Add changes to allow VRF, and mapped users (no local accounts)

Add changes allow admins to set up RADIUS clients with no local
knowledge of the RADIUS accounts (no adduser required, nor LDAP, etc.)

This is done by using the nss-mapuser package.   The only real change
to this package is to set up the SUDO prompt, so it's the RADIUS login
name, in the pam_sm_acct_mgmt entry point.

Bumped the version to 1.4.1

Change the PACKAGE info in configure to reflect Cumulus, and also
a few related fields.   Changed maintiner to dev-support

Also incorporated changes to make debuging builds easier under debian.

Added comment and description of src_ip to the config file (author of
the src_ip changes hadn't yet done that), and removed the location of
config file from comments, since debian installs to a different
location.

Quieted config complaints; can't move to current because current is
GPLv3, and this doesn't use autoconf.

Tried to capture the 5 years of changes between 1.3.17 and 1.4.0

Added lintian overrides.  Fixed up debian/copyright file to be standard
format, and match (approximately) the source files.  overrides don't
quite work, because source vs binary confusion, but documents them

Added debian install files

Added man page for the plugin, and for the RADIUS client config file

9 files changed, 81 insertions, 66 deletions

diff --git a/debian/changelog b/debian/changelog
index 978af83..0bafb1c 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,8 +1,26 @@
+libpam-radius-auth (1.4.1-cl3u1) unstable; urgency=low
+
+  * Added support for mapping radius accounts to a local account
+    to get UID, GID, and base of home directory, so radius users
+    do not need to have an account created locally (or via LDAP)
+
+ -- Dave Olson <olson@cumulusnetworks.com>  Fri, 16 Jun 2017 15:44:12 -0700
+
 libpam-radius-auth (1.4.0) unstable; urgency=low
 
-   * Many changes.  See USAGE and git log for details.
+   * Many changes and bug fixes.  See USAGE and git log for details.
+   * src_ip in config file
+   * ipv6 support
+   * configure can use poll or select
+   * Add Calling-Station-Id to accounting requests
+   * mostly thread safe
+   * add force_prompt option to enforce new password prompt for use with Tok
+   * NetBSD fixes
+   * new parameter max_challenge limits number of Access-Challenges
+   * build: do not force flags, add to them instead.
+   * build: use GCC for build, and ensure that unneeded symbols are not exported.
 
- -- Alan T. DeKok <aland@freeradius.org>  Wed, 17 Dec 2014 17:00:59 -0500
+ -- Alan T. DeKok <aland@freeradius.org>  Thu, 23 Mar 2017 19:01:20 -0400
 
 libpam-radius-auth (1.3.17) unstable; urgency=low
 
@@ -14,10 +32,6 @@ libpam-radius-auth (1.3.17) unstable; urgency=low
 
  -- Arran Cudbard-Bell <a.cudbardb@freeradius.org>  Wed, 24 Oct 2012 08:18:01 +0100
 
-commit 0c3af1fb2a1ae1befb7a8e366406ded63cb9fa59
-
-    Note 1.4.0
-
 libpam-radius-auth (1.3.16-4.4) unstable; urgency=low
 
   * Non-maintainer upload to fix pending l10n issues.
diff --git a/debian/control b/debian/control
index b8090ae..cb8cb49 100644
--- a/debian/control
+++ b/debian/control
@@ -1,15 +1,14 @@
 Source: libpam-radius-auth
-Maintainer: Fabio M. Di Nitto <fabbione@fabbione.net>
+Maintainer: dev-support <dev-support@cumulusnetworks.com>
 Section: libs
 Priority: extra
 Standards-Version: 3.9.6
-Build-Depends: libpam0g-dev | libpam-dev, debhelper (>= 4.1.16)
+Build-Depends: libpam0g-dev | libpam-dev, debhelper (>= 9~)
 
 Package: libpam-radius-auth
 Architecture: any
-Depends: ${shlibs:Depends}
-Suggests: radius-server
-Description: The PAM RADIUS authentication module
+Depends: ${shlibs:Depends}, ${misc:Depends}
+Description: PAM RADIUS client authentication module
  This is the PAM to RADIUS authentication module. It allows any PAM-capable
  machine to become a RADIUS client for authentication and accounting
  requests. You will, however, need to supply your own RADIUS server to
diff --git a/debian/copyright b/debian/copyright
index 8d52194..85c3d9e 100644
--- a/debian/copyright
+++ b/debian/copyright
@@ -1,54 +1,25 @@
-This package was debianized by Fabio M. Di Nitto <fabbione@fabbione.net> on
-Thu, 31 Oct 2002 09:56:49 +0100
+Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
+Upstream-Name: libpam-auth-user
+Source: https://github.com/FreeRADIUS/pam_radius
 
-It was downloaded from ftp://ftp.freeradius.org/pub/radius/
+License: GPL-2+
+ This package is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+ .
+ This package is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ GNU General Public License for more details.
+ .
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>
+ .
+ On Debian systems, the complete text of the GNU General
+ Public License version 2 can be found in "/usr/share/common-licenses/GPL-2".
 
