nss-pam-ldapd-0.9.12.tar.gz: .../ChangeLog

"Fossies" - the Fresh Open Source Software Archive

Member "nss-pam-ldapd-0.9.12/ChangeLog" (20 Nov 2021, 57899 Bytes) of package /linux/privat/nss-pam-ldapd-0.9.12.tar.gz:

As a special service "Fossies" has tried to format the requested text file into HTML format (style: standard) with prefixed line numbers. Alternatively you can here view or download the uninterpreted source code file. See also the latest Fossies "Diffs" side-by-side code changes report for "ChangeLog":

0.9.11_vs_0.9.12.

1 2021-11-19 Arthur de Jong <arthur@arthurdejong.org> 2 3 * [6e7e878] man/nslcd.conf.5.xml, nslcd/cfg.c: Support DNSLDAPS 4 in uri 5 6 This supports both `uri DNSLDAPS` and `uri DNSLDAPS:some.domain` 7 variants alongside the pre-existing `uri DNS` that was already 8 supported generating ldaps URIs for all SRV records found. 9 10 2021-11-15 Arthur de Jong <arthur@arthurdejong.org> 11 12 * [70819ae] configure.ac, tests/common.h: Fix internal assertion 13 function detection on Solaris 14 15 2021-11-15 Arthur de Jong <arthur@arthurdejong.org> 16 17 * [7b2a7fe] INSTALL, ar-lib, compile, depcomp, missing, py-compile, 18 test-driver: Update files from latest automake 19 20 2021-11-14 Arthur de Jong <arthur@arthurdejong.org> 21 22 * [9edf95c] tests/test.ldif, tests/test_ldapcmds.sh, 23 tests/test_nsscmds.sh: Do not use user arthur in tests 24 25 This makes it more complicated to run the tests on an environment 26 where a local user arthur exists. 27 28 2021-11-14 Arthur de Jong <arthur@arthurdejong.org> 29 30 * [2862447] pynslcd/mypidfile.py: Fix running pynslcd without 31 uid option 32 33 Fixes 65695aa 34 35 2021-06-04 Ryan Tandy <ryan@nardis.ca> 36 37 * [15f67be] tests/config.ldif, tests/setup_slapd.sh: Support 38 running tests with OpenLDAP 2.5 39 40 - Change database backend to LMDB - Load external ppolicy schema 41 conditionally 42 43 2021-11-03 Arthur de Jong <arthur@arthurdejong.org> 44 45 * [4c46eef] .github/workflows/test.yml: Configure CodeQL code 46 scanning 47 48 2021-11-01 Arthur de Jong <arthur@arthurdejong.org> 49 50 * [906035b] man/nslcd.conf.5.xml, nslcd/cfg.c, tests/test_cfg.c: 51 Support an empty search base 52 53 This allows putting `base ""` in nslcd.conf to specify an empty 54 search base. 55 56 Note that the LDAP server needs to support this. With slapd this 57 requires setting up an olcDefaultSearchBase attribute in the 58 olcFrontendConfig object under cn=config or have the database 59 have an empty suffix. 60 61 Closes https://github.com/arthurdejong/nss-pam-ldapd/issues/50 62 63 2021-10-17 Arthur de Jong <arthur@arthurdejong.org> 64 65 * [7d81616] common/expr.c, tests/test_expr.c: Support minus 66 character in attribute expressions 67 68 This requires the attribute name is contained within a ${var-name} 69 expression. 70 71 2021-05-25 Arthur de Jong <arthur@arthurdejong.org> 72 73 * [6d5a2eb] nslcd/myldap.c: Retry connecting to the first URI 74 after idle_timelimit 75 76 This ensures that a connection to the first URI listed in the 77 config file will be re-established once the connection is closed 78 cleanly after the idle time. 79 80 This ensures that the listed URIs are handled more in a 81 primary/fallback manner if an idle time is configured. 82 83 Closes https://github.com/arthurdejong/nss-pam-ldapd/issues/46 84 85 2021-05-26 Arthur de Jong <arthur@arthurdejong.org> 86 87 * [5226a6f] .github/workflows/test.yml, .travis.yml, 88 tests/setup_slapd.sh, tests/test_nsscmds.sh: Replace Travis with 89 GitHub actions 90 91 This includes a few tweaks to the test scripts to make debugging 92 easier and to avoid issues on Github action runners. 93 94 2021-01-23 Arthur de Jong <arthur@arthurdejong.org> 95 96 * [d9710a2] man/nslcd.conf.5.xml, nslcd/cfg.c: Add tls_reqsan to 97 check certificate SAN 98 99 This option is passed to the LDAP library if it is supported. 100 101 2021-01-23 Arthur de Jong <arthur@arthurdejong.org> 102 103 * [026f08c] man/nslcd.conf.5.xml, nslcd/cfg.c: Add tls_crlfile to 104 check local CRL file 105 106 This option is passed to the LDAP library if it is supported. 107 108 2021-01-18 sebastienblavier 109 <72022031+sebastienblavier@users.noreply.github.com> 110 111 * [78c00f1] man/nslcd.conf.5.xml, nslcd.conf, nslcd/cfg.c: Add 112 tls_crlcheck to check Certificate Revocation List 113 114 This option is passed to the LDAP library if it is supported. 115 116 Closes https://github.com/arthurdejong/nss-pam-ldapd/pull/41 117 118 2021-01-17 Arthur de Jong <arthur@arthurdejong.org> 119 120 * [d55bdb2] Makefile.am: Use the provided Python for `make distcheck` 121 122 This ensures that if a Python interpreter was previously 123 supplied to configure it is also used for subsequent calls to 124 run a distribution check. 125 126 2021-01-17 Arthur de Jong <arthur@arthurdejong.org> 127 128 * [b7b812f] ar-lib, compile, depcomp, install-sh, missing, 129 mkinstalldirs, py-compile, test-driver: Update files from 130 latest automake 131 132 2020-09-11 Arthur de Jong <arthur@arthurdejong.org> 133 134 * [37a00e9] nslcd/myldap.c: Fix handling of the pam_authc_ppolicy 135 option 136 137 Check the result of the BIND operation instead of that of the 138 ldap_result() call when pam_authc_ppolicy is set to "no". 139 140 This could have resulted in successful authentication if the BIND 141 operation to the LDAP server timed out and pam_authc_ppolicy was 142 set to "no" but should not result in successful authentication 143 otherwise so it is unlikely that setting pam_authc_ppolicy to 144 "no" ever worked as intended. The timeout also would have to 145 occur on the BIND operation, not on setting up the connection. 146 147 Fixes 31cd2cf 148 149 2020-04-19 Arthur de Jong <arthur@arthurdejong.org> 150 151 * [18740fb] README: Fix typo 152 153 Thanks Filip Dvorak 154 155 See https://bugzilla.redhat.com/show_bug.cgi?id=1825240 156 157 2020-02-10 Arthur de Jong <arthur@arthurdejong.org> 158 159 * [b335518] man/nslcd.conf.5.xml: Fix typo in manual page 160 161 Thanks Benedict Reuschling for pointing this out. 162 163 Closes https://github.com/arthurdejong/nss-pam-ldapd/issues/39 164 Fixes b93838d 165 166 2019-11-11 Arthur de Jong <arthur@arthurdejong.org> 167 168 * [548efe5] nslcd/myldap.c: Log the correct timeout value 169 170 This fixes logging of the LDAP_OPT_TIMEOUT, 171 LDAP_OPT_NETWORK_TIMEOUT and LDAP_X_OPT_CONNECT_TIMEOUT options 172 to actually log the value of the bind_timelimit option instead 173 of the timelimit option. 174 175 2019-10-13 Arthur de Jong <arthur@arthurdejong.org> 176 177 * [fea0f5e] pynslcd/cfg.py, pynslcd/pam.py: Add pam_authc_ppolicy 178 support in pynslcd 179 180 See https://bugs.debian.org/900253 181 182 2019-10-13 Arthur de Jong <arthur@arthurdejong.org> 183 184 * [1025d5d] utils/chsh.py, utils/shells.py: Fix Python 3 185 compatibility in chsh.ldap 186 187 2019-10-06 Arthur de Jong <arthur@arthurdejong.org> 188 189 * [c4daf27] AUTHORS, ChangeLog, NEWS, configure.ac, 190 man/chsh.ldap.1.xml, man/getent.ldap.1.xml, man/nslcd.8.xml, 191 man/nslcd.conf.5.xml, man/pam_ldap.8.xml, man/pynslcd.8.xml, 192 nslcd/nslcd.c, utils/cmdline.py: Get files ready for 0.9.11 release 193 194 2019-10-06 Arthur de Jong <arthur@arthurdejong.org> 195 196 * [69922e3] tests/test_doctest.sh: Fix Python interpreter detection 197 in tests 198 199 Fixes 644bc62 200 201 2019-10-06 Arthur de Jong <arthur@arthurdejong.org> 202 203 * [62522b9] tests/test_nsscmds.sh: Portability improvements to 204 test suite 205 206 Some test systems have more local users and some systems prefer 207 IPv4 addresses over IPv6 addresses. 