Forward port the pam-setcred patch (and split into two, as it had

2 unrelated changes in it, apparently).

dovecot-1.0.beta2-pam-setcred.patch

@@ -0,0 +1,43 @@
+--- ./dovecot-1.0.beta2/src/auth/passdb-pam.c.pam-setcred	2006-01-30 11:04:01.000000000 +0100
++++ ./dovecot-1.0.beta2/src/auth/passdb-pam.c	2006-01-30 11:05:39.000000000 +0100
+@@ -185,14 +185,39 @@
+ 					 pam_strerror(pamh, status));
+ 		return status;
+ 	}
+-
+ #ifdef HAVE_PAM_SETCRED
++
++#if 0
++/*
++ * This is to fix a bug where dovecot was leaving a lot of temporary
++ * kerberos tickets around and filling up disk space.  If
++ * pam_setcred(pamh, PAM_ESTABLISH_CRED) is called, which creates the
++ * ticket, then a matching pam_setcred(pamh, PAM_DELETE_CRED) also
++ * needs to be called to clean the ticket up. But the only reason to
++ * have a cached ticket on disk is if the service is going to perform
++ * some action during the session that requires access to the ticket
++ * for validation. This implies the pam session is being held open,
++ * which would be more typical pam usage. But the usage here is to
++ * close the pam session immediately after authenticating the user
++ * with pam_end, thus there is no benefit to creating the disk copy of
++ * the ticket. So rather than finding all the early returns before
++ * pam_end is invoked and adding pam_setcred(pamh, PAM_DELETE_CRED) to
++ * each it is more sensible to not create the ticket in the first
++ * place if we're not going to use it and thus not have to worry about
++ * the clean up. Note the way the code is currently structured, with
++ * an immediate call to pam_end() after authentication it implies the
++ * code probably won't work with a file system like AFS which uses the
++ * ticket for file system permissions, but restructuring the code for
++ * this case is beyond the needs of fixing the aforementioned bug.
++ * John Dennis <jdennis@redhat.com>
++ */
+ 	if ((status = pam_setcred(pamh, PAM_ESTABLISH_CRED)) != PAM_SUCCESS) {
+ 		*error = t_strdup_printf("pam_setcred() failed: %s",
+ 					 pam_strerror(pamh, status));
+ 		return status;
+ 	}
+ #endif
++#endif
+ 
+ 	if ((status = pam_acct_mgmt(pamh, 0)) != PAM_SUCCESS) {
+ 		*error = t_strdup_printf("pam_acct_mgmt() failed: %s",

dovecot-1.0.beta2-pam-tty.patch

@@ -0,0 +1,13 @@
+--- ./dovecot-1.0.beta2/src/auth/passdb-pam.c.pam-tty	2006-01-30 11:02:05.000000000 +0100
++++ ./dovecot-1.0.beta2/src/auth/passdb-pam.c	2006-01-30 11:03:08.000000000 +0100
+@@ -256,6 +256,10 @@
+ 		if (host != NULL)
+ 			pam_set_item(pamh, PAM_RHOST, host);
+ 
++		/* fix bug 149673, need dummy TTY for pam_access,
++		   FIXME: should we check and report an error for PAM_TTY? */
++		pam_set_item(pamh, PAM_TTY, "dovecot");
++
+ 		status = pam_auth(request, pamh, &str);
+ 		if ((status2 = pam_end(pamh, status)) == PAM_SUCCESS) {
+ 			/* FIXME: check for PASSDB_RESULT_UNKNOWN_USER

dovecot.spec

@@ -20,8 +20,11 @@ Source7: dovecot-REDHAT-FAQ.txt
 Patch100: dovecot-conf.patch
 Patch101: dovecot-configfile.patch
 Patch102: dovecot-0.99-no-literal-plus-capability.patch
-Patch103: dovecot-pam-setcred.patch
+Patch103: dovecot-1.0.beta2-pam-tty.patch
-Patch104: dovecot-auth-log.patch
+Patch104: dovecot-1.0.beta2-pam-setcred.patch
+
+# XXX this patch needs review and forward porting
+#Patch105: dovecot-auth-log.patch
 
 # Patches 500+ from upstream fixes
 URL: http://dovecot.procontrol.fi/
@@ -63,8 +66,9 @@ in either of maildir or mbox formats.
 #cp $RPM_BUILD_DIR/dovecot-%{upstream}/dovecot-example.conf $RPM_BUILD_DIR/${RPM_PACKAGE_NAME}-%{upstream}/dovecot.conf
 %patch101 -p1 -b .configfile
 #%patch102 -p1 -b .no-literal-plus-capability
-#%patch103 -p1 -b .pam-setcred
+%patch103 -p2 -b .pam-tty
-#%patch104 -p1 -b .auth-log
+%patch104 -p2 -b .pam-setcred
+#%patch105 -p1 -b .auth-log
 
 %build
 rm -f ./configure