nss_ldap: ChangeLog

"Fossies" - the Fresh Open Source Software Archive

Member "nss_ldap-265/ChangeLog" (6 Nov 2009, 47412 Bytes) of package /linux/privat/old/nss_ldap-265.tar.gz:

As a special service "Fossies" has tried to format the requested text file into HTML format (style: standard) with prefixed line numbers. Alternatively you can here view or download the uninterpreted source code file.

1 $Id: ChangeLog,v 2.415 2009/11/06 10:26:22 lukeh Exp $ 2 =============================================================== 3 4 265 Luke Howard <lukeh@padl.com> 5 6 * fix for BUG#132: add versioning information to binary 7 * fix for BUG#403: add AM_MAINTAINER_MODE 8 * fix for BUG#388: bad LDAP query for ether lookups 9 * fix for BUG#391: clarify bind timelimit defaults 10 in ldap.conf 11 * fix for BUG#392: call do_close() if ldap_result() 12 or ldap_parse_result() fails (before returning 13 NSS_UNAVAIL) 14 * fix for BUG#401: FreeBSD thread library check 15 * fix for BUG#409: deallocate context in 16 _nss_ldap_ent_context_release() to avoid bad usage 17 * fix for BUG#410: don't leak file descriptors in 18 _nss_ldap_readconfig 19 20 264 Luke Howard <lukeh@padl.com> 21 22 * fix for BUG#378: MAP_H_ERRNO() should map NSS_TRYAGAIN 23 to NETDB_INTERNAL not TRY_AGAIN 24 * fix for BUG#379: ldaps:// URIs only work if "ssl on" 25 is set 26 * fix for BUG#248: nss_ldap exposes malformed entries 27 to the system 28 29 263 Luke Howard <lukeh@padl.com> 30 31 * fix for BUG#374: nss_ldap returns success from 32 setnetgrent() when the requested netgroup doesn't 33 exist 34 * fix for BUG#376: getXXent() only returns NULL once 35 before implicitly calling setXXent(), whereas other 36 backends continue to return NULL (Red Hat BUG#466794) 37 38 262 Luke Howard <lukeh@padl.com> 39 40 * fix for BUG#370: nss_ldap fails to work on Solaris 41 without that patch applied 42 43 261 Luke Howard <lukeh@padl.com> 44 45 * fix for Debian BUG#486778: ldap.conf template is 46 missing a comment in the first line 47 48 260 Luke Howard <lukeh@padl.com> 49 50 * patch from Ralf Haferkamp <rhafer@suse.de>: 51 only set errno for NSS_TRYAGAIN 52 53 259 Luke Howard <lukeh@padl.com> 54 55 * fix for BUG#348: fix memory leak 56 * fix for BUG#349: nss_ldap crashes after START_TLS timeout 57 (assertion failure in libldap) 58 * fix for BUG#350: assertion failure in ldap_result (called 59 from do_result()) 60 * fix for BUG#351: double ldap_msgfree() 61 62 258 Luke Howard <lukeh@padl.com> 63 64 * fix for BUG#343: nss_srv_domain should take a domain 65 not a record 66 * fix for BUG#339: replacement code for Kerbeors 67 SASL operations 68 * fix for BUG#338: nss_ldap constructs LDAP URIs 69 incorrectly 70 * fix for BUG#337: configure fails to detect resolver 71 functions 72 * fix for BUG#332: --enable-schema-mapping incorrectly 73 maps pw_change 74 * fix for BUG#293: add nss_getgrent_skipmembers 75 parameter to ldap.conf, if enabled will not request 76 member attributes for group lookups, greatly increasing 77 performance for large groups 78 * fix for BUG#272: nss_ldap's install target doesn't 79 always create the right solink for x86_64 glibc 80 * fix for BUG#284: an error occurs during bulding with 81 cyrus-sasl2 when the compiler option 'as-needed' is used 82 83 257 Luke Howard <lukeh@padl.com> 84 85 * patch from Ralf Haferkamp <rhafer@suse.de>: 86 block SIGPIPE in atfork handler 87 88 256 Luke Howard <lukeh@padl.com> 89 90 * patch from Tomas Janousek <tjanouse@redhat.com> 91 to check for pthread_once(); __pthread_once does 92 not imply __pthread_atfork being non-NULL 93 * fix for BUG#315: memory corruption/crash in 94 initgroups parsing 95 96 255 Luke Howard <lukeh@padl.com> 97 98 * fix for BUG#303: SSL port behavior change since 99 version 241 100 * fix for BUG#304: fd leak in do_close_no_unbind 101 * fix for BUG#313: assertion in do_init() when no 102 host/uri is configured 103 * patch from Adrian Bridgett <adrian@smop.co.uk> 104 for Debian BUG#375533: Assertion failure in 105 libnss-ldap 106 107 254 Luke Howard <lukeh@padl.com> 108 109 * fix for BUG#292: array bounds check in ldap-network.c 110 * fix for BUG#296: fix stack buffer optimization 111 * fix for BUG#297: gethostbyname2 queried with AF_INET6 112 returns OK with IPv4 address 113 * fix for Novell BUG#215911: crasher parsing nested 114 groups 115 116 253 Luke Howard <lukeh@padl.com> 117 118 * fix crasher if an empty buffer is passed to 119 initgroups (glibc NSS only) 120 * fix for BUG#283: netgroup assertion failure in 121 Solaris mountd 122 123 252 Luke Howard <lukeh@padl.com> 124 125 * doc/lookup_nssldap.c: rewrite for autofs-4.1.3 126 127 251 Luke Howard <lukeh@padl.com> 128 129 * remove doc/rfc2307.txt, it is available from 130 http://www.ietf.org/rfc/rfc2307.txt 131 * make objectClass a mappable attribute 132 133 250 Luke Howard <lukeh@padl.com> 134 135 * don't use static _nss_ldap_no_members buffer, 136 causes crash when nss_ldap is unloaded and memory 137 is still referenced 138 * fix for BUG#249: tcsh closes file descriptors, 139 confuses nss_ldap and hangs (from David Houlder) 140 * fix for BUG#257: initgroups() broken in RFC2307bis 141 support disabled 142 * fix for BUG#261: sslpath example wrong 143 * fix for BUG#263: compile do_triple_permutations() 144 when IRS enabled 145 146 249 Luke Howard <lukeh@padl.com> 147 148 * fix for BUG#253: build broken on AIX 149 * fix for BUG#255: deadlock in initgroups 150 151 248 Luke Howard <lukeh@padl.com> 152 153 * fix regression in per-objectclass attribute mapping 154 introduced in nss_ldap-246 155 156 247 Luke Howard <lukeh@padl.com> 157 158 * double-check *ld != NULL even if mapped eror return 159 from ldap_initialize() returns NSS_SUCCESS 160 161 246 Luke Howard <lukeh@padl.com> 162 163 * paged results and RFC2307bis support are now always 164 compiled in; they are by default disabled unless 165 you configured with --enable-paged-results and 166 --enable-rfc2307bis, respectively. See nss_ldap(5) 167 for configuration options. 