Building and Using Cyrus SASL on OS/390

Cyrus SASLv2 can be made to build on OS/390 with some minimal changes. Here are the suggestions provided by Howard Chu of the OpenLDAP project.

Cyrus SASL must be compiled in ASCII mode. This can be accomplished with a special invocation of c89. For ease of use, you can use a shell script (“acc” is a good name) and set the environment variable CC = acc before configuring anything. The shell script is simple:

#! /bin/sh
exec /bin/c89 -Wc,CONVLIT\(ISO8859-1\) -Wc,LANGLVL\(EXTENDED\) -D__LIBASCII $*

To build the source, you’ll need to set these environment variables, at a minimum:

_C89_CCMODE=1
CC=acc
CPP="c89 -E"
LD=c89
CPPFLAGS=-D_ALL_SOURCE

That should allow you to run configure and get a coherent build environment. Before you type “make” from the top level though, do this:

cd include
make CC=c89

In my initial tests I was able to use SASL/EXTERNAL to perform X.509-based authentication with slapd. I have subsequently tested the DIGEST-MD5 mechanism, using OpenLDAP’s slapd for storage of the secrets. It worked without any trouble. Note, I configured sasl –with-dblib=none to prevent it from trying to use its own sasldb. This is simply because I haven’t had the time to fix the EBCDIC/ASCII dependencies in the rest of the SASL library. Run as-is with a real database backend, the sasldb would try to create ASCII-named database files, which would be very unpleasant. The required fixes are trivial, but they are also numerous, and it is a very time-consuming task to track down all the dependencies.

Note that this minimal-effort port of SASL will probably only work in the context of OpenLDAP (though it may work with other special-case auxprop plugins).

No effort has been made to fix the ASCII filenames in the library, this SASL library will be unable to create/parse/handle native config files or database files. This is why I’ve only tested it using secrets stored in slapd, and why I only tried SASL/EXTERNAL at first. (EXTERNAL has no config parameters, and is part of libsasl2 itself, so it doesn’t need to be dynamically loaded from anywhere.)