2018-02-18  Arthur de Jong <arthur@arthurdejong.org>

	* [382b6ea] INSTALL, ar-lib, config.guess, config.sub, depcomp,

	  py-compile: Update files from latest automake

2018-02-17  Arthur de Jong <arthur@arthurdejong.org>

	* [e8a4705] tests/test_pylint.sh: Fix running pylint on distcheck

	  This sets PYTHONPATH so that both the source and build directories

	  are used to find constants.py.

2018-02-17  Arthur de Jong <arthur@arthurdejong.org>

	* [9a50971] common/expr.c, compat/attrs.h: Mark case blocks without

	  break statement

	  This avoids a gcc warning in non-empty case blocks without a

	  break statement by explicitly marking those blocks.

2018-02-16  Arthur de Jong <arthur@arthurdejong.org>

	* [c05e326] nslcd/cfg.c, nslcd/common.h: Increase size of hostname

	  buffer

	  This increases the host name buffer to support host names (that

	  include FQDNs) to 255 characters and removes the reliance on

	  HOST_NAME_MAX and _POSIX_HOST_NAME_MAX which may be smaller in

	  some situations.

	  Closes https://github.com/arthurdejong/nss-pam-ldapd/issues/22

2017-12-23  Arthur de Jong <arthur@arthurdejong.org>

	* [9760dce] nslcd/cfg.c: Increase size of config file token

	  This increases the maximum size of tokens that are read from

	  the nslcd.conf configuration file to 256 characters. This was

	  a problem for some very long uri values.

	  Closes https://github.com/arthurdejong/nss-pam-ldapd/issues/21

2017-10-13  Arthur de Jong <arthur@arthurdejong.org>

	* [8f76d24] nslcd/cfg.c, tests/test_cfg.c: Support spaces in

	  attribute mapping expressions

2017-06-26  Arthur de Jong <arthur@arthurdejong.org>

	* [47fd03b] AUTHORS, ChangeLog, NEWS, configure.ac,

	  man/chsh.ldap.1.xml, man/getent.ldap.1.xml, man/nslcd.8.xml,

	  man/nslcd.conf.5.xml, man/pam_ldap.8.xml, man/pynslcd.8.xml,

	  nslcd/nslcd.c, pynslcd/pynslcd.py, utils/cmdline.py: Get files

	  ready for 0.9.8 release

2017-06-25  Arthur de Jong <arthur@arthurdejong.org>

	* [7920d85] tests/test_ldapcmds.sh, tests/test_nsscmds.sh: Ignore

	  password hashes in consistent manner

	  This changes the getent and getent.ldap tests to ignore password

	  hashes that may be present in shadow lookups in a consistent

	  manner.

	  This also adds minor compatibility improvements.

2017-06-25  Arthur de Jong <arthur@arthurdejong.org>

	* [65695aa] pynslcd/cfg.py, pynslcd/mypidfile.py, pynslcd/pynslcd.py:

	  Create pidfile directory in pynslcd

	  This ensures that /var/run/nslcd is created (when it does not

	  exist) when starting pynslcd.

2017-06-25  Arthur de Jong <arthur@arthurdejong.org>

	* [419aab2] pynslcd/cfg.py, pynslcd/group.py, pynslcd/passwd.py:

	  Add nss_uid_offset and nss_gid_offset to pynslcd

2017-03-20  Seth Wright <seth@crosse.org>

	* [5103173] man/nslcd.conf.5.xml, nslcd/cfg.c, nslcd/cfg.h,

	  nslcd/group.c, nslcd/passwd.c: Add the ability to offset UID

	  and GID numbers

2017-06-18  Arthur de Jong <arthur@arthurdejong.org>

	* [fee74d9] tests/Makefile.am, tests/test_ldapcmds.sh: Portability

	  improvements to test_ldapcmds.sh

	  This fixes an issue with the export statement in POSIX shell

	  scripts, ensures that the commands in the output match those

	  in the script, strips password hashes for shadow lookups (for

	  systems without PAM where these are exposed) and only runs the

	  tests if we enabled the utils.

	  Fixes 246a1f3.

2017-06-17  Arthur de Jong <arthur@arthurdejong.org>

	* [5126b26] nslcd/ether.c: Use uint8_t instead of u_int8_t

	  The former seems to be available on more platforms than the latter.

	  Fixes be26510.