208 209 2019-09-17 Arthur de Jong <arthur@arthurdejong.org> 210 211 * [a8f4ed8] NEWS, common/expr.c, common/nslcd-prot.c, 212 common/nslcd-prot.h, common/tio.c, compat/attrs.h, compat/ether.c, 213 compat/getopt_long.c, compat/getopt_long.h, compat/getpeercred.h, 214 compat/nss_compat.h, configure.ac, man/nslcd.conf.5.xml, 215 nslcd.h, nslcd/attmap.h, nslcd/common.h, nslcd/daemonize.h, 216 nslcd/invalidator.c, nslcd/myldap.c, nslcd/myldap.h, nslcd/pam.c, 217 nslcd/passwd.c, nss/common.h, nss/hosts.c, nss/prototypes.h, 218 pam/common.h, tests/common.h, tests/test_pynslcd_cache.py, 219 tests/test_tio.c, utils/getent.py: Various spelling fixes 220 221 2019-09-10 Arthur de Jong <arthur@arthurdejong.org> 222 223 * [644bc62] .travis.yml, tests/test_doctest.sh: Fix Python 224 interpreter detection 225 226 Apparently some environments provide certain Python executables 227 which are not working Python interpreters. 228 229 2019-09-08 Arthur de Jong <arthur@arthurdejong.org> 230 231 * [768c4be] .gitignore, Makefile.am: Remove confinc.out which is 232 left behind by aclocal.m4 233 234 2019-09-08 Arthur de Jong <arthur@arthurdejong.org> 235 236 * [0252b05] pynslcd/shadow.py: Correctly validate shadow requests 237 and responses 238 239 2019-09-08 Arthur de Jong <arthur@arthurdejong.org> 240 241 * [cd887ef] pynslcd/Makefile.am, utils/Makefile.am: Update Python 242 interpreter in installed scripts 243 244 Ensure that the Python interpreter that is passed to configure 245 ends up in the shebang of the Python scripts. 246 247 This allows one to pass PYTHON=python3 to configure to install 248 the scripts using the Python 3 interpreter. 249 250 2019-09-07 Arthur de Jong <arthur@arthurdejong.org> 251 252 * [d717795] .gitignore, pynslcd/alias.py, 253 pynslcd/attmap.py, pynslcd/cache.py, pynslcd/cfg.py, 254 pynslcd/common.py, pynslcd/ether.py, pynslcd/expr.py, 255 pynslcd/group.py, pynslcd/host.py, pynslcd/invalidator.py, 256 pynslcd/mypidfile.py, pynslcd/netgroup.py, pynslcd/network.py, 257 pynslcd/pam.py, pynslcd/passwd.py, pynslcd/protocol.py, 258 pynslcd/pynslcd.py, pynslcd/rpc.py, pynslcd/search.py, 259 pynslcd/service.py, pynslcd/shadow.py, pynslcd/tio.py, 260 tests/Makefile.am, tests/flake8.ini, tests/test_flake8.sh, 261 tests/test_pynslcd_cache.py, utils/chsh.py, utils/getent.py, 262 utils/nslcd.py, utils/users.py: Improve Python code style 263 264 This also adds a flake8 test that checks code style. Note that 265 this test is not run by default because it requires network 266 access to create the virtualenv with the test software. 267 268 2019-09-02 Arthur de Jong <arthur@arthurdejong.org> 269 270 * [221ce5a] configure.ac, pynslcd/Makefile.am, pynslcd/attmap.py, 271 pynslcd/cache.py, pynslcd/cfg.py, pynslcd/common.py, 272 pynslcd/expr.py, pynslcd/invalidator.py, pynslcd/mypidfile.py, 273 pynslcd/pam.py, pynslcd/pynslcd.py, pynslcd/search.py, 274 pynslcd/tio.py, pynslcd/usermod.py, tests/Makefile.am, 275 tests/test_doctest.sh, tests/test_ldapcmds.sh, 276 tests/test_pycompile.sh, tests/test_pylint.sh, 277 tests/test_pynslcd_cache.py, utils/Makefile.am, utils/getent.py, 278 utils/nslcd.py: Add Python 3 support 279 280 This ensures that both pynslcd and the command-line utilities 281 work with Python3 as interpreter and runs some tests with all 282 installed Python interpreters. 283 284 This drops support for Python 2.6 and extends 5a84be2 to perform 285 more testing with Python 3. 286 287 2018-09-08 Arthur de Jong <arthur@arthurdejong.org> 288 289 * [06ee886] nslcd/nslcd.c: Avoid logging unknown socket peer 290 information 291 292 This avoids logging the client PID when the underlying socker 293 layer cannot provide the relevant information. 294 295 2018-09-05 Mizunashi Mana <mizunashi-mana@noreply.git> 296 297 * [bfcf002] utils/shells.py: Fix crash in chsh.ldap 298 299 Specify result type of getusershell. 300 301 Closes https://github.com/arthurdejong/nss-pam-ldapd/pull/31 302 303 2018-09-01 Arthur de Jong <arthur@arthurdejong.org> 304 305 * [bfe0696] AUTHORS, ChangeLog, NEWS, configure.ac, 306 man/chsh.ldap.1.xml, man/getent.ldap.1.xml, man/nslcd.8.xml, 307 man/nslcd.conf.5.xml, man/pam_ldap.8.xml, man/pynslcd.8.xml: 308 Get files ready for 0.9.10 release 309 310 2018-09-01 Arthur de Jong <arthur@arthurdejong.org> 311 312 * [acc450e] ar-lib, compile, config.guess, config.sub, depcomp, 313 install-sh, missing, mkinstalldirs, py-compile, test-driver: 314 Update files from latest automake 315 316 2018-02-06 HWLin <hwlin1414@gmail.com> 317 318 * [d5a25cf] configure.ac, nss/bsdnss.c: Add FreeBSD netgroup support 319 320 Closes: https://github.com/arthurdejong/nss-pam-ldapd/pull/29 321 322 2018-08-06 Arthur de Jong <arthur@arthurdejong.org> 323 324 * [d8b1640] nslcd/myldap.c, nslcd/pam.c: Make password expiry 325 messages correct and consistent 326 327 Thanks to Têko Mihinto. See 328 https://bugzilla.redhat.com/show_bug.cgi?id=1612543 329 330 2018-07-21 Arthur de Jong <arthur@arthurdejong.org> 331 332 * [84676ab] man/nslcd.conf.5.xml, nslcd/cfg.c, nslcd/pam.c: Add 333 domain variable for use in pam_authz_search 334 335 This adds a domain variable (if it can be determined on the 336 system) that can be used in pam_authz_search and pam_authc_search 337 filters to build search filters that search on the domain name 338 (the FQDN without the starting host name). 339 340 Closes https://github.com/arthurdejong/nss-pam-ldapd/issues/8 341 342 2018-07-21 Arthur de Jong <arthur@arthurdejong.org> 343 344 * [9fbcdd1] .travis.yml, tests/debian-pam-config, tests/testenv.sh: 345 Add a Travis configuration file 346 347 This ensures that the integration tests can be successfully run. It 348 configures a slapd instance with the test database, configures 349 the system to use LDAP authentication and runs the tests. 350 351 2018-07-21 Arthur de Jong <arthur@arthurdejong.org> 352 353 * [2a468fd] nslcd/log.c: Allow logging longer lines 354 355 This increases the buffer that holds log messages so longer 356 messages can be logged. 357 358 Closes https://github.com/arthurdejong/nss-pam-ldapd/issues/26 359 360 2018-07-21 Arthur de Jong <arthur@arthurdejong.org> 361 362 * [3760b43] nslcd/nslcd.c: Create /var/run/nslcd/socket after 363 dropping privileges 364 365 This is needed to avoid a problem where a call to initgroups() 366 can result in NSS lookups. If nscd is configured the mechanism 367 to avoid loopback lookups using nss_ldap_enablelookups will not 368 work and cause for delays on start-up. 369 370 Note that this changes ownership of the socket to the user 371 running nslcd. 372 373 2018-02-18 Arthur de Jong <arthur@arthurdejong.org> 374 375 * [fe26b94] ChangeLog, NEWS, README, configure.ac, 376 man/chsh.ldap.1.xml, man/getent.ldap.1.xml, man/nslcd.8.xml, 377 man/nslcd.conf.5.xml, man/pam_ldap.8.xml, man/pynslcd.8.xml: 378 Get files ready for 0.9.9 release 379 380 2018-02-18 Arthur de Jong <arthur@arthurdejong.org> 381 382 * [382b6ea] INSTALL, ar-lib, config.guess, config.sub, depcomp, 383 py-compile: Update files from latest automake 384 385 2018-02-17 Arthur de Jong <arthur@arthurdejong.org> 386 387 * [e8a4705] tests/test_pylint.sh: Fix running pylint on distcheck 388 389 This sets PYTHONPATH so that both the source and build directories 390 are used to find constants.py. 391 392 2018-02-17 Arthur de Jong <arthur@arthurdejong.org> 393 394 * [9a50971] common/expr.c, compat/attrs.h: Mark case blocks without 395 break statement 396 397 This avoids a gcc warning in non-empty case blocks without a 398 break statement by explicitly marking those blocks. 399 400 2018-02-16 Arthur de Jong <arthur@arthurdejong.org> 401 402 * [c05e326] nslcd/cfg.c, nslcd/common.h: Increase size of hostname 403 buffer 404 405 This increases the host name buffer to support host names (that 406 include FQDNs) to 255 characters and removes the reliance on 407 HOST_NAME_MAX and _POSIX_HOST_NAME_MAX which may be smaller in 408 some situations. 