|
Packit |
6bd9ab |
changes from 0.9.8 to 0.9.9
|
|
Packit |
6bd9ab |
---------------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* support spaces in attribute mapping expressions
|
|
Packit |
6bd9ab |
* allow parsing longer lines in the configuration file
|
|
Packit |
6bd9ab |
* allow for longer host names
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 0.9.7 to 0.9.8
|
|
Packit |
6bd9ab |
---------------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* add a pam_authc_search option that can be used to configure the search
|
|
Packit |
6bd9ab |
operation that is performed after authentication
|
|
Packit |
6bd9ab |
* add nss_uid_offset and nss_gid_offset options that can be used to
|
|
Packit |
6bd9ab |
change returned numeric user and group ids from LDAP (thanks Seth Wright)
|
|
Packit |
6bd9ab |
* do not retry failed user password on second LDAP server
|
|
Packit |
6bd9ab |
* fix a crash in the PAM module on FreeBSD when showing password expiration
|
|
Packit |
6bd9ab |
messages
|
|
Packit |
6bd9ab |
* the validnames option now also applies to shadow lookups
|
|
Packit |
6bd9ab |
* support ethernet addresses in LDAP in compact and long formats
|
|
Packit |
6bd9ab |
* improvements to getent.ldap command (a few minor bug fixes and preparations
|
|
Packit |
6bd9ab |
for Python 3 support)
|
|
Packit |
6bd9ab |
* log entries and lookups failing nss_min_uid at debug level
|
|
Packit |
6bd9ab |
* improvements to the test suite (including tests for getent.ldap)
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 0.9.6 to 0.9.7
|
|
Packit |
6bd9ab |
---------------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* check existence of TLS certificate and key files on start-up
|
|
Packit |
6bd9ab |
* fix password policy expiration handling when password was about to expire
|
|
Packit |
6bd9ab |
(thanks Mathieu Baeumler for tracking this down)
|
|
Packit |
6bd9ab |
* fix updating of shadowLastChange attribute when chasing referrals
|
|
Packit |
6bd9ab |
(thanks Vasilis Tsiligiannis)
|
|
Packit |
6bd9ab |
* add an pam_authc_ppolicy option to allows completely disabling ppolicy
|
|
Packit |
6bd9ab |
handling (thanks Mathieu Baeumler)
|
|
Packit |
6bd9ab |
* fix handling of nss_disable_enumeration (thanks Andrew W Elble for pointing
|
|
Packit |
6bd9ab |
this out)
|
|
Packit |
6bd9ab |
* display human readable password expiry messages (thanks Mathieu Baeumler)
|
|
Packit |
6bd9ab |
* fix error when changing PAM user name (thanks 依云)
|
|
Packit |
6bd9ab |
* support substring expressions ${var:offset:length} in attribute mapping
|
|
Packit |
6bd9ab |
(thanks Giovanni Mascellani)
|
|
Packit |
6bd9ab |
* also honor the ignorecase option in PAM
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 0.9.5 to 0.9.6
|
|
Packit |
6bd9ab |
---------------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* fix a race condition in signal handling during start-up that would cause
|
|
Packit |
6bd9ab |
nslcd to exit if a signal (such as SIGUSR1 that can be sent when network
|
|
Packit |
6bd9ab |
status changes) is received
|
|
Packit |
6bd9ab |
* fix signed integer overflow on 32bit systems when using objectSid (thanks
|
|
Packit |
6bd9ab |
Geoffrey McRae)
|
|
Packit |
6bd9ab |
* allow longer configuration values (thanks Jed Liu)
|
|
Packit |
6bd9ab |
* add an nss_getgrent_skipmembers option to disable retrieving group members
|
|
Packit |
6bd9ab |
to improve performance in specific environments
|
|
Packit |
6bd9ab |
* add an nss_disable_enumeration option to disable full listing of all users
|
|
Packit |
6bd9ab |
and groups to improve performance in specific environments (thanks Andrew
|
|
Packit |
6bd9ab |
Elble)
|
|
Packit |
6bd9ab |
* implement an innetgr function in the Solaris NSS module
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 0.9.4 to 0.9.5
|
|
Packit |
6bd9ab |
---------------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* improve test suite (change IP range)
|
|
Packit |
6bd9ab |
* handle situation better when server (or firewall) closed the connection
|
|
Packit |
6bd9ab |
(thanks Tim Harder)
|
|
Packit |
6bd9ab |
* make daemonising a little more robust and try to log more failures
|
|
Packit |
6bd9ab |
* fix integer format strings (thanks Jianhai Luan and Patrick McLean)
|
|
Packit |
6bd9ab |
* documentation updates (thanks Dalibor Pospíšil)
|
|
Packit |
6bd9ab |
* fix range check for search access (thanks David Binderma)
|
|
Packit |
6bd9ab |
* fix a bug in the NSS library when encountering IPv6 addresses in
|
|
Packit |
6bd9ab |
the hosts map (thanks Mark R Bannister)
|
|
Packit |
6bd9ab |
* allow configuring the name of the NSS and PAM modules (--with-module-name)
|
|
Packit |
6bd9ab |
* adjust the Linux OOM (Out-Of-Memory) killer score to avoid killing nslcd
|
|
Packit |
6bd9ab |
(thanks Patrick McLean)
|
|
Packit |
6bd9ab |
* portability improvements (thanks Tim Rice)
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 0.9.3 to 0.9.4
|
|
Packit |
6bd9ab |
---------------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* also handle password policy information on BIND failure (this makes it
|
|
Packit |
6bd9ab |
possible to distinguish between a wrong password and an expired password)
|
|
Packit |
6bd9ab |
* fix mapping the member attribute to an empty string
|
|
Packit |
6bd9ab |
* any buffers that may have held passwords are cleared before the memory is
|
|
Packit |
6bd9ab |
released
|
|
Packit |
6bd9ab |
* increase buffer size for passwords to support extremely long passwords
|
|
Packit |
6bd9ab |
(thanks ushi)
|
|
Packit |
6bd9ab |
* increase buffer size for DN to support very long names or names with
|
|
Packit |
6bd9ab |
non-ASCII characters
|
|
Packit |
6bd9ab |
* log an error in almost all places where a defined buffer is not large
|
|
Packit |
6bd9ab |
enough to hold the provided data instead of just (sometimes silently)
|
|
Packit |
6bd9ab |
failing
|
|
Packit |
6bd9ab |
* logging improvements (start-up problems, login failures)
|
|
Packit |
6bd9ab |
* small improvement for Solaris
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 0.9.2 to 0.9.3
|
|
Packit |
6bd9ab |
---------------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* make the dn2uid cache lifetime configurable with the cache configuration
|
|
Packit |
6bd9ab |
option
|
|
Packit |
6bd9ab |
* have the nslcd process only exit after the service is completely available
|
|
Packit |
6bd9ab |
to avoid race conditions in the init script
|
|
Packit |