2017-06-17  Arthur de Jong <arthur@arthurdejong.org>

	* [fe3772f] compat/pam_compat.h: Fix HAVE_DECL_PAM_ERROR usage

	  The macro is supposed to be defined to 0 (instead of undefined)

	  if pam_info() and pam_error() are not found.

	  Fixes 3d5ab89.

2017-06-17  Arthur de Jong <arthur@arthurdejong.org>

	* [ca62f59] nslcd/shadow.c: Also filter shadow entries by validnames

2017-06-17  Arthur de Jong <arthur@arthurdejong.org>

	* [e68b85a] nslcd/passwd.c, nslcd/shadow.c: Fix and clarify a

	  few comments

2017-06-16  Arthur de Jong <arthur@arthurdejong.org>

	* [3d5ab89] compat/pam_compat.h, configure.ac: Fix pam_info()

	  and pam_error() replacement

	  On FreeBSD these are functions while on Linux they are macros

	  causing them to be incorrectly replaced on FreeBSD. This resulted

	  in a crash of the PAM module when e.g. presenting messages about

	  password expiry.

2017-06-16  Arthur de Jong <arthur@arthurdejong.org>

	* [b5d1dd2] tests/Makefile.am: Clean log from test_pamcmds.expect

	  This removes test_pamcmds.log that is generated by

	  test_pamcmds.expect when running the test suite. This avoids an

	  error in the distcheck target.

2017-06-16  Arthur de Jong <arthur@arthurdejong.org>

	* [246a1f3] tests/test_ldapcmds.sh: Fix running test_ldapcmds.sh

	  during distcheck

	  This ensures that Python can find both getent.py (from source

	  directory) and constants.py (from build directory) when running

	  the tests from the distcheck target.

	  This also makes the script more similar to test_nsscmds.sh.

	  Fixes 9c803d7.

2017-06-15  Arthur de Jong <arthur@arthurdejong.org>

	* [43862ba] : Add pam_authc_search option

	  This option can be used to configure the search operation that

	  should be performed after authentication.

2017-06-15  Arthur de Jong <arthur@arthurdejong.org>

	* [5141b09] man/nslcd.conf.5.xml, nslcd/pam.c: Allow skipping

	  post-authentication search altogether

2017-06-14  Arthur de Jong <arthur@arthurdejong.org>

	* [0cafb08] nslcd/myldap.c, nslcd/myldap.h, nslcd/pam.c,

	  nslcd/usermod.c: Implement myldap_bind() function

	  This function integrates the myldap_set_credentials() and

	  myldap_get_policy_response() and performs the bind operation

	  witout actually performing a search.

	  The function performs a "fake" search that returns after performing

	  the LDAP BIND operation.

	  This replaces a number of dummy search operations that were there

	  to ensure that the connection was open. This allows us to skip

	  the search operation after authentication.

2017-06-14  Arthur de Jong <arthur@arthurdejong.org>

	* [9564dd0] nslcd/pam.c: Implement handling of pam_authc_search

	  option

	  This allows performing a different, configurable search from

	  the default BASE search after the BIND operation.

2017-06-14  Arthur de Jong <arthur@arthurdejong.org>

	* [f72aaa2] man/nslcd.conf.5.xml: Document pam_authc_search option

2017-06-14  Arthur de Jong <arthur@arthurdejong.org>

	* [5d11cb8] nslcd/cfg.c, nslcd/cfg.h, nslcd/pam.c: Add

	  pam_authc_search option parsing

2017-06-14  Arthur de Jong <arthur@arthurdejong.org>

	* [bcc3a08] nslcd/pam.c, pynslcd/pam.py: Reorganise PAM search

	  var building functions

	  This moves the autzsearch_var_add(), autzsearch_vars_free(),

	  autzsearch_var_get() and do_autzsearches() functions to the top of

	  the file using more generic names and introduces search_vars_new()

	  in prepartion of other similar searches.

	  This also renames the remaining authzsearch functions to

	  authz_search to be consistent with the pam_authz_search option.

2017-06-13  Arthur de Jong <arthur@arthurdejong.org>

	* [ebc0f76] README, configure.ac, tests/test.ldif: Switch to

	  HTTPS URLs

2017-06-13  Arthur de Jong <arthur@arthurdejong.org>

	* [be26510] compat/ether.c, compat/ether.h, configure.ac,

	  nslcd/ether.c, pynslcd/ether.py: Query ethernet addresses in

	  compact and long format

	  This ensures that when querying the address 0:18:8a:54:1a:8b

	  both that format and 00:18:8a:54:1a:8b is searched for in LDAP.