409 410 Closes https://github.com/arthurdejong/nss-pam-ldapd/issues/22 411 412 2017-12-23 Arthur de Jong <arthur@arthurdejong.org> 413 414 * [9760dce] nslcd/cfg.c: Increase size of config file token 415 416 This increases the maximum size of tokens that are read from 417 the nslcd.conf configuration file to 256 characters. This was 418 a problem for some very long uri values. 419 420 Closes https://github.com/arthurdejong/nss-pam-ldapd/issues/21 421 422 2017-10-13 Arthur de Jong <arthur@arthurdejong.org> 423 424 * [8f76d24] nslcd/cfg.c, tests/test_cfg.c: Support spaces in 425 attribute mapping expressions 426 427 2017-06-26 Arthur de Jong <arthur@arthurdejong.org> 428 429 * [47fd03b] AUTHORS, ChangeLog, NEWS, configure.ac, 430 man/chsh.ldap.1.xml, man/getent.ldap.1.xml, man/nslcd.8.xml, 431 man/nslcd.conf.5.xml, man/pam_ldap.8.xml, man/pynslcd.8.xml, 432 nslcd/nslcd.c, pynslcd/pynslcd.py, utils/cmdline.py: Get files 433 ready for 0.9.8 release 434 435 2017-06-25 Arthur de Jong <arthur@arthurdejong.org> 436 437 * [7920d85] tests/test_ldapcmds.sh, tests/test_nsscmds.sh: Ignore 438 password hashes in consistent manner 439 440 This changes the getent and getent.ldap tests to ignore password 441 hashes that may be present in shadow lookups in a consistent 442 manner. 443 444 This also adds minor compatibility improvements. 445 446 2017-06-25 Arthur de Jong <arthur@arthurdejong.org> 447 448 * [65695aa] pynslcd/cfg.py, pynslcd/mypidfile.py, pynslcd/pynslcd.py: 449 Create pidfile directory in pynslcd 450 451 This ensures that /var/run/nslcd is created (when it does not 452 exist) when starting pynslcd. 453 454 2017-06-25 Arthur de Jong <arthur@arthurdejong.org> 455 456 * [419aab2] pynslcd/cfg.py, pynslcd/group.py, pynslcd/passwd.py: 457 Add nss_uid_offset and nss_gid_offset to pynslcd 458 459 2017-03-20 Seth Wright <seth@crosse.org> 460 461 * [5103173] man/nslcd.conf.5.xml, nslcd/cfg.c, nslcd/cfg.h, 462 nslcd/group.c, nslcd/passwd.c: Add the ability to offset UID 463 and GID numbers 464 465 2017-06-18 Arthur de Jong <arthur@arthurdejong.org> 466 467 * [fee74d9] tests/Makefile.am, tests/test_ldapcmds.sh: Portability 468 improvements to test_ldapcmds.sh 469 470 This fixes an issue with the export statement in POSIX shell 471 scripts, ensures that the commands in the output match those 472 in the script, strips password hashes for shadow lookups (for 473 systems without PAM where these are exposed) and only runs the 474 tests if we enabled the utils. 475 476 Fixes 246a1f3. 477 478 2017-06-17 Arthur de Jong <arthur@arthurdejong.org> 479 480 * [5126b26] nslcd/ether.c: Use uint8_t instead of u_int8_t 481 482 The former seems to be available on more platforms than the latter. 483 484 Fixes be26510. 485 486 2017-06-17 Arthur de Jong <arthur@arthurdejong.org> 487 488 * [fe3772f] compat/pam_compat.h: Fix HAVE_DECL_PAM_ERROR usage 489 490 The macro is supposed to be defined to 0 (instead of undefined) 491 if pam_info() and pam_error() are not found. 492 493 Fixes 3d5ab89. 494 495 2017-06-17 Arthur de Jong <arthur@arthurdejong.org> 496 497 * [ca62f59] nslcd/shadow.c: Also filter shadow entries by validnames 498 499 2017-06-17 Arthur de Jong <arthur@arthurdejong.org> 500 501 * [e68b85a] nslcd/passwd.c, nslcd/shadow.c: Fix and clarify a 502 few comments 503 504 2017-06-16 Arthur de Jong <arthur@arthurdejong.org> 505 506 * [3d5ab89] compat/pam_compat.h, configure.ac: Fix pam_info() 507 and pam_error() replacement 508 509 On FreeBSD these are functions while on Linux they are macros 510 causing them to be incorrectly replaced on FreeBSD. This resulted 511 in a crash of the PAM module when e.g. presenting messages about 512 password expiry. 513 514 2017-06-16 Arthur de Jong <arthur@arthurdejong.org> 515 516 * [b5d1dd2] tests/Makefile.am: Clean log from test_pamcmds.expect 517 518 This removes test_pamcmds.log that is generated by 519 test_pamcmds.expect when running the test suite. This avoids an 520 error in the distcheck target. 521 522 2017-06-16 Arthur de Jong <arthur@arthurdejong.org> 523 524 * [246a1f3] tests/test_ldapcmds.sh: Fix running test_ldapcmds.sh 525 during distcheck 526 527 This ensures that Python can find both getent.py (from source 528 directory) and constants.py (from build directory) when running 529 the tests from the distcheck target. 530 531 This also makes the script more similar to test_nsscmds.sh. 532 533 Fixes 9c803d7. 534 535 2017-06-15 Arthur de Jong <arthur@arthurdejong.org> 536 537 * [43862ba] : Add pam_authc_search option 538 539 This option can be used to configure the search operation that 540 should be performed after authentication. 541 542 2017-06-15 Arthur de Jong <arthur@arthurdejong.org> 543 544 * [5141b09] man/nslcd.conf.5.xml, nslcd/pam.c: Allow skipping 545 post-authentication search altogether 546 547 2017-06-14 Arthur de Jong <arthur@arthurdejong.org> 548 549 * [0cafb08] nslcd/myldap.c, nslcd/myldap.h, nslcd/pam.c, 550 nslcd/usermod.c: Implement myldap_bind() function 551 552 This function integrates the myldap_set_credentials() and 553 myldap_get_policy_response() and performs the bind operation 554 witout actually performing a search. 555 556 The function performs a "fake" search that returns after performing 557 the LDAP BIND operation. 558 559 This replaces a number of dummy search operations that were there 560 to ensure that the connection was open. This allows us to skip 561 the search operation after authentication. 562 563 2017-06-14 Arthur de Jong <arthur@arthurdejong.org> 564 565 * [9564dd0] nslcd/pam.c: Implement handling of pam_authc_search 566 option 567 568 This allows performing a different, configurable search from 569 the default BASE search after the BIND operation. 570 571 2017-06-14 Arthur de Jong <arthur@arthurdejong.org> 572 573 * [f72aaa2] man/nslcd.conf.5.xml: Document pam_authc_search option 574 575 2017-06-14 Arthur de Jong <arthur@arthurdejong.org> 576 577 * [5d11cb8] nslcd/cfg.c, nslcd/cfg.h, nslcd/pam.c: Add 578 pam_authc_search option parsing 579 580 2017-06-14 Arthur de Jong <arthur@arthurdejong.org> 581 582 * [bcc3a08] nslcd/pam.c, pynslcd/pam.py: Reorganise PAM search 583 var building functions 584 585 This moves the autzsearch_var_add(), autzsearch_vars_free(), 586 autzsearch_var_get() and do_autzsearches() functions to the top of 587 the file using more generic names and introduces search_vars_new() 588 in prepartion of other similar searches. 589 590 This also renames the remaining authzsearch functions to 591 authz_search to be consistent with the pam_authz_search option. 592 593 2017-06-13 Arthur de Jong <arthur@arthurdejong.org> 594 595 * [ebc0f76] README, configure.ac, tests/test.ldif: Switch to 596 HTTPS URLs 597 598 2017-06-13 Arthur de Jong <arthur@arthurdejong.org> 599 600 * [be26510] compat/ether.c, compat/ether.h, configure.ac, 601 nslcd/ether.c, pynslcd/ether.py: Query ethernet addresses in 602 compact and long format 603 604 This ensures that when querying the address 0:18:8a:54:1a:8b 605 both that format and 00:18:8a:54:1a:8b is searched for in LDAP. 606 607 This was triggerred by the fact that ether_ntoa() on FreeBSD 608 returns the long format while glibc uses the compact format. 609 610 Since we are no longer using the libc version of ether_ntoa() we 611 can also drop the compatibility implementation of ether_ntoa_r(). 612 613 2017-06-07 Arthur de Jong <arthur@arthurdejong.org> 614 615 * [becc883] nslcd/passwd.c: Log entries and lookups failing 616 nss_min_uid 617 618 This logs (at debug level) any LDAP uidNumber attribute values 619 (or translated objectSid attribute values) that are lower than 620 nss_min_uid. It also logs getpwuid() requests for such uids. 621 622 2017-06-04 Arthur de Jong <arthur@arthurdejong.org> 623 624 * [5a84be2] utils/chsh.py, utils/cmdline.py, utils/getent.py, 625 utils/nslcd.py, utils/shells.py, utils/users.py: Make nslcd-utils 626 Python 3 compatible 627 628 This changes the getent.ldap and chsh.ldap commands to be 629 compatible with Python 2 and Python 3 with the same code. 630 631 This does switch to raw I/O because Python 3 does not support 632 bufferred I/O on sockets. 