move line to avoid deprecated declaration errors outside of the kerberos block.

deal with OpenSSL-3.x

branches: 1.9.14;
switch everyone to openssl.old

If a library needs a symbol from another library, pull that library in
explicitly, even if the DT_NEEDED closure would normally already ensure
the presence.

branches: 1.7.2; 1.7.8;
Also note /etc/saslc.d.

Build and install MLINKS for the libsaslc(3) functions.

msg.c uses non-literal format strings

Upgrade Heimdal to 1.5pre1 by switching the build from crypto/dist/heimdal
to crypto/external/bsd/heimdal. The latter was just imported as the head
of the Heimdal tree as of a few days ago.

Don't use DPADD/LDADD for libraries. Use LIBDPLIBS instead.

Changes from Anon Ymous:

Make this library work.
- several API changes (see the manpage)
- take care to match the spec (hopefully)
- deal with comma delimited lists more systematically
- addition of the DIGEST-MD5 security layer
- syslog messages including debugging messages
- many coding simplifications, changes, rewrites, and additions (i.e.,
stuff I can't recall at the moment)
- rewrite the manpage

The API changes have been heavily influenced by hooking this up to
postfix(1).

The ANONYMOUS, LOGIN, PLAIN, CRAM-MD5, DIGEST-MD5, and GSSAPI
authentication mechanisms have been tested and shown to work for
authentication with a postfix(1) server using the cyrus-sasl library.
(A postfix(1) libsaslc(3) client wrapper was used for the testing and
will be committed separately.)

The EXTERNAL authentication mechanism should work (it is pretty
simple), but it has not been tested with any servers.

The security layers of DIGEST-MD5 and GSSAPI have also not been tested
with any servers. Do any SMTP servers really support these security
layers? Postfix with cyrus-sasl does not, either as a client or
server, even though the cyrus-sasl library has support for the layers.

The new DIGEST-MD5 security layer encode/decode routines have been
tested against themselves (not terribly useful), but nothing else. As
they use the openssl EVP_* routines (which aren't well documented) to
do the cryptography, the "auth-conf" layer may or may not actually
match the rfc2831 standard. The "auth-int" layer is much more likely
to be in compliance.

Note: I have left support for a version of AES in the DIGEST-MD5 code
even though it is not part of rfc2831 (May 2000). This flavor of AES
was in a later draft (June 2003) that was included in the cyrus-sasl
distribution, but changed to a different flavor of AES in subsequent
drafts (and DES disappeared). AFAIKT, none of those drafts have been
accepted; the last I could find expired in Sept 2007. rfc2831 is
still listed as standards track. The AES support is very minor (some
table entries and a few lines of code to construct the IV) and I was
asked to leave it for now.

Hopefully there are not too many bugs, memory leaks, or
spelling/grammar errors. My apologies in advance.

BTW, if you would prefer to use cyrus-sasl, install it (e.g., from
pkgsrc), and then rebuild postfix with HAVE_CYRUS_SASL defined.

branches: 1.1.1;
Initial revision

deal with OpenSSL-3.x

switch everyone to openssl.old

If a library needs a symbol from another library, pull that library in
explicitly, even if the DT_NEEDED closure would normally already ensure
the presence.

branches: 1.7.2; 1.7.8;
Also note /etc/saslc.d.

Build and install MLINKS for the libsaslc(3) functions.

msg.c uses non-literal format strings

Upgrade Heimdal to 1.5pre1 by switching the build from crypto/dist/heimdal
to crypto/external/bsd/heimdal. The latter was just imported as the head
of the Heimdal tree as of a few days ago.

Don't use DPADD/LDADD for libraries. Use LIBDPLIBS instead.

Changes from Anon Ymous:

Make this library work.
- several API changes (see the manpage)
- take care to match the spec (hopefully)
- deal with comma delimited lists more systematically
- addition of the DIGEST-MD5 security layer
- syslog messages including debugging messages
- many coding simplifications, changes, rewrites, and additions (i.e.,
stuff I can't recall at the moment)
- rewrite the manpage

The API changes have been heavily influenced by hooking this up to
postfix(1).