6bd9ab |
* the nslcd daemon now properly daemonises (double fork)
|
|
Packit |
6bd9ab |
* support mapping the member attribute to an empty string to disable the
|
|
Packit |
6bd9ab |
functionality to do extra lookups for member DN to member uid translations
|
|
Packit |
6bd9ab |
* implement deref control handling to request the LDAP server to dereference
|
|
Packit |
6bd9ab |
group member attribute values to uid values
|
|
Packit |
6bd9ab |
* support getting built-in groups from Active Directory (thanks Davy Defaud)
|
|
Packit |
6bd9ab |
* fix for pwdLastSet attribute value handling (thanks Joshua Shire)
|
|
Packit |
6bd9ab |
* fix a possible crash in the NSS module when retrieving large networks
|
|
Packit |
6bd9ab |
entries (thanks Lukas Slebodnik)
|
|
Packit |
6bd9ab |
* correct NSS h_errnop return value to indicate buffer too small (thanks
|
|
Packit |
6bd9ab |
Nalin Dahyabhai)
|
|
Packit |
6bd9ab |
* fix a bug with shadow values on 64-bit architectures
|
|
Packit |
6bd9ab |
* automatically detect DragonFly as using the FreeBSD NSS interface (thanks
|
|
Packit |
6bd9ab |
Francois Tigeot)
|
|
Packit |
6bd9ab |
* add a build-time test to see if krb5 is thread-safe
|
|
Packit |
6bd9ab |
* various minor bug fixes
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 0.9.1 to 0.9.2
|
|
Packit |
6bd9ab |
---------------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* increase password value buffer size (by Bersl)
|
|
Packit |
6bd9ab |
* avoid more broken pipe errors by using a low timeout when aborting reading
|
|
Packit |
6bd9ab |
requested information from nslcd (thanks John Sullivan)
|
|
Packit |
6bd9ab |
* only log broken pipe errors in debugging mode
|
|
Packit |
6bd9ab |
* fix buffer overflow on interrupted read that is hard to trigger (thanks
|
|
Packit |
6bd9ab |
John Sullivan)
|
|
Packit |
6bd9ab |
* use clock_gettime() with CLOCK_MONOTONIC for timeout calculations to avoid
|
|
Packit |
6bd9ab |
clock adjustments errors (thanks John Sullivan)
|
|
Packit |
6bd9ab |
* extend test suite to test for CLOCK_MONOTONIC and timed IO timeout
|
|
Packit |
6bd9ab |
calculations
|
|
Packit |
6bd9ab |
* increase the maximum number of base statements per map to 31
|
|
Packit |
6bd9ab |
* use larger nslcd send buffers to reduce the number of write operations in
|
|
Packit |
6bd9ab |
nslcd and consequently the number of reads in the NSS and PAM modules
|
|
Packit |
6bd9ab |
(thanks John Sullivan)
|
|
Packit |
6bd9ab |
* also run invalidators after first successful search
|
|
Packit |
6bd9ab |
* various clean-ups, portability improvements and fixes for compiler warnings
|
|
Packit |
6bd9ab |
* import configure checks of Python modules
|
|
Packit |
6bd9ab |
* provide a script for setting up slapd in a test environment, automatically
|
|
Packit |
6bd9ab |
loaded with the required test data
|
|
Packit |
6bd9ab |
* add script for evaluating test environment availability
|
|
Packit |
6bd9ab |
* portability improvements in the test scripts and test environment
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 0.9.0 to 0.9.1
|
|
Packit |
6bd9ab |
---------------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* rename the nscd_invalidate option to reconnect_invalidate and allow flushing
|
|
Packit |
6bd9ab |
the nfsidmap cache with the new option
|
|
Packit |
6bd9ab |
* implement an -n switch to not daemonise (by Caleb Callaway)
|
|
Packit |
6bd9ab |
* nslcd will now return partial shadow information to non-root users to avoid
|
|
Packit |
6bd9ab |
authorisation problems with setgid shadow authentication helpers with some
|
|
Packit |
6bd9ab |
PAM stacks
|
|
Packit |
6bd9ab |
* nslcd will now retry failing LDAP connections after receiving SIGUSR1
|
|
Packit |
6bd9ab |
(SIGUSR1 could be sent after re-establishing a network connection)
|
|
Packit |
6bd9ab |
* fix the way manual pages are installed in some situations
|
|
Packit |
6bd9ab |
* the code for the nslcd utilities (getent.ldap and chsh.ldap) is now
|
|
Packit |
6bd9ab |
installed in {prefix}/share/nslcd-utils
|
|
Packit |
6bd9ab |
* improve error and help output of the getent.ldap command
|
|
Packit |
6bd9ab |
* documentation updates
|
|
Packit |
6bd9ab |
* a number of tests were added and existing tests were extended
|
|
Packit |
6bd9ab |
* fix for a potential, small memory leak in PAM module regarding temporary
|
|
Packit |
6bd9ab |
saving of old password
|
|
Packit |
6bd9ab |
* a large number of bug fixes and improvements in pynslcd
|
|
Packit |
6bd9ab |
* hide passwords from the pynslcd debug output
|
|
Packit |
6bd9ab |
* support start_tls, pam_password_prohibit_message, nss_initgroups_ignoreusers
|
|
Packit |
6bd9ab |
and nss_min_uid in pynslcd
|
|
Packit |
6bd9ab |
* fix rootpwmodpw handling in pynslcd
|
|
Packit |
6bd9ab |
* complete a basic PAM implementation in pynslcd (some things such as shadow
|
|
Packit |
6bd9ab |
attribute checking remain to be implemented)
|
|
Packit |
6bd9ab |
* clean up the caching functionality in pynslcd (functionality is still
|
|
Packit |
6bd9ab |
disabled)
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 0.8.12 to 0.9.0
|
|
Packit |
6bd9ab |
----------------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* backwards incompatible change to the communications protocol between nslcd
|
|
Packit |
6bd9ab |
and NSS and PAM modules to use network byte order to be able to work on
|
|
Packit |
6bd9ab |
mixed endian multiarch systems
|
|
Packit |
6bd9ab |
* netgroup lookups now makes a distinction between empty netgroups and
|
|
Packit |
6bd9ab |
non-existing netgroups
|
|
Packit |
6bd9ab |
* the PAM protocol is now more consistent (cleaner support for password
|
|
Packit |
6bd9ab |
modification by root, have all request parameters in the same order and
|
|
Packit |
6bd9ab |
limit the information returned from the call)
|
|
Packit |
6bd9ab |
* request and handle password policy controls on LDAP authentication
|
|
Packit |
6bd9ab |
* implement support for nested groups which can be enabled with the
|
|
Packit |
6bd9ab |
nss_nested_groups option (thanks Steve Hill)
|
|
Packit |
6bd9ab |
* add a log option to configure log level and logging to plain files
|
|
Packit |
6bd9ab |
* add an nscd_invalidate option to invalidate the nscd cache after recovering
|
|
Packit |
6bd9ab |
from LDAP connection problems (to clear any negative cache entries)
|
|
Packit |
6bd9ab |
* allow trimming expressions with ${foo#bar} syntax in attribute mapping
|
|
Packit |
6bd9ab |
expressions (thanks Thorsten Glaser)