633 634 2017-06-04 Arthur de Jong <arthur@arthurdejong.org> 635 636 * [9c803d7] tests/Makefile.am, tests/test_ldapcmds.sh, 637 tests/test_nsscmds.sh, tests/testenv.sh: Add tests for getent.ldap 638 command 639 640 This more or less duplicates the tests from test_nsscmds.sh to 641 test_ldapcmds.sh with some modifications for the differences 642 in output. 643 644 This also extends the test_nsscmds.sh tests to handle the case 645 where shadow lookups do not go through LDAP. 646 647 2017-06-04 Arthur de Jong <arthur@arthurdejong.org> 648 649 * [a357131] utils/getent.py: Fix output of getent.ldap networks 650 651 Contrary to the hosts output the network name is listed first. 652 653 2017-06-03 Arthur de Jong <arthur@arthurdejong.org> 654 655 * [58c7a94] utils/getent.py: Fix IPv6 lookups in getent.ldap 656 657 2017-06-03 Arthur de Jong <arthur@arthurdejong.org> 658 659 * [5173e55] man/getent.ldap.1.xml, utils/getent.py: Accept multiple 660 key arguments to getent.ldap 661 662 This allows supplying multiple arguments to getent.ldap that 663 will each act as a search key for lookups, similar to what normal 664 getent allows. 665 666 2017-02-07 Arthur de Jong <arthur@arthurdejong.org> 667 668 * [53f797b] nslcd/nslcd.c: Exit with 0 when stopping nslcd 669 670 When receiving a signal this will result in nslcd returning with 671 a success exit code. 672 673 Thanks Stanislav Moravec for pointing this out. 674 675 2016-09-04 Arthur de Jong <arthur@arthurdejong.org> 676 677 * [c12cd14] nslcd/nslcd.c: Remove duplicate break statement 678 679 2016-09-04 Arthur de Jong <arthur@arthurdejong.org> 680 681 * [d8ad7b1] nslcd/myldap.c: Do not try all LDAP servers on failed 682 authentication 683 684 See https://bugs.launchpad.net/bugs/1618190 685 686 2016-08-30 Arthur de Jong <arthur@arthurdejong.org> 687 688 * [a3da150] utils/nslcd.py: Replace Python assertions with exceptions 689 690 The assertions can be optimised out when compiling the modules 691 with -O which would break the protocol handling. This ensures 692 that errors are properly handled even if optimisation is enabled. 693 694 Thanks Yu-Chun Huang for reporting this. 695 https://github.com/arthurdejong/nss-pam-ldapd/issues/14 696 697 2016-08-14 Arthur de Jong <arthur@arthurdejong.org> 698 699 * [c286bb5] AUTHORS, ChangeLog, NEWS, README, configure.ac, 700 man/chsh.ldap.1.xml, man/getent.ldap.1.xml, man/nslcd.8.xml, 701 man/nslcd.conf.5.xml, man/pam_ldap.8.xml, man/pynslcd.8.xml, 702 nslcd/nslcd.c, pynslcd/pynslcd.py, utils/cmdline.py: Get files 703 ready for 0.9.7 release 704 705 2016-08-14 Arthur de Jong <arthur@arthurdejong.org> 706 707 * [db9494e] tests/Makefile.am: Only run doctests when building 708 pynslcd 709 710 2016-08-14 Arthur de Jong <arthur@arthurdejong.org> 711 712 * [cb16e4c] nss/bsdnss.c: Avoid some warnings on FreeBSD 713 714 This adds casts to and from void * for the function pointers 715 that are passed around. 716 717 2016-07-27 Arthur de Jong <arthur@arthurdejong.org> 718 719 * [b7a0b23] ChangeLog, ChangeLog-2013, Makefile.am: Archive 2013 720 ChangeLog entries 721 722 2016-07-27 Arthur de Jong <arthur@arthurdejong.org> 723 724 * [e4df12c] config.guess, config.sub, install-sh: Update files 725 from latest automake 726 727 2016-07-27 Arthur de Jong <arthur@arthurdejong.org> 728 729 * [db8034a] man/Makefile.am, utils/Makefile.am, utils/getent.py: 730 Also use module-name in utilities and man pages 731 732 This ensures that getent.ldap, chsh.ldap and manual pages with 733 ldap in the name will be installed with the name as specified 734 with --with-module-name. 735 736 Note that the manual page content still describes the working 737 within nss-pam-ldapd and still mention the ldap name. 738 739 2016-06-04 Arthur de Jong <arthur@arthurdejong.org> 740 741 * [281b0ec] tests/test_doctest.sh: Ensure doctest also run in 742 distcheck 743 744 This fixes test_doctest.sh to also work when the build directory 745 is different from the source directory. This is needed because 746 constants.py is only available in the build directory. 747 748 2016-06-03 Arthur de Jong <arthur@arthurdejong.org> 749 750 * [a89eda7] nslcd/pam.c: Also honor ignorecase in PAM 751 752 This avoids changing the cannonical username to the value as 753 specified in LDAP when ignorecase is used. 754 755 See https://github.com/arthurdejong/nss-pam-ldapd/issues/12 756 757 2016-06-03 Arthur de Jong <arthur@arthurdejong.org> 758 759 * [7eb1d69] pynslcd/expr.py: Support ${var:offset:length} in pynslcd 760 761 2016-06-02 Arthur de Jong <arthur@arthurdejong.org> 762 763 * [c90a537] pynslcd/attmap.py: Fix pynslcd expression representation 764 765 The problem was that the ExpressionMapping string value did not 766 include the quotes which will cause problems when printing the 767 expression (e.g. when logging or dumping config, etc.). 768 769 2016-06-02 Arthur de Jong <arthur@arthurdejong.org> 770 771 * [fd61bb6] tests/Makefile.am, tests/test_doctest.sh: Add test 772 for running doctests 773 774 2016-05-30 Giovanni Mascellani <mascellani@poisson.phc.unipi.it> 775 776 * [2ba9560] common/expr.c, man/nslcd.conf.5.xml, tests/test_expr.c: 777 Support substituting expresions of type ${var:offset:length} 778 779 2016-05-30 Giovanni Mascellani <mascellani@poisson.phc.unipi.it> 780 781 * [3a4860c] man/nslcd.conf.5.xml: Fix small typo 782 783 2016-05-24 Arthur de Jong <arthur@arthurdejong.org> 784 785 * [917ded7] common/expr.c: Refactor out expression parsing to 786 functions 787 788 This moves the parsing of the various ${var...} expressions to 789 separate functions so they can be extended more easily. 790 791 2016-02-22 Arthur de Jong <arthur@arthurdejong.org> 792 793 * [4be9c59] pam/pam.c: Fix logic error 794 795 This could result in a free(NULL) call. This code path can 796 only be triggered if pam_ldap changes the logged-in username 797 (introduced in 6a74d8d). 798 799 Thanks 依云, see 800 https://github.com/arthurdejong/nss-pam-ldapd/issues/11 801 802 2016-01-30 Mathieu Baeumler <mathieu.baeumler@gmail.com> 803 804 * [985aec3] nslcd/myldap.c: Display human readable expiry message 805 806 Display a human readable message (days+hours, or hours+minutes, 807 or seconds) when the password expiring warning is issued. 808 809 2016-02-13 Arthur de Jong <arthur@arthurdejong.org> 810 811 * [b795f6c] nslcd/cfg.c: Fix nss_disable_enumeration configuration 812 813 This fixes a copy-paste bug where nss_disable_enumeration was 814 incorrectly handled. Fixes c0366d8. 815 816 Thanks Andrew W Elble for pointing this out. 817 818 2016-01-18 Arthur de Jong <arthur@arthurdejong.org> 819 820 * [525c996] tests/test.ldif, tests/test_nsscmds.sh: Add a few 821 IPv6 tests 822 823 This adds a few test hosts that have IPv6 addresses. This 824 ensures that we have an IPv6-only host and hosts which have 825 address values in different order in the ipHostNumber attribute 826 (although attribute order is probably not guaranteed). 827 828 2015-10-18 Mathieu Baeumler <mathieu.baeumler@gmail.com> 829 830 * [31cd2cf] man/nslcd.conf.5.xml, nslcd/cfg.c, nslcd/cfg.h, 831 nslcd/myldap.c: Add pam_authc_ppolicy option 832 833 This option allows completely disabling ppolicy handling. 834 835 2016-01-06 Arthur de Jong <arthur@arthurdejong.org> 836 837 * [117c9cb] nslcd/pam.c: Fix error handling on credential change 838 839 This fixes setting the correct LDAP error code and also fixes 840 formatting in 027df03. 841 842 2015-12-23 Vasilis Tsiligiannis <vasilis.tsiligiannis@nokia.com> 843 844 * [027df03] nslcd/pam.c: Fix updating of 'shadowLastChange' 845 attribute when chasing referrals 846 847 This fixes a bug where 'shadowLastChange' attribute cannot be 848 updated when chasing a referral. After a password is succesfully 849 changed, the credentials for binding should also be updated with 850 the new password for the session. 