Ready for 2.0.4-BETA
2238 2001-08-24 Rolf Braun <rbraun+@andrew.cmu.edu>
2240 * Mac OS 9 and X support, including Carbon
2241 Mac OS 9 Classic support based on the SASL v1 code
2242 by Aaron Wohl <n3liw+@andrew.cmu.edu>
2244 * updated ltconfig and ltmain.sh
2247 * lib/saslutil.c: use random() when jrand48() isn't available
2249 * dlcompat-20010505:
2250 dlcompat included for OS X support, compiles separately
2251 * lib/dlopen.c: prefix symbols with underscore on OS X, as on OpenBSD
2252 note that this is also detected automatically by configure,
2253 this only helps when cross-compiling (for OS X?)
2257 * config/kerberos_v4.m4
2258 look for libdes524 when libdes doesn't exist.
2259 look for libkrb4 when libkrb doesn't exist.
2265 split sasl_seterror() into a new file.
2266 add_string -> _sasl_add_string and made this non-static
2267 so seterror can use it.
2268 added _sasl_get_errorbuf to go into the conn_t struct
2269 so we don't have to know the format of that struct when
2270 seterror.c is linked from glue code (i.e., the Mac OS X CFM glue)
2273 fix the order of the fake iovec struct for systems that
2274 don't have it (like Mac OS 9) so it's the same order as
2275 most Unixes that do (like Mac OS X) -- the CFM glue needs this
2278 include <sys/types.h> before we include <sys/uio.h>
2280 * plugins/kerberos4.c:
2284 check for krb_get_err_txt in the kerberos 4 library,
2285 and use it instead of the krb_err_txt[] array if available
2287 * plugins/kerberos4.c:
2288 define KEYFILE to "/etc/srvtab" if not already defined
2289 by the kerberos 4 headers (needed for MIT KfM 4.0)
2291 * doc/macosx.html: added this
2292 * README: point Mac OS X users to doc/macosx.html
2293 * doc/Makefile.am: add doc/macosx.html to distfiles
2297 * include/Makefile.am:
2298 * config/Info.plist:
2300 when building on Mac OS X, install a framework
2301 in /Library/Frameworks
2304 projects and support files for Mac OS 9, classic and Carbon
2306 the glue to allow CFM Carbon applications under Mac OS X
2307 call the Unix-layer SASL library
2311 don't do the auxprop stuff on Mac OS 9
2313 * lib/getaddrinfo.c:
2314 don't look up hostnames on Mac OS 9 (we only officially
2315 support passing IP address strings anyway)
2317 * lib/getaddrinfo.c:
2318 * plugins/plugin_common.c:
2319 * plugins/plugin_common.h:
2320 don't include headers on Mac OS 9 that we don't have.
2322 * sample/sample-client.c:
2323 add a cast for Mac OS 9 (different type handling of char)
2325 * plugins/makeinit.sh:
2326 include the stub header to export the right symbols on Mac OS 9
2328 2001-08-20 Rob Siemborski <rjs3+@andrew.cmu.edu>
2329 * plugins/gssapi.c (gssapi_server_mech_step): fixed accidental
2330 back link into glue code
2332 * config/kerberos4.m4: Actually link in -lkrb
2334 2001-08-15 Rob Siemborski <rjs3+@andrew.cmu.edu>
2335 * lib/common.c (_sasl_iptostring): #if 0'd out.
2337 * lib/server.c (sasl_user_exists): only check the verifier we
2340 * config/kerberos_v4.m4 (SASL_DES_CHK): added
2341 * config/kerberos_v4.m4 (SASL_KERBEROS_V4_CHK): included
2342 entire check from configure.in
2343 * configure.in: moved kerberos 4 code completely out.