|
|
Packit |
6bd9ab |
* pynslcd supports trimming expressions with full shell glob matching
|
|
Packit |
6bd9ab |
* support password modification in pynslcd
|
|
Packit |
6bd9ab |
* support children search scope for systems that have it
|
|
Packit |
6bd9ab |
* add a getent.ldap utility to perform nslcd queries bypassing the libc NSS
|
|
Packit |
6bd9ab |
stack
|
|
Packit |
6bd9ab |
* implement functionality for changing user information and provide a
|
|
Packit |
6bd9ab |
chsh.ldap utility to allow users to change their login shell
|
|
Packit |
6bd9ab |
* remove deprecated use_sasl, reconnect_tries, reconnect_maxsleeptime and
|
|
Packit |
6bd9ab |
tls_checkpeer options which have been replaced long ago
|
|
Packit |
6bd9ab |
* allow names with one character in default validnames option and allow
|
|
Packit |
6bd9ab |
parentheses (taken from Fedora packages)
|
|
Packit |
6bd9ab |
* fall back to updating the lastChange attribute with the normal LDAP
|
|
Packit |
6bd9ab |
connection
|
|
Packit |
6bd9ab |
* dump full nslcd configuration at debug level on start-up
|
|
Packit |
6bd9ab |
* export an _nss_ldap_version symbol in the NSS module to make finding version
|
|
Packit |
6bd9ab |
mismatches easier (the NSS module version is logged from nslcd)
|
|
Packit |
6bd9ab |
* documentation improvements
|
|
Packit |
6bd9ab |
* update the coding style for the C source code to follow a more modern and
|
|
Packit |
6bd9ab |
commonly used coding convention
|
|
Packit |
6bd9ab |
* some parts of the code were refactored or rewritten to take into account the
|
|
Packit |
6bd9ab |
changes within the software (e.g. configuration file handling, reduction in
|
|
Packit |
6bd9ab |
the number of system calls for normal communication)
|
|
Packit |
6bd9ab |
* numerous smaller fixes
|
|
Packit |
6bd9ab |
* portability and robustness improvements to the tests
|
|
Packit |
6bd9ab |
* implement lookup_netgroup and lookup_shadow test commands for systems that
|
|
Packit |
6bd9ab |
cannot use getent to query these
|
|
Packit |
6bd9ab |
* guess the value for --with-pam-seclib-dir configure option if it is not
|
|
Packit |
6bd9ab |
specified
|
|
Packit |
6bd9ab |
* temporary disable the caching functionality of pynslcd
|
|
Packit |
6bd9ab |
* usability improvements in the pynslcd implementation
|
|
Packit |
6bd9ab |
* various fixes for Solaris
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 0.8.11 to 0.8.12
|
|
Packit |
6bd9ab |
-----------------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* fix a problem with the sasl_canonicalize option that would cause errors
|
|
Packit |
6bd9ab |
on non-SASL enabled systems
|
|
Packit |
6bd9ab |
* ensure that the file descriptors in the NSS and PAM modules for connecting
|
|
Packit |
6bd9ab |
to nslcd are closed on exec of the process
|
|
Packit |
6bd9ab |
* allow attribute options in attribute mapping expressions
|
|
Packit |
6bd9ab |
* show reconnect messages when failing over to a different LDAP server or
|
|
Packit |
6bd9ab |
re-establishing the connection to an LDAP server (the message accidentally
|
|
Packit |
6bd9ab |
got hidden in 0.7.4)
|
|
Packit |
6bd9ab |
* fix a problem with the pw_class attribute in FreeBSD (fixes 0.8.11)
|
|
Packit |
6bd9ab |
* more fixes and improvements for Solaris (running under nscd may still give
|
|
Packit |
6bd9ab |
problems though)
|
|
Packit |
6bd9ab |
* small improvement to PAM error logging
|
|
Packit |
6bd9ab |
* provide a pynslcd manual if pynslcd is built
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 0.8.10 to 0.8.11
|
|
Packit |
6bd9ab |
-----------------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* add a pam_password_prohibit_message nslcd.conf option to deny password
|
|
Packit |
6bd9ab |
change (thanks to Ted Cheng)
|
|
Packit |
6bd9ab |
* add a sasl_canonicalize option to allow disabling of hostname
|
|
Packit |
6bd9ab |
canonicalisation in OpenLDAP
|
|
Packit |
6bd9ab |
* have the nslcd daemon load the nslcd user's supplementary groups to have
|
|
Packit |
6bd9ab |
more flexibility with assigning group permissions
|
|
Packit |
6bd9ab |
* fix logic error when falling back to getting ranged attribute values for
|
|
Packit |
6bd9ab |
possibly binary attributes (thanks scan-build)
|
|
Packit |
6bd9ab |
* fix a problem when storing negative hit to dn2uid cache (thanks scan-build)
|
|
Packit |
6bd9ab |
* use poll() instead of select() for checking file descriptor activity to also
|
|
Packit |
6bd9ab |
correctly work if more than FD_SETSIZE files are already open
|
|
Packit |
6bd9ab |
* small portability improvements
|
|
Packit |
6bd9ab |
* improve support for using Netscape LDAP libraries
|
|
Packit |
6bd9ab |
* improvements and fixes to the Solaris NSS code
|
|
Packit |
6bd9ab |
* grow all search filter buffers to 4096 bytes
|
|
Packit |
6bd9ab |
* some improvements to the pynslcd implementation
|
|
Packit |
6bd9ab |
* add an LDIF version of the ldapns.schema schema file
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 0.8.9 to 0.8.10
|
|
Packit |
6bd9ab |
----------------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* documentation improvements
|
|
Packit |
6bd9ab |
* fix a problem that causes the PAM module to prompt for a new password
|
|
Packit |
6bd9ab |
even though the old one was wrong
|
|
Packit |
6bd9ab |
* log successful password change in nslcd
|
|
Packit |
6bd9ab |
* install default configuration file with reduced permissions (further
|
|
Packit |
6bd9ab |
protection for CVE-2009-1073)
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 0.8.8 to 0.8.9
|
|
Packit |
6bd9ab |
---------------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* allow the pam_authz_search option to be specified multiple times
|
|
Packit |
6bd9ab |
* improvements to pynslcd adding support for pam_authz_search
|
|
Packit |
6bd9ab |
* implement extra range checking of all numeric values
|
|
Packit |
6bd9ab |
* make documentation up-to-date
|
|
Packit |
6bd9ab |
* compatibility improvements, especially for FreeBSD
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 0.8.7 to 0.8.8
|
|
Packit |
6bd9ab |
---------------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* fix a regression in the handling of PAM requests
|
|
Packit |
6bd9ab |
* add the ldapns.schema file from pam_ldap to the tarball
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 0.8.6 to 0.8.7
|
|
Packit |
6bd9ab |
---------------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* log the first 10 search results in debug mode to make debugging easier