851 852 Signed-off-by: Vasilis Tsiligiannis 853 <vasilis.tsiligiannis@nokia.com> 854 855 2015-11-13 Arthur de Jong <arthur@arthurdejong.org> 856 857 * [fcea92d] nslcd/cfg.c: Correct file readability check 858 859 This uses access() instead of stat() to see if the file is 860 readable by the current process. This fixes f089e01. 861 862 2015-09-20 Arthur de Jong <arthur@arthurdejong.org> 863 864 * [c879485] nslcd/myldap.c: Fail-over and retry on more errors 865 866 Also try to fail over to another LDAP server on a larger number 867 of errors. Specifically errors that point to problems connecting 868 to the LDAP server. 869 870 2015-08-29 Arthur de Jong <arthur@arthurdejong.org> 871 872 * [3d09e28] nslcd/myldap.c: Open connection before do_try_search() 873 874 This is in preparation for splitting the BIND from the search 875 phase for authentication. 876 877 2015-08-27 Arthur de Jong <arthur@arthurdejong.org> 878 879 * [f089e01] nslcd/cfg.c: Loosen up file existence check 880 881 This changes the check (for configuration options that specify 882 file names) to just check that the specified path is readable 883 instead of ensisting that it points to a file. 884 885 This allows tls_randfile to point to /dev/urandom (a character 886 device) or a pipe. This fixes 6779a51. 887 888 This also applies the same check to the krb5_ccname option. 889 890 Thanks to Patrick McLean for pointing this out. 891 892 2015-08-14 Arthur de Jong <arthur@arthurdejong.org> 893 894 * [309f127] pam/pam.c: Have PAM module log messages to syslog 895 896 This logs informational messages that are presented to the user 897 tot syslog. This normally includes password expiry and grace 898 login information which may be useful to log. 899 900 2015-08-14 Arthur de Jong <arthur@arthurdejong.org> 901 902 * [263a443] nslcd/myldap.c: Simplify password policy message handling 903 904 This simplifies the check for overwriging pending password 905 expiry and grace logins warnigns and updates handling of the 906 LDAP_CONTROL_PWEXPIRING control to be consistent with that of 907 the expire value of LDAP_CONTROL_PASSWORDPOLICYRESPONSE. 908 909 This also corrects the function name, also logs empty password 910 policy responses in debug mode and documents the meaning of the 911 various password policy values. 912 913 2015-07-09 Mathieu Baeumler <mathieu.baeumler@gmail.com> 914 915 * [4302901] nslcd/myldap.c: Fix password policy expiration warnings 916 917 If a password expiration warning (pwdExpireWarning) is set in 918 slapd, and the password is about to expire, slapd sends the 919 timeBeforeExpiration value as part of the passwordPolicyResponse. 920 921 nslcd would incorrectly instruct the PAM module to require 922 immediate password change. This has been fixed for both 923 timeBeforeExpiration and graceLoginsRemaining. 924 925 2015-07-19 Arthur de Jong <arthur@arthurdejong.org> 926 927 * [89b471b] ar-lib, autogen.sh, compile, configure.ac, depcomp, 928 install-sh, missing, py-compile, test-driver: Update files from 929 automake 1.15 930 931 This also includes the m4 directory when invoking aclocal because 932 not all versions seem to handle AC_CONFIG_MACRO_DIR. 933 934 2015-07-19 Arthur de Jong <arthur@arthurdejong.org> 935 936 * [86a4618] m4/ax_tls.m4: Disable quoting in AX_TLS notfound case 937 938 This ensures that AS_IF does not generate an empty else clause 939 which will result in an invalid configure script. 940 941 2015-07-19 Arthur de Jong <arthur@arthurdejong.org> 942 943 * [6779a51] nslcd/cfg.c: Check file existence for configuration 944 options 945 946 This adds addition checks to the tls_cacertdir, tls_cacertfile, 947 tls_randfile, tls_cert and tls_key options to ensure that they 948 point to an existing file when parsing nslcd.conf. 949 950 2015-07-19 Arthur de Jong <arthur@arthurdejong.org> 951 952 * [a6c7c63] pynslcd/pynslcd.py: Work around bug in python-daemon 953 954 See https://bugs.debian.org/792871 955 956 2015-07-08 Arthur de Jong <arthur@arthurdejong.org> 957 958 * [c32e8c0] m4/ax_pthread.m4, m4/ax_tls.m4: Update macros from 959 autoconf-archive 960 961 2015-06-14 Arthur de Jong <arthur@arthurdejong.org> 962 963 * [d949bd4] AUTHORS, ChangeLog, NEWS, configure.ac, 964 man/chsh.ldap.1.xml, man/getent.ldap.1.xml, man/nslcd.8.xml, 965 man/nslcd.conf.5.xml, man/pam_ldap.8.xml, man/pynslcd.8.xml: 966 Get files ready for 0.9.6 release 967 968 2015-06-14 Arthur de Jong <arthur@arthurdejong.org> 969 970 * [4236dd6] Makefile.am: Correctly insert emtpy lines in ChangeLog 971 972 2015-06-13 Arthur de Jong <arthur@arthurdejong.org> 973 974 * [e916a2b] man/nslcd.conf.5.xml: Manual page improvements 975 976 2015-06-13 Arthur de Jong <arthur@arthurdejong.org> 977 978 * [9a7921f] nslcd/common.c, nslcd/common.h: Also fix signed integer 979 bug in binsid2id() 980 981 This should have been part of d217632. 982 983 2015-06-11 Geoffrey McRae <gnif@xbmc.org> 984 985 * [d217632] nslcd/common.c: Fixed signed 32bit overflow bug on 986 32bit systems 987 988 2015-05-23 Jed Liu <jed-nss-pam-ldapd-users@uma.litech.org> 989 990 * [3add5f0] nslcd/cfg.c: Allow configuration values longer than 991 63 characters 992 993 2015-03-06 Arthur de Jong <arthur@arthurdejong.org> 994 995 * [d58fba9] nss/netgroup.c: Provide innetgr function on Solaris 996 997 This implements a function in the Solaris version of the NSS module 998 to check if a specifc netgroup triplet is part of a netgroup. 999 1000 This also avoids a compiler warning and includes improvements 1001 and testing by Mark R Bannister. 1002 1003 2015-05-01 Andrew Elble <aweits@rit.edu> 1004 1005 * [c0366d8] man/nslcd.conf.5.xml, nslcd/cfg.c, nslcd/cfg.h, 1006 nslcd/nslcd.c, pynslcd/cfg.py, pynslcd/group.py, pynslcd/passwd.py, 1007 pynslcd/shadow.py: Implement disable_enumeration 1008 1009 If this option is present, functions which cause all user/group 1010 entries to be loaded (getpwent(), getgrent()) from the directory 1011 will not succeed in doing so. This can dramatically reduce 1012 ldap server load in situations where there are a great number 1013 of users and/or groups. Applications that depend on being able 1014 to sequentially read all users and/or groups may fail to operate 1015 correctly. This option is not recommended for most configurations. 1016 1017 2015-04-17 Arthur de Jong <arthur@arthurdejong.org> 1018 1019 * [96045d2] man/nslcd.conf.5.xml, nslcd/cfg.c, nslcd/cfg.h, 1020 nslcd/group.c, pynslcd/cfg.py, pynslcd/group.py: Implement 1021 nss_getgrent_skipmembers 1022 1023 This option allows skipping group member list retrieval to 1024 improve performance with very large groups. This option results 1025 in inconsistent group membership information being presented 1026 that may confuse some applications. 1027 1028 2015-04-15 Arthur de Jong <arthur@arthurdejong.org> 1029 1030 * [530cc24] nslcd/daemonize.c, nslcd/nslcd.c: Avoid signal race 1031 condition on start-up 1032 1033 This only restores the signal mask after signal handlers are in 1034 place and the daemon has completely daemonised to avoid a race 1035 condition in the start-up phase of nslcd where a signal could 1036 be sent to nslcd causing it to quit or fail to write information 1037 to the parent process. 1038 1039 2015-03-29 Arthur de Jong <arthur@arthurdejong.org> 1040 1041 * [16fd8c6] AUTHORS, ChangeLog, NEWS, README, configure.ac, 1042 man/chsh.ldap.1.xml, man/getent.ldap.1.xml, man/nslcd.8.xml, 1043 man/pam_ldap.8.xml, man/pynslcd.8.xml: Get files ready for 1044 0.9.5 release 1045 1046 2015-03-11 Tim Rice <tim@multitalents.net> 1047 1048 * [ae08830] common/Makefile.am, compat/Makefile.am, configure.ac, 1049 nss/Makefile.am, pam/Makefile.am: Use correct PIC arg for 1050 non-GCC compilers 1051 1052 2015-03-22 Arthur de Jong <arthur@arthurdejong.org> 1053 1054 * [fdbca17] config.sub: Update files from latest automake 1055 1056 2015-03-22 Arthur de Jong <arthur@arthurdejong.org> 1057 1058 * [9f9a5c5] nss/networks.c: Fix for networks lookup under Solaris 1059 1060 This fixes a byte order issue when nscd is running. 