	  This was triggerred by the fact that ether_ntoa() on FreeBSD

	  returns the long format while glibc uses the compact format.

	  Since we are no longer using the libc version of ether_ntoa() we

	  can also drop the compatibility implementation of ether_ntoa_r().

2017-06-07  Arthur de Jong <arthur@arthurdejong.org>

	* [becc883] nslcd/passwd.c: Log entries and lookups failing

	  nss_min_uid

	  This logs (at debug level) any LDAP uidNumber attribute values

	  (or translated objectSid attribute values) that are lower than

	  nss_min_uid.	It also logs getpwuid() requests for such uids.

2017-06-04  Arthur de Jong <arthur@arthurdejong.org>

	* [5a84be2] utils/chsh.py, utils/cmdline.py, utils/getent.py,

	  utils/nslcd.py, utils/shells.py, utils/users.py: Make nslcd-utils

	  Python 3 compatible

	  This changes the getent.ldap and chsh.ldap commands to be

	  compatible with Python 2 and Python 3 with the same code.

	  This does switch to raw I/O because Python 3 does not support

	  bufferred I/O on sockets.

2017-06-04  Arthur de Jong <arthur@arthurdejong.org>

	* [9c803d7] tests/Makefile.am, tests/test_ldapcmds.sh,

	  tests/test_nsscmds.sh, tests/testenv.sh: Add tests for getent.ldap

	  command

	  This more or less duplicates the tests from test_nsscmds.sh to

	  test_ldapcmds.sh with some modifications for the differences

	  in output.

	  This also extends the test_nsscmds.sh tests to handle the case

	  where shadow lookups do not go through LDAP.

2017-06-04  Arthur de Jong <arthur@arthurdejong.org>

	* [a357131] utils/getent.py: Fix output of getent.ldap networks

	  Contrary to the hosts output the network name is listed first.

2017-06-03  Arthur de Jong <arthur@arthurdejong.org>

	* [58c7a94] utils/getent.py: Fix IPv6 lookups in getent.ldap

2017-06-03  Arthur de Jong <arthur@arthurdejong.org>

	* [5173e55] man/getent.ldap.1.xml, utils/getent.py: Accept multiple

	  key arguments to getent.ldap

	  This allows supplying multiple arguments to getent.ldap that

	  will each act as a search key for lookups, similar to what normal

	  getent allows.

2017-02-07  Arthur de Jong <arthur@arthurdejong.org>

	* [53f797b] nslcd/nslcd.c: Exit with 0 when stopping nslcd

	  When receiving a signal this will result in nslcd returning with

	  a success exit code.

	  Thanks Stanislav Moravec for pointing this out.

2016-09-04  Arthur de Jong <arthur@arthurdejong.org>

	* [c12cd14] nslcd/nslcd.c: Remove duplicate break statement

2016-09-04  Arthur de Jong <arthur@arthurdejong.org>

	* [d8ad7b1] nslcd/myldap.c: Do not try all LDAP servers on failed

	  authentication

	  See https://bugs.launchpad.net/bugs/1618190

2016-08-30  Arthur de Jong <arthur@arthurdejong.org>

	* [a3da150] utils/nslcd.py: Replace Python assertions with exceptions

	  The assertions can be optimised out when compiling the modules

	  with -O which would break the protocol handling. This ensures

	  that errors are properly handled even if optimisation is enabled.

	  Thanks Yu-Chun Huang for reporting this.

	  https://github.com/arthurdejong/nss-pam-ldapd/issues/14

2016-08-14  Arthur de Jong <arthur@arthurdejong.org>

	* [c286bb5] AUTHORS, ChangeLog, NEWS, README, configure.ac,

	  man/chsh.ldap.1.xml, man/getent.ldap.1.xml, man/nslcd.8.xml,

	  man/nslcd.conf.5.xml, man/pam_ldap.8.xml, man/pynslcd.8.xml,

	  nslcd/nslcd.c, pynslcd/pynslcd.py, utils/cmdline.py: Get files

	  ready for 0.9.7 release

2016-08-14  Arthur de Jong <arthur@arthurdejong.org>

	* [db9494e] tests/Makefile.am: Only run doctests when building

	  pynslcd

2016-08-14  Arthur de Jong <arthur@arthurdejong.org>

	* [cb16e4c] nss/bsdnss.c: Avoid some warnings on FreeBSD

	  This adds casts to and from void * for the function pointers

	  that are passed around.