168 * fix for BUG#219: paged results delivers wrong results 169 * fix for BUG#222: use asynchronous start TLS if 170 available, using bind_timeout value 171 * fix for BUG#235: make DNS SRV lookup domain 172 configurable (nss_srv_domain) 173 * fix for BUG#240: return "*" rather than "x" for 174 userPassword if not present 175 * fix for BUG#245: paged results broken since nss_ldap-241 176 * patch from Ralf Haferkamp <rhafer@suse.de>: 177 compile fix for IPv6 178 * compile for Solaris 179 * schema mapping is always enabled, cleanup schema 180 mapping code 181 * allow for map-specific objectclass mapping 182 * partial implementation of Solaris Simplified LDAP 183 API, allows automountd support on Solaris via nss_ldap 184 * for Linux automounter, always close connection after 185 endautomntent() to avoid persistent connection 186 * add nss_connect_policy argument to ldap.conf 187 188 245 Luke Howard <lukeh@padl.com> 189 190 * don't leak LDAP connection if do_bind() failed or 191 descriptor owner had changed. If do_bind() failed the 192 underlying descriptor would also be leaked, causing a 193 large number of sockets to be consumed during failover 194 * add nss_initgroups_ignoreusers parameter to ldap.conf, 195 returns NOTFOUND if nss_ldap's initgroups() is called 196 for users (comma separated) 197 * try to deal with systems that have headers for both 198 versions of the SASL library installed 199 * better logging of failed connections and reconnections 200 * patch from Dean Michaels <dean@interdynamix.com>: 201 build with Netscape 5 library on Solaris 202 * patch from Ralf Haferkamp <rhafer@suse.de>: 203 manual page fix to bind_policy 204 205 244 Luke Howard <lukeh@padl.com> 206 207 * patch from Ralf Haferkamp <rhafer@suse.de>: 208 enusre bytesleft macro does not return values < 0 209 * include <sys/param.h> in ldap-nss.c 210 211 243 Luke Howard <lukeh@padl.com> 212 213 * fix for BUG#225: invalid pointer dereferencing when 214 reading rootpw 215 216 242 Luke Howard <lukeh@padl.com> 217 218 * fixes for compiling on Solaris 10 219 220 241 Luke Howard <lukeh@padl.com> 221 222 * new, more robust reconnection logic 223 * both "host" and "uri" directives can be used in 224 ldap.conf 225 * new (undocumented) nss_reconnect_tries, 226 nss_reconnect_sleeptime, nss_reconnect_maxsleeptime, 227 nss_reconnect_maxconntries directives 228 * reload configuration file if changed 229 230 240 Luke Howard <lukeh@padl.com> 231 232 * new API for resolving automounts (requires custom 233 autofs plugin for Linux at present): 234 _nss_ldap_setautomntent(), _nss_ldap_getautomntent(), 235 _nss_ldap_endautomntent(), _nss_ldap_getautomntbyname_r() 236 * fix for BUG#200: rename SOCKLEN_T as it conflicts on AIX 237 * fix for BUG#205: accept line feeds in ldap.conf 238 * fix for BUG#211: nss_ldap fails to start TLS on referred 239 connections 240 * fix for BUG#213: initgroups crash if RFC2307bis undefined 241 * turn down reconnection logging volume 242 243 239 Luke Howard <lukeh@padl.com> 244 245 * support for initgroups using backlinks (selectable 246 at runtime if RFC2307bis support is enabled, using 247 the nss_initgroups backlink configuration directive) 248 * support for dynamically expanding filter sizes 249 * from Peter Marschall <peter@adpm.de>: 250 revert the deletion of blanks/tabs in ldap.conf that 251 happened between 235 and 238 252 * from Peter Marschall <peter@adpm.de>: 253 This patch changes configure.in and Makefile.am so that 254 ldap.conf gets installed in the place and with the name 255 that is given to the configure option --with-ldap-conf-file. 256 In addition to that it fixes a long standing bug in 257 Makefile.am that tries to install a file before the 258 destination directory is guaranteed to be created (hunk #3), 259 and uses $(mkinstalldirs) for AIX (hunk #2). 260 261 238 Luke Howard <lukeh@padl.com> 262 263 * more manual page updates 264 265 237 Luke Howard <lukeh@padl.com> 266 267 * more manual page updates 268 269 236 Luke Howard <lukeh@padl.com> 270 271 * fix for BUG#201: typo in ldap-schema.c causing build 272 to fail 273 * add manual page for nss_ldap 274 275 235 Luke Howard <lukeh@padl.com> 276 277 * fix for BUG#198: make pagesize configurable 278 * fix for BUG#199: correct fix for BUG#138 279 (blind last char remove in ldap.secret) 280 281 234 Luke Howard <lukeh@padl.com> 282 283 * don't reacquire global lock in do_next_page() 284 * restore old "bind_policy hard" behaviour (don't try to 285 reconnect if initialization failed). The behaviour 286 introduced in nss_ldap-227 can be enabled with 287 "bind_policy hard_init". 288 289 233 Luke Howard <lukeh@padl.com> 290 291 * if do_open() returns NSS_UNAVAIL, don't try to do 292 server reconnect; only do it if NSS_TRYAGAIN is returned 293 This should fix the problems introduced by the fixes in 294 nss_ldap-227 (delayed binding) 295 296 232 Luke Howard <lukeh@padl.com> 297 298 * fix for BUG#138 (blind last char remove in ldap.secret) 299 300 230 Luke Howard <lukeh@padl.com> 301 302 * don't free gss_krb5_ccache_name() output (Heimdal) 303 304 229 Luke Howard <lukeh@padl.com> 305 306 * more debugging in initgroups and _nss_ldap_getentry() 307 * fix _nss_ldap_getentry() enumeration behaviour, and 308 optimize by not searching if the requested attribute 309 cannot be mapped 310 311 228 Luke Howard <lukeh@padl.com> 312 313 * fix for BUG#188: better documentation for OpenLDAP 314 SSL options 315 * fix for BUG#189: do not configure tls_checkpeer 316 unless it is explicitly specifier in ldap.conf 317 * fix for BUG#190: set ls_state to LS_UNINITIALIZED 318 after fork 319 320 227 Luke Howard <lukeh@padl.com> 321 322 * separate initializing LDAP session with actually 323 connecting to the DSA, so that we don't try to 324 bind until we actually need to search (which allows 325 the retry logic in the search function to also apply 326 to binding). NB: this will only provide improved 327 behaviour for LDAP client libraries that support 328 ldap_init() or ldap_initialize() rather than ldap_open 329 * fix for BUG#183: support pw_change and pw_expire 330 on BSD 331 * fix for BUG#187: NSS_BUFLEN_DEFAULT causing problems 332 on IRS platforms 333 * fix for glibc 2.1 from Alexander Spannagel 334 335 226 Luke Howard <lukeh@padl.com> 336 337 * make LDAP_NSS_NGROUPS configurable with 338 --with-ngroups (experts only) option 339 340 225 Luke Howard <lukeh@padl.com> 341 342 * make LDAP_NSS_NGROUPS 64 - better choice for 343 small directories 344 345 224 Luke Howard <lukeh@padl.com> 346 347 * don't double-free on realloc() failure in 348 do_parse_group_members() 349 * don't pass LDAP session as an argument, as 350 it may refer to a stale LDAP handle. If this 351 does not work we will need to replace LDAPMessage 352 pointers with pointers to a structure that 353 contains a reference-counted LDAP handle as well 354 as the message 355 * fix crasher when internal group membership 356 buffer was reallocated (introduced with nested 357 group expansion code) 358 * immediately return NSS_TRYAGAIN and errno=ERANGE 359 if there is not enough buffer space to handle 360 LDAP_NSS_NGROUPS groups; this prevents getgrXXX() 361 from expensive repeated