2344 * saslauthd/acconfig.h (WITH_DES, WITH_SSL_DES): Added
2347 2001-08-14 Rob Siemborski <rjs3+@andrew.cmu.edu>
2348 * configure.in: Check for sys/uio.h
2349 * saslauthd/configure.in: Check for sys/uio.h
2350 * config.h: Do the Right Thing for struct iovec (and
2351 no longer include sys/uio.h elsewhere)
2352 * saslauthd/config.h: Do the Right Thing for struct iovec (and
2353 no longer include sys/uio.h elsewhere)
2355 2001-08-13 Rob Siemborski <rjs3+@andrew.cmu.edu>
2356 * plugins/digestmd5.c (init_des, init_3des, enc_des, dec_des,
2357 enc_3des, dec_3des): fixed interoperability problems,
2358 3des was not decrypting with correct key and des was not
2359 setting up the initial vector.
2361 * lib/checkpw.c (always_true): log users who log in via this verifier
2363 2001-08-13 Rob Siemborski <rjs3+@andrew.cmu.edu>
2364 * utils/testsuite.c (giveokpath): fix memory leak
2366 * lib/common.c (sasl_ipfromstring): add call to freeaddrinfo()
2367 * plugins/plugin_common.c (_plug_ipfromstring): add call to
2370 * lib/saslutil.c (sasl_randseed): actually initialize the randpool
2372 * saslauthd/auth_getpwent.c (auth_getpwent): clear a warning
2373 * saslauthd/auth_shadow.c (auth_shadow): clear a similar warning
2375 * utils/Makefile.am (EXTRA_DIST): Actually include the needed files
2377 * saslauthd/configure.in: Handle shadow passwords correctly
2378 * saslauthd/acconfig.h: Handle shadow passwords correctly
2380 * lib/checkpw.c (always_true): added
2381 * configure.in: added check for alwaystrue verifier
2382 * acconfig.h: added HAVE_ALWAYSTRUE
2383 * doc/options.html: alwaystrue verifier documented
2385 2001-08-11 Rob Siemborski <rjs3+@andrew.cmu.edu>
2386 * saslauthd/: Now configures separately from SASL, so as
2387 to localize tests for that package within that package
2389 * utils/dbconverter-2.c (listusers_cb): fix handling of APOP
2391 2001-08-10 Rob Siemborski <rjs3+@andrew.cmu.edu>
2392 * saslauthd/Makefile.am (install-data-local):
2393 correct handling of $(DESTDIR) (and create the directory if it
2394 isn't there) [Amos Gouaux <amos@utdallas.edu>]
2396 * lib/server.c (sasl_server_init): Added plugname to add_plugin
2399 * doc/index.html: updated
2400 * doc/appconvert.html: cleaned up
2402 2001-08-09 Rob Siemborski <rjs3+@andrew.cmu.edu>
2403 * plugins/digestmd5.c (digestmd5_client_mech_step): handle
2404 missing authorization name
2405 * plugins/plain.c (plain_client_mech_step): handle
2406 missing authorization name
2408 * include/sasl.h: better documentation of SASL_CB_CANON_USER
2410 2001-08-08 Rob Siemborski <rjs3+@andrew.cmu.edu>
2411 * saslauthd/saslauthd.mdoc: updated re: pam
2412 * saslauthd/saslauthd.8: regenerated
2413 * saslauthd/Makefile.am: Link against PLAIN_LIBS also
2414 (from Ken Murchison <ken@oceana.com>)
2416 2001-08-07 Rob Siemborski <rjs3+@andrew.cmu.edu>
2417 * lib/client.c (sasl_server_step): corrected maxoutbuf handleing
2418 * lib/server.c (sasl_server_step): corrected maxoutbuf handleing
2419 * lib/saslint.h (DEFAULT_MAXOUTBUF): removed
2421 * lib/common.c (sasl_encodev, sasl_decode): maxbufsize checking
2423 * utils/testsuite.c (testseclayer,doauth): more security layer
2424 checking. Added parameter to doauth to disable fatal() calls,
2425 updated all callers.
