3 2009-12-17 Sam Varshavchik <mrsam@courier-mta.com>
5 * authldapescape.c: Factor out LDAP string escape function.
7 * authldap.schema: Various fixes
9 * authldap.ldif (olcObjectClasses): Create LDIF format schema from
12 2009-11-21 Sam Varshavchik <mrsam@courier-mta.com>
14 * authoption.c (auth_getoptionenvint): For account options that
15 are parsed to an int, an option value that begins with t, T, y, or Y
16 is evaluated as 1, other alphabetic values as 0; so that 'true'
17 or 'yes' get evaluated as 1.
21 2009-06-13 Sam Varshavchik <mrsam@courier-mta.com>
23 * Various compilation fixes for gcc 4.4 and libtool 2.2
27 2009-04-26 Sam Varshavchik <mrsam@courier-mta.com>
29 * courier-authlib.spec.in (MAKEFLAGS): Explicit path to ./configtmp
31 2009-03-15 Sam Varshavchik <mrsam@courier-mta.com>
33 * README_authlib.sgml: Fixed documentation of authpipe AUTH command.
35 2009-02-22 Sam Varshavchik <mrsam@courier-mta.com>
37 * authmigrate.in (rc): Add /etc/courier-imap
41 2009-02-03 Sam Varshavchik <mrsam@courier-mta.com>
43 * Makefile.am: Compatibility fix for bash 4
47 2008-12-25 Mr. Sam <mrsam@courier-mta.com>
49 * cryptpassword.c: Fix compiler warnings
51 * checkpasswordsha1.c: Fix compiler warnings.
53 * authldaplib.c (auth_ldap_enumerate): Fix typo.
57 2008-12-17 Sam Varshavchik <mrsam@courier-mta.com>
59 * authpgsqllib.c: Use PQescapeStringConn() instead of removing all
60 apostrophes from query parameters. This fixes a potential SQL injection
61 vulnerability if the Postgres database uses a non-Latin locale.
63 2008-12-06 Sam Varshavchik <mrsam@courier-mta.com>
65 * Added support for {SSHA}-encrypted passwords. Based on a patch
66 by Zou bin <zb@bisp.com>.
68 * Added support for {SHA512} hash function.
72 2008-11-30 Sam Varshavchik <mrsam@courier-mta.com>
74 * authsasllogin.c (authsasl_login): Fix memory leak.
76 * authldaplib.c (read_env): Fix resource leak. authldap did not close
77 the authldaprc configuration file after reading it on startup.
79 * authldaplib.c (auth_ldap_do2): Fix used ptr after free(). When an
80 email map feature is enabled, and the map failed, the resulting
81 error message was formed from a buffer that was recently free()ed.
83 * authpipe.c (auth_pipe): Fix memory leak. If the fork() system call
84 failed (unlikely), a buffer wasn't getting released.
86 2008-11-30 Sam Varshavchik <mrsam@courier-mta.com>
88 * Fix spec file to invoke authmksock with a short pathname.
90 2008-08-07 Mr. Sam <mrsam@courier-mta.com>
92 * courier-authlib.spec.in: Add -C option to configure invocation.
93 Remove the authmigrate script, only needed when upgrading from
94 pre-2004 Courier, and the current packaging causes an error.
96 2008-07-20 "Hanno Böck" <hanno@hboeck.de>
98 * authmigrate.in (rc): Use ${DESTDIR}, if set.
102 2008-07-13 Mr. Sam <mrsam@courier-mta.com>
104 * courier-authlib.spec: Dummy provides: for symlinks, to allow upgrade
105 with older packages that require <libname>.so.0.
107 2008-07-09 Mr. Sam <mrsam@courier-mta.com>
109 * Makefile.am: Switch to versionless shared libraries.
110 Install all shared libraries just as <libname>.so. make install manually
111 removes *.so.0.0 files that were left over from previous versions,
112 and installs a temporary *.so.0 symlink to *.so, for temporary
113 binary ABI compatibility with 0.60. The symlinks will be removed in
116 2008-07-08 Mr. Sam <mrsam@courier-mta.com>
118 * Cleanup: always compile md5, sha* and hmac stuff, and remove all
119 conditionally-compiled cruft. Move SASL list to an internal header.
