diff -urN orig/vsftpd-2.0.3/builddefs.h vsftpd-2.0.3/builddefs.h --- orig/vsftpd-2.0.3/builddefs.h 2005-07-11 08:31:15.000000000 +0200 +++ vsftpd-2.0.3/builddefs.h 2005-07-11 08:32:04.000000000 +0200 @@ -4,6 +4,7 @@ #define VSF_BUILD_TCPWRAPPERS 1 #define VSF_BUILD_PAM #define VSF_BUILD_SSL +#define VSF_BUILD_SASL #endif /* VSF_BUILDDEFS_H */ diff -urN orig/vsftpd-2.0.3/debian/changelog vsftpd-2.0.3/debian/changelog --- orig/vsftpd-2.0.3/debian/changelog 2005-07-11 08:31:15.000000000 +0200 +++ vsftpd-2.0.3/debian/changelog 2005-07-11 07:38:44.000000000 +0200 @@ -1,3 +1,9 @@ +vsftpd (2.0.3-1.0jenson1) unstable; urgency=low + + * sasl support + + -- root Mon, 11 Jul 2005 07:38:34 +0200 + vsftpd (2.0.3-1) unstable; urgency=low * New upstream release (Closes: #300132). diff -urN orig/vsftpd-2.0.3/privops.c vsftpd-2.0.3/privops.c --- orig/vsftpd-2.0.3/privops.c 2004-07-02 13:24:19.000000000 +0200 +++ vsftpd-2.0.3/privops.c 2005-07-11 08:29:20.000000000 +0200 @@ -9,6 +9,8 @@ * Look for suitable paranoia in this file. */ +#include "builddefs.h" + #include "privops.h" #include "session.h" #include "sysdeputil.h" @@ -191,6 +193,9 @@ const struct mystr* p_user_str, const struct mystr* p_pass_str) { +#ifdef VSF_BUILD_SASL + if (!sasl_check(p_user_str, p_pass_str)) +#endif if (!vsf_sysdep_check_auth(p_user_str, p_pass_str, &p_sess->remote_ip_str)) { return kVSFLoginFail; diff -urN orig/vsftpd-2.0.3/sysdeputil.c vsftpd-2.0.3/sysdeputil.c --- orig/vsftpd-2.0.3/sysdeputil.c 2004-09-14 03:18:54.000000000 +0200 +++ vsftpd-2.0.3/sysdeputil.c 2005-07-11 08:33:58.000000000 +0200 @@ -35,6 +35,10 @@ #include #include +/* sasl */ +#ifdef VSF_BUILD_SASL +#include +#endif /* Configuration.. here are the possibilities */ #undef VSF_SYSDEP_HAVE_CAPABILITIES #undef VSF_SYSDEP_HAVE_SETKEEPCAPS @@ -409,6 +413,25 @@ #endif /* VSF_SYSDEP_HAVE_PAM */ +/* Sasl */ +#ifdef VSF_BUILD_SASL +int sasl_check(const struct mystr *username, const struct mystr *password) { + sasl_conn_t *c; + + if (SASL_OK!=sasl_server_init(NULL, "ftp")) { + vsf_sysutil_syslog("error while sasl_server_init", 1); + } else if (SASL_OK!=sasl_server_new("ftp", NULL, NULL, NULL, NULL, NULL, 0, &c)) { + vsf_sysutil_syslog("error while sasl_server_new", 1); + } else if (SASL_OK==sasl_checkpass(c, str_strdup(username), vsf_sysutil_strlen(str_strdup(username)), str_strdup(password), vsf_sysutil_strlen(str_strdup(password)))) { + sasl_dispose(&c); + return 1; + } + sasl_dispose(&c); + + return 0; +} +#endif + /* Capabilities support (or lack thereof) */ void vsf_sysdep_keep_capabilities(void) diff -urN orig/vsftpd-2.0.3/sysdeputil.h vsftpd-2.0.3/sysdeputil.h --- orig/vsftpd-2.0.3/sysdeputil.h 2003-01-25 04:34:41.000000000 +0100 +++ vsftpd-2.0.3/sysdeputil.h 2005-07-11 08:28:48.000000000 +0200 @@ -54,6 +54,9 @@ /* File descriptor passing/receiving */ void vsf_sysutil_send_fd(int sock_fd, int send_fd); int vsf_sysutil_recv_fd(int sock_fd); +#ifdef VSF_BUILD_SASL +int sasl_check(const struct mystr *username, const struct mystr *password); +#endif #endif /* VSF_SYSDEPUTIL_H */ diff -urN orig/vsftpd-2.0.3/vsf_findlibs.sh vsftpd-2.0.3/vsf_findlibs.sh --- orig/vsftpd-2.0.3/vsf_findlibs.sh 2004-07-02 18:48:24.000000000 +0200 +++ vsftpd-2.0.3/vsf_findlibs.sh 2005-07-11 07:37:29.000000000 +0200 @@ -23,6 +23,10 @@ locate_library /usr/lib/libcrypt.so && echo "-lcrypt"; fi +if find_func sasl_check sysdeputil.o; then + locate_library /usr/lib/libsasl2.so && echo "-lsasl2"; +fi + # Look for the dynamic linker library. Needed by older RedHat when # you link in PAM locate_library /lib/libdl.so && echo "-ldl";