update to 0.60.4

the vpopmail support was removed with 0.60.3 (because none felt responsible
for maintaining it in courier-authlib) - this commit adds - togehter with
this update - a patch which patches the vpopmail support back into 0.60.4
(because at least I need the interaction with vpopmail!).

1 files changed, 635 insertions, 0 deletions

diff --git a/security/courier-authlib/files/patch-authvchkpw b/security/courier-authlib/files/patch-authvchkpw
new file mode 100644
index 000000000000..77130366fe57
--- /dev/null
+++ b/security/courier-authlib/files/patch-authvchkpw
@@ -0,0 +1,635 @@
+diff -ruN authvchkpw.c authvchkpw.c
+--- authvchkpw.c	1970-01-01 01:00:00.000000000 +0100
++++ authvchkpw.c	2008-06-12 19:15:23.000000000 +0200
+@@ -0,0 +1,242 @@
++/*
++** Copyright 1998 - 2007 Double Precision, Inc.  See COPYING for
++** distribution information.
++*/
++
++#if	HAVE_CONFIG_H
++#include	"courier_auth_config.h"
++#endif
++#include	<stdio.h>
++#include	<stdlib.h>
++#include	<string.h>
++#include	<errno.h>
++#include	<pwd.h>
++#if	HAVE_UNISTD_H
++#include	<unistd.h>
++#endif
++#include	"auth.h"
++#include	"authstaticlist.h"
++#include	"courierauthdebug.h"
++#include	"vpopmail_config.h"
++#include	<vpopmail.h>
++#include	<vauth.h>
++
++static const char rcsid[]="$Id: authvchkpw.c,v 1.29 2007/10/07 02:50:45 mrsam Exp $";
++
++
++extern int auth_vchkpw_pre(const char *userid, const char *service,
++        int (*callback)(struct authinfo *, void *),
++                        void *arg);
++
++extern FILE *authvchkpw_file(const char *, const char *);
++
++static int auth_vchkpw_login(const char *service, char *authdata,
++	int (*callback_func)(struct authinfo *, void *), void *callback_arg);
++
++struct callback_info {
++	const char *pass;
++	int (*callback_func)(struct authinfo *, void *);
++	void *callback_arg;
++	};
++
++static int callback_vchkpw(struct authinfo *a, void *p)
++{
++struct callback_info *i=(struct callback_info *)p;
++
++	/* exit with perm failure if the supplied password is empty,
++	 * or if the supplied password doesnt match the retrieved password */ 
++	if (a->passwd == 0)
++	{
++		DPRINTF("no password supplied");
++		return (-1);
++	}
++
++	if (authcheckpassword(i->pass, a->passwd))
++		return (-1);
++
++	a->clearpasswd=i->pass;
++	return (*i->callback_func)(a, i->callback_arg);
++}
++
++#if HAVE_HMACLIB
++
++#include        "libhmac/hmac.h"
++#include        "cramlib.h"
++
++static int auth_vchkpw_login(const char *service, char *authdata,
++			int (*callback_func)(struct authinfo *, void *), void *callback_arg);
++
++static int auth_vchkpw_cram(const char *service,
++                           const char *authtype, char *authdata,
++                           int (*callback_func)(struct authinfo *, void *),
++                           void *callback_arg)
++{
++        struct  cram_callback_info      cci;
++
++        if (auth_get_cram(authtype, authdata, &cci))
++                return (-1);
++
++        cci.callback_func=callback_func;
++        cci.callback_arg=callback_arg;
++
++        return auth_vchkpw_pre(cci.user, service, &auth_cram_callback, &cci);
++}
++#endif
++
++int auth_vchkpw(const char *service, const char *authtype, char *authdata,
++               int (*callback_func)(struct authinfo *, void *),
++               void *callback_arg)
++{
++        if (strcmp(authtype, AUTHTYPE_LOGIN) == 0)
++                return (auth_vchkpw_login(service, authdata,
++                        callback_func, callback_arg));
++
++#if HAVE_HMACLIB
++        return (auth_vchkpw_cram(service, authtype, authdata,
++                        callback_func, callback_arg));
++#else
++        errno=EPERM;
++        return (-1);
++#endif
++
++}
++
++
++
++static int auth_vchkpw_login(const char *service, char *authdata,
++	int (*callback_func)(struct authinfo *, void *), void *callback_arg)
++{
++char *user, *pass;
++struct	callback_info	ci;
++int	rc;
++	/* Make sure that we have been supplied with the correct
++	 * AUTHDATA format which is : userid<NEWLINE>password<NEWLINE>
++	 */
++	if ( (user=strtok(authdata, "\n")) == 0 || (pass=strtok(0, "\n")) == 0)
++	{
++		/* login syntax was invalid */
++		errno=EPERM;
++		return (-1);
++	}
++
++	ci.pass=pass;
++	ci.callback_func=callback_func;
++	ci.callback_arg=callback_arg;
++
++	/* auth_vchkpw_pre() does this :
++	 *   - lookup the passwd entry for this user from the auth backend
++	 *   - check to see if this user is permitted to use this service type
++	 * If successful it will populate the ci struct with the 
++	 * user's passwd entry. Return value of function will be 0.