2427 * utils/smtptest.c (main): added ability to support LMTP
2429 * plugins/gssapi.c: conform with draft-ietf-cat-sasl-gssapi-05.txt
2431 * doc/draft-ietf-cat-sasl-gssapi-05.txt: added
2432 * doc/Makefile.am (EXTRA_DIST): added above to EXTRA_DIST
2434 2001-08-06 Rob Siemborski <rjs3+@andrew.cmu.edu>
2435 * utils/dbconverter-2.c (listusers_cb): handle PLAIN-APOP
2437 * lib/client.c (sasl_client_add_plugin, client_done):
2439 * lib/server.c (sasl_server_add_plugin, server_done):
2441 * lib/dlopen.c (_sasl_plugin_load): correctly pass pluginname
2442 * lib/common.c (sasl_getprop): implement SASL_AUTHSOURCE properly
2443 * lib/saslint.h (cmechanism_t, mechanism_t): added plugname field
2444 * lib/canonusr.c (internal_canonuser_init): no longer limit
2446 * plugins/sasldb.c (sasldb_auxprop_plug_init): no longer limit
2449 2001-08-01 Rob Siemborski <rjs3+@andrew.cmu.edu>
2450 * utils/smtptest.c (iptostring): better behaved w.r.t endianness
2452 * plugins/cram.c (crammd5_server_mech_step): support for old-style
2454 * plugins/digestmd5.c (digestmd5_server_mech_step): support for
2456 * lib/checkpw.c (auxprop_verify_password,_sasl_make_plain_secret):
2457 support for old-style secrets
2458 * utils/dbconverter-2.c: added
2459 * utils/sasldblistusers.c (listusers): Print out property names
2460 as well as username@realm format.
2461 * utils/saslpasswd.c (_sasl_sasldb_set_pass): Correctly handle updates
2462 that concern old-style secrets
2464 * sasldb/allockey.c: Added a missing null to propName in key parser
2466 2001-07-31 Rob Siemborski <rjs3+@andrew.cmu.edu>
2467 * plugins/kerberos4.c (mech_avail): made static
2469 * plugins/kerberos4.c (mech_avail): fixed ipv4 check
2470 (patch from Hajimu UMEMOTO <ume@mahoroba.org>)
2472 * doc/appconvert.html: vague guide documenting our experience
2473 porting Cyrus IMAPd to use SASLv2
2474 * doc/Makefile.am: added appconvert.html
2476 * lib/client.c (sasl_client_new): fixed ip address setting to hit
2477 relevant params structures as well
2478 * lib/server.c (sasl_server_new): fixed ip address setting to hit
2479 relevant params structures as well
2480 * lib/common.c (sasl_setprop): fixed ip address setting to hit
2481 relevant params structures as well
2483 * lib/common.c (sasl_seterror): fixed spelling error
2485 2001-07-30 Rob Siemborski <rjs3+@andrew.cmu.edu>
2486 * sasldb/db_berkeley.c: utils->seterror() calls
2487 * sasldb/db_gdbm.c: utils->seterror() calls
2488 * sasldb/db_ndbm.c: utils->seterror() calls
2489 * sasldb/allockey.c: utils->seterror() calls
2491 * lib/common.c (sasl_seterror): still call logging callback with a
2494 * plugins/sasldb.c (sasldb_auxprop_lookup): support for multiple
2497 * plugins/Makefile.am: added -module to LDFLAGS
2499 * config/sasldb.m4: Allow specification of exact berkeley db
2500 lib and include paths
2501 * sasldb/Makefile.am: Add proper include directory
2503 * sasldb/sasldb.m4 (SASL_DB_BACKEND_STATIC): include allockey.o
2505 * Ready for 2.0.3-BETA
2507 * plugins/kerberos4.c (kerberos4_server_plug_init): reset
2508 srvtab when we do not load correctly.