2016-07-27  Arthur de Jong <arthur@arthurdejong.org>

	* [b7a0b23] ChangeLog, ChangeLog-2013, Makefile.am: Archive 2013

	  ChangeLog entries

2016-07-27  Arthur de Jong <arthur@arthurdejong.org>

	* [e4df12c] config.guess, config.sub, install-sh: Update files

	  from latest automake

2016-07-27  Arthur de Jong <arthur@arthurdejong.org>

	* [db8034a] man/Makefile.am, utils/Makefile.am, utils/getent.py:

	  Also use module-name in utilities and man pages

	  This ensures that getent.ldap, chsh.ldap and manual pages with

	  ldap in the name will be installed with the name as specified

	  with --with-module-name.

	  Note that the manual page content still describes the working

	  within nss-pam-ldapd and still mention the ldap name.

2016-06-04  Arthur de Jong <arthur@arthurdejong.org>

	* [281b0ec] tests/test_doctest.sh: Ensure doctest also run in

	  distcheck

	  This fixes test_doctest.sh to also work when the build directory

	  is different from the source directory. This is needed because

	  constants.py is only available in the build directory.

2016-06-03  Arthur de Jong <arthur@arthurdejong.org>

	* [a89eda7] nslcd/pam.c: Also honor ignorecase in PAM

	  This avoids changing the cannonical username to the value as

	  specified in LDAP when ignorecase is used.

	  See https://github.com/arthurdejong/nss-pam-ldapd/issues/12

2016-06-03  Arthur de Jong <arthur@arthurdejong.org>

	* [7eb1d69] pynslcd/expr.py: Support ${var:offset:length} in pynslcd

2016-06-02  Arthur de Jong <arthur@arthurdejong.org>

	* [c90a537] pynslcd/attmap.py: Fix pynslcd expression representation

	  The problem was that the ExpressionMapping string value did not

	  include the quotes which will cause problems when printing the

	  expression (e.g.  when logging or dumping config, etc.).

2016-06-02  Arthur de Jong <arthur@arthurdejong.org>

	* [fd61bb6] tests/Makefile.am, tests/test_doctest.sh: Add test

	  for running doctests

2016-05-30  Giovanni Mascellani <mascellani@poisson.phc.unipi.it>

	* [2ba9560] common/expr.c, man/nslcd.conf.5.xml, tests/test_expr.c:

	  Support substituting expresions of type ${var:offset:length}

2016-05-30  Giovanni Mascellani <mascellani@poisson.phc.unipi.it>

	* [3a4860c] man/nslcd.conf.5.xml: Fix small typo

2016-05-24  Arthur de Jong <arthur@arthurdejong.org>

	* [917ded7] common/expr.c: Refactor out expression parsing to

	  functions

	  This moves the parsing of the various ${var...} expressions to

	  separate functions so they can be extended more easily.

2016-02-22  Arthur de Jong <arthur@arthurdejong.org>

	* [4be9c59] pam/pam.c: Fix logic error

	  This could result in a free(NULL) call. This code path can

	  only be triggered if pam_ldap changes the logged-in username

	  (introduced in 6a74d8d).

	  Thanks 依云, see

	  https://github.com/arthurdejong/nss-pam-ldapd/issues/11

2016-01-30  Mathieu Baeumler <mathieu.baeumler@gmail.com>

	* [985aec3] nslcd/myldap.c: Display human readable expiry message

	  Display a human readable message (days+hours, or hours+minutes,

	  or seconds) when the password expiring warning is issued.

2016-02-13  Arthur de Jong <arthur@arthurdejong.org>

	* [b795f6c] nslcd/cfg.c: Fix nss_disable_enumeration configuration

	  This fixes a copy-paste bug where nss_disable_enumeration was

	  incorrectly handled. Fixes c0366d8.

	  Thanks Andrew W Elble for pointing this out.

2016-01-18  Arthur de Jong <arthur@arthurdejong.org>

	* [525c996] tests/test.ldif, tests/test_nsscmds.sh: Add a few

	  IPv6 tests

	  This adds a few test hosts that have IPv6 addresses. This

	  ensures that we have an IPv6-only host and hosts which have

	  address values in different order in the ipHostNumber attribute

	  (although attribute order is probably not guaranteed).