++	 * If unsuccessful (eg user doesnt exist, or is not permitted to 
++	 * use this auth method), it will return :
++	 *  <0 on a permanent failure (eg user doesnt exist)
++	 *  >0 on a temp failure
++         */
++	rc=auth_vchkpw_pre(user, service, &callback_vchkpw, &ci);
++
++	if (rc)
++		return rc;
++
++	/* user has been successfully auth'ed at this point */
++
++#if 0
++	/*
++	** sam - new courier-authlib never receives TCPREMOTEIP, at this
++	** time.
++	*/
++
++#ifdef HAVE_OPEN_SMTP_RELAY
++	if ( (strcmp("pop3", service)==0) || (strcmp("imap", service)==0) ) {
++		/* Michael Bowe 13th August 2003
++		 *
++		 * There is a problem here because open_smtp_relay needs 
++		 * to get the user's ip from getenv("TCPREMOTEIP").
++		 * If we run --with-authvchkpw --without-authdaemon,
++		 * then this var is available.
++		 * But if we run --with-authvchkpw --with-authdaemon,
++		 * then TCPREMOTEIP is null
++		 * 
++		 * If TCPREMOTEIP isnt available, then open_smtp_relay()
++		 * will just return() back immediately.
++		 */
++		open_smtp_relay();
++	}
++#endif
++#endif
++
++	return 0;
++}
++
++static void authvchkpwclose()
++{
++}
++
++static int auth_vchkpw_changepass(const char *service,
++				  const char *username,
++				  const char *pass,
++				  const char *npass)
++{
++struct vqpasswd *vpw;
++char	User[256];
++char	Domain[256];
++
++        /* Take the supplied userid, and split it out into the user and domain
++         * parts. (If a domain was not supplied, then set the domain to be
++         * the default domain)
++         */
++        /* WARNING: parse_email lowercases the username in place - not const!! */
++        if ( parse_email(username, User, Domain, 256) != 0) {
++                /* Failed to successfully extract user and domain.
++                 * So now exit with a permanent failure code
++                 */
++                return(-1);
++        }
++
++	/* check to see if domain exists.
++	 * If you pass an alias domain to vget_assign, it will change it
++	 * to be the real domain on return from the function
++	 */
++        if ( vget_assign(Domain,NULL,0,NULL,NULL) ==NULL ) {
++		/* domain doesnt exist */
++		return (-1);
++	}
++
++        if ( (vpw=vauth_getpw(User, Domain)) == NULL) {
++		/* That user doesnt exist in the auth backend */
++		errno=ENOENT;
++		return (-1);
++	}
++
++	/* Exit if any of the following :
++	 *   - user's password field in the passwd entry is empty
++	 *   - supplied current password doesnt match stored password
++	 */
++	if (vpw->pw_passwd == 0 || authcheckpassword(pass, vpw->pw_passwd)) {
++		errno=EPERM;
++		return (-1);
++	}
++
++	/* save the new password into the auth backend */
++	if ( vpasswd(User, Domain, (char *)npass, 0) != 0 ) {
++		/* password set failed */
++		return (-1);
++	};
++
++	return (0);
++}
++
++struct authstaticinfo authvchkpw_info={
++	"authvchkpw",
++	auth_vchkpw,
++	auth_vchkpw_pre,
++	authvchkpwclose,
++	auth_vchkpw_changepass,
++	authvchkpwclose,
++	NULL};
++
++
++struct authstaticinfo *courier_authvchkpw_init()
++{
++	return &authvchkpw_info;
++}
+diff -ruN authvchkpwlib.c authvchkpwlib.c
+--- authvchkpwlib.c	1970-01-01 01:00:00.000000000 +0100
++++ authvchkpwlib.c	2008-06-12 19:15:33.000000000 +0200
+@@ -0,0 +1,33 @@
++/*
++** Copyright 1998 - 2000 Double Precision, Inc.  See COPYING for
++** distribution information.