directory searches when 362 there is a priori knowledge that group memberships 363 are large 364 365 223 Luke Howard <lukeh@padl.com> 366 367 * allow empty lines in /etc/ldap.conf 368 * do loop detection in nested groups 369 * fixes for building with IRS on FreeBSD 4.10 370 371 222 Luke Howard <lukeh@padl.com> 372 373 * fix deadlock in _nss_ldap_getentry() 374 * support more AIX usersec attributes 375 * more AIX porting fixes 376 * support Heimdal as well as MIT Kerberos 377 378 221 Luke Howard <lukeh@padl.com> 379 380 * AIX fix from <carlos.celso@embraer.com.br> 381 Recall #169033 382 * support for expansion of nested RFC2307bis groups 383 * support for searching using range retrieval 384 * fix memory leak with private contexts 385 * fix memory leak in do_result() 386 * implement _nss_ldap_getentry for AIX enumeration 387 * implement netgroups for IRS/AIX 388 * remove dependency on Berkeley DB - schema mapping 389 and RFC2307bis no longer requires DB 390 * remove old NeXT cruft in resolve.c 391 392 220 Luke Howard <lukeh@padl.com> 393 394 * fix for BUG#169: getntohost() on Solaris 395 * fix for BUG#170: _nss_ldap_getgroupsbymember_r fails 396 to return all groups when NSCD is running and 397 attribute mapping is enabled on Solaris 398 * fix for BUG#173: reinstate use of sigaction() 399 (XXX what is the correct fix here?) 400 * fix for BUG#174: innetgr() depth checking 401 402 218 Luke Howard <lukeh@padl.com> 403 404 * fix for BUG#168: set errnop to ENOENT if not found 405 * check for -lgssapi before -lgssapi_krb5 406 407 217 Luke Howard <lukeh@padl.com> 408 409 * fix for BUG#167: compilation fails on Solaris 410 411 216 Luke Howard <lukeh@padl.com> 412 413 * patch from Thorsten Kukuk to avoid overwriting 414 sockaddr storage for IPv6; use struct 415 sockaddr_storage if available 416 * fix for BUG#153: use asynchronous search API 417 in initgroups() 418 * fix for BUG#157: check for __pthread_once rather 419 than __pthread_atfork on glibc, as the latter is 420 no longer exported 421 * fix for BUG#158: escape netgroup search filters 422 correctly 423 * fix for BUG#161: remove redundant lock in 424 _nss_ldap_innetgr() 425 * fix for BUG#164: set schema element array size 426 to LM_NONE + 1 not LM_NONE 427 * fix for BUG#165: make _nss_ldap_result() private 428 * fix for BUG#166: chase all nested netgroups in 429 innetgr() 430 * fix deadlock if getXXXent() called without first 431 calling setXXXent() 432 * only request gidNumber attribute when initgroups() 433 (avoids sending back rest of a group's entry) 434 * don't request any attributes when mapping a user 435 to a DN (we want the DN only) 436 437 215 Luke Howard <lukeh@padl.com> 438 439 * choose between using native GSS-API and putenv() 440 for setting ccache path 441 * per-map attribute mapping for attributes that 442 appear in multiple maps 443 444 214 Luke Howard <lukeh@padl.com> 445 446 * define LDAP_DEPRECATED for compiling against 447 OpenLDAP 2.2 448 449 213 Luke Howard <lukeh@padl.com> 450 451 * fix netgroup compilation error when debugging is 452 enabled 453 * support GSS-API for setting ccache name 454 * initgroups() should require user to be a POSIX 455 account 456 * define LOGNAME_MAX for HP-UX 457 * do not use sigprocmask() - this blocks rather 458 than disabling signals 459 * SASL version check fix from Howard Chu 460 461 212 Luke Howard <lukeh@padl.com> 462 463 * Solaris netgroup support test release 464 * fix crasher in do_sasl_interact() 465 * do_sasl_interact() needs to strdup() result for 466 Cyrus SASL 1.x but not 2.x 467 * merge in LDAP debug patch from Howard Chu 468 * try alternate search descriptors on NSS_NOTFOUND 469 as well as NSS_SUCCESS 470 471 211 Luke Howard <lukeh@padl.com> 472 473 * do AT_OC_MAP cache initialization at config init 474 * BSD build fixes 475 * replace [h]errno2nssstat lookup tables with switch 476 statement; should help building on AIX! 477 478 210 Luke Howard <lukeh@padl.com> 479 480 * initialize DBT structures 481 * fix SASL crasher 482 483 209 Luke Howard <lukeh@padl.com> 484 485 * fix SASL breakage 486 487 208 Luke Howard <lukeh@padl.com> 488 489 * use socklen_t not int 490 * remove OpenLDAP SASL code 491 * incorporated patches from (see below) Geert Jansen 492 * add the "sasl_secprops" option to configure SASL 493 security layers (usage as for OpenLDAP ldap.conf) 494 * add the "krb5_ccname" option to specify the 495 location of the Kerberos ticket cache 496 (requires --enable-configurable-krb5-ccname for 497 now as it is a fairly coarse solution to a lack 498 of appropriate API in the Kerberos libraries) 499 * add support for native Active Directory password 500 policy attributes (enabled if shadowLastChange is 501 mapped to pwdLastSet) 502 * add "nss_override_attribute_value" and 503 "nss_default_attribute_value" keywords for over- 504 riding and setting default attribute values, 505 respectively 506 507 207 Luke Howard <lukeh@padl.com> 508 509 * work without LDAP_OPT_X_TLS_RANDOM_FILE 510 * fix schema mapping regression from nss_ldap-205; 511 attribute mapping now works again 512 513 205 Luke Howard <lukeh@padl.com> 514 515 * build with Sleepycat DB without db185 compat layer 516 (tested with 4.x; needs testing on 3.x) 517 518 204 Luke Howard <lukeh@padl.com> 519 520 * Linux netgroup implementation from Larry Lile 521 * Multiple service search descriptor support from 522 Symas 523 * IPv6 patch from Thorsten Kukuk at SuSE 524 525 203 Luke Howard <lukeh@padl.com> 526 527 * fix for BUG#115 528 * fix for BUG#121 529 530 202 Luke Howard <lukeh@padl.com> 531 532 * getsockname() fixes from Howard Chu 533 * configuration parser crasher fix 534 535 201 Luke Howard <lukeh@padl.com> 536 537 * Berkeley DB fixes from Howard Chu 538 * Netscape client library build fix 539 540 200 Luke Howard <lukeh@padl.com> 541 542 * use sigprocmask() if available to block SIGPIPE 543 * fix build breakage with OpenLDAP HEAD 544 545 199 Luke Howard <lukeh@padl.com> 546 547 * HP-UX port 548 * BUG#111: incorrect debugging statement in 549 _nss_ldap_enter() 550 * export required symbols only on Linux 551 * corrected symbol names for glibc alias enumeration 552 functions 553 * the DNS response parser doesn't stop after parsing the 554 right number of records, and doesn't handle long responses 555 (Nalin at RedHat) 556 557 198 Luke Howard <lukeh@padl.com> 558 559 * BUG#108: fix potential buffer overflow in dnsconfig.c 560 (could be triggered if no flat file configuration 561 for nss_ldap and large DNS SRV data for domain; 562 because nss_ldap in SRV mode trusts DNS we do 563 not believe this to be exploitable