SASL authentication for nnrpd committed to CURRENT

[Russ Allbery]

I have just committed Ken Murchison's contribution of SASL authentication
support for nnrpd to CURRENT.  There is still work to be done on this to
fully integrate it into the rest of nnrpd's authentication infrastructure,
but it should already be usable as-is.

Caveats to be aware of:

 * At present, SASL authentication happens entirely independently of the
   auth blocks in readers.conf.  This will eventually be integrated, but
   for right now, whatever username SASL returns is just used as-is when
   matching access blocks (and key: is not supported).

 * The SASL ANONYMOUS authentication mechanism is supported and returns a
   user of "anonymous", which may be a surprise to the way that people
   have written access blocks in readers.conf.  We need to decide whether
   we want to support SASL ANONYMOUS at all, even if libsasl2 implements
   it.  (I'm not positive that it serves a useful purpose.)

Also, the previous method for configuring nnrpd's TLS (SSL) support relied
on a copy of a configuration parser that was internal to libsasl2 (and
hence caused symbol conflicts with it).  This has been removed completely
and those four options have just been moved into inn.conf.  innupgrade
knows how to make this change.

I'm not sure that that's the best place for them in the long run, but it
should be fairly harmless for right now.

In the process, I gave tlscertfile and tlskeyfile default values that
match what make cert generates, so those settings can be left off entirely
if people don't need to point them to unusual locations.

I also added a test suite for innupgrade while I was at it.

Thank you very much, Ken!

-- 
Russ Allbery (rra at stanford.edu)             <http://www.eyrie.org/~eagle/>

    Please send questions to the list rather than mailing me directly.
     <http://www.eyrie.org/~eagle/faqs/questions.html> explains why.