++*/
++
++#if	HAVE_CONFIG_H
++#include	"courier_auth_config.h"
++#endif
++#include	<stdio.h>
++#include	<stdlib.h>
++#include	<string.h>
++#include	<errno.h>
++#include	<pwd.h>
++#if	HAVE_UNISTD_H
++#include	<unistd.h>
++#endif
++#include	<sys/types.h>
++#include	<sys/stat.h>
++#include	"auth.h"
++
++static const char rcsid[]="$Id: authvchkpwlib.c,v 1.8 2004/10/21 00:10:49 mrsam Exp $";
++
++char *authvchkpw_isvirtual(char *c)
++{
++char *p;
++
++	if ((p=strchr(c, '@')) != 0)    return (p);
++#if 0
++	if ((p=strchr(c, '%')) != 0)    return (p);
++#endif
++	if ((p=strchr(c, ':')) != 0)    return (p);
++	return (0);
++}
+diff -ruN courier_auth_config.h courier_auth_config.h
+--- courier_auth_config.h	2008-05-08 19:11:34.000000000 +0200
++++ courier_auth_config.h	2008-06-12 19:26:44.000000000 +0200
+@@ -61,6 +61,9 @@
+ /* Whether header installation directory is nontstandard */
+ /* #undef HAVE_NOSTDHEADERDIR */
+ 
++/* Whether -lvpopmail has the open_smtp_relay() function */
++/* #undef HAVE_OPEN_SMTP_RELAY */
++
+ /* Define to 1 if you have the <Pam/pam_appl.h> header file. */
+ /* #undef HAVE_PAM_PAM_APPL_H */
+ 
+@@ -118,6 +121,9 @@
+ /* Define to 1 if you have the <unistd.h> header file. */
+ #define HAVE_UNISTD_H 1
+ 
++/* Whether -lvpopmail has the vset_lastauth() function */
++/* #undef HAVE_VSET_LASTAUTH */
++
+ /* Whether we must a prototype for crypt() */
+ #define NEED_CRYPT_PROTOTYPE 0
+ 
+diff -ruN courier_auth_config.h.in courier_auth_config.h.in
+--- courier_auth_config.h.in	2008-05-10 05:13:31.000000000 +0200
++++ courier_auth_config.h.in	2008-06-12 19:26:46.000000000 +0200
+@@ -60,6 +60,9 @@
+ /* Whether header installation directory is nontstandard */
+ #undef HAVE_NOSTDHEADERDIR
+ 
++/* Whether -lvpopmail has the open_smtp_relay() function */
++#undef HAVE_OPEN_SMTP_RELAY
++
+ /* Define to 1 if you have the <Pam/pam_appl.h> header file. */
+ #undef HAVE_PAM_PAM_APPL_H
+ 
+@@ -117,6 +120,9 @@
+ /* Define to 1 if you have the <unistd.h> header file. */
+ #undef HAVE_UNISTD_H
+ 
++/* Whether -lvpopmail has the vset_lastauth() function */
++#undef HAVE_VSET_LASTAUTH
++
+ /* Whether we must a prototype for crypt() */
+ #undef NEED_CRYPT_PROTOTYPE
+ 
+diff -ruN preauthvchkpw.c preauthvchkpw.c
+--- preauthvchkpw.c	1970-01-01 01:00:00.000000000 +0100
++++ preauthvchkpw.c	2008-06-12 19:22:22.000000000 +0200
+@@ -0,0 +1,159 @@
++/*
++** Copyright 1998 - 2001 Double Precision, Inc.  See COPYING for
++** distribution information.