2510 * lib/staticopen.c (_sasl_load_plugins): do not fail
2511 if a single plugin load fails
2513 * include/sasl.h (SASL_CLIENT_FALLBACK): removed
2515 2001-07-27 Rob Siemborski <rjs3+@andrew.cmu.edu>
2516 * configure.in: extracted SASLDB-related checking
2517 * config/sasldb.m4: added
2519 * configure.in: now cache the JNI include directory path
2521 * utils/testsuite.c: switch some sasl_errstrings to sasl_errdetail
2522 * plugins/gssapi.c: Fix error reporting
2524 * plugins/gssapi.c: Required SASL_CB_USER instead of SASL_CB_AUTHNAME
2526 * plugins/anonymous.c: Function name standardization
2527 * plugins/cram.c: Function name standardization
2528 * plugins/digestmd5.c: Function name standardization
2529 * plugins/gssapi.c: Function name standardization
2530 * plugins/kerberos.c: Function name standardization
2531 * plugins/login.c: Function name standardization
2532 * plugins/plain.c: Function name standardization
2534 * sasldb/allockey.c: Generalized SASLdb API
2535 * sasldb/db_berkeley.c: Generalized SASLdb API
2536 * sasldb/db_gdbm.c: Generalized SASLdb API
2537 * sasldb/db_ndbm.c: Generalized SASLdb API
2538 * sasldb/db_none.c: Generalized SASLdb API
2539 * sasldb/db_testw32.c: Added #error to block compile so the API will
2540 be fixed when we do the Win 32 port
2541 * plugins/sasldb.c: Use new SASLdb API
2542 * utils/saslpasswd.c: Use new SASLdb API
2544 2001-07-26 Rob Siemborski <rjs3+@andrew.cmu.edu>
2545 * lib/common.c (_sasl_getcallback): fixed reference to
2548 * configure.in: only build saslpasswd and sasldblistusers
2549 if we have a meaningfull libsasldb (e.g. not db_none),
2550 * utils/Makefile.am: only build saslpasswd and sasldblistusers
2551 if we have a meaningfull libsasldb (e.g. not db_none),
2553 * configure.in: conditionally build smtptest
2554 * utils/Makefile.am: conditionally build smtptest
2556 * sasldb/allockey.c (_sasldb_parse_key): added
2558 * sasldb/sasldb.h: New key list access API, added parameter to
2559 sasl_check_db (all callers updated, all callees updated)
2560 * sasldb/db_berkeley.c: Implement key list access API
2561 * sasldb/db_gdbm.c: Implement key list access API
2562 * sasldb/db_ndbm.c: Implement key list access API
2563 * sasldb/db_none.c: Implement key list access API
2565 * utils/sasldblistuser.c: Use libsasldb instead of internal
2568 * utils/saslpasswd.c: No longer have separate global_utils,
2569 call sasl_dispose and sasl_done
2571 * acconfig.h: check for inttypes.h
2572 * configure.in: check for inttypes.h
2573 * plugins/plugin_common.c: include, if necessary, inttypes.h,
2574 reference uint32_t instead of u_int32_t
2576 2001-07-25 Rob Siemborski <rjs3+@andrew.cmu.edu>
2577 * lib/saslint.h: changed "sasldb" verifier to "auxprop"
2578 * lib/server.c: changed "sasldb" verifier to "auxprop"
2579 * lib/checkpw.c: changed "sasldb" verifier to "auxprop"
2580 * utils/testsuite.c: changed "sasldb" verifier to "auxprop"
2581 * doc/options.html: changed "sasldb" verifier to "auxprop"
2583 * README: updated upgrade information
2585 * utils/Makefile.am (CLEANFILES): added
2587 * sasldb/allockey.c (alloc_key): single place for alloc_key()