-Copyright (extracted from pam_radius_auth.c):
-
-/*
- *  This module is a merger of an old version of pam_radius.c, and
- * code which went into mod_auth_radius.c, with further modifications
- * by Alan DeKok of CRYPTOCard Inc..
- *
- * The original pam_radius.c code is copyright (c) Cristian Gafton, 1996,
- *                                             <gafton@redhat.com>
- *
- * The additional code is copyright (c) CRYPTOCard Inc, 1998.
- *
- *                                              All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, and the entire permission notice in its entirety,
- *    including the disclaimer of warranties.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. The name of the author may not be used to endorse or promote
- *    products derived from this software without specific prior
- *    written permission.
- *
- * ALTERNATIVELY, this product may be distributed under the terms of
- * the GNU Public License, in which case the provisions of the GPL are
- * required INSTEAD OF the above restrictions.  (This clause is
- * necessary due to a potential bad interaction between the GPL and
- * the restrictions contained in a BSD-style copyright.)
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
- * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
- * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
- * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- *
- */
-
-On Debian GNU/Linux systems, the complete text of the GNU General
-Public License can be found in /usr/share/common-licenses/GPL file.
+Files: *
+License: GPL-2+
+Copyright: Cristian Gafton <gafton@redhat.com>, 1996, 
+    Alan T. DeKok <aland@freeradius.org> 1998, 2014, 2015, 2016, 2017
diff --git a/debian/libpam-radius-auth.dirs b/debian/libpam-radius-auth.dirs
new file mode 100644
index 0000000..8db6b07
--- /dev/null
+++ b/debian/libpam-radius-auth.dirs
@@ -0,0 +1,4 @@
+lib/security
+etc
+usr/share/doc/libpam-radius-auth/html
+usr/share/pam-configs
diff --git a/debian/libpam-radius-auth.install b/debian/libpam-radius-auth.install
new file mode 100644
index 0000000..fca8c6f
--- /dev/null
+++ b/debian/libpam-radius-auth.install
@@ -0,0 +1,4 @@
+pam_radius_auth.so lib/security
+pam_radius_auth.conf etc
+index.html usr/share/doc/libpam-radius-auth/html
+debian/radius usr/share/pam-configs
diff --git a/debian/libpam-radius-auth.lintian-overrides b/debian/libpam-radius-auth.lintian-overrides
new file mode 100644
index 0000000..49f75dd
--- /dev/null
+++ b/debian/libpam-radius-auth.lintian-overrides
@@ -0,0 +1,9 @@
+# they are old, but current is GPL v3, so leaving old
+libpam-radius-auth binary: outdated-autotools-helper-file config.sub 2007-11-19
+libpam-radius-auth binary: outdated-autotools-helper-file config.guess 2007-11-19
+libpam-radius-auth binary: diff-contains-git-control-dir .git
+libpam-radius-auth binary: debhelper-but-no-misc-depends libpam-radius-auth
+libpam-radius-auth binary: unsupported-source-format 3.0 (git)
+libpam-radius-auth binary: source-nmu-has-incorrect-version-number 1.4.1
+
+
diff --git a/debian/libpam-radius-auth.manpages b/debian/libpam-radius-auth.manpages
new file mode 100644
index 0000000..c85854a
--- /dev/null
+++ b/debian/libpam-radius-auth.manpages
@@ -0,0 +1,2 @@
+pam_radius_auth.5
+pam_radius_auth.8
diff --git a/debian/libpam-radius-auth.postinst b/debian/libpam-radius-auth.postinst
index 4b0d38e..de079ad 100644
--- a/debian/libpam-radius-auth.postinst
+++ b/debian/libpam-radius-auth.postinst
@@ -4,3 +4,6 @@ set -e
 
 # needed for install, upgrade, remove, and purge, including aborts
 pam-auth-update --package
+
+#DEBHELPER#
+
diff --git a/debian/rules b/debian/rules
index 4e68084..9a0976d 100755
--- a/debian/rules
+++ b/debian/rules
@@ -7,7 +7,8 @@ ifneq (,$(findstring noopt,$(DEB_BUILD_OPTIONS)))
 else
 	CFLAGS += -O2
 endif
-CFLAGS+=-g3 -Wno-strict-aliasing -DCONF_FILE=\"/etc/pam_radius_auth.conf\"
+PAM_CONF_FILE=/etc/pam_radius_auth.conf
+CFLAGS+=-g3 -Wno-strict-aliasing -DCONF_FILE=\"${PAM_CONF_FILE}\"
 
 ifeq ($(DEB_HOST_GNU_CPU),(hppa|m68k|mips|powerpc|s390|sparc|sparc64|sheb))
 	CFLAGS += -DHIGHFIRST
@@ -17,6 +18,14 @@ export CFLAGS
 %:
 	dh  $@
 
-override_dh_auto_configure:
-	./configure
+# all the installing is here, not in Makefile.
+# The configuration file with the share secrets needs to be 600
+override_dh_install:
+	dh_install -v --sourcedir=.
+	chmod 600 debian/*/${PAM_CONF_FILE}
 
+override_dh_fixperms:
+	dh_fixperms --exclude ${PAM_CONF_FILE}
+
+override_dh_installchangelogs:
+	dh_installchangelogs Changelog