|
|
Packit |
6bd9ab |
(patch by Matthijs Kooijman)
|
|
Packit |
6bd9ab |
* provide more detailed logging information for LDAP errors, this should
|
|
Packit |
6bd9ab |
especially help for TLS related problems (based on a patch by Mel Flynn)
|
|
Packit |
6bd9ab |
* fix logging of invalid pam_authz_search value
|
|
Packit |
6bd9ab |
* when doing DNS queries for SRV records recognise default ldap and ldaps
|
|
Packit |
6bd9ab |
ports
|
|
Packit |
6bd9ab |
* make whether or not to do case-sensitive filtering configurable (patch by
|
|
Packit |
6bd9ab |
Matthew L. Dailey)
|
|
Packit |
6bd9ab |
* document the fact that each thread opens its own connection (patch by
|
|
Packit |
6bd9ab |
Chris Hiestand)
|
|
Packit |
6bd9ab |
* some small portability improvements
|
|
Packit |
6bd9ab |
* try to prevent some of the Broken pipe messages in nslcd
|
|
Packit |
6bd9ab |
* increase buffer used for pam_authz_search as suggested by Chris J Arges
|
|
Packit |
6bd9ab |
* pynslcd now handles privileged requests correctly
|
|
Packit |
6bd9ab |
* pynslcd now supports attribute mapping using the lower() and upper()
|
|
Packit |
6bd9ab |
functions
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 0.8.5 to 0.8.6
|
|
Packit |
6bd9ab |
---------------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* a number of code improvements by Jakub Hrozek
|
|
Packit |
6bd9ab |
* fixes for FreeBSD (thanks Maxim Vetrov)
|
|
Packit |
6bd9ab |
* include missing pynslcd files from tarball
|
|
Packit |
6bd9ab |
* improvements to the pynslcd implementation
|
|
Packit |
6bd9ab |
* implement an offline cache in pynslcd
|
|
Packit |
6bd9ab |
* the Debian packaging was split from the main source tree
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 0.8.4 to 0.8.5
|
|
Packit |
6bd9ab |
---------------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* support larger gecos values
|
|
Packit |
6bd9ab |
* reduce loglevel of user not found messages to avoid spamming the logs
|
|
Packit |
6bd9ab |
with useless information (thanks Wakko Warner)
|
|
Packit |
6bd9ab |
* other logging improvements
|
|
Packit |
6bd9ab |
* explicitly parse numbers as base 10 (thanks Jakub Hrozek)
|
|
Packit |
6bd9ab |
* implement FreeBSD group membership NSS function (thanks Tom Judge)
|
|
Packit |
6bd9ab |
* fix an issue with detecting the uid of the calling process and log
|
|
Packit |
6bd9ab |
denied shadow requests in debug mode
|
|
Packit |
6bd9ab |
* fix a typo in the disconnect logic code (thanks Martin Poole)
|
|
Packit |
6bd9ab |
* implement configuration file handling in pynslcd and other pynslcd
|
|
Packit |
6bd9ab |
improvements
|
|
Packit |
6bd9ab |
* Debian packaging improvements
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 0.8.3 to 0.8.4
|
|
Packit |
6bd9ab |
---------------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* switch to using the member attribute by default instead of
|
|
Packit |
6bd9ab |
uniqueMember (backwards incompatible change)
|
|
Packit |
6bd9ab |
* only return "x" as a password hash when the object has the shadowAccount
|
|
Packit |
6bd9ab |
objectClass and nsswitch.conf is configured to do shadow lookups using
|
|
Packit |
6bd9ab |
LDAP (this avoids some problems with pam_unix)
|
|
Packit |
6bd9ab |
* fix problem with partial attribute name matches in DN (thanks Timothy
|
|
Packit |
6bd9ab |
White)
|
|
Packit |
6bd9ab |
* fix a problem with objectSid mappings with recent versions of OpenLDAP
|
|
Packit |
6bd9ab |
(patch by Wesley Mason)
|
|
Packit |
6bd9ab |
* set the socket timeout in a connection callback to avoid timeout
|
|
Packit |
6bd9ab |
issues during the SSL handshake (patch by Stefan Völkel)
|
|
Packit |
6bd9ab |
* check for unknown variables in pam_authz_search
|
|
Packit |
6bd9ab |
* only check password expiration when authenticating, only check account
|
|
Packit |
6bd9ab |
expiration when doing authorisation
|
|
Packit |
6bd9ab |
* make buffer sizes consistent and grow all buffers holding string
|
|
Packit |
6bd9ab |
representations of numbers to be able to hold 64-bit numbers
|
|
Packit |
6bd9ab |
* update AX_PTHREAD from autoconf-archive
|
|
Packit |
6bd9ab |
* support querying DNS SRV records from a different domain than the current
|
|
Packit |
6bd9ab |
one (based on a patch by James M. Leddy)
|
|
Packit |
6bd9ab |
* fix a problem with uninitialised memory while parsing the tls_ciphers
|
|
Packit |
6bd9ab |
option
|
|
Packit |
6bd9ab |
* implement bounds checking of numeric values read from LDAP (patch by
|
|
Packit |
6bd9ab |
Jakub Hrozek)
|
|
Packit |
6bd9ab |
* correctly support large uid and gid values from LDAP (patch by Jakub
|
|
Packit |
6bd9ab |
Hrozek)
|
|
Packit |
6bd9ab |
* improvements to the configure script (patch by Jakub Hrozek)
|
|
Packit |
6bd9ab |
* Debian packaging improvements
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 0.8.2 to 0.8.3
|
|
Packit |
6bd9ab |
---------------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* support using the objectSid attribute to provide numeric user and group
|
|
Packit |
6bd9ab |
ids, based on a patch by Wesley Mason
|
|
Packit |
6bd9ab |
* check shadow account and password expiry properties (similarly to what
|
|
Packit |
6bd9ab |
pam_unix does) in the PAM handling code
|
|
Packit |
6bd9ab |
* implement attribute mapping functionality in pynslcd
|
|
Packit |
6bd9ab |
* relax default for validnames option to allow user names of only two
|
|
Packit |
6bd9ab |
characters
|
|
Packit |
6bd9ab |
* make user and group name validation errors a little more informative
|
|
Packit |
6bd9ab |
* small portability improvements
|
|
Packit |
6bd9ab |
* general code improvements and refactoring in pynslcd
|
|
Packit |
6bd9ab |
* some simplifications in the protocol between the PAM module and nslcd
|
|
Packit |
6bd9ab |
(without actual protocol changes so far)
|
|
Packit |
6bd9ab |
* Debian packaging improvements
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 0.8.1 to 0.8.2
|
|
Packit |
6bd9ab |
---------------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* fix problem with endless loop on incorrect password
|
|
Packit |
6bd9ab |
* fix a communication problem between nslcd and the NSS and PAM modules when
|
|
Packit |
6bd9ab |
running on Solaris 10
|
|
Packit |
6bd9ab |
* fix a compilation issue on systems without HOST_NAME_MAX
|
|
Packit |
6bd9ab |
* link to the resolv library for hstrerror() on platforms that need it
|
|
Packit |
6bd9ab |