to elevate 564 privilege in the default configuration) 565 * do not malloc() configuration structure; use 566 buffer 567 568 197 Luke Howard <lukeh@padl.com> 569 570 * improved AIX documentation from Dejan Muhamedagic 571 * define LDAP_OPT_SSL for Solaris 9 572 573 196 Luke Howard <lukeh@padl.com> 574 575 * return NSS_TRYAGAIN not NSS_NOTFOUND for insufficient 576 buffer space in dn2uid_cache_get() 577 * support automake 1.5 and friends 578 * out of box build on AIX 4.3.3 579 * fixed BUG#104: do_ssl_options() return code ignored 580 581 195 Luke Howard <lukeh@padl.com> 582 583 * fixed BUG#98: large groups cause buffer length 584 wraparound with rfc2307bis 585 586 194 Luke Howard <lukeh@padl.com> 587 588 * bugfix for Debian Bug report #147553: lack of global 589 mutex use in initgroups() 590 591 193 Luke Howard <lukeh@padl.com> 592 593 * support for PADL GSS-SASL client library 594 595 192 Luke Howard <lukeh@padl.com> 596 597 * more carefully compare cached socket and peer 598 addresses 599 600 191 Luke Howard <lukeh@padl.com> 601 602 * added configurable [hard|soft] reconnect, see the 603 bind_policy parameter in ldap.conf. 604 605 190 Luke Howard <lukeh@padl.com> 606 607 * check for Netscape 4 SDK without SSL; don't require 608 pthreads for these 609 610 189 Luke Howard <lukeh@padl.com> 611 612 * patch for building on OpenLDAP 1.x from Nalin 613 at RedHat 614 615 188 Luke Howard <lukeh@padl.com> 616 617 * specify runtime path for LDAP library correctly to 618 native Solaris linker 619 * check for gcc correctly 620 * use native linker on Solaris and AIX 621 622 187 Luke Howard <lukeh@padl.com> 623 624 * make bogusSd in ldap-nss.c conditional on 625 !HAVE_LDAP_LD_FREE 626 * merge in paged result support from Max Caines 627 * bugfixes for Debian Bug report #140854 628 629 186 Luke Howard <lukeh@padl.com> 630 631 * incorporated patch for Debian Bug report #140854, 632 where nss_ldap could in some cases close a 633 descriptor it did not own. Patch was provided 634 by Luca Filipozzi. 635 636 185 Luke Howard <lukeh@padl.com> 637 638 * updated copyrights 639 * fix for BUG#82: set close on exec (Debian bug 136953) 640 641 184 Luke Howard <lukeh@padl.com> 642 643 * return NSS_TRYAGAIN if no buffer space in ldap-grp.c 644 645 183 Luke Howard <lukeh@padl.com> 646 647 * return error strings in AIX authentication routine 648 * initialise schema in getgroupsbymember() 649 * fix for tls_checkpeer; pass NULL session in to 650 set global option 651 * BUG#77: configurable config file locations 652 653 181 Luke Howard <lukeh@padl.com> 654 655 * ignore SIGPIPE whilst inside nss_ldap library routines 656 to prevent crashing on down LDAP server; possible fix 657 for Debian bug 130006 658 * removed --enable-no-so-keepalive; always try to 659 disable SO_KEEPALIVE on underlying socket to LDAP 660 server 661 * include local copy of irs.h under AIX 662 * general cleanup of locking code 663 * _nss_ldap_no_members appears to only need defining for 664 when RFC2307bis is enabled 665 666 180 Luke Howard <lukeh@padl.com> 667 668 * pull in libpthreads on AIX 669 670 179 Luke Howard <lukeh@padl.com> 671 672 * a couple more patches for AIX 673 674 178 Luke Howard <lukeh@padl.com> 675 676 * patch from Gabor Gombas for AIX support 677 * Makefile.am: sasl.o needed by NSS_LDAP 678 * aix_authmeth.c: method_passwordexpired is 679 really method_passwdexpired; but since the struct 680 was bzero()ed no need to set it to NULL 681 * configure.in: support both gcc and xlc_r 682 * exports.aix: sv_byport was not exported 683 * ldap-grp.c: getgrset() returned group names instead of 684 gid numbers 685 686 177 Luke Howard <lukeh@padl.com> 687 688 * patch for building on AIX from IBM 689 * added simple authentication support for AIX 690 * cleaned up SASL patch to not break if Cyrus 691 SASL is not installed 692 693 176 Luke Howard <lukeh@padl.com> 694 695 * fixed bug in SASL patch which had required 696 OpenLDAP headers 697 698 175 Luke Howard <lukeh@padl.com> 699 700 * incorporated GSS-API SASL patches 701 * rebind to server on LDAP_LOCAL_ERROR 702 703 174 Luke Howard <lukeh@padl.com> 704 705 * added patches from Maxim Batourine for compiling 706 with Sun workshop compiler 707 * added notes re: 64-bit compile on Solaris from 708 above source 709 710 173 Luke Howard <lukeh@padl.com> 711 712 * notes on IRS in doc/README.IRS 713 * added irs.h for AIX compat 714 * patch from Bob Guo for stripping trailing 715 spaces in ldap.conf. 716 717 172 Luke Howard <lukeh@padl.com> 718 719 * fixed schema mapping bug by storing a copy of the 720 mapped schema in the Berkeley DB rather than the 721 element itself. Because the DB library returns 722 static storage, this was causing problems where 723 the schema mapping calls were used to build the 724 attribute table in ldap-schema.c. This bugfix was 725 sponsored by n2h2.com; thanks! 726 727 171 Luke Howard <lukeh@padl.com> 728 729 * added ldap.conf stanza for AIX 730 * workaround for schema mapping bug. 731 732 170 Luke Howard <lukeh@padl.com> 733 734 * use _nss_ldap_getrdnvalue() for determining canonical 735 group name 736 737 169 Luke Howard <lukeh@padl.com> 738 739 * fixed typo in ldap-service.c; prefix filters now 740 with _nss_ldap 741 742 168 Luke Howard <lukeh@padl.com> 743 744 * initialize old_handler to SIG_DFL 745 * incorporate Stephan Cremer's mapping patches, 746 a big thanks to Stephan for these! 747 * use LDAP_OPT_NETWORK_TIMEOUT if available for 748 network connect timeout 749 * removed hard-coded schema mapping for 750 authPassword, NDS and MSSFU 751 752 167 Luke Howard <lukeh@padl.com> 753 754 * support for new OpenLDAP rebind proc prototype 755 * in rebind function, respect timeout 756 * fix for PADL Release Control 757 758 166 Luke Howard <lukeh@padl.com> 759 760 * corrected small typos 761 762 165 Luke Howard <lukeh@padl.com> 763 764 * posixMember is a distinguished name, don't pretend it 765 is a login name 766 * cleaned up code referencing different member syntaxes 767 768 164 Luke Howard <lukeh@padl.com> 769 770 * removed IDS_UID code, never worked properly 771 772 163 Luke Howard <lukeh@padl.com> 773 774 * removed context_free function, usage confusing 775 776 162 Luke Howard <lukeh@padl.com> 777 778 * in reconnect harness, do not treat entry not found 779 errors as requiring a reconnect 780 781 161 Luke Howard <lukeh@padl.com> 782 783 * hopefully fixed use of synchronous searches in 784 _nss_ldap_getbyname() 785 786 160 Luke Howard <lukeh@padl.com> 787 788 * patch from RedHat to check for DB3, override 789 install user/group optionally 790 * use synchoronous searches for _nss_ldap_getbyname() 791 * only set SSL options if we have values for those 792 options 793 794 159 Luke Howard <lukeh@padl.com> 795 796 * make do_ssl_options() take a config parameter; 797 avoid segfault with SSL? 798 799 158 Luke Howard <lukeh@padl.com> 800 801 * in the distinguished name to login cache (dn2uid) 802 make sure we use the AT(uid) macro for the uid 803 attribute rather than the hard-coded value of "uid" 804 This should enable the cache for MSSFU support. 