++*/
++
++#if	HAVE_CONFIG_H
++#include	"courier_auth_config.h"
++#endif
++#include	<stdio.h>
++#include	<stdlib.h>
++#include	<string.h>
++#include	<errno.h>
++#include	<pwd.h>
++#if	HAVE_UNISTD_H
++#include	<unistd.h>
++#endif
++#include	"auth.h"
++#include	"courierauthdebug.h"
++#include	<vpopmail.h>
++#include	<vauth.h>
++#include	"vpopmail_config.h"
++
++/* make use of pw_flags only if available */
++#ifndef VQPASSWD_HAS_PW_FLAGS
++#define pw_flags pw_gid
++#endif
++
++extern FILE *authvchkpw_file(const char *, const char *);
++
++static const char rcsid[]="$Id: preauthvchkpw.c,v 1.26 2007/04/22 18:53:30 mrsam Exp $";
++
++/* This function is called by the auth_vchkpw() function
++ *
++ * This function does the following :
++ *   - extract the username and domain from the supplied userid
++ *   - lookup the passwd entry for that user from the auth backend
++ *   - populate *and return) a courier authinfo structure with the values
++ *     from the vpopmail passwd entry 
++ * 
++ * Return -1 on perm failure
++ * Return  0 on success
++ * Return  1 on temp failure
++ *
++ */
++
++int auth_vchkpw_pre(
++	const char *userid,
++	const char *service,
++        int (*callback)(struct authinfo *, void *),
++	void *arg)
++{
++struct vqpasswd *vpw;
++static uid_t uid;
++gid_t	gid;
++struct authinfo auth;
++static char User[256];
++static char Domain[256];
++static char options[80];
++
++	/* Make sure the auth struct is empty */
++        memset(&auth, 0, sizeof(auth));
++
++	/* Take the supplied userid, and split it out into the user and domain
++         * parts. (If a domain was not supplied, then set the domain to be
++	 * the default domain)
++         */
++        if ( parse_email(userid, User, Domain, 256) != 0) {
++		/* Failed to successfully extract user and domain.
++		 * So now exit with a permanent failure code
++		 */
++		DPRINTF("vchkpw: unable to split into user and domain");
++		return(-1);
++        }
++
++	/* Check to see if the domain exists.
++         * If so, on return vget_assign will :
++         *   Rewrite Domain to be the real domain if it was sent as an alias domain
++         *   Retrieve the domain's uid and gid
++	 */
++        if ( vget_assign(Domain,NULL,0,&uid, &gid) == NULL ) {
++		/* Domain does not exist
++		 * So now exit with a permanent failure code */
++		DPRINTF("vchkpw: domain does not exist");
++		return (-1);
++	}
++
++	/* Try and retrieve the user's passwd entry from the auth backend */
++        if ( (vpw=vauth_getpw(User, Domain)) == NULL) {
++		/* User does not exist
++		 * So now exit with a permanent failure code
++		 */
++		DPRINTF("vchkpw: user does not exist");
++		return (-1);
++	}
++
++	/* Check to see if the user has been allocated a dir yet.
++	 * Some of the vpopmail backends (eg mysql) allow users to
++	 * be manually inserted into the auth backend but without
++	 * allocating a dir. A dir will be created when the user
++	 * first trys to auth (or when they 1st receive mail)
++	 */
++	if (vpw->pw_dir == NULL || strlen(vpw->pw_dir) == 0 ) {
++		/* user does not have a dir allocated yet */
++		if ( make_user_dir(User, Domain, uid, gid) == NULL) {
++			/* Could not allocate a user dir at this time
++			 * so exit with a temp error code 
++			 */
++			DPRINTF("vchkpw: make_user_dir failed");
++			return(1);
++		}
++		/* We have allocated the user a dir now.