2588 Removed alloc_key from other source files.
2589 * sasldb/sasldb.h: added declaration of alloc_key()
2591 * configure.in: added checks for db-3.3 and db3.3
2593 * plugins/digestmd5.c (get_realm): now error on empty user_realm
2595 * plugins/cram.c (client_required_prompts): removed redundant
2598 * plugins/plain.c (client_continue_step): server-send-last error
2600 * utils/testsuite.c (main): detailed client-send-first,
2601 server-send-last checking
2603 2001-07-24 Rob Siemborski <rjs3+@andrew.cmu.edu>
2604 * plugins/sasldb.c: Cleaned up calls into the glue code
2606 * java/Test/*: Cleaned up java test utilities
2608 * configure.in: Minor GSSAPI configure changes
2610 * utils/saslpasswd.c: Clarfied -d option for saslpasswd
2611 * utils/saslpasswd.8: Clarfied -d option for saslpasswd
2613 * doc/plugprog.html: Added plugin programmer's guide
2614 * doc/index.html: linked to plugin programmer's guide
2616 * configure.in: corrected configure checking of Berkeley DB
2617 (from Scot W. Hetzel <scot@genroco.com>)
2619 * configure.in: corrected checking for libcom_err
2620 (from Scot W. Hetzel <scot@genroco.com>)
2622 2001-07-23 Rob Siemborski <rjs3+@andrew.cmu.edu>
2623 * configure.in: Added check for db3/db.h
2625 * plugins/kerberos4.c Added mech_avail (checks for IP info)
2627 * lib/common.c: Fixed setting of serverFQDN in _sasl_conn_init
2629 * lib/server.c: Fully Implemented mech_avail calls in glue code
2631 * lib/server.c: Fixed allocation/destruction of sasl_conn_t's
2632 * lib/client.c: Fixed allocation/destruction of sasl_conn_t's
2633 * lib/common.c: Rely on earlier initialization in server.c and client.c
2635 * doc/options.html: added
2637 * ChangeLog: back to standard format
2639 2001-07-20 Rob Siemborski <rjs3+@andrew.cmu.edu>
2640 * Can now deal with variable client-first mechs such as
2641 DIGEST-MD5, though this interface is subject to change
2642 * Modified parseuser to deal better with default realms
2643 * Simplified realm handling in DIGEST-MD5 (getrealm callback
2644 is no longer required).
2645 * Cleaned up some memory management issues in DIGEST-MD5
2647 2001-07-19 Rob Siemborski <rjs3+@andrew.cmu.edu>
2648 * Fixed prototype of sasl_getpath_t to be in conformance with
2649 memory allocation rules
2650 * Fixed up samples directory
2651 * Try to dlopen using information in .la file if available
2652 (based on patch from
2653 Stoned Elipot <Stoned.Elipot@script.jussieu.fr>)
2654 * Resolution of most of the server-send-first and client-send-last
2655 issues (using mechanism feature flags)
2657 2001-07-18 Rob Siemborski <rjs3+@andrew.cmu.edu>
2658 * Updated config.guess and config.sub
2659 * Better underscore checking for dlsym
2660 * Resolved possible global_utils namespace collision
2661 * Updated sasldb library to be expandable to multiple properties
2662 if the need arises in the future.
2663 * IPv6 support from Hajimu UMEMOTO <ume@mahoroba.org>
2665 2001-07-17 Rob Siemborski <rjs3+@andrew.cmu.edu>
2666 * Extricated sasldb support to an auxprop plugin only.