805 806 157 Luke Howard <lukeh@padl.com> 807 808 * for MSSFU, use posixMember for group memberships 809 rather than member (reported by Andy Rechenberg) 810 * ignore SIGPIPE before calling do_close() for 811 idle_timeout 812 813 156 Luke Howard <lukeh@padl.com> 814 815 * logic was around the wrong way in do_search(), 816 all searches were broken! 817 * --disable-ssl option for configure 818 * removed "Obsoletes: pam_ldap" from spec file 819 820 155 Luke Howard <lukeh@padl.com> 821 822 * do not use private API when setting OpenLDAP TLS 823 options (do_ssl_options()) 824 825 154 Luke Howard <lukeh@padl.com> 826 827 * notes from Scott M. Stone <sstone@foo3.com> 828 * idle timeout patch from Steve Barrus 829 830 153 Luke Howard <lukeh@padl.com> 831 832 * SSL fix 833 834 152 Luke Howard <lukeh@padl.com> 835 836 * further patch from Jarkko for TLS/SSL auth: 837 support for LDAPS/cipher suite selection/ 838 client key/cert authentication 839 840 151 Luke Howard <lukeh@padl.com> 841 842 * patch from Andrew Rechenberg for Active 843 Directory schema support 844 * patch from Jarkko Turkulainen <jt@wapit.com> for 845 peer certificate support with OpenLDAP 846 847 150 Luke Howard <lukeh@padl.com> 848 849 * patch from Anselm Kruis for URI support 850 851 149 Luke Howard <lukeh@padl.com> 852 853 * fixed compile on Solaris, broken in 145 by 854 malformed Linux patch 855 856 148 Luke Howard <lukeh@padl.com> 857 858 * check for HAVE_LDAP_SET_OPTION always 859 860 147 Luke Howard <lukeh@padl.com> 861 862 * check for ldap_set_option(), as LDAP_OPT_REFERRALS 863 is defined for OpenLDAP 1.x but without the 864 ldap_set_option() function 865 866 146 Luke Howard <lukeh@padl.com> 867 868 * mass reindentation, GNU style 869 * patch from Simon Wilkinson <sxw@sxw.org.uk> 870 for compatibility with old initgroups entry 871 point 872 * request authPassword attribute if 873 --enable-authpassword 874 * authPassword support in ldap-spwd.c (shadow) 875 876 145 Luke Howard <lukeh@padl.com> 877 878 * preliminary support for authPassword attribute 879 * updated COPYING 880 * patch from Szymon Juraszczyk to suppot 881 _nss_ldap_initgroups_dyn prototype 882 883 144 Luke Howard <lukeh@padl.com> 884 885 * when specifying filters with nss_base_XXX, 886 only escape the filter argument not the entire 887 filter 888 889 143 Luke Howard <lukeh@padl.com> 890 891 * patch from nalin@redhat.com to avoid 892 corrupting the heap when the configuration 893 file exists but has no host and base values. 894 _nss_ldap_readconfigfromdns() will write to 895 the region which was already freed. 896 897 142 Luke Howard <lukeh@padl.com> 898 899 * patch from Simon Wilkinson <sxw@sxw.org.uk> 900 for memory leak in ldap-service.c 901 902 141 Luke Howard <lukeh@padl.com> 903 904 * fix for BUG#54 (AIX detection broken) 905 * use -rpath on all platforms except Solaris, 906 not just Linux 907 908 140 Luke Howard <lukeh@padl.com> 909 910 * fix configure bug for DISABLE_SO_KEEPALIVE 911 * fix alignment bug in util.c; this was causing 912 Solaris to crash whenever per-map search 913 descriptors were specified in ldap.conf 914 915 139 Luke Howard <lukeh@padl.com> 916 917 * updated INSTALL file with boilerplate 918 * fixed pointer error in ldap-nss.c 919 920 138 Luke Howard <lukeh@padl.com> 921 922 * close config file FILE * if out of buffer space 923 for parsing search descriptor 924 * fixed bug where non-recognized directives in 925 ldap.conf would cause the configuration file to 926 not be parsed at all, if they were the last 927 entries in the config file. 928 929 137.1 Luke Howard <lukeh@padl.com> 930 931 * patch from nalin@redhat.com; return { NULL } not 932 NULL for no group members 933 * cleaned up usage of libc-lock.h weak aliases 934 to pthreads API; use in ltf.c also 935 * use __libc_atfork() or pthread_atfork() to 936 close off connection on fork, rather than 937 checking PIDs; this is expensive and breaks 938 on Linux where each thread may have a 939 different PID. 940 941 137 Gabor Gombas <gombasg@inf.elte.hu> 942 943 * build nss_ldap as a loadable module on AIX 944 * doco on AIX 945 946 136 Luke Howard <lukeh@padl.com> 947 948 * define -DPIC for FreeBSD 949 * link with -shared not --shared 950 * fixes for AIX 951 952 135 Luke Howard <lukeh@padl.com> 953 954 * merged ldap.conf 955 * fixed bug in concatenating relative search 956 bases in ldap-nss.c (profile support) 957 958 134 Luke Howard <lukeh@padl.com> 959 960 * fixed Makefile.am 961 * reordered DB search order in util.c 962 963 133 Luke Howard <lukeh@padl.com> 964 965 * make /usr/lib directory in Makefile.am 966 * new spec file from Joe Little 967 968 132 Luke Howard <lukeh@padl.com> 969 970 * fixed rebind preprocessor logic 971 972 131 Luke Howard <lukeh@padl.com> 973 974 * created files for automake happiness 975 976 130 Luke Howard <lukeh@padl.com> 977 978 * fixed typo preventing build with Netscape 979 client library 980 981 129 Luke Howard <lukeh@padl.com> 982 983 * updated version number 984 * fixed build bug on Solaris 985 986 128 Luke Howard <lukeh@padl.com> 987 988 * fixed logic bug in util.c introduced in 989 nss_ldap-127 990 991 127 Luke Howard <lukeh@padl.com> 992 993 * updating copyright notices 994 * autoconf support; IRIX and OSF/1 support has 995 been dropped (dl-*.