1061 1062 2015-03-22 Arthur de Jong <arthur@arthurdejong.org> 1063 1064 * [52ea3f5] configure.ac: Add checks to configure 1065 1066 This adds tests for a function and type used in the code. 1067 1068 2015-03-22 Arthur de Jong <arthur@arthurdejong.org> 1069 1070 * [4ec1c08] nslcd/daemonize.c: ENODATA is missing on FreeBSD 1071 1072 FreeBSD doesn't have ENODATA so we use ENOATTR instead. 1073 1074 2015-03-22 Arthur de Jong <arthur@arthurdejong.org> 1075 1076 * [b2563b0] compat/nss_compat.h, configure.ac: Remove use of 1077 irs-nss.h 1078 1079 This was a compatibility leftover from the nss_ldap days. 1080 1081 2015-03-21 Arthur de Jong <arthur@arthurdejong.org> 1082 1083 * [4c5a3c9] tests/test_clock.c: Prevent numer overflow in test_clock 1084 1085 2015-03-21 Arthur de Jong <arthur@arthurdejong.org> 1086 1087 * [0420232] nslcd/nslcd.c, nslcd/nsswitch.c, nss/Makefile.am, 1088 tests/testenv.sh: Various small fixes when using --with-module-name 1089 1090 This updates the test framework to support --with-module-name, 1091 ensures that exports.map is rebuilt when configure is re-ran, 1092 fixes parsing of nsswitch.conf (to determine what to return for 1093 passwd lookups) and fixes the check for _nss_ldap_version. 1094 1095 2015-03-21 Arthur de Jong <arthur@arthurdejong.org> 1096 1097 * [788475f] nss/common.h: Also support platforms without TLS 1098 1099 This disables the use of thread-local storage in the NSS module 1100 when it is not available in libc. This results in the get*ent() 1101 functions not being thread-safe. However, on most platforms they 1102 are not expected to be thread-safe anyway. 1103 1104 2015-03-20 Dalibor Pospíšil <dapospis@redhat.com> 1105 1106 * [95d621e] man/nslcd.conf.5.xml: Document that multiple URIs can 1107 be specified 1108 1109 Update nslcd.conf man page that multiple URIs can be set by 1110 using more uri lines or more URIs defined on one uri line. 1111 1112 https://bugzilla.redhat.com/show_bug.cgi?id=1204195 1113 1114 2015-03-11 Patrick McLean <chutzpah@gentoo.org> 1115 1116 * [fa6affc] common/tio.c, nslcd/attmap.c, nslcd/cfg.c, 1117 nslcd/myldap.c: Fix formatting of size_t values 1118 1119 In several places the code used a %d format to print a size_t 1120 variable. On amd64 at least size_t is an unsigned long, so use 1121 %lu instead. 1122 1123 An alternative would be to use %ud for size_t and %zd fo ssize_t 1124 but not all platforms seem to support that formatter. 1125 1126 2015-03-11 Patrick McLean <chutzpah@gentoo.org> 1127 1128 * [246aba5] nslcd/myldap.c, pam/pam.c: Avoid comparison of static 1129 array to null pointer 1130 1131 There are several places where a static length array in a struct 1132 is compared to a null pointer. These comparisons will always 1133 be false, since an array in a struct is not actually a pointer, 1134 so they can be removed. 1135 1136 2015-03-10 Patrick McLean <chutzpah@gentoo.org> 1137 1138 * [d0f896a] AUTHORS, nslcd/nslcd.c: Don't let the oom killer 1139 kill nslcd 1140 1141 Adjust the Linux OOM (Out-Of-Memory) killer score by -1000 for 1142 nslcd so that it should not be killed. 1143 1144 2015-01-19 Arthur de Jong <arthur@arthurdejong.org> 1145 1146 * [ee82d2f] .gitignore, configure.ac, nslcd/nslcd.c, 1147 nss/Makefile.am, nss/aliases.c, nss/bsdnss.c, nss/common.c, 1148 nss/common.h, nss/ethers.c, nss/group.c, nss/hosts.c, 1149 nss/netgroup.c, nss/networks.c, nss/passwd.c, nss/protocols.c, 1150 nss/prototypes.h, nss/rpc.c, nss/services.c, nss/shadow.c, 1151 pam/pam.c, pynslcd/constants.py.in, pynslcd/pynslcd.py: Allow 1152 configuration of NSS and PAM names 1153 1154 This introduces the --with-module-name configure option to 1155 allow building of NSS and PAM modules with different namespaces 1156 than ldap. 1157 1158 2015-01-12 Mark R Bannister <dbis@proseconsulting.co.uk> 1159 1160 * [ed8b312] nss/hosts.c: Fix uninitialised variable 1161 1162 This fixes a bug in the NSS library when encountering IPv6 1163 addresses in the hosts map. 1164 1165 2014-12-12 Arthur de Jong <arthur@arthurdejong.org> 1166 1167 * [8b33057] nslcd/myldap.c: Avoid accessing searches outside array 1168 1169 Thanks David Binderma for pointing this out. 1170 1171 Note that in practical situations this should not result in any 1172 errors due to the position of searches within the ldap_session 1173 struct. 1174 1175 2014-11-02 Arthur de Jong <arthur@arthurdejong.org> 1176 1177 * [9ee854e] man/nslcd.conf.5.xml: Document that rootpwmoddn needs 1178 to exist 1179 1180 See 1181 http://lists.arthurdejong.org/nss-pam-ldapd-users/2014/msg00166.html 1182 1183 2014-10-10 Arthur de Jong <arthur@arthurdejong.org> 1184 1185 * [4262122] nslcd/nslcd.c: Fix format string 1186 1187 Thanks Jianhai Luan. 1188 1189 2014-10-04 Arthur de Jong <arthur@arthurdejong.org> 1190 1191 * [1d3b19b] nslcd/nslcd.c: Block signals sooner to avoid race 1192 conditions 1193 1194 2014-08-27 Jason Luan <jianhai.luan@oracle.com> 1195 1196 * [78627c9] nslcd/cfg.c, nslcd/group.c, nslcd/nslcd.c, 1197 nslcd/passwd.c: uid_t/gid_t should be formatted as unsigned long 1198 1199 mmkfilter_passwd_byuid()/mkfilter_group_bygid() get wrong filter 1200 string because "%d" will return negative when uid/gid larger 1201 than 2^31, and result to "Authentiction failure". 1202 1203 This also changes the other places where uid_t or gid_t values 1204 are formatted. 1205 1206 2014-09-21 Arthur de Jong <arthur@arthurdejong.org> 1207 1208 * [a726d29] nslcd/daemonize.c: Fix issues with daemonising 1209 1210 This fixes a problem with a buffer that could end up padded 1211 with garbage. 1212 1213 This also clarifies the code a bit and adds extra logging for 1214 errors that could occur during daemonising. 1215 1216 2014-06-30 Tim Harder <radhermit@gmail.com> 1217 1218 * [82e4423] nslcd/myldap.c: Minor comment spelling fix 1219 1220 2014-06-30 Tim Harder <radhermit@gmail.com> 1221 1222 * [2950797] AUTHORS, nslcd/myldap.c: Check a socket's connectivity 1223 before trying to use it 1224 1225 This alleviates some cases where multi-second lag occurs before a 1226 query returns due to some or all connections having been closed 1227 by the peer, e.g. a load balancer timing out old connections, 1228 but they are all tried before opening new connections. 1229 1230 Tested and working on Linux. 1231 1232 2014-06-20 Arthur de Jong <arthur@arthurdejong.org> 1233 1234 * [1765e34] nslcd/common.h: Fix copy-pasto 1235 1236 2014-06-12 Arthur de Jong <arthur@arthurdejong.org> 1237 1238 * [9516479] tests/test.ldif, tests/test_nsscmds.sh: Use other IP 1239 range for tests 1240 1241 This uses IP addresses from the RFC 5737 TEST-NET-1 range that is 1242 meant for use in documentation. This avoids issues with running 1243 the tests environments that also use the 10.0.0.0/8 range. 1244 1245 2014-06-06 Arthur de Jong <arthur@arthurdejong.org> 1246 1247 * [b3cf0aa] AUTHORS, ChangeLog, NEWS, configure.ac, 1248 man/chsh.ldap.1.xml, man/getent.ldap.1.xml, man/nslcd.8.xml, 1249 man/nslcd.conf.5.xml, man/pam_ldap.8.xml, man/pynslcd.8.xml: 1250 Get files ready for 0.9.4 release 1251 1252 2014-06-06 Arthur de Jong <arthur@arthurdejong.org> 1253 1254 * [abb2452] nss/services.c: Return correct port number on Solaris 1255 1256 This is a small fix for when using nscd (which still does not 1257 seem to work completely). The port is stored in network byte 1258 order but should be printed in host byte order. 