The ANONYMOUS, LOGIN, PLAIN, CRAM-MD5, DIGEST-MD5, and GSSAPI
authentication mechanisms have been tested and shown to work for
authentication with a postfix(1) server using the cyrus-sasl library.
(A postfix(1) libsaslc(3) client wrapper was used for the testing and
will be committed separately.)

The EXTERNAL authentication mechanism should work (it is pretty
simple), but it has not been tested with any servers.

The security layers of DIGEST-MD5 and GSSAPI have also not been tested
with any servers. Do any SMTP servers really support these security
layers? Postfix with cyrus-sasl does not, either as a client or
server, even though the cyrus-sasl library has support for the layers.

The new DIGEST-MD5 security layer encode/decode routines have been
tested against themselves (not terribly useful), but nothing else. As
they use the openssl EVP_* routines (which aren't well documented) to
do the cryptography, the "auth-conf" layer may or may not actually
match the rfc2831 standard. The "auth-int" layer is much more likely
to be in compliance.

Note: I have left support for a version of AES in the DIGEST-MD5 code
even though it is not part of rfc2831 (May 2000). This flavor of AES
was in a later draft (June 2003) that was included in the cyrus-sasl
distribution, but changed to a different flavor of AES in subsequent
drafts (and DES disappeared). AFAIKT, none of those drafts have been
accepted; the last I could find expired in Sept 2007. rfc2831 is
still listed as standards track. The AES support is very minor (some
table entries and a few lines of code to construct the IV) and I was
asked to leave it for now.

Hopefully there are not too many bugs, memory leaks, or
spelling/grammar errors. My apologies in advance.

BTW, if you would prefer to use cyrus-sasl, install it (e.g., from
pkgsrc), and then rebuild postfix with HAVE_CYRUS_SASL defined.

branches: 1.1.1;
Initial revision

switch everyone to openssl.old

If a library needs a symbol from another library, pull that library in
explicitly, even if the DT_NEEDED closure would normally already ensure
the presence.

branches: 1.7.2; 1.7.8;
Also note /etc/saslc.d.

Build and install MLINKS for the libsaslc(3) functions.

msg.c uses non-literal format strings

Upgrade Heimdal to 1.5pre1 by switching the build from crypto/dist/heimdal
to crypto/external/bsd/heimdal. The latter was just imported as the head
of the Heimdal tree as of a few days ago.

Don't use DPADD/LDADD for libraries. Use LIBDPLIBS instead.

Changes from Anon Ymous:

Make this library work.
- several API changes (see the manpage)
- take care to match the spec (hopefully)
- deal with comma delimited lists more systematically
- addition of the DIGEST-MD5 security layer
- syslog messages including debugging messages
- many coding simplifications, changes, rewrites, and additions (i.e.,
stuff I can't recall at the moment)
- rewrite the manpage

The API changes have been heavily influenced by hooking this up to
postfix(1).

The ANONYMOUS, LOGIN, PLAIN, CRAM-MD5, DIGEST-MD5, and GSSAPI
authentication mechanisms have been tested and shown to work for
authentication with a postfix(1) server using the cyrus-sasl library.
(A postfix(1) libsaslc(3) client wrapper was used for the testing and
will be committed separately.)

The EXTERNAL authentication mechanism should work (it is pretty
simple), but it has not been tested with any servers.

The security layers of DIGEST-MD5 and GSSAPI have also not been tested
with any servers. Do any SMTP servers really support these security
layers? Postfix with cyrus-sasl does not, either as a client or
server, even though the cyrus-sasl library has support for the layers.

The new DIGEST-MD5 security layer encode/decode routines have been
tested against themselves (not terribly useful), but nothing else. As
they use the openssl EVP_* routines (which aren't well documented) to
do the cryptography, the "auth-conf" layer may or may not actually
match the rfc2831 standard. The "auth-int" layer is much more likely
to be in compliance.