[ch]) as no one really 996 used this, the implementation was a hack, 997 and these operating systems have their 998 own LDAP implementations now 999 * added support for "referrals" and "restart" 1000 options to ldap.conf 1001 * use OpenLDAP 2.x rebind proc with correct 1002 arguments 1003 * added "timelimit" and "bind_timelimit" 1004 directives to ldap.conf 1005 * fixed bug with dereferencing aliases 1006 * preliminary support for profiles; recognise 1007 profile semantics in ldap-nss.c/util.c 1008 * parity with pam_ldap; "ssl" directive in 1009 ldap.conf can now specify "yes" or 1010 "start_tls" for Start TLS 1011 * hopefully fixed Berkeley DB include 1012 mess in util.c 1013 * fixed potential buffer overflow in util.c 1014 * default to LDAP protocol version 3 1015 * fixed leaks in util.c, dnsconfig.c 1016 * accept on/yes/true for boolean configuration 1017 values 1018 * tested building on FreeBSD, Solaris 8, Linux 1019 * tested functionality on RedHat 6.2 1020 1021 126 Luke Howard <lukeh@padl.com> 1022 1023 125 Luke Howard <lukeh@padl.com> 1024 1025 * fixed up Linux Makefiles to build libnss_ldap 1026 1027 124 Luke Howard <lukeh@padl.com> 1028 1029 * patch from nalin@redhat.com for StartTLS 1030 * fixed up indenting 1031 1032 123 Luke Howard <lukeh@padl.com> 1033 1034 * rolled in BUG#52 branch with fixes for AIX 1035 1036 122.BZ52.2 Luke Howard <lukeh@padl.com> 1037 1038 * included ldap-schema.c; omitted from previous 1039 checkpoint 1040 1041 122.BZ52.1 Luke Howard <lukeh@padl.com> 1042 1043 * preliminary fix for BUG#52 (support for different 1044 naming contexts for each map) 1045 * fixed bug in enumerating services map 1046 1047 122 Luke Howard <lukeh@padl.com> 1048 1049 * fixed BUG#50 (check return value of ldap_simple_bind()) 1050 1051 121 Luke Howard <lukeh@padl.com> 1052 1053 * fixed BUG#49 (fix acknowledged race condition) 1054 1055 120 Luke Howard <lukeh@padl.com> 1056 1057 * added Makefile.aix and exports.aix (forgot) 1058 1059 119 Luke Howard <lukeh@padl.com> 1060 1061 * patch from Gabor Gombas <gombasg@inf.elte.hu> 1062 to support AIX implementation of BIND IRS 1063 1064 118 Luke Howard <lukeh@padl.com> 1065 1066 * Makefile.RPM.openldap2 from Joe Little 1067 1068 117 Luke Howard <lukeh@padl.com> 1069 1070 * permanently ignore SIGPIPE when using SSL. This 1071 bug should be fixed properly. 1072 1073 116 Luke Howard <lukeh@padl.com> 1074 1075 * added irs-nss.diff and README.IRS from Emile 1076 Heitor 1077 1078 115 Luke Howard <lukeh@padl.com> 1079 1080 * fixed filter escaping 1081 * call ldapssl_client_init() once only 1082 * include db_185.h not db.h for dn2uid cache 1083 * fixes for FreeBSD (IRS) support from Emile 1084 Heitor 1085 1086 113 Luke Howard <lukeh@padl.com> 1087 1088 * patch from Ben Collins to escape '*' in filters 1089 1090 110 Luke Howrad <lukeh@padl.com> 1091 1092 * patch from Phlilip Liu for async binds 1093 1094 109 Luke Howard <lukeh@padl.com> 1095 1096 * omit socket check for -DSSL; it doesn't work 1097 * updated CONTRIBUTORS 1098 * updated README re HAVE_LDAP_LD_FREE 1099 1100 108 Luke Howard <lukeh@padl.com> 1101 1102 * included "deref" option in /etc/ldap.conf, compatible 1103 with OpenLDAP syntax. Patch from Michael Mattice. 1104 1105 107 Luke Howard <lukeh@padl.com> 1106 1107 * fixed argument to _nss_ldap_getent() in ldap-ethers.c 1108 1109 106.2 Luke Howard <lukeh@padl.com> 1110 1111 * if root, use rootbinddn/rootbindpw in rebind proc 1112 * include objectClass in pwd required attributes 1113 1114 106.1 Luke Howard <lukeh@padl.com> 1115 1116 * if user is a shadowAccount, then don't return password 1117 in getpwent(), getpwuid() or getpwnam() 1118 * incorporated patch (from Doug Nazar): 1119 * allow getgrent() to be called without setgrent(); 1120 note arguments to _nss_ldap_getent() have changed. 1121 * return NSS_NOTFOUND instead of NSS_UNAVAIL at the 1122 end of a search 1123 * initialize len for getpeername() 1124 1125 105 Luke Howard <lukeh@padl.com> 1126 1127 * incorporated patch for deadlock under Solaris (from 1128 Dave Begley) 1129 1130 104 Luke Howard <lukeh@padl.com> 1131 1132 * new spec file 1133 1134 103 Luke Howard <lukeh@padl.com> 1135 1136 * don't call ldap_parse_result() with V2 API 1137 1138 102 Luke Howard <lukeh@padl.com> 1139 1140 * added defines for LDAP_MSG_ONE et al if not in ldap.h 1141 * removed LDAP_MORE_RESULTS_TO_RETURN test 1142 1143 101 Luke Howard <lukeh@padl.com> 1144 1145 * fixed spec file 1146 1147 100 Luke Howard <lukeh@padl.com> 1148 1149 * support for asynchronous search API! 1150 * added some contributors 1151 * notes about ldap_ld_free() 1152 * merged in ChangeLog 1153 1154 99 Luke Howard <lukeh@padl.com> 1155 1156 * added some netgroup implementation tips 1157 * do_close_no_unbind() cleanup 1158 1159 98 Luke Howard <lukeh@padl.com> 1160 1161 * /etc/nss_ldap.secret -> /etc/ldap.secret (sorry, 1162 Doug!) 1163 * deleted crypt-mechanism code. Junk. 1164 * fixed call to _nss_ldap_read() after changing 1165 prototypes in nss_ldap-88 1166 1167 97 Luke Howard <lukeh@padl.com> 1168 1169 * #ifndef HAVE_LDAP_LD_FREE, still call ldap_unbind(), 1170 but having closed the descriptor. 1171 1172 96 Luke Howard <lukeh@padl.com> 1173 1174 * re-orged 1175 1176 95 Luke Howard <lukeh@padl.com> 1177 1178 * disable SO_KEEPALIVE on socket rather than blocking 1179 SIGPIPE. Need to figure out the right way to do this. 1180 1181 94 Luke Howard <lukeh@padl.com> 1182 1183 * committed some changes for the parent/child close 1184 problem. It relies on internal libldap APIs so 1185 it may be non-portable but should work with OpenLDAP 1186 and Netscape client libraries, and perhaps most UMich- 1187 derived client libraries. There's a possible workaround 1188 for client libraries without this; undefine 1189 HAVE_LDAP_LD_FREE to test this. 1190 1191 93 Luke Howard <lukeh@padl.com> 1192 1193 * important fix: make sure return status is reset 1194 after do_open() == NSS_SUCCESS, just in case 1195 no entries are returned. This bug was introduced 1196 in nss_ldap-88 and could potentially cause a 1197 security hole. 1198 1199 92 Luke Howard <lukeh@padl.com> 1200 1201 * signal handling fix: don't restore handler 1202 unnecessarily. 1203 * don't open nss_ldap.secret unless a root pw 1204 is specified in ldap.conf 1205 1206 91 Luke Howard <lukeh@padl.com> 1207 1208 * reorganized SIGPIPE blocking code 1209 * added SSL support 1210 1211 90 Luke Howard <lukeh@padl.com> 1212 1213 * only reconnect if we've changed to/from root 1214 1215 89 Luke Howard <lukeh@padl.com> 1216 1217 * cleaned up a few things 1218 1219 88 Luke Howard <lukeh@padl.com> 1220 1221 * added breaks to switch in _nss_ldap_lookup 1222 (thanks to Nathan.Hawkins@FMR.COM for pointing 1223 this out) 1224 * save signal handler and ignore SIGPIPE for 1225 appropriate sections of do_open() and confirm 1226 connection is still active (patch from 1227 rpatel@globix.com) 1228 * allow root users to bind as a different user, 1229 to provide quasi-shadow password support (patch 1230 from nazard@dragoninc.on.ca) 1231 * under Linux, make Makefile look at last libc 1232 version (patch from nazard@dragoninc.on.ca) 1233 * never clobber nsswitch.ldap/ldap.conf when 1234 making install (patch from nazard@dragoninc.on.ca) 1235 * change do_open() to not unbind the parent ldap 1236 connection when the pid changes but simply open a 1237 new connection (patch from nazard@dragoninc.on.ca) 1238 * changed _nss_ldap_lookup() and _nss_ldap_read() 1239 prototypes to return NSS_STATUS error codes, 1240 so that NSS_UNAVAIL percolates as appropriate. 