2015-10-18  Mathieu Baeumler <mathieu.baeumler@gmail.com>

	* [31cd2cf] man/nslcd.conf.5.xml, nslcd/cfg.c, nslcd/cfg.h,

	  nslcd/myldap.c: Add pam_authc_ppolicy option

	  This option allows completely disabling ppolicy handling.

2016-01-06  Arthur de Jong <arthur@arthurdejong.org>

	* [117c9cb] nslcd/pam.c: Fix error handling on credential change

	  This fixes setting the correct LDAP error code and also fixes

	  formatting in 027df03.

2015-12-23  Vasilis Tsiligiannis <vasilis.tsiligiannis@nokia.com>

	* [027df03] nslcd/pam.c: Fix updating of 'shadowLastChange'

	  attribute when chasing referrals

	  This fixes a bug where 'shadowLastChange' attribute cannot be

	  updated when chasing a referral. After a password is succesfully

	  changed, the credentials for binding should also be updated with

	  the new password for the session.

	  Signed-off-by: Vasilis Tsiligiannis

	  <vasilis.tsiligiannis@nokia.com>

2015-11-13  Arthur de Jong <arthur@arthurdejong.org>

	* [fcea92d] nslcd/cfg.c: Correct file readability check

	  This uses access() instead of stat() to see if the file is

	  readable by the current process. This fixes f089e01.

2015-09-20  Arthur de Jong <arthur@arthurdejong.org>

	* [c879485] nslcd/myldap.c: Fail-over and retry on more errors

	  Also try to fail over to another LDAP server on a larger number

	  of errors. Specifically errors that point to problems connecting

	  to the LDAP server.

2015-08-29  Arthur de Jong <arthur@arthurdejong.org>

	* [3d09e28] nslcd/myldap.c: Open connection before do_try_search()

	  This is in preparation for splitting the BIND from the search

	  phase for authentication.

2015-08-27  Arthur de Jong <arthur@arthurdejong.org>

	* [f089e01] nslcd/cfg.c: Loosen up file existence check

	  This changes the check (for configuration options that specify

	  file names) to just check that the specified path is readable

	  instead of ensisting that it points to a file.

	  This allows tls_randfile to point to /dev/urandom (a character

	  device) or a pipe. This fixes 6779a51.

	  This also applies the same check to the krb5_ccname option.

	  Thanks to Patrick McLean for pointing this out.

2015-08-14  Arthur de Jong <arthur@arthurdejong.org>

	* [309f127] pam/pam.c: Have PAM module log messages to syslog

	  This logs informational messages that are presented to the user

	  tot syslog. This normally includes password expiry and grace

	  login information which may be useful to log.

2015-08-14  Arthur de Jong <arthur@arthurdejong.org>

	* [263a443] nslcd/myldap.c: Simplify password policy message handling

	  This simplifies the check for overwriging pending password

	  expiry and grace logins warnigns and updates handling of the

	  LDAP_CONTROL_PWEXPIRING control to be consistent with that of

	  the expire value of LDAP_CONTROL_PASSWORDPOLICYRESPONSE.

	  This also corrects the function name, also logs empty password

	  policy responses in debug mode and documents the meaning of the

	  various password policy values.

2015-07-09  Mathieu Baeumler <mathieu.baeumler@gmail.com>

	* [4302901] nslcd/myldap.c: Fix password policy expiration warnings

	  If a password expiration warning (pwdExpireWarning) is set in

	  slapd, and the password is about to expire, slapd sends the

	  timeBeforeExpiration value as part of the passwordPolicyResponse.

	  nslcd would incorrectly instruct the PAM module to require

	  immediate password change. This has been fixed for both

	  timeBeforeExpiration and graceLoginsRemaining.

2015-07-19  Arthur de Jong <arthur@arthurdejong.org>

	* [89b471b] ar-lib, autogen.sh, compile, configure.ac, depcomp,

	  install-sh, missing, py-compile, test-driver: Update files from

	  automake 1.15

	  This also includes the m4 directory when invoking aclocal because

	  not all versions seem to handle AC_CONFIG_MACRO_DIR.

2015-07-19  Arthur de Jong <arthur@arthurdejong.org>

	* [86a4618] m4/ax_tls.m4: Disable quoting in AX_TLS notfound case

	  This ensures that AS_IF does not generate an empty else clause

	  which will result in an invalid configure script.

