Make SRP work and SASL|normal ldap uses and import the SRP password bug fix

Ref: cyrusimap/cyrus-sasl#740

Author: williamdes

docker/Dockerfile

@@ -13,6 +13,7 @@ FROM alpine:3.16 as build-env-sasl
 WORKDIR /workspace
 
 COPY saslauth-APKBUILD /workspace/APKBUILD
+COPY fix-srp-setpass.patch /workspace/fix-srp-setpass.patch
 ENV RSA_PRIVATE_KEY_NAME="sudo-bot@wdes.fr-temp.rsa"
 
 RUN apk add --no-cache --update alpine-sdk && \
@@ -74,7 +75,6 @@ RUN apk add --no-cache --update \
     echo '/root/packages/' > /root/packages/repositories && \
     apk add --allow-untrusted --keys-dir=/root/packages/ --no-network --no-cache --repositories-file=/root/packages/repositories \
         cyrus-sasl=${CYRUS_SASL_VERSION} \
-        cyrus-sasl-sql=${CYRUS_SASL_VERSION} \
         cyrus-sasl-static=${CYRUS_SASL_VERSION} \
         cyrus-sasl-srp=${CYRUS_SASL_VERSION} && \
     rm -rv /root/packages/* && \

docker/fix-srp-setpass.patch

@@ -0,0 +1,25 @@
+From 61e358da45d1740a722058d74aaecde76ae0abb0 Mon Sep 17 00:00:00 2001
+From: Howard Chu <hyc@symas.com>
+Date: Sat, 23 Jul 2022 19:51:42 +0100
+Subject: [PATCH] Fix SRP setpass
+
+Wrong argument to MakeBuffer. Fixes #740.
+
+Signed-off-by: Howard Chu <hyc@symas.com>
+---
+ plugins/srp.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/plugins/srp.c b/plugins/srp.c
+index 7cf36c27..67bee323 100644
+--- a/plugins/srp.c
++++ b/plugins/srp.c
+@@ -2296,7 +2296,7 @@ static int srp_setpass(void *glob_context __attribute__((unused)),
+ 	
+ 	r = MakeBuffer(text->utils, &text->out_buf, &text->out_buf_len,
+ 		       &bufferlen, "%s%m%o",
+-		       server_mda->name, &v, saltlen, salt);
++		       server_mda->name, v, saltlen, salt);
+ 	
+ 	if (r) {
+ 	    sparams->utils->seterror(sparams->utils->conn, 0, 

docker/sasl2-slapd.conf

@@ -1,5 +1,3 @@
-# mech_list: PLAIN EXTERNAL CRAM-MD5
-# EXTERNAL gssapi DIGEST-MD5 NTLM CRAM-MD5 LOGIN PLAIN SAML
 pwcheck_method: saslauthd
 saslauthd_path: /var/run/saslauthd/mux
 log_level: 0

docker/saslauth-APKBUILD

@@ -10,12 +10,14 @@ arch="all"
 license="custom"
 options="!check"  # No test suite.
 subpackages="
+	$pkgname-dbg
 	$pkgname-static
 	$pkgname-dev
 	$pkgname-doc
 	libsasl
 	$pkgname-srp:_plugin
 	$pkgname-sql:_plugin
+	$pkgname-ldapdb:_plugin
 	"
 # use heimdal to avoid circular dep: cyrus-sasl -> krb5 -> openldap -> cyrus-sasl
 makedepends="
@@ -31,6 +33,7 @@ makedepends="
 	libtool
 	"
 source="https://github.com/cyrusimap/cyrus-sasl/releases/download/cyrus-sasl-$pkgver/cyrus-sasl-$pkgver.tar.gz
+    fix-srp-setpass.patch
 	"
 