++		 * Go and grab the updated passwd entry
++		 */
++		if ( (vpw=vauth_getpw(User, Domain)) == NULL ) {
++			/* Could not get the passwd entry
++			 * So exit with a permanent failure code
++			 */
++			DPRINTF("vchkpw: could not get the password entry");
++			return(-1);
++		}
++	}
++
++	snprintf(options, sizeof(options),
++		"disablewebmail=%d,disablepop3=%d,disableimap=%d",
++                vpw->pw_flags & NO_WEBMAIL ? 1 : 0,
++                vpw->pw_flags & NO_POP ? 1 : 0,
++                vpw->pw_flags & NO_IMAP ? 1 : 0);
++
++#ifdef HAVE_VSET_LASTAUTH
++        /* if we are keeping track of their last auth time,
++         * then store this value now. Note that this isnt 
++	 * consistent with the authentication via vchkpw 
++	 * because it only stores the lastauth attempt
++	 * after the password has been verified. Here we are
++	 * logging it after the user has been found to exist,
++	 * but before the password has been verified. We could
++	 * do the logging inside authvchkpw.c, but that would
++	 * be a lot harder because we would have to go and
++	 * parse_email() again there before calling vset_lastauth()
++         */
++        vset_lastauth(User, Domain, service);
++#endif
++
++	/* save the user's passwd fields into the appropriate 
++	 * courier structure 
++	 */
++	/*auth.sysusername	= userid;*/
++	auth.sysuserid		= &uid;
++	auth.sysgroupid		= gid;
++	auth.homedir		= vpw->pw_dir;
++	auth.address		= userid;
++	auth.fullname		= vpw->pw_gecos;
++	auth.passwd		= vpw->pw_passwd;
++	auth.clearpasswd	= vpw->pw_clear_passwd;
++	auth.options		= options;
++	courier_authdebug_authinfo("DEBUG: authvchkpw: ", &auth, 0, vpw->pw_passwd);
++
++	return ((*callback)(&auth, arg));
++}
+diff -ruN userdb/Makefile.in userdb/Makefile.in
+--- userdb/Makefile.in	2008-05-08 19:21:19.000000000 +0200
++++ userdb/Makefile.in	2008-06-12 19:26:47.000000000 +0200
+@@ -48,7 +48,7 @@
+ 	$(srcdir)/../missing $(srcdir)/Makefile.am \
+ 	$(srcdir)/Makefile.in $(srcdir)/makeuserdb.in \
+ 	$(srcdir)/pw2userdb.in $(srcdir)/userdb.pl.in \
+-	$(top_srcdir)/configure
++	$(srcdir)/vchkpw2userdb.in $(top_srcdir)/configure
+ ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+ am__aclocal_m4_deps = $(top_srcdir)/configure.in
+ am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+@@ -56,7 +56,7 @@
+ am__CONFIG_DISTCLEAN_FILES = config.status config.cache config.log \
+  configure.lineno config.status.lineno
+ mkinstalldirs = $(install_sh) -d
+-CONFIG_CLEAN_FILES = userdb.pl makeuserdb pw2userdb
++CONFIG_CLEAN_FILES = userdb.pl makeuserdb pw2userdb vchkpw2userdb
+ LTLIBRARIES = $(noinst_LTLIBRARIES)
+ libuserdb_la_LIBADD =
+ am_libuserdb_la_OBJECTS = userdb.lo userdb2.lo userdbmkpw.lo
+@@ -223,7 +223,7 @@
+ 		userdb.html.in userdb.8.in \
+ 		userdbpw.html.in userdbpw.8.in
+ 
+-noinst_SCRIPTS = makeuserdb pw2userdb dummy
++noinst_SCRIPTS = makeuserdb pw2userdb vchkpw2userdb dummy
+ noinst_DATA = makeuserdb.html userdb.html userdbpw.html
+ userdbpw_SOURCES = userdbpw.c
+ userdbpw_LDADD = libuserdb.la @HMACLIB@ @MD5LIB@ @SHA1LIB@ @CRYPTLIBS@
+@@ -276,6 +276,8 @@
+ 	cd $(top_builddir) && $(SHELL) ./config.status $@
+ pw2userdb: $(top_builddir)/config.status $(srcdir)/pw2userdb.in