* ignore password change requests for users not in LDAP
|
|
Packit |
6bd9ab |
* many clean-ups to the tests and added some new tests including some
|
|
Packit |
6bd9ab |
integration tests for the PAM functionality
|
|
Packit |
6bd9ab |
* some smaller code clean-ups and improvements
|
|
Packit |
6bd9ab |
* improvements to pynslcd, including implementations for service, protocol and
|
|
Packit |
6bd9ab |
rpc lookups
|
|
Packit |
6bd9ab |
* implement a validnames option that can be used to filter valid user and
|
|
Packit |
6bd9ab |
group names using a regular expression
|
|
Packit |
6bd9ab |
* improvements to the way nslcd shuts down with hanging worker threads
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 0.8.0 to 0.8.1
|
|
Packit |
6bd9ab |
---------------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* SECURITY FIX: the PAM module will allow authentication for users that do not
|
|
Packit |
6bd9ab |
exist in LDAP, this allows login to local users with an
|
|
Packit |
6bd9ab |
incorrect password (CVE-2011-0438)
|
|
Packit |
6bd9ab |
the exploitability of the problem depends on the details of
|
|
Packit |
6bd9ab |
the PAM stack and the use of the minimum_uid PAM option
|
|
Packit |
6bd9ab |
* include a file that was missing for Solaris support
|
|
Packit |
6bd9ab |
* add FreeBSD support, partially imported from the FreeBSD port (thanks to
|
|
Packit |
6bd9ab |
Jacques Vidrine, Artem Kazakov and Alexander V. Chernikov)
|
|
Packit |
6bd9ab |
* document how to replace name pam_check_service_attr and pam_check_host_attr
|
|
Packit |
6bd9ab |
options in PADL's pam_ldap with with pam_authz_search in nss-pam-ldapd
|
|
Packit |
6bd9ab |
* implement a fqdn variable that can be used in pam_authz_search filters
|
|
Packit |
6bd9ab |
* create the directory to hold the socket and pidfile on startup
|
|
Packit |
6bd9ab |
* implement host, network and netgroup support in pynslcd
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 0.7.13 to 0.8.0
|
|
Packit |
6bd9ab |
----------------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* include Solaris support developed by Ted C. Cheng of Symas Corporation
|
|
Packit |
6bd9ab |
* include an experimental partial implementation of nslcd in Python (disabled
|
|
Packit |
6bd9ab |
by default, see --enable-pynslcd configure option)
|
|
Packit |
6bd9ab |
* implement a nss_min_uid option to filter user entries returned by LDAP
|
|
Packit |
6bd9ab |
* implement a rootpwmodpw option that allows the root user to change a user's
|
|
Packit |
6bd9ab |
password without a password prompt
|
|
Packit |
6bd9ab |
* try to update the shadowLastChange attribute on password change
|
|
Packit |
6bd9ab |
* all log messages now include a description of the request to more easily
|
|
Packit |
6bd9ab |
track problems when not running in debug mode
|
|
Packit |
6bd9ab |
* allow attribute mapping expressions for the userPassword attribute for
|
|
Packit |
6bd9ab |
passwd, group and shadow entries and by default map it to the unmatchable
|
|
Packit |
6bd9ab |
password ("*") to avoid accidentally leaking password information
|
|
Packit |
6bd9ab |
* numerous compatibility improvements
|
|
Packit |
6bd9ab |
* add --with-pam-seclib-dir and --with-pam-ldap-soname configure options to
|
|
Packit |
6bd9ab |
allow more control of hot to install the PAM module
|
|
Packit |
6bd9ab |
* add --with-nss-flavour and --with-nss-maps configure options to support
|
|
Packit |
6bd9ab |
other C libraries and limit which NSS modules to install
|
|
Packit |
6bd9ab |
* allow tilde (~) in user and group names
|
|
Packit |
6bd9ab |
* improvements to the timeout mechanism (connections are now actively timed
|
|
Packit |
6bd9ab |
out using the idle_timelimit option)
|
|
Packit |
6bd9ab |
* set socket timeouts on the LDAP connection to disconnect regardless of LDAP
|
|
Packit |
6bd9ab |
and possibly TLS handling of connection
|
|
Packit |
6bd9ab |
* better disconnect/reconnect handling of error conditions
|
|
Packit |
6bd9ab |
* some code improvements and cleanups and several smaller bug fixes
|
|
Packit |
6bd9ab |
* all internal string comparisons are now also case sensitive (e.g. for
|
|
Packit |
6bd9ab |
providing DN to username lookups, etc)
|
|
Packit |
6bd9ab |
* signal handling in the daemon was changed to behave more reliable across
|
|
Packit |
6bd9ab |
different threading implementations
|
|
Packit |
6bd9ab |
* nslcd will now always return a positive authorisation result during
|
|
Packit |
6bd9ab |
authentication to avoid confusing the PAM module when it is only used for
|
|
Packit |
6bd9ab |
authorisation
|
|
Packit |
6bd9ab |
* Debian packaging improvement: implement configuring SASL authentication
|
|
Packit |
6bd9ab |
using Debconf, based on a patch by Daniel Dehennin
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 0.7.12 to 0.7.13
|
|
Packit |
6bd9ab |
-----------------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* fix handling of idle_timelimit option
|
|
Packit |
6bd9ab |
* fix error code for problem while doing password modification
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 0.7.11 to 0.7.12
|
|
Packit |
6bd9ab |
-----------------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* set a short socket timeout when shutting down the connection to the LDAP
|
|
Packit |
6bd9ab |
server to avoid disconnect problems when using TLS
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 0.7.10 to 0.7.11
|
|
Packit |
6bd9ab |
-----------------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* grow the buffer for the PAM ruser to not reject logins for users with
|
|
Packit |
6bd9ab |
a ruser including a domain part
|
|
Packit |
6bd9ab |
* Debian packaging improvements
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 0.7.9 to 0.7.10
|
|
Packit |
6bd9ab |
----------------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* handle errors from ldap_result() better and disconnect (and reconnect)
|
|
Packit |
6bd9ab |
in more cases
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 0.7.8 to 0.7.9
|
|
Packit |
6bd9ab |
---------------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* fix for --with-nss-ldap-soname configure option by Julien Cristau
|
|
Packit |
6bd9ab |
* Debian packaging improvements
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 0.7.7 to 0.7.8
|
|
Packit |
6bd9ab |
---------------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* minor portability improvements and clean-ups (thanks Alexander V.