1259 1260 2014-06-06 Arthur de Jong <arthur@arthurdejong.org> 1261 1262 * [b977d3f] tests/lookup_groupbyuser.c: Add missing include 1263 for FreeBSD 1264 1265 2014-06-06 Arthur de Jong <arthur@arthurdejong.org> 1266 1267 * [258d671] nslcd/pam.c: Fix password modification by root 1268 1269 This fixes 15fc13c. 1270 1271 2014-06-06 Arthur de Jong <arthur@arthurdejong.org> 1272 1273 * [8eeb1cc] common/tio.c: Clear proper buffer length 1274 1275 This fixes 3d29861. 1276 1277 2014-06-06 Arthur de Jong <arthur@arthurdejong.org> 1278 1279 * [3d65b84] nslcd/common.h: Fix code indentation 1280 1281 This fixes 2274b41. 1282 1283 2014-06-06 Arthur de Jong <arthur@arthurdejong.org> 1284 1285 * [e867727] config.guess, config.sub: Update files from latest 1286 automake 1287 1288 2014-06-05 Arthur de Jong <arthur@arthurdejong.org> 1289 1290 * [f5ee208] pynslcd/cache.py: Fix comment 1291 1292 2014-06-05 Arthur de Jong <arthur@arthurdejong.org> 1293 1294 * [13483f9] .gitignore, configure.ac, tests/Makefile.am, 1295 tests/lookup_groupbyuser.c: Introduce lookup_groupbyuser test 1296 command 1297 1298 This command can be used to perform a lookup using getgrouplist() 1299 to present a list of returned numeric group ids. This can be 1300 used to avoid the additional lookups that are done with the id 1301 and groups commands. 1302 1303 2014-05-14 Arthur de Jong <arthur@arthurdejong.org> 1304 1305 * [3d29861] common/tio.c, nslcd/myldap.c, nslcd/pam.c: Clear 1306 buffers before free-ing 1307 1308 This clears most buffers that may hold credentials at one point 1309 before free()ing the memory. 1310 1311 2014-05-08 Arthur de Jong <arthur@arthurdejong.org> 1312 1313 * [aa1d810] HACKING: Clarify code contribution 1314 1315 2014-05-04 Arthur de Jong <arthur@arthurdejong.org> 1316 1317 * [94eacb5] nslcd/pam.c: Improve error logging of user login failures 1318 1319 2014-05-04 Arthur de Jong <arthur@arthurdejong.org> 1320 1321 * [ca36a50] nslcd/myldap.c: Also extract policy controls on 1322 BIND failure 1323 1324 This ensures that controls returned by an LDAP server as part of 1325 a failed BIND operation are also returned. This makes it possible 1326 to distinguish between a wrong password and an expired password. 1327 1328 This also only logs the BIND operation result on DEBUG level 1329 (the error is logged later on). 1330 1331 2014-05-04 Arthur de Jong <arthur@arthurdejong.org> 1332 1333 * [d6163e2] configure.ac: Use FreeBSD lib directory and SONAME 1334 on Dragonfly 1335 1336 2014-05-04 Arthur de Jong <arthur@arthurdejong.org> 1337 1338 * [f6f3730] README, man/nslcd.conf.5.xml: Small documentation 1339 improvements 1340 1341 This includes a number of minor changes to the documentation. This 1342 also documents the children search scope (related to 2caeef4). 1343 1344 2014-05-04 Arthur de Jong <arthur@arthurdejong.org> 1345 1346 * [ed79110] nslcd/daemonize.c, nslcd/nslcd.c: Log daemonising 1347 failures 1348 1349 This also clears errno in the main function to ensure that no 1350 incorrect errno value is logged on errors. 1351 1352 2014-05-04 Arthur de Jong <arthur@arthurdejong.org> 1353 1354 * [18d05b0] .gitignore, tests/Makefile.am, tests/test_attmap.c: 1355 Add a test for setting member attribute mapping 1356 1357 2014-05-04 Arthur de Jong <arthur@arthurdejong.org> 1358 1359 * [fbea2a5] nslcd/attmap.c: Fix mapping group member attribute to 1360 empty string 1361 1362 This fixes be94912. 1363 1364 2014-05-04 Arthur de Jong <arthur@arthurdejong.org> 1365 1366 * [2274b41] nslcd/alias.c, nslcd/attmap.c, nslcd/cfg.c, 1367 nslcd/common.h, nslcd/ether.c, nslcd/group.c, nslcd/host.c, 1368 nslcd/invalidator.c, nslcd/myldap.c, nslcd/netgroup.c, 1369 nslcd/network.c, nslcd/pam.c, nslcd/passwd.c, nslcd/protocol.c, 1370 nslcd/rpc.c, nslcd/service.c, nslcd/shadow.c: Make buffer size 1371 error logging consistent 1372 1373 This adds logging of most cases where a defined buffer is not 1374 large enough to hold provided data on error log level. 1375 1376 2014-05-04 Arthur de Jong <arthur@arthurdejong.org> 1377 1378 * [15fc13c] nslcd/myldap.c, nslcd/myldap.h, nslcd/pam.c, 1379 nslcd/usermod.c: Warn when binddn buffer is too small 1380 1381 2014-05-04 Arthur de Jong <arthur@arthurdejong.org> 1382 1383 * [f987891] nslcd/common.h: Grow DN buffer size 1384 1385 The buffer size seems to be a problem in environments with long 1386 names or environments with non-ASCII characters. 1387 1388 2014-05-02 ushi <ushi@honkgong.info> 1389 1390 * [119cebf] nslcd/common.h: Use larger nslcd password buffer 1391 1392 I had some edge cases where 64 bytes were not enough. People 1393 are using password managers with long generated passwords. I 1394 increased the buffer size to 128. 1395 1396 2014-03-12 Arthur de Jong <arthur@arthurdejong.org> 1397 1398 * [8f12c15] AUTHORS, ChangeLog, NEWS, configure.ac, 1399 man/chsh.ldap.1.xml, man/getent.ldap.1.xml, man/nslcd.8.xml, 1400 man/nslcd.conf.5.xml, man/pam_ldap.8.xml, man/pynslcd.8.xml, 1401 pynslcd/pynslcd.py: Get files ready for 0.9.3 release 1402 1403 2014-03-12 Arthur de Jong <arthur@arthurdejong.org> 1404 1405 * [1ec7739] INSTALL, missing, test-driver: Update files from 1406 recent automake 1407 1408 2014-03-10 Arthur de Jong <arthur@arthurdejong.org> 1409 1410 * [44764f0] tests/Makefile.am, tests/test_myldap.sh, 1411 tests/test_nsscmds.sh: Run the correct executables for the tests 1412 1413 This fixes issues with running the tests when using a separate 1414 build directory (fixes ef0eddaa). 1415 1416 2014-03-10 Arthur de Jong <arthur@arthurdejong.org> 1417 1418 * [77444ac] tests/test_myldap.sh: Fix nslcd-test.conf permissions 1419 for test 1420 1421 This ensures that configuration file is not world readable when 1422 the tests are run. This avoids test failure for the use of the 1423 rootpwmodpw option. 1424 1425 2014-03-10 Arthur de Jong <arthur@arthurdejong.org> 1426 1427 * [96e4171] common/nslcd-prot.h: Interpret transferred integers 1428 as signed again 1429 1430 This fixes an issue with unsigned values ending up in signed 1431 fields and missing sign extension. 1432 1433 See: https://bugs.debian.org/739330 1434 1435 2014-01-27 Nalin Dahyabhai <nalin@redhat.com> 1436 1437 * [2d35feb] nss/hosts.c, nss/networks.c: Use right h_errnop for 1438 retrying with larger buffer 1439 1440 The libc nsswitch code expects h_errno to be set to NETDB_INTERNAL 1441 when it needs to try again with a larger buffer. 1442 1443 Signed-off-by: Lukas Slebodnik <lslebodn@redhat.com> 1444 1445 2014-01-27 Lukas Slebodnik <lslebodn@redhat.com> 1446 1447 * [8532f40] nss/hosts.c, nss/networks.c: Fix crash when retrieving 1448 large networks entries 1449 1450 If NSS_STATUS_TRYAGAIN is returned from read_one_hostent or 1451 read_one_netent then fp will be closed and function tio_skipall 1452 will be called with NULL pointer. It could happend in functions: 1453 _nss_ldap_getnetbyname_r _nss_ldap_getnetbyaddr_r 1454 _nss_ldap_gethostbyname2_r _nss_ldap_gethostbyaddr_r 1455 1456 Fixes r548 (aka afd5d9b). 1457 1458 2014-01-30 Davy Defaud <davy.defaud@free.fr> 1459 1460 * [4211961] nslcd/group.c: Support builtin Windows groups 1461 1462 This maps the gid (gidNumber) to an AD SID for builtin 1463 groups when searching a group by gid (RID) between 544 and 1464 552. In that case the SID prefix is not the domain's prefix 1465 (S-1-5-21-dddddd-dddddd-dddddd) but the BUILTIN SID prefix 1466 (1-5-32). 1467 1468 For example, if you add a user to the Administrators builtin 1469 group (S-1-5-32-544), now you should be able to get this group 1470 through nslcd, instead of receiving an error message. 1471 1472 2014-01-25 Arthur de Jong <arthur@arthurdejong.org> 1473 1474 * [f6a0675] configure.ac: Add test for krb5 thread safety 1475 1476 This adds a test that checks the return value of 1477 krb5_is_thread_safe() to see if krb5 is thread safe (during build) 1478 and issues a warning if it is not. 1479 1480 nslcd does not directly link to krb5 but the library may be 1481 loaded (by GSSAPI) if Kerberos is used to authenticate nslcd to 1482 the LDAP server. 