Merge remote-tracking branch 'origin/debian'

diff --git a/authpam.c b/authpam.c
index 9d40e69..2f2152b 100644 (file)
--- a/authpam.c
+++ b/authpam.c
@@ -128,19 +128,20 @@ static int dopam(pam_handle_t **pamh, int *started)
                }
        }
 
-#if 0
 
 #if    HAVE_PAM_SETCRED
+       fprintf(stderr, "pam_setcred...\n");
        if (retval == PAM_SUCCESS)
        {
                retval=pam_setcred(*pamh, PAM_ESTABLISH_CRED);
                if (retval != PAM_SUCCESS)
                {
-                       DPRINTF("pam_setcred failed, result %d", retval);
+                       fprintf(stderr, "pam_setcred failed, result %d\n", retval);
                }
+       fprintf(stderr, "pam_setcred done\n");
        }
 #endif
-#endif
+
 
        if (retval == PAM_SUCCESS)
        {

diff --git a/courier_auth_config.h b/courier_auth_config.h
index c033328..8c11c50 100644 (file)
--- a/courier_auth_config.h
+++ b/courier_auth_config.h
@@ -256,7 +256,7 @@
 #define STDC_HEADERS 1
 
 /* Location of the userdb database */
-#define USERDB "/usr/local/etc/authlib/userdb"
+#define USERDB "/etc/courier/userdb"
 
 /* Version number of package */
 /* #undef VERSION */

diff --git a/debian/changelog b/debian/changelog
index f7bb5e1..83b2ba5 100644 (file)
--- a/debian/changelog
+++ b/debian/changelog
@@ -100,6 +100,27 @@ courier-authlib (0.66.3-1) unstable; urgency=medium
 
  -- Ondřej Surý <ondrej@debian.org>  Mon, 29 Jun 2015 12:23:12 +0200
 
+courier-authlib (0.66.1-1+hcoop3) unstable; urgency=medium
+
+  * Replace system() with fork()+setuid()+exec() when calling afs
+    get-token script. Fixes issues with modern libafs-pam-session / PAG
+    behavior (courier must still run nopag)
+
+ -- Clinton Ebadi <clinton@unknownlamer.org>  Mon, 18 May 2015 23:36:51 -0400
+
+courier-authlib (0.66.1-1+hcoop2) unstable; urgency=medium
+
+  * Rebuild for Jessie
+
+ -- Clinton Ebadi <clinton@unknownlamer.org>  Wed, 13 May 2015 11:08:11 -0400
+
+courier-authlib (0.66.1-1~bpo70+hcoop1) wheezy-backports; urgency=medium
+
+  * Merge hcoop changes
+  * Backport to wheezy
+
+ -- Clinton Ebadi <clinton@neurasthenic.home.unknownlamer.org>  Tue, 29 Apr 2014 23:08:29 -0400
+
 courier-authlib (0.66.1-1) unstable; urgency=low
 
   * New upstream release.
@@ -110,6 +131,12 @@ courier-authlib (0.66.1-1) unstable; urgency=low
 
  -- Stefan Hornburg (Racke) <racke@linuxia.de>  Mon, 28 Oct 2013 11:38:37 +0100
 
+courier-authlib (0.63.0-6+hcoop1) unstable; urgency=medium
+
+  * Merged HCoop changes
+
+ -- Clinton Ebadi <clinton@neurasthenic.home.unknownlamer.org>  Tue, 29 Apr 2014 20:17:45 -0400
+
 courier-authlib (0.63.0-6) unstable; urgency=low
 
   [Martin Orr <martin@martinorr.name>]
@@ -202,6 +229,18 @@ courier-authlib (0.62.2-1) unstable; urgency=low
   
  -- Stefan Hornburg (Racke) <racke@linuxia.de>  Mon, 02 Mar 2009 16:09:05 +0100
 
+courier-authlib (0.61.0-1+lenny1hcoop1) lenny; urgency=low
+
+  * Merge from Debian.  Remaining changes:
+    + authpam.c:
+      - Revert the disabling of pam_setcred so that IMAP works on AFS.
+    + courier_auth_config.h:
+      - Set the userdb path to be /etc/courier/userdb.
+    + preauthuserdbcommon.c:
+      - Get AFS tokens.
+
+ -- Michael Olson (HCoop) <mwolson@hcoop.net>  Thu, 09 Apr 2009 23:43:21 -0400
+ 
 courier-authlib (0.61.0-1+lenny1) testing-security; urgency=high
 
   * Non-maintainer upload by the security team
@@ -230,6 +269,50 @@ courier-authlib (0.60.1-2.1) unstable; urgency=high
 