|
|
Packit |
6bd9ab |
Chernikov and Ted C. Cheng)
|
|
Packit |
6bd9ab |
* don't expand variables in rest of ${var:-rest} and ${var:+rest}
|
|
Packit |
6bd9ab |
expressions if it is not needed
|
|
Packit |
6bd9ab |
* Debian packaging improvements
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 0.7.6 to 0.7.7
|
|
Packit |
6bd9ab |
---------------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* refactoring and simplification of PAM module which also improves logging
|
|
Packit |
6bd9ab |
* implement a nullok PAM option and disable empty passwords by default
|
|
Packit |
6bd9ab |
* portability improvements and other minor code improvements
|
|
Packit |
6bd9ab |
* the mechanism to disable name lookups through LDAP from within the nslcd
|
|
Packit |
6bd9ab |
process has been improved
|
|
Packit |
6bd9ab |
* the undocumented use_sasl option has been removed (specifying sasl_mech now
|
|
Packit |
6bd9ab |
implies use_sasl)
|
|
Packit |
6bd9ab |
* the sasl_mech, sasl_realm, sasl_authcid, sasl_authzid and sasl_secprops
|
|
Packit |
6bd9ab |
configuration options are now documented
|
|
Packit |
6bd9ab |
* Debian packaging improvements
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 0.7.5 to 0.7.6
|
|
Packit |
6bd9ab |
---------------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* fix a problem with empty attributes if expression-based attribute
|
|
Packit |
6bd9ab |
mapping is used (patch by Nalin Dahyabhai)
|
|
Packit |
6bd9ab |
* make debug logging for pam_authz_search option a little more informative
|
|
Packit |
6bd9ab |
* documentation improvements
|
|
Packit |
6bd9ab |
* Debian packaging improvements
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 0.7.4 to 0.7.5
|
|
Packit |
6bd9ab |
---------------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* fix a problem in the session handling of the PAM module if the minimum_uid
|
|
Packit |
6bd9ab |
option was used
|
|
Packit |
6bd9ab |
* refactor the PAM module code to be simpler and better maintainable
|
|
Packit |
6bd9ab |
* perform logging from PAM module to syslog and support the debug option to
|
|
Packit |
6bd9ab |
log more information
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 0.7.3 to 0.7.4
|
|
Packit |
6bd9ab |
---------------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* fix a buffer overflow that should have no security consequences
|
|
Packit |
6bd9ab |
* perform proper fail-over when authenticating in the PAM module
|
|
Packit |
6bd9ab |
* add an nss_initgroups_ignoreusers option to ignore user name to group
|
|
Packit |
6bd9ab |
lookups for the specified users
|
|
Packit |
6bd9ab |
* add an pam_authz_search option to perform a flexible authorisation check on
|
|
Packit |
6bd9ab |
login (e.g. to restrict which users can login to which hosts, etc)
|
|
Packit |
6bd9ab |
* implement a minimum_uid option for the PAM module to ignore users that have
|
|
Packit |
6bd9ab |
a lower numeric user id
|
|
Packit |
6bd9ab |
* change the way retries are done to error out quicker if the LDAP server is
|
|
Packit |
6bd9ab |
down for some time (this should make the system more responsive when the
|
|
Packit |
6bd9ab |
LDAP server is unavailable) and rename the reconnect_maxsleeptime option to
|
|
Packit |
6bd9ab |
reconnect_retrytime to better describe the behaviour
|
|
Packit |
6bd9ab |
* only log "connected to LDAP server" if the previous connection failed
|
|
Packit |
6bd9ab |
* documentation improvements
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 0.7.2 to 0.7.3
|
|
Packit |
6bd9ab |
---------------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* allow password modification by root using the rootpwmoddn configuration file
|
|
Packit |
6bd9ab |
option (the user will be prompted for the password for rootpwmoddn instead
|
|
Packit |
6bd9ab |
of the user's password)
|
|
Packit |
6bd9ab |
* the LDAP password modify EXOP is first tried without the old password and if
|
|
Packit |
6bd9ab |
that fails retried with the old password
|
|
Packit |
6bd9ab |
* when determining the domain name (used for some value of the base and uri
|
|
Packit |
6bd9ab |
options) also try to use the hostname aliases to build the domain name
|
|
Packit |
6bd9ab |
(patch by Jan Schampera)
|
|
Packit |
6bd9ab |
* perform locking on the pidfile on start-up to ensure that only one nslcd
|
|
Packit |
6bd9ab |
process is running and implement a --check option (patch by Jan Schampera)
|
|
Packit |
6bd9ab |
* documentation improvements
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 0.7.1 to 0.7.2
|
|
Packit |
6bd9ab |
---------------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* some attributes may be mapped to a shell-like expression that expand
|
|
Packit |
6bd9ab |
attributes from LDAP entries; this allows attributes overrides, defaults and
|
|
Packit |
6bd9ab |
much more (as a result the passwd cn attribute mapping has been removed
|
|
Packit |
6bd9ab |
because the gecos mapping is now "${gecos:-$cn}" by default)
|
|
Packit |
6bd9ab |
* update the NSS module to follow the change in Glibc where the addr
|
|
Packit |
6bd9ab |
parameter of getnetbyaddr_r() was changed from network-byte-order to
|
|
Packit |
6bd9ab |
host-byte-order
|
|
Packit |
6bd9ab |
* properly escape searches for uniqueMember attributes for DN with a comma in
|
|
Packit |
6bd9ab |
an attribute value
|
|
Packit |
6bd9ab |
* miscellaneous improvements to the configure script implementing better (and
|
|
Packit |
6bd9ab |
simpler) library detection
|
|
Packit |
6bd9ab |
* some general refactoring and other miscellaneous improvements
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 0.7.0 to 0.7.1
|
|
Packit |
6bd9ab |
---------------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* implement password changing by performing an LDAP password modify EXOP
|
|
Packit |
6bd9ab |
request
|
|
Packit |
6bd9ab |
* fix return of authorisation check in PAM module (patch by Howard Chu)
|
|
Packit |
6bd9ab |
* fix for problem when authenticating to LDAP entries without a uid attribute
|
|
Packit |
6bd9ab |
in the DN
|
|
Packit |
6bd9ab |
* general code clean-up and portability improvements
|
|
Packit |
6bd9ab |
* provide more information with communication error messages