120 Add client-side support for AUTH EXTERNAL.
122 2008-06-29 Mr. Sam <mrsam@courier-mta.com>
124 * authsasl.c (auth_sasl_ex): auth_sasl_ex() supercedes auth_sasl(),
125 invokes auth_sasl() for non-EXTERNAL SASL methods, implements EXTERNAL
126 by going through the motions, then setting up a dummy authentication
129 * authdaemon.c (auth_generic): Check for the dummy EXTERNAL
130 authentication request, and handle it by invoking auth_getuserinfo(),
131 rather than sending it down the pipe. This avoid having to implement
132 a stub in every authentication module.
136 2008-06-08 Alessandro Vesely <vesely@tana.it>
138 * authmysqllib.c: Use mysql_set_character_set() instead of SET NAMES
142 2008-05-16 Mr. Sam <mrsam@courier-mta.com>
144 * authmysqllib.c: Fix domain-less queries.
148 2008-05-08 Mr. Sam <sam@email-scan.com>
150 * Makefile: Drop the unmaintained authvchkpw module.
152 2008-05-04 Mr. Sam <mrsam@courier-mta.com>
154 * authmysqllib.c: Cleanup. Use mysql_real_escape_string instead of
159 2007-11-11 Mr. Sam <sam@email-scan.com>
161 * Makefile.am: Use _LIBADD properly.
163 2007-10-15 "Johnny C. Lam" <jlam-courier@buildlink.org>
165 * configure.in: More portability fixes.
169 2007-10-10 "Johnny C. Lam" <jlam-courier@buildlink.org>
171 * liblock/lockdaemon.c: Portability fix for checking the highest
172 available file descriptor.
176 2007-10-06 Anton Dobkin <adobkin@viansib.ru>
178 * MYSQL_CHARACTER_SET option.
180 2007-10-06 Oliver Lehmann <lehmann@ans-netz.de>
182 * authvchkpw.c: Fix typo.
184 2007-10-06 Wayne Pascoe <courier@penguinpowered.org>
186 * courier-authlib.spec.in (BuildRequires): on redhat-rpm-config.
188 2007-10-06 Mr. Sam <mrsam@courier-mta.com>
190 * userdb/userdb.pl.in (usage): Allow colons and pluses, in account
193 2007-10-06 Martin <psiplus@gmail.com>
195 * checkpasswordmd5.c (authcheckpasswordmd5): Add {MD5RAW} hash method.
199 2007-09-25 "Johnny C. Lam" <jlam-courier@buildlink.org>
201 * liblock/lockdaemon.c (OPEN_MAX): Use OPEN_MAX, instead of hardcoded
204 2007-09-25 Mr. Sam <mrsam@courier-mta.com>
206 * liblock/lockdaemon.c (OPEN_MAX): Even better, use
207 sysconf(_SC_OPEN_MAX), where available.
209 2007-09-20 Mr. Sam <sam@email-scan.com>
211 * userdb/userdb.pl.in: Allow underscores in account names.
213 2007-08-29 "Noel (Sourceforge)" <noelb@users.sourceforge.net>
215 * authvchkpw.c: Compilation error.
217 2007-07-26 Mr. Sam <sam@email-scan.com>
221 2007-04-25 Mr. Sam <mrsam@courier-mta.com>
223 * authvchkpw.c: Quell a compiler warning about a fwd declaration.
227 2007-04-22 Bill Shupp <hostmaster@shupp.org>
229 * Implement CRAM authentication in the vchpw module.
231 2007-04-22 Mr. Sam <mrsam@courier-mta.com>
233 * courier-authlib.spec.in: spec files requires redhat-rpm-config
235 2007-04-15 Mr. Sam <mrsam@courier-mta.com>
237 * man pages: work around for some bugs in Docbook XML stylesheets.
239 2007-04-13 Mr. Sam <mrsam@courier-mta.com>
241 * authpipe.c (auth_pipe_pre): Fix leak when authpipe module is
242 enabled, but the actual authpipe script/external prog is not
245 * authpipe.c (auth_pipe_chgpwd): Pedantic resource cleanup,
248 * userdb/userdb.c (userdb): Pedantic resource cleanup, after
251 * userdb/userdb2.c (userdbshadow): Ditto.
