Building Relationships Mac OS

The Cyrus SASL v2 distribution now supports Mac OS X, includingapplications written to Apple’s Carbon and Cocoa interfaces, as wellas the standard Unix-like API. It includes the followingcomponents:

  • A port of the Unix SASL library, which lives in /usr/local/lib/libsasl2.dylib(or similar) and with plugins in /usr/lib/sasl (which should be a symlink to /usr/local/lib/sasl).
  • A framework which lives in/Library/Frameworks/SASL2.framework, and allows the use of the-framework option to Apple’s ld, or linking with theframework in Project Builder. This framework is in fact a wrapper for asymlink to /usr/local/lib/libsasl2.dylib with the necessaryinformation to recognize it as a framework. This is what we expect manyCocoa and Carbon Mach-O applications will want to use, and the frameworkis required for CFBundle to work, which is used by the CFM glue library.
  • A CFM glue library (/Library/CFMSupport/SASL2GlueCFM) whichcan be linked in by Carbon CFM applications, that uses CFBundle to bindthe framework and thus load the Unix-level library. It automatically loadsthe important functions at sasl_client_init orsasl_server_init time; it also automatically makes sure memoryallocation works if you’re using the metrowerks malloc; if you’re not,sasl_set_alloc works as usual.
  • A Carbon port of the existing CFM library for Mac OS 9. Note thatthis could probably be modified fairly easily to work on OS X, butthere’s not much point. The CFM glue layer to the Unix librarysupports many more functions, including the entire server API; also,the Unix implementation is mostly independent of Kerberosimplementation, while the Mac OS 9 Carbon port specifically requiresMIT Kerberos for Macintosh 3.5 or later in order to get Kerberossupport. The Mac OS 9 code implements only the client API, but this ismostly what is wanted from SASL on OS 9 anyway.

If you are building a Carbon CFM application and intend it to run onboth OS 9 and OS X, you should link against the OS 9 Carbon SASLlibrary, since it exports fewer APIs (client side only, specifically)than the OS X CFM glue. Your application should work seamlessly withboth libraries if you do this, despite the different implementationsunderneath.

With its back against the wall and its internal software development failing, Apple was left with only desperation moves. Fortunately, it made a good one: Mac OS X 10.0, which shipped 20 years ago. Building in a ssh session. In some cases it seems that if you are building in a ssh session, some unit tests fail unless you also have a windowing session open to the machine, either on the physical console or through Screen Sharing. Building LibreOffice takes time, a lot of time. Explore the world of Mac. Check out MacBook Pro, MacBook Air, iMac, Mac mini, and more. Visit the Apple site to learn, buy, and get support.

ConceptDraw DIAGRAM software for Mac extended with the Entity-Relationship Diagram (ERD) solution is the best tool for drawing ER diagrams on a Mac. ER diagram tool for OS X ER diagram is the most popular database design tool which lets create graphical representations of database tables, their columns and also relationships.

If you need a Carbon CFM application to support server-side SASLfunctionality, you need to link against the SASL2GlueCFMlibrary, but be aware that your application will not run on OS 9.

Compiling and Using the Unix library¶

The Unix library is mostly ready to build on Mac OS X, but it does dependon the dlcompat package in order to load its plugins.dlcompat-20010505 is a relatively simple version known to workwith SASL; it is provided with the distribution in a tarball. You shouldmake and makeinstall the dlcompat library(which probably goes into /usr/local/lib/libdl.dylib) beforeattempting to ./configure the SASL distribution itself. SASL willthen pretend it’s a real Unix libdl, and link against it.

Since there are, at this point, newer and far more complex versions ofdlcompat, you may prefer to use those instead if other software requirestheir functionality. The dlcompat homepage is located on the OpenDarwinsite. Many users may want to install the /sw tree from the Fink project to get this, aswell as possibly newer autotools and other software.

As of version 2.1.16, SASL uses and requires a recent version of GNUautotools (autoconf, automake, and libtool) to build its configuration scripts.If you are building from GIT, you will need to have the autotools installedon your system. The version included with all releases of the developer toolsfor OS X 10.2.x is too old for this; if you aren’t using OS X 10.3 or later,you should upgrade to more recent patchlevels of these tools. The easiest wayto do this is to install the Fink environment and then apt-getinstallautoconf2.5automake1.7libtool14.

Recent versions of SASL ship with Kerberos v4 disabled by default.If you need Kerberos v4 for some reason, and you are using MIT Kerberosfor Macintosh 4.0 or later, you should ./configure withthe added options '--enable-krb4=/usr--without-openssl--disable-digest' so that it finds thecorrect location for the header files, and does not use OpenSSL orbuild anything that depends on it (such as the digest-md5 plugin),since OpenSSL provides its own DES routines which do not work withKerberos v4.

Warning

Please read the “Known Problems” section at the end ofthis document for more information on this issue.

Building

You must be root to make install, since /usr/local is onlymodifiable by root. You need not enable the root account usingNetInfo; the recommended (but underdocumented) method is to usesudo-s from the Terminal window when you are logged into anadministrator’s account, and enter the password for that account. Whenbuilding on Mac OS X, makeinstall will automatically add theframework to /Library/Frameworks.