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 0.6.11 to 0.7.0
|
|
Packit |
6bd9ab |
----------------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* rename software to nss-pam-ldapd to indicate that PAM module is now a
|
|
Packit |
6bd9ab |
standard part of the software
|
|
Packit |
6bd9ab |
* the PAM module is now built by default (the configure script can be
|
|
Packit |
6bd9ab |
instructed whether or not to build certain parts)
|
|
Packit |
6bd9ab |
* the default configuration file name has been changed to /etc/nslcd.conf
|
|
Packit |
6bd9ab |
* the default values for bind_timelimit and reconnect_maxsleeptime were
|
|
Packit |
6bd9ab |
lowered from 30 to 10 seconds
|
|
Packit |
6bd9ab |
* password hashes are no longer returned to non-root users (based on a patch
|
|
Packit |
6bd9ab |
by Alexander V. Chernikov)
|
|
Packit |
6bd9ab |
* a pam_ldap(8) manual page was added
|
|
Packit |
6bd9ab |
* unknown options in the configuration file can now be ignored with a new
|
|
Packit |
6bd9ab |
--disable-configfile-checking configure option
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 0.6.10 to 0.6.11
|
|
Packit |
6bd9ab |
-----------------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* fix user name to groups mapping (a bug in buffer checking in initgroups()
|
|
Packit |
6bd9ab |
that was introduced in 0.6.9)
|
|
Packit |
6bd9ab |
* fix a possible buffer overflow with too many uidNumber or gidNumber
|
|
Packit |
6bd9ab |
attributes (thanks to David Binderman for finding this)
|
|
Packit |
6bd9ab |
* lookups for group, netgroup, passwd, protocols, rpc, services and shadow
|
|
Packit |
6bd9ab |
maps are now case-sensitive
|
|
Packit |
6bd9ab |
* test suite is now minimally documented
|
|
Packit |
6bd9ab |
* added --disable-sasl and --disable-kerberos configure options
|
|
Packit |
6bd9ab |
* changed references to home page and contact email addresses to use
|
|
Packit |
6bd9ab |
arthurdejong.org
|
|
Packit |
6bd9ab |
* Debian packaging improvements
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 0.6.9 to 0.6.10
|
|
Packit |
6bd9ab |
----------------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* implement searching through multiple search bases, based on a patch by Leigh
|
|
Packit |
6bd9ab |
Wedding
|
|
Packit |
6bd9ab |
* fix a segmentation fault that could occur when using any of the tls_*
|
|
Packit |
6bd9ab |
options with a string parameter
|
|
Packit |
6bd9ab |
* miscellaneous improvements to the experimental PAM module
|
|
Packit |
6bd9ab |
* implement PAM authentication function in the nslcd daemon
|
|
Packit |
6bd9ab |
* the code for reading and writing protocol entries between the NSS module and
|
|
Packit |
6bd9ab |
the daemon was improved
|
|
Packit |
6bd9ab |
* documentation updates
|
|
Packit |
6bd9ab |
* removed SSL/TLS related warnings during startup
|
|
Packit |
6bd9ab |
* Debian packaging improvements
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 0.6.8 to 0.6.9
|
|
Packit |
6bd9ab |
---------------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* produce more detailed logging in debug mode and allow multiple -d options to
|
|
Packit |
6bd9ab |
be specified to also include logging from the LDAP library
|
|
Packit |
6bd9ab |
* some LDAP configuration options are now initialized globally instead of per
|
|
Packit |
6bd9ab |
connection which should fix problems with the tls_reqcert option
|
|
Packit |
6bd9ab |
* documentation improvements for the NSLCD protocol used between the NSS
|
|
Packit |
6bd9ab |
module and the nslcd server
|
|
Packit |
6bd9ab |
* imported the new PAM module from the OpenLDAP nssov tree by Howard Chu (note
|
|
Packit |
6bd9ab |
that the PAM-related NSLCD protocol is not yet finalised and this module is
|
|
Packit |
6bd9ab |
not built by default)
|
|
Packit |
6bd9ab |
* in configure script allow disabling of building certain components
|
|
Packit |
6bd9ab |
* fix a bug with writing alternate service names and add checks for
|
|
Packit |
6bd9ab |
validity of passed buffer in NSS module
|
|
Packit |
6bd9ab |
* Debian packaging improvements
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 0.6.7 to 0.6.8
|
|
Packit |
6bd9ab |
---------------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* SECURITY FIX: the nss-ldapd.conf file that is installed by the Debian
|
|
Packit |
6bd9ab |
package was created world-readable which could cause problems
|
|
Packit |
6bd9ab |
if the bindpw option is used (CVE-2009-1073)
|
|
Packit |
6bd9ab |
this has been fixed in the Debian package but other users
|
|
Packit |
6bd9ab |
should check the permissions of the nss-ldapd.conf file when
|
|
Packit |
6bd9ab |
the bindpw option is used (warnings have been added to the
|
|
Packit |
6bd9ab |
manual page and sample nss-ldapd.conf)
|
|
Packit |
6bd9ab |
* clean the environment and set LDAPNOINIT to disable parsing of LDAP
|
|
Packit |
6bd9ab |
configuration files (.ldaprc, /etc/ldap/ldap.conf, etc)
|
|
Packit |
6bd9ab |
* remove sslpath option because it wasn't used
|
|
Packit |
6bd9ab |
* correctly set SSL/TLS options when using StartTLS
|
|
Packit |
6bd9ab |
* rename the tls_checkpeer option to tls_reqcert, deprecating the old name and
|
|
Packit |
6bd9ab |
supporting all values that OpenLDAP supports
|
|
Packit |
6bd9ab |
* allow backslashes in user and group names except as first or last character
|
|
Packit |
6bd9ab |
* check user and group names against LOGIN_NAME_MAX if it is defined
|
|
Packit |
6bd9ab |
* fix for getpeercred() on Solaris by David Bartley
|
|
Packit |
6bd9ab |
* Debian packaging improvements
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes form 0.6.6 to 0.6.7
|
|
Packit |
6bd9ab |
---------------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* a fix for a problem in the Debian packaging that would cause user-configured
|
|
Packit |
6bd9ab |
options be ignored
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes form 0.6.5 to 0.6.6
|
|
Packit |
6bd9ab |
---------------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* Debian packaging improvements
|
|
Packit |
6bd9ab |
* allow spaces in user and group names because it was causing problems in
|
|
Packit |
6bd9ab |
some environments
|
|
Packit |