1241 1242 87 Luke Howard <lukeh@padl.com> 1243 1244 * fixed looking up DN-membered groups by member. Thanks 1245 to Jeff Mandel for spotting this hard to find bug. 1246 1247 86 Luke Howard <lukeh@padl.com> 1248 1249 * member for NDS vs uniqueMember (needs further 1250 investigation; -DNDS) 1251 1252 85 Luke Howard <lukeh@padl.com> 1253 1254 * check non-NULLity of userdn before freeing 1255 * use AT(uid) for groupsbymember filter 1256 1257 84 Luke Howard <lukeh@padl.com> 1258 1259 * implemented _nss_ldap_initgroups() 1260 1261 81 Luke Howard <lukeh@padl.com> 1262 1263 * removed extraneous do_sleep() code 1264 * updated spec file 1265 1266 80 Luke Howard <lukeh@padl.com> 1267 1268 * (really 2.80) changed version number a la Solaris 7! 1269 * cleaned up schema stuff into ldap-schema.h 1270 1271 2.79 Luke Howard <lukeh@padl.com> 1272 1273 * implemented exponential backoff reconnect logic 1274 1275 2.78 Luke Howard <lukeh@padl.com> 1276 1277 * removed ldap.conf.ragenet from lineup 1278 * removed spurious do_close() 1279 1280 2.76 Luke Howard <lukeh@padl.com> 1281 1282 * added -lresolv to Solaris makefiles 1283 1284 2.75 Luke Howard <lukeh@padl.com> 1285 1286 * incorporated RPM patches from stein@terminator.net 1287 1288 2.72 Luke Howard <lukeh@padl.com> 1289 1290 * implemented getgroupsbymember() for Solaris. 1291 Supplementary groups should be initialized now. 1292 (NB: doesn't appear to be quite working for 1293 RFC2307bis yet.) 1294 * GNU indent-ified 1295 1296 2.71 Luke Howard <lukeh@padl.com> 1297 1298 * removed -DDEBUG as default build flag 1299 1300 2.70 Luke Howard <lukeh@padl.com> 1301 1302 * put /usr/ucblib back into linker search path for 1303 Solaris. 1304 1305 2.69 Luke Howard <lukeh@padl.com> 1306 1307 * added timeout, unavailable, and server busy 1308 conditions to rebind logic 1309 * indent -gnu all source files 1310 1311 2.68 Luke Howard <lukeh@padl.com> 1312 1313 * mods for glibc 2.1 (__set_errno is obselete it seems) 1314 1315 2.65 Luke Howard <lukeh@padl.com> 1316 1317 * mods to compile with OpenLDAP 2 1318 1319 2.64 Luke Howard <lukeh@padl.com> 1320 1321 * changed alias schema to Sun SDS nisMailAlias schema 1322 * updated TODO list to reflect Bugzilla entries 1323 * restored capitalization of attributes for "niceness" 1324 1325 2.63 Luke Howard <lukeh@padl.com> 1326 1327 * added patch from gero@faveve.uni-stuttgart.de for 1328 parsing of ldap.conf with tabs 1329 * some fixes for BSDI BSD/OS IRS 1330 1331 2.62 Luke Howard <lukeh@padl.com> 1332 1333 * added experimental support for DN-membered groups; 1334 to enable, define RFC2307BIS 1335 * fixed align bug (where buflen wasn't being 1336 decremented after pointer alignment) 1337 1338 2.61 Luke Howard <lukeh@padl.com> 1339 1340 * added warning about compiling with DS 4.1 LDAP SDK 1341 1342 2.60 Luke Howard <lukeh@padl.com> 1343 1344 * fixed missing close brace 1345 1346 2.59 Luke Howard <lukeh@padl.com> 1347 1348 * pw_comment field defaults to pw_gecos (Solaris only) 1349 1350 2.56 Luke Howard <lukeh@padl.com> 1351 1352 * fixed Makefile.linux.mozilla NSSLIBVER 1353 1354 2.55 Luke Howard <lukeh@padl.com> 1355 1356 * merged in glibc-2.1 branch 1357 1358 2.54.6 Luke Howard <lukeh@padl.com> 1359 1360 * misc fixes. 1361 1362 2.54.5 Luke Howard <lukeh@padl.com> 1363 1364 * misc fixes. 1365 1366 2.54.4 Luke Howard <lukeh@padl.com> 1367 1368 * glibc-2.1 patches from bcollins@debian.org 1369 1370 2.54.3 Luke Howard <lukeh@padl.com> 1371 1372 * glibc-2.1 support. (Recall #93) 1373 * set erange correctly on Solaris (related to above) 1374 1375 2.51 Luke Howaed <lukeh@padl.com> 1376 1377 * added rebind function 1378 1379 2.51 Luke Howard <lukeh@padl.com> 1380 1381 * added stuff for RC 1382 1383 2.49 Luke Howard <lukeh@padl.com> 1384 1385 * configuration file is now case insensitive 1386 1387 2.47 Luke Howard <lukeh@xedoc.com> 1388 1389 * RFC2052BIS (_ldap._tcp) support 1390 1391 2.45 Luke Howard <lukeh@xedoc.com> 1392 1393 * added #include <stdlib.h> to globals.c 1394 1395 2.44 Luke Howard <lukeh@xedoc.com> 1396 1397 * NULL search base allowed (omit basedn from config file) 1398 1399 2.42 Luke Howard <lukeh@xedoc.com> 1400 1401 * fixed potential crasher in dnsconfig.c 1402 * LDAP session is now persistent for performance reasons. 1403 Removed references to the session anywhere outside 1404 ldap-nss.c. The process ID is cached and the session 1405 reopened after a fork(). 1406 1407 2.39 Luke Howard <lukeh@xedoc.com> 1408 1409 * fixed warning in ldap-ethers.c (removed const from 1410 struct ether) 1411 * added ldap_version keyword to ldap.conf for parity with 1412 pam_ldap 1413 1414 2.38 Luke Howard <lukeh@xedoc.com> 1415 1416 * debugged ldap_explode_rdn() code 1417 * added support for Mozilla LDAP client library; see 1418 Makefile.linux.mozilla and ltf.c for more information. 1419 Thanks to Netscape for making their library 1420 available. 1421 1422 2.37 Luke Howard <lukeh@xedoc.com> 1423 1424 * moved to CVS repository and Linux as development 1425 environment 1426 * incorporated ldap-service.c fix from Greg 1427 1428 2.36 Luke Howard <lukeh@xedoc.com> 1429 1430 * util.c: will use ldap_explode_rdn() if it exists 1431 1432 2.35 Luke Howard <lukeh@xedoc.com> 1433 1434 * made util.c compile again. Silly me. 1435 1436 2.34 Luke Howard <lukeh@xedoc.com> 1437 1438 * fixed #endif in testpw.c 1439 * fixed another DN freeing leak in util.c 1440 * added RFC 2307 to distribution (fixed the two 1441 typos in it: 1442 * fixed bug in ...getrdnvalue() (thanks, Greg) 1443 1444 % diff rfc2307.txt ~/rfc2307.txt 1445 480c480 1446 < MUST ( cn $ ipProtocolNumber ) 1447 --- 1448 > MUST ( cn $ ipProtocolNumber $ description ) 1449 1038c1038 1450 < lester:X5/DBrWPOQQaI:10:10:Lester:/home/lester:/bin/csh 1451 --- 1452 > lester:X5/DBrWPOQQaI:10:10:Lester:/home/lester:/bin/sh 1453 1454 2.33 Luke Howard <lukeh@xedoc.com> 1455 1456 * rolled in more patches from greg@rage.net: 1457 * removed _r from setXXXent and endXXXent functions 1458 for GNU_NSS 1459 * cleaned up testpw.c to use pthreads and protos 1460 * fixed prototype for gethostbyaddr_r on GNU_NSS 1461 * braced conditional in getservbyname_r 1462 * merged in Makefile.linux and README.LINUX diffs 1463 * added htons(port) in getservbyport_r 1464 * added nsswitch.test 1465 * added ldaptest.pl 1466 * added ldap.conf.ragenet 1467 1468 2.32 Luke Howard <lukeh@xedoc.com> 1469 1470 * moved Makefile to Makefile.solaris 1471 * cleaned up mutex code for Linux, hopefully 1472 1473 2.31 Luke Howard <lukeh@xedoc.com> 1474 1475 * fixed leak in util.c (need to free dn) 1476 * rolled in patches from greg@rage.net: 1477 * fixed ldap-ethers.c to use struct ether 1478 * fixed bracing in ldap-hosts.c (?) 