2015-07-19  Arthur de Jong <arthur@arthurdejong.org>

	* [6779a51] nslcd/cfg.c: Check file existence for configuration

	  options

	  This adds addition checks to the tls_cacertdir, tls_cacertfile,

	  tls_randfile, tls_cert and tls_key options to ensure that they

	  point to an existing file when parsing nslcd.conf.

2015-07-19  Arthur de Jong <arthur@arthurdejong.org>

	* [a6c7c63] pynslcd/pynslcd.py: Work around bug in python-daemon

	  See https://bugs.debian.org/792871

2015-07-08  Arthur de Jong <arthur@arthurdejong.org>

	* [c32e8c0] m4/ax_pthread.m4, m4/ax_tls.m4: Update macros from

	  autoconf-archive

2015-06-14  Arthur de Jong <arthur@arthurdejong.org>

	* [d949bd4] AUTHORS, ChangeLog, NEWS, configure.ac,

	  man/chsh.ldap.1.xml, man/getent.ldap.1.xml, man/nslcd.8.xml,

	  man/nslcd.conf.5.xml, man/pam_ldap.8.xml, man/pynslcd.8.xml:

	  Get files ready for 0.9.6 release

2015-06-14  Arthur de Jong <arthur@arthurdejong.org>

	* [4236dd6] Makefile.am: Correctly insert emtpy lines in ChangeLog

2015-06-13  Arthur de Jong <arthur@arthurdejong.org>

	* [e916a2b] man/nslcd.conf.5.xml: Manual page improvements

2015-06-13  Arthur de Jong <arthur@arthurdejong.org>

	* [9a7921f] nslcd/common.c, nslcd/common.h: Also fix signed integer

	  bug in binsid2id()

	  This should have been part of d217632.

2015-06-11  Geoffrey McRae <gnif@xbmc.org>

	* [d217632] nslcd/common.c: Fixed signed 32bit overflow bug on

	  32bit systems

2015-05-23  Jed Liu <jed-nss-pam-ldapd-users@uma.litech.org>

	* [3add5f0] nslcd/cfg.c: Allow configuration values longer than

	  63 characters

2015-03-06  Arthur de Jong <arthur@arthurdejong.org>

	* [d58fba9] nss/netgroup.c: Provide innetgr function on Solaris

	  This implements a function in the Solaris version of the NSS module

	  to check if a specifc netgroup triplet is part of a netgroup.

	  This also avoids a compiler warning and includes improvements

	  and testing by Mark R Bannister.

2015-05-01  Andrew Elble <aweits@rit.edu>

	* [c0366d8] man/nslcd.conf.5.xml, nslcd/cfg.c, nslcd/cfg.h,

	  nslcd/nslcd.c, pynslcd/cfg.py, pynslcd/group.py, pynslcd/passwd.py,

	  pynslcd/shadow.py: Implement disable_enumeration

	  If this option is present, functions which cause all user/group

	  entries to be loaded (getpwent(), getgrent()) from the directory

	  will not succeed in doing so. This can dramatically reduce

	  ldap server load in situations where there are a great number

	  of users and/or groups.  Applications that depend on being able

	  to sequentially read all users and/or groups may fail to operate

	  correctly. This option is not recommended for most configurations.

2015-04-17  Arthur de Jong <arthur@arthurdejong.org>

	* [96045d2] man/nslcd.conf.5.xml, nslcd/cfg.c, nslcd/cfg.h,

	  nslcd/group.c, pynslcd/cfg.py, pynslcd/group.py: Implement

	  nss_getgrent_skipmembers

	  This option allows skipping group member list retrieval to

	  improve performance with very large groups. This option results

	  in inconsistent group membership information being presented

	  that may confuse some applications.

2015-04-15  Arthur de Jong <arthur@arthurdejong.org>

	* [530cc24] nslcd/daemonize.c, nslcd/nslcd.c: Avoid signal race

	  condition on start-up

	  This only restores the signal mask after signal handlers are in

	  place and the daemon has completely daemonised to avoid a race

	  condition in the start-up phase of nslcd where a signal could

	  be sent to nslcd causing it to quit or fail to write information

	  to the parent process.