255 2007-04-05 Mr. Sam <mrsam@courier-mta.com>
257 * Update man pages and documentation to Docbook XML V4.4
259 2007-02-25 Mr. Sam <mrsam@courier-mta.com>
261 * More configure script cleanup
263 2007-02-25 Kurt Roeckx <kurt@roeckx.be>
265 * Clean up configure scripts
267 2007-02-09 Juraj Lutter <otis@wilbury.sk>
269 * authmysqlrc: Implement SSL-encrypted MySQL connections
271 2007-01-20 Mr. Sam <mrsam@courier-mta.com>
273 * authldaplib.c: Fix pedantic C code.
277 2007-01-16 Mr. Sam <mrsam@courier-mta.com>
279 * authldaplib.c (l_simple_bind_s): Fix anon binds.
283 2006-12-30 Lars Timmann <Lars.Timmann@mcs.de>
285 * Makefile.am: Fixes for Solaris's linker.
287 2006-10-28 Mr. Sam <mrsam@courier-mta.com>
289 * Ported code to gcc 4.1.1
291 * Ported authldap to openldap 2.3.27
293 2006-09-17 Chris Petersen <rpm@forevermore.net>
295 - Make the spec a little prettier
296 - Replace BuildPreReq with BuildRequires
297 - Remove period from summaries (rpmlint)
298 - Fix release tag to use %{?dist} macro if it's present
299 - Change distro-detection to use "rh" and "fc" for version detection, and add support for mandriva
301 2006-06-01 kabe@sra-tohoku.co.jp
303 * authldaplib.c (auth_ldap_enumerate): Fix LDAP account enumeration
305 2006-05-28 Mr. Sam <mrsam@courier-mta.com>
307 * all: Fix many compiler warnings.
309 2006-03-25 Rui Lopes <rui@ruilopes.com>
311 * userdb/makeuserdb.in: Added the -f option to makeuserdb
313 2006-02-23 Mr. Sam <mrsam@courier-mta.com>
315 * authldaplib.c (authldap_read_config): Fix up an error message.
317 2006-01-30 Mr. Sam <mrsam@courier-mta.com>
319 * authldaplib.c: Try to recover when the LDAP server closes the
320 persistent socket, for inactivity.
322 2006-01-21 Mr. Sam <mrsam@courier-mta.com>
324 * configure.in: Fix libtool 1.9 breakage.
328 * courier-authlib spec file (BuildRequires): Demand /usr/include/ltdl.h
330 * authdaemonlib.c (s_connect): Fix compiler warning.
332 * authdaemond.c (start): Ditto.
334 * authsaslclientcram.c (authsaslclient_cram): Ditto.
336 * libhmac/hmac.c (dohashkey): Ditto.
340 2005-12-08 Mr. Sam <mrsam@courier-mta.com>
342 * authpam.c (dopam): Re-enable pam_acct_mgmt hook.
344 2005-11-16 Mr. Sam <mrsam@courier-mta.com>
346 * preauthshadow.c: Add support for shadow password expiration --
347 based on Krzysztof Oledzki <ole@ans.pl>'s patch.
349 2005-10-04 Brian Candler <B.Candler@pobox.com>
351 * authdaemonrc.in (LOGGEROPTS): Add a section for LDAP environment
354 2005-09-30 Mr. Sam <mrsam@courier-mta.com>
356 * authdaemonlib.c (opensock): Configurable daemon socket timeout,
357 based on a patch by Rodrigo Salinas <rodrigo@facea.uchile.cl>.
359 2005-09-30: Michael Richard <michael.richard@cesart.com>
361 * authldaplib: Replace LDAP_SERVER and LDAP_PORT settings with
362 LDAP_URI, which obsoletes LDAP_TLS.
364 2005-09-18 Mr. Sam <mrsam@courier-mta.com>
366 * authldaplib.c (auth_ldap_do2): Fix LDAP error checking.
368 2005-09-03 Mr. Sam <mrsam@courier-mta.com>
370 * authinfo.c (getmgid): Fix misleading error message.
372 2005-08-10 "Johnny C. Lam" <jlam@NetBSD.org>
374 * authpipelib.c: Include sys/time.h
378 2005-07-16 Mr. Sam <mrsam@courier-mta.com>
380 * configure.in: Update to automake 1.9, autoconf 2.59, libtool 1.5.6.