This does not build the CFM glue library. Building the CFM gluelibrary requires Metrowerks CodeWarrior Pro 6 or later (tested with6), and the files necessary to build it are in themac/osx_cfm_glue folder.

Changes to the Unix library to make it work on OS X¶

This is provided for reference purposes only. The build system willautomatically take care of all of these issues when building on Darwinor Mac OS X.

  • The random code supports the preferred way to generate randomnumbers in Darwin. (In SASL v2, it does this on all unix-likeplatforms that lack jrand48). Note that Mac OS X “Jaguar”, version10.2,now has the standard jrand48 function, and that SASL will use thisinsteadof the previous workaround.
  • Symbols which are dlopened have an underscore prefixed. (Thisbehavior is detected by configure in SASL v2.)
  • Plugins are linked with the -module option to libtool,which causes the -bundle option to besupplied to Apple’s ld. (This is done on all platforms inSASL v2.)
  • The MD5 symbols are renamed to avoid library conflicts. Thisallows proper compilations against Heimdal and MIT’s unix kerberosdistribution, and prevents crashes when linked against MIT Kerberosfor Macintosh (which also duplicates the symbols, but in a differentway). Note that the MD5 symbols have local names on all platforms withSASL v2; this was only different in SASL v1.
  • MIT Kerberos for Macintosh 4.0 and later are fully supported. Thiswas accomplished by using krb_get_err_text if available andchecking for additional names for the krb4 libraries.

Changes to the Mac OS 9 projects to support Carbon¶

Warning

Please read these notes before you attempt to build SASL for OS 9 Carbon!

  • Important! You must make sure that all files have theircorrect HFS filetype before starting to build this code! Inparticular, all source and text files must be of type 'TEXT',which is not the default if you use the Mac OS X GIT client to checkout the projects. If you run into this problem, you may want to use autility such as FileTyper to recursively change the type on allfiles. CodeWarrior is less picky about the projects’ filetypes, butsetting them to filetype 'MMPr', creator code 'CWIE'may be helpful in opening the projects from the Finder. Users on Mac OSX familiar with the Unix findcommand should be able to rig /Developer/Tools/SetFileto do this job as well.
  • Many of the important projects (for libdes, libsasl,build_plugins, and the sample client sc_shlb)have Carbon versions.
  • Plugins are loaded from a Carbon subfolder of the SASLv2 folder in the Extensions folder. Plugins directlyin the SASLv2 folder are considered to be for the Classiclibraries.
  • Note that when using the build_plugins project, you mustgenerate the plugin init files using the makeinit.sh script inthe plugins directory. The easiest way to do this is to run thescript from a Unix shell, such as Mac OS X. You must then fix thefiletypes of the generated source files (see above).
  • There is a new folder in CommonKClient called mac_kclient3which contains code compatible with MIT’s new KClient3.0API. This folder must be in your CodeWarrior access paths, theold mac_kclient folder must not, and it must precede theproject’s main folder.
  • The kerberos4 plugin uses this new code. The kerberos4 pluginalsostatically links the Carbon libdes, and no other part ofCarbon SASL uses libdes directly. Your application should**not* link against* libdes.shlbunder Carbon!(It causes problems due to DES symbols also existing in the MITKerberos library, which loads first.)
  • To build the projects, you should have the MIT Kerberos forMacintosh 3.5 installation disk images mounted, since the access pathsinclude the absolute paths to the library directories from thatimage. It’s easier than you having to find the paths yourself, andsmaller than having to distribute the libraries with SASL.

Known Problems¶

Building Relationships Mac Os 11

  • The Kerberos v4 headers bundled with Mac OS X (and Kerberos forMacintosh) are not compatible with OS X’s OpenSSL headers. (Kerberos v4support is disabled by default.) If you actually need krb4 support, theeasiest solution is to build without using OpenSSL’slibcrypto. To do this, specify the --without-openssloption to configure. As of version 2.1.18, this automaticallydisables using libcrypto for DES as well. You will probablyalso need to specify --disable-digest since the digestmd5 plugindoes not build against Kerberos v4’s DES headers or library. Note thatthis disables several features (DIGEST-MD5, NTLM, OTP, PASSDSS, SCRAM, SRP)which require OpenSSL. If both Kerberos v4 and functionality that requiresOpenSSL are needed, it is possible to build the Kerberos v4 plugin againstthe correct K4 DES libraries, and everything else against OpenSSL;however, we do not support that configuration.
  • Versions of Cyrus SASL prior to 2.1.14 with support for CarbonCFM applications on Mac OS X have a known bug involving the CFM gluecode (in mac/osx_cfm_glue). If sasl_done is calledto unload the SASL library, and then one of the initializationfunctions (such as sasl_client_init) is called toreinitialize it from the same process, the application will crash. Afix for one obvious cause of this problem is included in 2.1.14;however, as of this writing, it has not been tested. It is possiblethat other bugs in Cyrus SASL, or deficiencies in Apple’s libraries,will make this fix insufficient to resolve this issue.