 # secfixes:
@@ -72,33 +75,35 @@ build() {
 		--with-devrandom=/dev/urandom \
 		--with-ldap \
         --with-pam \
+        --with-ldapdb \
 		--enable-static \
 		--enable-shared \
 		--enable-anon \
 		--enable-plain \
         --enable-srp \
         --enable-srp-setpass \
 		--enable-sql \
+		--enable-ldapdb \
 		--disable-otp \
         --disable-sia \
 		--disable-digest \
 		--disable-cram \
 		--disable-scram \
         --disable-passdss \
-        --disable-anonymous \
         --disable-httpform \
         --disable-auth-sasldb \
 		--disable-login \
 		--disable-ntlm \
 		--disable-krb4 \
 		--disable-gssapi \
-		--disable-ldapdb \
 		--disable-alwaystrue
 	make
+    # Use this line instead, to have a debug build
+    # make CFLAGS="-g -O0"
 }
 
 package() {
-	make -j1 DESTDIR="$pkgdir" install
+	make -j1 DESTDIR="$pkgdir" install STRIP=""
 	install -D -m644 COPYING "$pkgdir"/usr/share/licenses/$pkgname/COPYING
 }
 
@@ -125,4 +130,5 @@ libsasl() {
 
 sha512sums="
 db15af9079758a9f385457a79390c8a7cd7ea666573dace8bf4fb01bb4b49037538d67285727d6a70ad799d2e2318f265c9372e2427de9371d626a1959dd6f78  cyrus-sasl-2.1.28.tar.gz
+7f2c9e966e17a449dcb33964f5df9eb52003460e8c418fecad176ccfd72c76e5d62525b5ef541b5d5f6236f2c0da2eb2ba5a4e7fa03f8597df21ec5eecafcb94  fix-srp-setpass.patch
 "

docker/saslauthd.conf

@@ -1,9 +1,9 @@
 ldap_servers: ldapi:///
-ldap_use_sasl: no
+ldap_use_sasl: yes
 ldap_start_tls: no
 ldap_version: 3
 ldap_auth_method: bind
-ldap_mech: PLAIN
+ldap_mech: SRP
 ldap_bind_dn: cn=admin,{{ LDAP_BASE_DN }}
 ldap_bind_pw: admin
 ldap_search_base: {{ LDAP_AUTH_BASE_DN }}

docker/slapd.conf

@@ -26,9 +26,15 @@ authz-regexp
     uid=(.*)@(.*),cn=[^,]*,cn=auth
     mail=$1@$2,o=$2,{{ LDAP_AUTH_BASE_DN }}
 
+#sasl-regexp
+#    uid=(.*)@(.*),cn=[^,]*,cn=auth
+#    mail=$1@$2,o=$2,{{ LDAP_AUTH_BASE_DN }}
+
 sasl-host       127.0.0.1
 # https://www.cyrusimap.org/sasl/sasl/authentication_mechanisms.html#summary
 sasl-secprops   noanonymous,noactive,noplain
+# Not configured (yet)
+#sasl-auxprops   ldapdb
 password-hash   {SSHA} {CRYPT}
 
 #######################################################################

docker/tests/run.sh

@@ -53,11 +53,14 @@ ldapwhoami -H ldap://openldap -D "cn=Cyrielle Pondu,ou=people,dc=example,dc=org"
 echo 'Login as email 3'
 ldapwhoami -H ldap://openldap -D "mail=alice@warz.eu,o=warz.eu,ou=people,dc=example,dc=org" -w 'oHHGf7YyJSihb6ifSwNWZPtEGzijjp8'
 
+# -a slapd will make it use slapd.conf in the plugin config folder
+#echo "oHHGf7YyJSihb6ifSwNWZPtEGzijjp8" | saslpasswd2 -a slapd -n -p -c -u warz.eu edwin@warz.eu
+
 echo 'Login as email 4'
-#echo -e "\tUsing simple auth"
-#ldapwhoami -H ldap://openldap -D "mail=edwin@warz.eu,o=warz.eu,ou=people,dc=example,dc=org" -w 'oHHGf7YyJSihb6ifSwNWZPtEGzijjp8'
 echo -e "\tUsing SASL auth"
 ldapwhoami -Q -H ldap://openldap -U edwin@warz.eu -w 'oHHGf7YyJSihb6ifSwNWZPtEGzijjp8'
+echo -e "\tUsing simple auth"
+ldapwhoami -H ldap://openldap -D "mail=edwin@warz.eu,o=warz.eu,ou=people,dc=example,dc=org" -w 'oHHGf7YyJSihb6ifSwNWZPtEGzijjp8'
 
 echo 'Login as email 5'
 ldapwhoami -H ldap://openldap -D "mail=elana@caldin.eu,o=caldin.eu,ou=people,dc=example,dc=org" -w 'bandedetsylish'