2015-03-29  Arthur de Jong <arthur@arthurdejong.org>

	* [16fd8c6] AUTHORS, ChangeLog, NEWS, README, configure.ac,

	  man/chsh.ldap.1.xml, man/getent.ldap.1.xml, man/nslcd.8.xml,

	  man/pam_ldap.8.xml, man/pynslcd.8.xml: Get files ready for

	  0.9.5 release

2015-03-11  Tim Rice <tim@multitalents.net>

	* [ae08830] common/Makefile.am, compat/Makefile.am, configure.ac,

	  nss/Makefile.am, pam/Makefile.am: Use correct PIC arg for

	  non-GCC compilers

2015-03-22  Arthur de Jong <arthur@arthurdejong.org>

	* [fdbca17] config.sub: Update files from latest automake

2015-03-22  Arthur de Jong <arthur@arthurdejong.org>

	* [9f9a5c5] nss/networks.c: Fix for networks lookup under Solaris

	  This fixes a byte order issue when nscd is running.

2015-03-22  Arthur de Jong <arthur@arthurdejong.org>

	* [52ea3f5] configure.ac: Add checks to configure

	  This adds tests for a function and type used in the code.

2015-03-22  Arthur de Jong <arthur@arthurdejong.org>

	* [4ec1c08] nslcd/daemonize.c: ENODATA is missing on FreeBSD

	  FreeBSD doesn't have ENODATA so we use ENOATTR instead.

2015-03-22  Arthur de Jong <arthur@arthurdejong.org>

	* [b2563b0] compat/nss_compat.h, configure.ac: Remove use of

	  irs-nss.h

	  This was a compatibility leftover from the nss_ldap days.

2015-03-21  Arthur de Jong <arthur@arthurdejong.org>

	* [4c5a3c9] tests/test_clock.c: Prevent numer overflow in test_clock

2015-03-21  Arthur de Jong <arthur@arthurdejong.org>

	* [0420232] nslcd/nslcd.c, nslcd/nsswitch.c, nss/Makefile.am,

	  tests/testenv.sh: Various small fixes when using --with-module-name

	  This updates the test framework to support --with-module-name,

	  ensures that exports.map is rebuilt when configure is re-ran,

	  fixes parsing of nsswitch.conf (to determine what to return for

	  passwd lookups) and fixes the check for _nss_ldap_version.

2015-03-21  Arthur de Jong <arthur@arthurdejong.org>

	* [788475f] nss/common.h: Also support platforms without TLS

	  This disables the use of thread-local storage in the NSS module

	  when it is not available in libc. This results in the get*ent()

	  functions not being thread-safe. However, on most platforms they

	  are not expected to be thread-safe anyway.

2015-03-20  Dalibor Pospíšil <dapospis@redhat.com>

	* [95d621e] man/nslcd.conf.5.xml: Document that multiple URIs can

	  be specified

	  Update nslcd.conf man page that multiple URIs can be set by

	  using more uri lines or more URIs defined on one uri line.

	  https://bugzilla.redhat.com/show_bug.cgi?id=1204195

2015-03-11  Patrick McLean <chutzpah@gentoo.org>

	* [fa6affc] common/tio.c, nslcd/attmap.c, nslcd/cfg.c,

	  nslcd/myldap.c: Fix formatting of size_t values

	  In several places the code used a %d format to print a size_t

	  variable.  On amd64 at least size_t is an unsigned long, so use

	  %lu instead.

	  An alternative would be to use %ud for size_t and %zd fo ssize_t

	  but not all platforms seem to support that formatter.

2015-03-11  Patrick McLean <chutzpah@gentoo.org>

	* [246aba5] nslcd/myldap.c, pam/pam.c: Avoid comparison of static

	  array to null pointer

	  There are several places where a static length array in a struct

	  is compared to a null pointer. These comparisons will always

	  be false, since an array in a struct is not actually a pointer,

	  so they can be removed.

2015-03-10  Patrick McLean <chutzpah@gentoo.org>

	* [d0f896a] AUTHORS, nslcd/nslcd.c: Don't let the oom killer

	  kill nslcd

	  Adjust the Linux OOM (Out-Of-Memory) killer score by -1000 for

	  nslcd so that it should not be killed.