+ 	cd $(top_builddir) && $(SHELL) ./config.status $@
++vchkpw2userdb: $(top_builddir)/config.status $(srcdir)/vchkpw2userdb.in
++	cd $(top_builddir) && $(SHELL) ./config.status $@
+ 
+ clean-noinstLTLIBRARIES:
+ 	-test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES)
+diff -ruN userdb/configure userdb/configure
+--- userdb/configure	2008-05-08 19:21:18.000000000 +0200
++++ userdb/configure	2008-06-12 19:26:49.000000000 +0200
+@@ -20639,7 +20639,7 @@
+ fi
+ 
+ 
+-ac_config_files="$ac_config_files Makefile userdb.pl makeuserdb pw2userdb"
++ac_config_files="$ac_config_files Makefile userdb.pl makeuserdb pw2userdb vchkpw2userdb"
+ 
+ cat >confcache <<\_ACEOF
+ # This file is a shell script that caches the results of configure
+@@ -21252,6 +21252,7 @@
+     "userdb.pl") CONFIG_FILES="$CONFIG_FILES userdb.pl" ;;
+     "makeuserdb") CONFIG_FILES="$CONFIG_FILES makeuserdb" ;;
+     "pw2userdb") CONFIG_FILES="$CONFIG_FILES pw2userdb" ;;
++    "vchkpw2userdb") CONFIG_FILES="$CONFIG_FILES vchkpw2userdb" ;;
+ 
+   *) { { echo "$as_me:$LINENO: error: invalid argument: $ac_config_target" >&5
+ echo "$as_me: error: invalid argument: $ac_config_target" >&2;}
+diff -ruN userdb/vchkpw2userdb.in userdb/vchkpw2userdb.in
+--- userdb/vchkpw2userdb.in	1970-01-01 01:00:00.000000000 +0100
++++ userdb/vchkpw2userdb.in	2008-06-12 19:26:29.000000000 +0200
+@@ -0,0 +1,80 @@
++#! @PERL@
++#
++#  Convert vchkpw to userdb format.
++#
++#  $Id: vchkpw2userdb.in,v 1.4 2000/02/16 01:12:13 mrsam Exp $
++#
++# Copyright 1998 - 1999 Double Precision, Inc.  See COPYING for
++# distribution information.
++
++use Getopt::Long;
++
++die "Invalid options.\n" unless
++	GetOptions("vpopmailhome=s" => \$vpopmailhome,
++		"todir=s" => \$todir);
++
++if ( ! ( $vpopmailhome =~ /./ ))
++{
++	(undef, undef, undef, undef, undef, undef, undef, $vpopmailhome)
++			= getpwnam("vpopmail");
++
++	die "Cannot find vpopmail home.\n" unless $vpopmailhome =~ /./;
++}
++
++-d "$vpopmailhome" || die "$vpopmailhome: not found.\n";
++
++if ( $todir =~ /./ )
++{
++	-d "$todir" || mkdir($todir, 0700) || die "$!\n";
++}
++
++$bindir=$0;
++
++if ($bindir =~ /^(.*)\/[^\/]*$/ )
++{
++	$bindir=$1;
++}
++else
++{
++	$bindir=".";
++}
++
++die "Unable to locate pw2userdb.\n" unless -f "$bindir/pw2userdb";
++
++$redir="";
++
++if ( $todir =~ /./ )
++{
++	$redir=">$todir/users-vpasswd";
++	-d "$todir/domains" || mkdir("$todir/domains", 0700) || die "$!\n";
++}
++
++if ( -f "$vpopmailhome/users/vpasswd")
++{
++	$rc=system ("$bindir/pw2userdb --vpopuid --passwd='$vpopmailhome/users/vpasswd' --noshadow --nouid $redir");
++	exit $rc / 256 if $rc;
++}
++
++if ( opendir(DIR, "$vpopmailhome/domains"))
++{
++	while ($domain=readdir(DIR))
++	{
++		$domainopt="--domain='$domain'";
++		$domainopt="" if $domain eq "default";
++		next if $domain eq "." || $domain eq "..";
++		next unless -f "$vpopmailhome/domains/$domain/vpasswd";
++		$redir="";
++		if ( $todir =~ /./ )
++		{
++			$redir=">$todir/domains/$domain";
++			$redir=">$todir/users-default"
++				if $domain eq "default";
++		}
++
++		$rc=system ("$bindir/pw2userdb --passwd='$vpopmailhome/domains/$domain/vpasswd' --vpopuid --noshadow --nouid $domainopt $redir");
++
++		exit $rc / 256 if $rc != 0;
++	}
++	close(DIR);
++}
++