382 2005-07-12 Mr. Sam <mrsam@courier-mta.com>
384 * authlib: create the authtest and authpasswd manual pages.
386 2005-07-09 Mr. Sam <mrsam@courier-mta.com>
388 * authldaplib.c (auth_ldap_do3): Fix call of authcryptpasswd().
390 * authpgsqllib.c (auth_pgsql_setpass): Ditto.
392 * authmysqllib.c (auth_mysql_setpass): Ditto.
394 * cryptpassword.c (authcryptpasswd): Fix handling of encryption hints.
396 * checkpassword.c (do_authcheckpassword): Ignore {CRYPT} prefix on
399 * checkpasswordsha1.c (authcheckpasswordsha1): Fix {SHA256} passwords.
401 * authmysqllib.c (auth_mysql_setpass): Fix a memory leak.
403 2005-07-06 Willi Mann <willi@wm1.at>
405 * authdaemond.c: Strip full name/gecos field after the first comma.
407 2005-07-04 Brian Candler <B.Candler@pobox.com>
409 * liblog/logger.c: Fix wrong args to setuidgid().
411 * README_authlib.sgml: Document updated authpipe protocol.
413 * authdaemond: Pass LOGGEROPTS option to authdaemond.
415 2005-07-02 Mr. Sam <mrsam@courier-mta.com>
417 * liblog/logger.c: Added -droproot option to courierlogger.
419 * liblock/lockdaemon.c: Try to recover if upgraded daemon process runs
420 under a different uid.
422 2005-07-01 Brian Candler <B.Candler@pobox.com>
424 * Changed -uid and -gid options to -user and -group for consistency
425 with couriertcpd. Change them to affect courierlogger itself,
426 after it has spawned any child.
428 * Optional default domain for authentication requests.
430 2005-07-02 Mr. Sam <mrsam@courier-mta.com>
432 * Makefile.am: Refactor the linking process to make it more portable.
434 2005-06-30 Brian Candler <B.Candler@pobox.com>
436 * authdaemon.c (auth_generic): Silly bug in auth_generic().
438 * authpipe: more fixes to the authpipe module.
440 2005-05-14 Christian Loitsch <christian@fgecko.com>
442 * authpipe: various fixes to the authpipe module.
446 2005-05-08 Mr. Sam <mrsam@courier-mta.com>
448 * courier-authlib.sysvinit: Remove lockfile after stop.
450 2005-04-07 Mr. Sam <mrsam@courier-mta.com>
452 * authpipe.c (auth_pipe_pre): Fix zombies created by the authpipe
455 2005-03-20 Christian Loitsch <courier-imap@abc.fgecko.com>
457 * New authpipe authentication module.
459 2005-03-20 Brian Candler <B.Candler@pobox.com>
461 * Fix the error code when an empty password is provided.
463 * authldap.schema: Add mailhost to the recommended LDAP schema.
467 2005-03-02 Mr. Sam <mrsam@courier-mta.com>
469 * authsystem.passwd.in: Explicitly set LC_ALL to en_US
471 2005-02-20 Mr. Sam <mrsam@courier-mta.com>
473 * SASL: Added CRAM-SHA256 authentication method (experimental).
475 2005-02-19 Mr. Sam <mrsam@courier-mta.com>
477 * courierauthdebug.h: Macro dprintf conflicts with new glibc.
481 2005-01-31 Mr. Sam <mrsam@courier-mta.com>
483 * authmigrate.in (rc): Fix - userdb file does not have to have a
486 2005-01-19 Brian Candler <B.Candler@pobox.com>
488 * userdb/makeuserdb.in: Report dangling symlinks.
492 2005-01-11 Mr. Sam <mrsam@courier-mta.com>
494 * configure.in: Typo fix.
496 2005-01-05 Mr. Sam <mrsam@courier-mta.com>
498 * Makefile.am (uninstall-hook): pw2userdb was not being installed.
502 2005-01-01 Mr. Sam <mrsam@courier-mta.com>
504 * configure.in: Fix gdbm/bdb check. Try to autoprobe for Solaris
507 2004-12-05 Mr. Sam <mrsam@courier-mta.com>
509 * configure.in: Fix courierauthconfig --cppflags, new option to the
510 configure script: --without-stdheaderdir
512 2004-12-03 Mr. Sam <mrsam@courier-mta.com>
514 * courierauthconfig: --version prints package version.