2015-01-19  Arthur de Jong <arthur@arthurdejong.org>

	* [ee82d2f] .gitignore, configure.ac, nslcd/nslcd.c,

	  nss/Makefile.am, nss/aliases.c, nss/bsdnss.c, nss/common.c,

	  nss/common.h, nss/ethers.c, nss/group.c, nss/hosts.c,

	  nss/netgroup.c, nss/networks.c, nss/passwd.c, nss/protocols.c,

	  nss/prototypes.h, nss/rpc.c, nss/services.c, nss/shadow.c,

	  pam/pam.c, pynslcd/constants.py.in, pynslcd/pynslcd.py: Allow

	  configuration of NSS and PAM names

	  This introduces the --with-module-name configure option to

	  allow building of NSS and PAM modules with different namespaces

	  than ldap.

2015-01-12  Mark R Bannister <dbis@proseconsulting.co.uk>

	* [ed8b312] nss/hosts.c: Fix uninitialised variable

	  This fixes a bug in the NSS library when encountering IPv6

	  addresses in the hosts map.

2014-12-12  Arthur de Jong <arthur@arthurdejong.org>

	* [8b33057] nslcd/myldap.c: Avoid accessing searches outside array

	  Thanks David Binderma for pointing this out.

	  Note that in practical situations this should not result in any

	  errors due to the position of searches within the ldap_session

	  struct.

2014-11-02  Arthur de Jong <arthur@arthurdejong.org>

	* [9ee854e] man/nslcd.conf.5.xml: Document that rootpwmoddn needs

	  to exist

	  See

	  http://lists.arthurdejong.org/nss-pam-ldapd-users/2014/msg00166.html

2014-10-10  Arthur de Jong <arthur@arthurdejong.org>

	* [4262122] nslcd/nslcd.c: Fix format string

	  Thanks Jianhai Luan.

2014-10-04  Arthur de Jong <arthur@arthurdejong.org>

	* [1d3b19b] nslcd/nslcd.c: Block signals sooner to avoid race

	  conditions

2014-08-27  Jason Luan <jianhai.luan@oracle.com>

	* [78627c9] nslcd/cfg.c, nslcd/group.c, nslcd/nslcd.c,

	  nslcd/passwd.c: uid_t/gid_t should be formatted as unsigned long

	  mmkfilter_passwd_byuid()/mkfilter_group_bygid() get wrong filter

	  string because "%d" will return negative when uid/gid larger

	  than 2^31, and result to "Authentiction failure".

	  This also changes the other places where uid_t or gid_t values

	  are formatted.

2014-09-21  Arthur de Jong <arthur@arthurdejong.org>

	* [a726d29] nslcd/daemonize.c: Fix issues with daemonising

	  This fixes a problem with a buffer that could end up padded

	  with garbage.

	  This also clarifies the code a bit and adds extra logging for

	  errors that could occur during daemonising.

2014-06-30  Tim Harder <radhermit@gmail.com>

	* [82e4423] nslcd/myldap.c: Minor comment spelling fix

2014-06-30  Tim Harder <radhermit@gmail.com>

	* [2950797] AUTHORS, nslcd/myldap.c: Check a socket's connectivity

	  before trying to use it

	  This alleviates some cases where multi-second lag occurs before a

	  query returns due to some or all connections having been closed

	  by the peer, e.g. a load balancer timing out old connections,

	  but they are all tried before opening new connections.

	  Tested and working on Linux.

2014-06-20  Arthur de Jong <arthur@arthurdejong.org>

	* [1765e34] nslcd/common.h: Fix copy-pasto

2014-06-12  Arthur de Jong <arthur@arthurdejong.org>

	* [9516479] tests/test.ldif, tests/test_nsscmds.sh: Use other IP

	  range for tests

	  This uses IP addresses from the RFC 5737 TEST-NET-1 range that is

	  meant for use in documentation. This avoids issues with running

	  the tests environments that also use the 10.0.0.0/8 range.

2014-06-06  Arthur de Jong <arthur@arthurdejong.org>

	* [b3cf0aa] AUTHORS, ChangeLog, NEWS, configure.ac,

	  man/chsh.ldap.1.xml, man/getent.ldap.1.xml, man/nslcd.8.xml,

	  man/nslcd.conf.5.xml, man/pam_ldap.8.xml, man/pynslcd.8.xml:

	  Get files ready for 0.9.4 release

2014-06-06  Arthur de Jong <arthur@arthurdejong.org>

	* [abb2452] nss/services.c: Return correct port number on Solaris

	  This is a small fix for when using nscd (which still does not

	  seem to work completely). The port is stored in network byte

	  order but should be printed in host byte order.