2667 sasldb modifications can now only be done through the saslpasswd
2670 2001-07-13 Rob Siemborski <rjs3+@andrew.cmu.edu>
2671 * Fixed buffer overrun problem in sasldb auxprop plugin
2672 * Removed severe memory leak from testsuite
2673 * Version 2.0.2-ALPHA Released
2675 2001-07-11 Rob Siemborski <rjs3+@andrew.cmu.edu>
2676 * error reporting in KERBEROS_V4 plugin
2677 * vague handling of SASL_AUTHSOURCE for getprop
2678 * random misc error reporting bugs
2679 * basic error messages for GSSAPI plugin
2681 2001-07-10 Rob Siemborski <rjs3+@andrew.cmu.edu>
2682 * added client-send-first logic in glue code
2683 * removed some client-send-first logic in mechanisms
2684 * removed IPv4 specifics from sasl_conn_t
2685 * Much gluecode error revamping (store the error code
2688 2001-07-09 Rob Siemborski <rjs3+@andrew.cmu.edu>
2689 * Removed dependency on "name" in canonuser plugin structure
2690 * Update configure.in from a new configure.scan
2691 * Update copyright info in man pages, finished all API man pages
2692 * Added auxprop tests to testsuite
2693 * Added userdb callback support
2695 2001-07-09 Rob Siemborski <rjs3+@andrew.cmu.edu>
2696 * First attempt at making the java code work again
2697 * Minor memory and byte order bugfixes
2698 * Added testing support for dmalloc (--with-dmalloc)
2700 2001-07-06 Rob Siemborski <rjs3+@andrew.cmu.edu>
2701 * Loading of auxprop and canonuser plugins from DSOs
2702 (This still sucks performance wise, and will be fixed soon)
2703 * Fixed some lack of indirection in the plugins
2704 * Reverted to the v1 entry points for the plugins
2705 * Cleaned up a good deal of the library loading code so it
2706 now only gets called from the sasl_*_init functions, and
2707 all the cleanup happens in the common sasl_done function
2708 * Added SASL_IPREMOTEPORT and SASL_IPLOCALPORT to setprop,
2709 and now _sasl_conn_init calls it to do the same work.
2711 2001-07-05 Rob Siemborski <rjs3+@andrew.cmu.edu>
2712 * Working libsfsasl and smtptest program (--with-sfio)
2713 * Fixed sasldblistusers (atleast for Berkeley DB)
2714 * seterror() calls in ANONYMOUS, CRAM, PLAIN and LOGIN
2717 2001-07-03 Rob Siemborski <rjs3+@andrew.cmu.edu>
2718 * Static library compilation now optional (--with-staticsasl)
2719 Note that this is different from --enable-static, which causes
2720 libtool to build static versions of everything is is almost
2721 certainly NOT what you want.
2722 * Removed all references to the ancient NANA code.
2723 * Updated some documentation.
2725 2001-07-02 Rob Siemborski <rjs3+@andrew.cmu.edu>
2726 * Improved allocation efficiency of KERBEROS_V4, DIGEST-MD5,
2727 and GSSAPI security layers.
2728 * Fixed a decode bug in DIGEST-MD5 (and testsuite improvements to
2729 help find similar ones)
2730 * Fixed a number of solaris compiler warnings
2731 * Static Library Build Support
2733 2001-06-30 Rob Siemborski <rjs3+@andrew.cmu.edu>
2734 * Cleanup of some man pages (added sasl_errors.3)
2736 2001-06-29 Rob Siemborski <rjs3+@andrew.cmu.edu>
2737 * Cleanup of APOP Code + new man page (Ken Murchison <ken@oceana.com>)
2738 * Cleanup of comments in some files (Ken Murchison <ken@oceana.com>)
2739 * Fixed some compiler errors on Solaris using /opt/SUNWspro/bin/cc
2740 (Reported by Mei-Hui Su <mei@ISI.EDU>
2742 2001-06-28 Rob Siemborski <rjs3+@andrew.cmu.edu>
2743 * Improved memory allocation in default sasl_decode handler
2744 * Added ability to disable sasl_checkapop (--disable-checkapop)
2745 * Re-initialized kerberos mutex to NULL after it was freed
2747 2001-06-28 Rob Siemborski <rjs3+@andrew.cmu.edu>
2748 * Fixed a severe bug in DIGEST-MD5 Plugin
2749 * KERBEROS_V4 plugin now thread safe
2750 * Version 2.0.1-ALPHA Released (due to DIGEST-MD5 problem)
2752 2001-06-27 Rob Siemborski <rjs3+@andrew.cmu.edu>
2753 * Version 2.0.0-ALPHA Released