1479 * added SSLEAY patch to ldap-nss.h 1480 * fixed locking in ldap-nss.h 1481 * Makefile changes incorporated into Makefile.linux 1482 1483 2.30 Luke Howard <lukeh@xedoc.com> 1484 1485 * synced into DevMan repository again 1486 * RFC 2307 is the one! 1487 1488 2.29e Luke Howard <lhoward@apple.com> 1489 1490 * util.c: fixed memory leak (call to ldap_value_free()) 1491 1492 2.29d Luke Howard <lhoward@apple.com> 1493 1494 * ldap-ethers.c: fixed to use HOSTNAME attribute 1495 1496 2.29c Luke Howard <lhoward@apple.com> 1497 1498 * ieee8022Device -> ieee802Device 1499 1500 2.29b Luke Howard <lhoward@apple.com> 1501 1502 * added ieee8022Device and bootableDevice classes, 1503 at Sun's request. 1504 1505 2.29a Luke Howard <lhoward@apple.com> 1506 1507 * dc -> cn 1508 1509 2.29 Luke Howard <lukeh@xedoc.com> 1510 1511 * changed host/network/ethers naming schema 1512 see the -02 draft revision for more info 1513 1514 2.28 Luke Howard <lukeh@xedoc.com> 1515 1516 * ldap-pwd.c, ldap-spwd.c: fixed tmpbuf stuff. Yuck. 1517 1518 2.27 Luke Howard <lukeh@xedoc.com> 1519 1520 * ANNOUNCE: reflected draft-howard-nis-schema-01.txt 1521 * ldap-spwd.c: default for shadow integer values is -1, not 0 1522 and fixed crasher (thanks to dj@gregor.com) 1523 1524 2.26 Luke Howard <lukeh@xedoc.com> 1525 1526 * globals.c: added offset stuff back for mapping errnumbers. 1527 Weird: this stuff *was* in an earlier version of the work 1528 area. I have no idea where it went. Scary. 1529 1530 2.25 Luke Howard <lukeh@xedoc.com> 1531 1532 * irs-nss.h: added prototype for irs_ldap_acc() 1533 * ldap-*.[ch]: removed redundent PARSER macro 1534 * unbroke for GNU NSS (context_key_t changed to context_handle_t) 1535 1536 2.24 Luke Howard <lukeh@xedoc.com> 1537 1538 * irs-nss.c: added dispatch table for IRS library 1539 * testpw5.c: added additional test program 1540 * ldap-nss.c: removed spurious debug statement 1541 * ldap-nss.c, util.c, dnsconfig.c: cleaned up memory 1542 allocation for config. (This could be improved, but 1543 there is no longer a static ldap_config_t structure.) 1544 * Makefile: general cleanup 1545 1546 2.23 Luke Howard <lukeh@xedoc.com> 1547 1548 * default destructor is now simply wrapped around by individual backend 1549 destructors 1550 * __EXTENSIONS__ defined for Solaris 2.6 to import strncasecmp() 1551 * getbyname: fixed crasher in ldap-nss.c due to uninitialized variable 1552 * ldap-parse.h, assorted others: tidied up resolver calls to use 1553 NSS_ARGS() macro and not to interfere with the previous backend's 1554 status (bad thing!) 1555 * ldap-service.c: cleaned up potential uninitialized var in parser 1556 * ldap-nss.c: no valued arrays are now { NULL } instead of NULL. 1557 1558 2.22 Luke Howard <lukeh@xedoc.com> 1559 1560 * testpw.c: XXX problem. dies with segfault, but gdb doesn't give 1561 me enough information; it's definitely within nss_ldap.so though. 1562 I just can't see the symbols. (Maybe dbx would be better...) 1563 However, testpw doesn't work at *all* under 2.5.1, and technically 1564 it shouldn't as it's not linked against liblthread. I haven't been 1565 able to duplicate this with testpw2, which is the same code linked 1566 with the thread library. 1567 * backported to NeXT 1568 1569 2.21 Luke Howard <lukeh@xedoc.com> 1570 1571 * resolve.h: renamed functions so as to keep namespace clean 1572 * snprintf.h: tidied up for systems which already have snprintf() 1573 and renamed anyway to keep namespace clean (_nss_ldap_snprintf) 1574 * ldap-*.h: made character constants const to avoid nasty warnings 1575 * globals.[ch]: as above 1576 * README, TODO, ANNOUNCE: general documentation updates 1577 * ldap-nss.c, et al: general work on Solaris 2.6 port, to get 1578 nscd working. Lots of fiddling with the locking. 1579 * Major architectural changes to Solaris NSS implementation. 1580 Thread specific data is now stored in the backend, where it 1581 should be: just like it is in IRS. Locking is a little more 1582 coarse now, but it will do for the moment. 1583 * Paul Henson's DCE module gave me the inspiration to do the 1584 backend stuff the "right" way -- thanks, Paul! 1585 * As a result, a lot of the bugs listed in TODO have mysteriously 1586 fixed themselves. :-) 1587 1588 2.20 Luke Howard <lukeh@xedoc.com> 1589 1590 * Makefile.*: ensured resolve.[ch] and dnsconfig.[ch] were there. 1591 * Makefile: should link now with gcc -shared instead of requiring 1592 cc. 1593 1594 2.19 Luke Howard <lukeh@xedoc.com> 1595 1596 * testpw4.c: added irs hostbyname() test 1597 * Makefile: added correct flags to build position indepdenent 1598 code with Sun's compiler (thanks, Bill). Added SRV sources. 1599 * testpw.c: works under NeXT, cleaned up a bit. 1600 * ldap.conf: documented what this file does 1601 * util.c: ignore blank lines in ldap.conf properly 1602 * resolve.h: fixed up for Solaris 1603 1604 2.18 Luke Howard <lukeh@xedoc.com> 1605 1606 * ldap-network.c: fixed infinite loop in getnetbyname() 1607 * util.c: goto out causes a compiler warning under Solaris. 1608 Documented this. Should fix this, I suppose, but we need 1609 to break out of two blocks. (We could remove the code that 1610 handles multivalued DNs, as it's fairly unlikely that someone 1611 will use a DN of o=Xedoc+dc=xedoc,c=US+dc=com, but who knows?) 1612 * ldap-ethers.c: line 215, result was not assigned to an 1613 lvalue (should have been args->status, not args). Fixed. 1614 1615 2.17 Luke Howard <lukeh@xedoc.com> 1616 1617 * Cleaned up documentation and testpw4.c 1618 * dnsconfig.c: Fixed strtok() bug which was clobbering domain 1619 1620 2.16 Luke Howard <lukeh@xedoc.com> 1621 1622 * util.c (_nss_ldap_readconfig) fixed strtok() typo 1623 1624 2.15 Luke Howard <lukeh@xedoc.com> 1625 1626 * dnsconfig.c: got DNS SRV support working under NEXTSTEP 1627 * util.c: (_nss_ldap_getdomainname) made host and network DN parsing 1628 compliant with current draft 1629 1630 2.2 - 2.14 Luke Howard <lukeh@xedoc.com> 1631 1632 * I'll get around to merging in the RCS log here one day. 1633 Nothing very exciting happened, I just backported the code to 1634 NEXTSTEP and compiled it. 1635 1636 2.1 Luke Howard <lukeh@xedoc.com> 1637 1638 * merged in old RCS tree (now nss_ldap 0.2) 1639 1640 1.x Luke Howard <lukeh@xedoc.com> 1641 1642 * old RCS repository (corresponds to nss_ldap 0.1) 1643