515 --version=V print "yes" if package version is at least V.
517 2004-12-01 Mr. Sam <mrsam@courier-mta.com>
519 * liblog/logger.c: Added -uid and -gid options to courierlogger.
521 2004-11-29 Brian Candler <B.Candler@pobox.com>
523 * authldaplib.c: Use persistent connections for authenticated binds
524 when using LDAPv3. Use the LDAP_OPT_NETWORK_TIMEOUT setting,
525 initialized from the configuration file, if provided (OpenLDAP).
526 If using authenticated binds, a password change is done under the
527 user's credentials, instead of the admin's.
529 2004-11-24 Brian Candler <B.Candler@pobox.com>
531 * README.authdebug.html: document temporary failure messages.
533 2004-11-24 Mr. Sam <mrsam@courier-mta.com>
535 * courier-authlib.spec.in: Move the userdb scripts in sbindir from
536 main package to the userdb subpackage.
538 2004-11-24 Brian Candler <B.Candler@pobox.com>
540 * authuserdb.c: Fix error handling in userdb CRAM.
542 * userdb-test-cram-md5: Helper script for verifying C/R authentication.
544 2004-11-20 Brian Candler <B.Candler@pobox.com>
546 * Additional debug messages.
548 2004-11-13 Brian Candler <B.Candler@pobox.com>
550 * mysql/pgsql fixes; other misc fixes
552 2004-11-16 Mr. Sam <mrsam@courier-mta.com>
554 * configure.in: Fix mysql/pgslq autodetection
556 2004-11-13 Brian Candler <B.Candler@pobox.com>
558 * authdaemond: Fix bug in account enumeration function.
560 * authdaemond: Return individual account options when enumerating
561 accounts. Affects mysql, ldap, pgsql modules. mysql and pgsql
562 enumeration filter must now return one more column. Added an ldap
563 enumeration filter. New option to authenumerate, -o, includes
564 account options in the output. New option, -s, suppressed accounts
565 that have the disableshared option set.
567 * authmysql, authpgsql: Additional debugging.
569 * authmysql, authpgsql, authldap: Replaced enumeration function,
570 more efficient memory usage with large accounts.
572 * authldap: Suggested account schema has uid and gid optional, because
573 global uid and gids may be set in authldaprc instead.
575 * authvchkpw: Fix vpopmail compilation.
577 2004-11-10 Mr. Sam <mrsam@courier-mta.com>
579 * configure.in: Do not disable mysql + pgsql if vchkpw lib was found.
581 2004-11-09 Brian Candler <B.Candler@pobox.com>
583 * authdaemond.c: New DEFAULTOPTIONS setting.
585 2004-11-04 Mr. Sam <mrsam@courier-mta.com>
587 * authdaemonlib.c (s_connect): Wait for connection to authdaemond
588 only if async connect() failed with EINPROGRESS.
590 2004-11-03 Mr. Sam <mrsam@courier-mta.com>
592 * Makefile.am (SUBDIRS): Ok, only build in bdbobj/gdbmobj according
593 to what autoconf finds.
595 * authldaplib.c (auth_ldap_do3): Fix LDAP driver.
597 2004-11-03 Brian Candler <B.Candler@pobox.com>
599 * Makefile.am: Fixes.
601 2004-10-30 Mr. Sam <mrsam@courier-mta.com>
603 * authinfo.c: Added mailuid= and mailgid=
605 2004-10-21 Mr. Sam <mrsam@courier-mta.com>
607 * Makefile.am (libcourierauthsaslclient_la_SOURCES): Factored out
608 SASL client support into libcourierauthsaslclient.la
610 2004-10-21 Brian Candler <B.Candler@pobox.com>
612 * Makefile.am: Fixes.
614 2004-10-16 Mr. Sam <mrsam@courier-mta.com>
616 * authldap.schema: Added disableimap, disablepop3, disablewebmail,
619 2004-10-07 Mr. Sam <mrsam@courier-mta.com>
621 * authsyschangepwd.c (dochangepwd): Do not reset the environment
622 before exec-ing expect.
624 2004-10-04 Mr. Sam <mrsam@courier-mta.com>
626 * Merged authuserdb with authcram. Fixed CRAM password changes.
627 Do not reset the environment before exec-ing userdb and makeuserdb.