  -- Steffen Joeris <white@debian.org>  Mon, 09 Jun 2008 15:29:23 +0000
 
+courier-authlib (0.60.2-0hcoop7) unstable; urgency=low
+
+  * Revert last change.  Now the AFS token code is before the callback.
+
+ -- Michael Olson (HCoop) <mwolson@hcoop.net>  Thu, 07 Feb 2008 22:37:30 -0500
+
+courier-authlib (0.60.2-0hcoop6) unstable; urgency=low
+
+  * Move acquiting of AFS vmail tokens to just after callback.
+
+ -- Michael Olson (HCoop) <mwolson@hcoop.net>  Sat, 02 Feb 2008 20:29:01 -0500
+
+courier-authlib (0.60.2-0hcoop5) unstable; urgency=low
+
+  * Move acquiring of AFS vmail tokens to preauthuserdbcommon.c.
+
+ -- Michael Olson (HCoop) <mwolson@hcoop.net>  Fri, 01 Feb 2008 21:55:37 -0500
+
+courier-authlib (0.60.2-0hcoop4) unstable; urgency=low
+
+  * authuserdb: Try using a separate get-token script.
+
+ -- Michael Olson (HCoop) <mwolson@hcoop.net>  Wed, 30 Jan 2008 13:17:14 -0500
+
+courier-authlib (0.60.2-0hcoop3) unstable; urgency=low
+
+  * Fix bug in previous patch.
+
+ -- Michael Olson (HCoop) <mwolson@hcoop.net>  Sun, 27 Jan 2008 16:19:18 -0500
+
+courier-authlib (0.60.2-0hcoop2) unstable; urgency=low
+
+  * Get token after authenticating a vmail user.
+
+ -- Michael Olson (HCoop) <mwolson@hcoop.net>  Sat, 26 Jan 2008 15:28:19 -0500
+
+courier-authlib (0.60.2-0hcoop1) unstable; urgency=low
+
+  * New upstream release.  Remaining changes:
+    - Revert the disabling of pam_setcred so that IMAP works as expected.
+    - Set the userdb path to be /etc/courier/userdb.
+
+ -- Michael Olson (HCoop) <mwolson@hcoop.net>  Fri, 25 Jan 2008 19:24:41 -0500
+
 courier-authlib (0.60.1-2) unstable; urgency=low
 
   * added LSB dependency info to init scripts (Closes: #460221, thanks to
@@ -237,6 +320,14 @@ courier-authlib (0.60.1-2) unstable; urgency=low
 
  -- Stefan Hornburg (Racke) <racke@linuxia.de>  Mon,  7 Apr 2008 13:21:37 +0200
 
+courier-authlib (0.60.1-1hcoop1) unstable; urgency=low
+
+  * Sync from Debian.  Remaining changes:
+    - Revert the disabling of pam_setcred so that IMAP works as expected.
+    - Set the userdb path to be /etc/courier/userdb.
+
+ -- Michael Olson (HCoop) <mwolson@hcoop.net>  Fri, 25 Jan 2008 18:28:11 -0500
+
 courier-authlib (0.60.1-1) unstable; urgency=low
 
   * new upstream release
@@ -256,6 +347,15 @@ courier-authlib (0.59.3-2) unstable; urgency=low
 
  -- Stefan Hornburg (Racke) <racke@linuxia.de>  Thu, 21 Jun 2007 20:26:38 +0200
 
+courier-authlib (0.59.3-1hcoop1) unstable; urgency=low
+
+  [Adam Megacz]
+  * Revert the disabling of pam_setcred so that IMAP works as expected.
+  * Set the userdb path to be /etc/courier/userdb.
+  * userdb: Allow "+", ":", and "_" in usernames.
+
+ -- Michael Olson (HCoop) <mwolson@hcoop.net>  Fri, 25 Jan 2008 17:46:10 -0500
+
 courier-authlib (0.59.3-1) unstable; urgency=low
 
   * new upstream release

diff --git a/preauthuserdbcommon.c b/preauthuserdbcommon.c
index e39decb..9fcafe3 100644 (file)
--- a/preauthuserdbcommon.c
+++ b/preauthuserdbcommon.c
@@ -14,11 +14,13 @@
 #if    HAVE_UNISTD_H
 #include       <unistd.h>
 #endif
+#include <sys/types.h>
+#include <sys/wait.h>
 
 #include       "auth.h"
 #include       "courierauthdebug.h"
 #include       "userdb/userdb.h"
-
+#include       "numlib/numlib.h"
 
 int auth_userdb_pre_common(const char *userid, const char *service,
        int needpass,
@@ -105,6 +107,27 @@ int        rc;
        auth.maildir=udb->udb_mailbox;
        auth.quota=udb->udb_quota;
 
+        /* Get tokens for AFS */
+       {
+          if (auth.sysuserid)
+          {
+           pid_t pid = fork ();
+
+           if (pid == 0)
+           {
+             char uidstr[32] = "<null>";
+             snprintf(uidstr, sizeof(uidstr), "%ld", (long)*auth.sysuserid);
+
+             libmail_changeuidgid (*auth.sysuserid, auth.sysgroupid);
+             execl ("/etc/courier/get-token", "get-token", uidstr, NULL);
+           }
+           else
+           {
+              waitpid (pid, NULL, 0);
+           }
+         }
+        }
+
        courier_authdebug_authinfo("DEBUG: authuserdb: ", &auth, 0, passwords);
        rc= (*callback)(&auth, arg);
        if (passwords)  free(passwords);