1483 1484 2014-01-25 Francois Tigeot <ftigeot@wolfpond.org> 1485 1486 * [043838c] configure.ac: Also detect DragonFly as BSD 1487 1488 This fixes the detection of DragonFly as requiring the freebsd 1489 NSS interface flavour. 1490 1491 2014-01-24 joshuashire <joshuashire@hotmail.com> 1492 1493 * [2181cca] nslcd/shadow.c: Update shadow.c to resolve pwdLastSet 1494 issue 1495 1496 We read the date into the buffer to the specified length to get it 1497 to the Unix time (i.e. seconds) from its AD value of nanoseconds, 1498 then convert it to days for shadow. If we use date rather than 1499 buffer we end up trying to convert the original nanosecond value. 1500 1501 2014-01-05 Arthur de Jong <arthur@arthurdejong.org> 1502 1503 * [c6c317e] : Implement deref control handling 1504 1505 This uses the LDAP_CONTROL_X_DEREF control as described in 1506 draft-masarati-ldap-deref-00 to request the LDAP server to 1507 dereference group member attribute values to uid attribute values. 1508 1509 This should reduce the number of searches that are required for 1510 expanding group members that use the member attribute. 1511 1512 This mechanism could also be used to extract information on 1513 nested groups but the gains are less clear there. 1514 1515 Not all LDAP servers support this control. In OpenLDAP, load the 1516 (currently undocumented) deref overlay and enable it for the 1517 database to take advantage of this improvement. 1518 1519 There is a functional difference when using this control. Any 1520 returned deferred uid value returned by the LDAP server is accepted 1521 as a member. No checks are performed to see if the user matches 1522 the search base and search filters set for passwd entries. 1523 1524 2014-01-05 Arthur de Jong <arthur@arthurdejong.org> 1525 1526 * [309b4bb] README: Update documentation 1527 1528 This documents the way the deref controls are used. 1529 1530 2014-01-05 Arthur de Jong <arthur@arthurdejong.org> 1531 1532 * [cecc024] nslcd/group.c: Use myldap_get_deref_values() to get 1533 member uids 1534 1535 This uses information from the deref control (if available) 1536 to get the username for each of the members of the group. Any 1537 missing deref member attribute values will be seen as nested 1538 groups and will be traversed if nested group support is enabled. 1539 1540 2014-01-05 Arthur de Jong <arthur@arthurdejong.org> 1541 1542 * [c973834] configure.ac, nslcd/myldap.c, nslcd/myldap.h: Provide 1543 a myldap_get_deref_values() function 1544 1545 This function looks for deref response controls 1546 (LDAP_CONTROL_X_DEREF) in the entry and returns the information 1547 from the dereferenced attribute in two lists: dereferenced values 1548 and attribute values that could not be dereferenced. 1549 1550 2014-01-05 Arthur de Jong <arthur@arthurdejong.org> 1551 1552 * [3992e15] nslcd/group.c: Skip member attributes in bymember search 1553 1554 This changes the group by member searches to not request the 1555 member attributes. This will speed up result parsing by a fraction 1556 because less data is transferred but will also cause the deref 1557 control not to be added to these searches. 1558 1559 2013-12-28 Arthur de Jong <arthur@arthurdejong.org> 1560 1561 * [15ee2fc] compat/Makefile.am, compat/derefctrl.c, 1562 compat/ldap_compat.h, configure.ac: Provide replacement 1563 ldap_create_deref_control() 1564 1565 This adds a test for a bug in OpenLDAP that allocated a 1566 LDAP_CONTROL_PAGEDRESULTS control instead of a LDAP_CONTROL_X_DEREF 1567 control. 1568 1569 2014-01-05 Arthur de Jong <arthur@arthurdejong.org> 1570 1571 * [547e479] configure.ac, nslcd/myldap.c: Request attribute deref 1572 via search control 1573 1574 This uses the LDAP_CONTROL_X_DEREF control as descibed in 1575 draft-masarati-ldap-deref-00 to request the LDAP server to 1576 dereference member attribute values to uid attribute values in 1577 order to avoid doing extra searches. 1578 1579 This control is currently only added for group search by looking 1580 for the member attribute in the search. 1581 1582 2014-01-04 Arthur de Jong <arthur@arthurdejong.org> 1583 1584 * [c22eb08] nslcd/myldap.c: Rename entry property to indicate 1585 storage type 1586 1587 This changes entrye->rangedattributevalues to entry->buffers 1588 because the propery is not only used for ranged attribute values 1589 but for anything that can be freed with free(). 1590 1591 2014-01-03 Arthur de Jong <arthur@arthurdejong.org> 1592 1593 * [f009c96] nslcd/myldap.c: Ignore missing page controls 1594 1595 Since we could get arbitrray controls and are only interested 1596 in page controls we ignore failures to find page controls. 1597 1598 2014-01-03 Arthur de Jong <arthur@arthurdejong.org> 1599 1600 * [4f6dfdd] nslcd/myldap.c: Use do_try_search() also for paged 1601 searches 1602 1603 This also changes do_try_search() to support building continued 1604 paged controls and lays the groundwork for adding more search 1605 controls. 1606 1607 2014-01-05 Arthur de Jong <arthur@arthurdejong.org> 1608 1609 * [be94912] nslcd/attmap.c, nslcd/group.c, pynslcd/group.py: 1610 Support blanking the member attribute 1611 1612 This allows remapping the member attribute to an empty string 1613 which removes support for that attribute. This can reduce the 1614 number of search operations if the attribute is not used. 1615 1616 2014-01-05 Arthur de Jong <arthur@arthurdejong.org> 1617 1618 * [0d3fa5d] nslcd/group.c: Fix typo 1619 1620 2014-01-05 Arthur de Jong <arthur@arthurdejong.org> 1621 1622 * [8e74848] nslcd/group.c, nss/netgroup.c, tests/test_set.c: 1623 Fix memory leaks related to set_pop() 1624 1625 Some pieces of code did not properly free() the value returned 1626 by set_pop(). 1627 1628 The leak in group code was related to the introduction of nested 1629 group functionality in 41ba574 (merged in 3daa68d) so should 1630 only be present in releases 0.9.0 forward. 1631 1632 The leak in the netgroup code only ended up in the Solaris 1633 version of the NSS module and was introduced in 4ea9ad1 (merged in 1634 5c8779d). This leak is present in all releases from 0.8.0 forward. 1635 1636 2014-01-04 Arthur de Jong <arthur@arthurdejong.org> 1637 1638 * [3288942] tests/test_myldap.c: Fix compiler warnings in the 1639 myldap test 1640 1641 2014-01-02 Arthur de Jong <arthur@arthurdejong.org> 1642 1643 * [2b8fbc2] : Only exit nslcd when daemon is ready 1644 1645 This removes a race condition between the exit of the initial 1646 nslcd process (as started by the init script) and nslcd services 1647 being ready. 1648 1649 2014-01-02 Arthur de Jong <arthur@arthurdejong.org> 1650 1651 * [3afedc4] compat/Makefile.am, compat/daemon.c, compat/daemon.h, 1652 configure.ac: Remove daemon() replacement function 1653 1654 2014-01-02 Arthur de Jong <arthur@arthurdejong.org> 1655 1656 * [907d49d] configure.ac, nslcd/daemonize.c: Close daemon pipe 1657 file descriptor on fork or exec 1658 1659 This tries to avoid child processes ending up with a copy of 1660 the pipe file descriptor that is used to signal readiness of 1661 the daemon. 1662 1663 2014-01-02 Arthur de Jong <arthur@arthurdejong.org> 1664 1665 * [42a1a3d] nslcd/Makefile.am, nslcd/daemonize.c, nslcd/daemonize.h, 1666 nslcd/nslcd.c: Properly daemonise nslcd and only exit when ready 1667 1668 This introduces a new daemonize module that provides functions for 1669 closing all file descriptors, redirecting stdin/stdout/stderr to 1670 /dev/null and a function for backgrounding an application while 1671 only exiting the original process after the daemon process has 1672 indicated readiness. 1673 1674 This is used to exit the original process only after the listening 1675 socket has been set up and the worker threads have been started.