Note: I have left support for a version of AES in the DIGEST-MD5 code
even though it is not part of rfc2831 (May 2000). This flavor of AES
was in a later draft (June 2003) that was included in the cyrus-sasl
distribution, but changed to a different flavor of AES in subsequent
drafts (and DES disappeared). AFAIKT, none of those drafts have been
accepted; the last I could find expired in Sept 2007. rfc2831 is
still listed as standards track. The AES support is very minor (some
table entries and a few lines of code to construct the IV) and I was
asked to leave it for now.

Hopefully there are not too many bugs, memory leaks, or
spelling/grammar errors. My apologies in advance.

BTW, if you would prefer to use cyrus-sasl, install it (e.g., from
pkgsrc), and then rebuild postfix with HAVE_CYRUS_SASL defined.

branches: 1.1.1;
Initial revision

If a library needs a symbol from another library, pull that library in
explicitly, even if the DT_NEEDED closure would normally already ensure
the presence.

branches: 1.7.2; 1.7.8;
Also note /etc/saslc.d.

Build and install MLINKS for the libsaslc(3) functions.

msg.c uses non-literal format strings

Upgrade Heimdal to 1.5pre1 by switching the build from crypto/dist/heimdal
to crypto/external/bsd/heimdal. The latter was just imported as the head
of the Heimdal tree as of a few days ago.

Don't use DPADD/LDADD for libraries. Use LIBDPLIBS instead.

Changes from Anon Ymous:

Make this library work.
- several API changes (see the manpage)
- take care to match the spec (hopefully)
- deal with comma delimited lists more systematically
- addition of the DIGEST-MD5 security layer
- syslog messages including debugging messages
- many coding simplifications, changes, rewrites, and additions (i.e.,
stuff I can't recall at the moment)
- rewrite the manpage

The API changes have been heavily influenced by hooking this up to
postfix(1).

The ANONYMOUS, LOGIN, PLAIN, CRAM-MD5, DIGEST-MD5, and GSSAPI
authentication mechanisms have been tested and shown to work for
authentication with a postfix(1) server using the cyrus-sasl library.
(A postfix(1) libsaslc(3) client wrapper was used for the testing and
will be committed separately.)

The EXTERNAL authentication mechanism should work (it is pretty
simple), but it has not been tested with any servers.

The security layers of DIGEST-MD5 and GSSAPI have also not been tested
with any servers. Do any SMTP servers really support these security
layers? Postfix with cyrus-sasl does not, either as a client or
server, even though the cyrus-sasl library has support for the layers.

The new DIGEST-MD5 security layer encode/decode routines have been
tested against themselves (not terribly useful), but nothing else. As
they use the openssl EVP_* routines (which aren't well documented) to
do the cryptography, the "auth-conf" layer may or may not actually
match the rfc2831 standard. The "auth-int" layer is much more likely
to be in compliance.

Note: I have left support for a version of AES in the DIGEST-MD5 code
even though it is not part of rfc2831 (May 2000). This flavor of AES
was in a later draft (June 2003) that was included in the cyrus-sasl
distribution, but changed to a different flavor of AES in subsequent
drafts (and DES disappeared). AFAIKT, none of those drafts have been
accepted; the last I could find expired in Sept 2007. rfc2831 is
still listed as standards track. The AES support is very minor (some
table entries and a few lines of code to construct the IV) and I was
asked to leave it for now.

Hopefully there are not too many bugs, memory leaks, or
spelling/grammar errors. My apologies in advance.

BTW, if you would prefer to use cyrus-sasl, install it (e.g., from
pkgsrc), and then rebuild postfix with HAVE_CYRUS_SASL defined.

branches: 1.1.1;
Initial revision

branches: 1.1.1.1.2;
Initial import of Mateusz Kociels SASL client library Summer of Code
project into the repository. The project was mentored by Christos
Zoulas, and written up here:

http://netbsd-soc.sourceforge.net/projects/sasl_client_lib/

As discussed with Christos Zoulas.

Sync with HEAD

Rebase to HEAD as of a few days ago.

sync with head.

for a reference, the tree before this commit was tagged
as yamt-pagecache-tag8.

this commit was splitted into small chunks to avoid
a limitation of cvs. ("Protocol error: too many arguments")