6bd9ab |
* if ldap_set_option() fails log the option name instead of number
|
|
Packit |
6bd9ab |
* retry connecting to LDAP server in more cases
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes form 0.6.4 to 0.6.5
|
|
Packit |
6bd9ab |
---------------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* Debian package configuration translation updates
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes form 0.6.3 to 0.6.4
|
|
Packit |
6bd9ab |
---------------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* fix for the tls_checkpeer option
|
|
Packit |
6bd9ab |
* fix incorrect test for ssl option in combination with ldaps:// URIs
|
|
Packit |
6bd9ab |
* improvements to Active Directory sample configuration
|
|
Packit |
6bd9ab |
* implement looking up search base in rootDSE of LDAP server
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes form 0.6.2 to 0.6.3
|
|
Packit |
6bd9ab |
---------------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* retry connection and search if getting results failed with connection
|
|
Packit |
6bd9ab |
problems (some errors only occur when getting the results, not when starting
|
|
Packit |
6bd9ab |
the search)
|
|
Packit |
6bd9ab |
* add support for groups with up to around 150000 members (assuming user names
|
|
Packit |
6bd9ab |
on average are a little under 10 characters)
|
|
Packit |
6bd9ab |
* problem with possible SIGPIPE race condition was fixed by using send()
|
|
Packit |
6bd9ab |
instead of write()
|
|
Packit |
6bd9ab |
* add uid and gid configuration keywords that set the user and group of the
|
|
Packit |
6bd9ab |
nslcd daemon
|
|
Packit |
6bd9ab |
* add some documentation on supported group to member mappings
|
|
Packit |
6bd9ab |
* add sanity checking to code for when clock moves backward
|
|
Packit |
6bd9ab |
* log messages now include a session id that makes it easier to track errors
|
|
Packit |
6bd9ab |
to requests (especially useful in debugging mode)
|
|
Packit |
6bd9ab |
* miscellaneous portability improvements
|
|
Packit |
6bd9ab |
* increase buffers and time-outs to handle large lookups more gracefully
|
|
Packit |
6bd9ab |
* implement SASL authentication based on a patch by Dan White
|
|
Packit |
6bd9ab |
* allow more characters in user and group names
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes form 0.6.1 to 0.6.2
|
|
Packit |
6bd9ab |
---------------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* all user and group names are now checked for validity are specified in the
|
|
Packit |
6bd9ab |
POSIX Portable Filename Character Set
|
|
Packit |
6bd9ab |
* support retrieval of ranged attribute values as sometimes returned by Active
|
|
Packit |
6bd9ab |
Directory
|
|
Packit |
6bd9ab |
* added the threads keyword to configure the number of threads that should be
|
|
Packit |
6bd9ab |
started in nslcd
|
|
Packit |
6bd9ab |
* handle empty netgroups properly
|
|
Packit |
6bd9ab |
* change the time-out and retry mechanism for connecting to the LDAP server to
|
|
Packit |
6bd9ab |
return an error quickly if the LDAP server is known to be unavailable for a
|
|
Packit |
6bd9ab |
long time (this removed the reconnect_tries option and changes the meaning
|
|
Packit |
6bd9ab |
of the reconnect_sleeptime and reconnect_maxsleeptime options)
|
|
Packit |
6bd9ab |
* increased the time-out values between the NSS module and nslcd because of
|
|
Packit |
6bd9ab |
new retry mechanism
|
|
Packit |
6bd9ab |
* implement new dict and set modules that use a hashtable to map keys
|
|
Packit |
6bd9ab |
efficiently
|
|
Packit |
6bd9ab |
* use the new set to store group membership to simplify memory management and
|
|
Packit |
6bd9ab |
eliminate duplicate members
|
|
Packit |
6bd9ab |
* the uniqueMember attribute now only supports DN values
|
|
Packit |
6bd9ab |
* implement a cache for DN to user name lookups (15 minute timeout) used for
|
|
Packit |
6bd9ab |
the uniqueMember attribute to save on doing LDAP searches for groups with a
|
|
Packit |
6bd9ab |
lot of members, based on a patch by Petter Reinholdtsen
|
|
Packit |
6bd9ab |
* improvements to the tests
|
|
Packit |
6bd9ab |
* if any of the ldap calls return LDAP_UNAVAILABLE or LDAP_SERVER_DOWN the
|
|
Packit |
6bd9ab |
connection is closed
|
|
Packit |
6bd9ab |
* improve dependencies in LSB init script header to improve dependency based
|
|
Packit |
6bd9ab |
booting
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 0.6 to 0.6.1
|
|
Packit |
6bd9ab |
-------------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* numerous small fixes and compatibility improvements
|
|
Packit |
6bd9ab |
* the I/O buffers between nslcd and NSS module are now dynamically sized and
|
|
Packit |
6bd9ab |
tuned for common requests
|
|
Packit |
6bd9ab |
* correctly follow referrals
|
|
Packit |
6bd9ab |
* add StartTLS support by Ralf Haferkamp of SuSE
|
|
Packit |
6bd9ab |
* miscellaneous documentation improvements
|
|
Packit |
6bd9ab |
* remove code for handling rootbinddn/pw because it is unlikely to be
|
|
Packit |
6bd9ab |
supported any time soon
|
|
Packit |
6bd9ab |
* fix a problem with realloc()ed memory that was not referenced
|
|
Packit |
6bd9ab |
* fix for a crash in group membership buffer growing code thanks to Petter
|
|
Packit |
6bd9ab |
Reinholdtsen
|
|
Packit |
6bd9ab |
* some improvements to the Active Directory sample configuration
|
|
Packit |
6bd9ab |
* fix init script exit code with stop while not running
|
|
Packit |
6bd9ab |
* fixes to the _nss_ldap_initgroups_dyn() function to properly handle the
|
|
Packit |
6bd9ab |
buffer and limits passed by Glibc
|
|
Packit |
6bd9ab |
* fixes to the member to groups search functions to correctly handle
|
|
Packit |
6bd9ab |
uniqueMember attributes
|
|
Packit |
6bd9ab |
* only return shadow entries to root users
|
|
Packit |
6bd9ab |
* miscellaneous Debian packaging improvements
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 0.5 to 0.6
|
|
Packit |
6bd9ab |
-----------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* fix parsing of map option in nss-ldapd.conf
|
|
Packit |
6bd9ab |
* fix bug in handling of userPassword values
|
|
Packit |
6bd9ab |
* remove warning about missing loginShell attribute
|
|
Packit |
6bd9ab |
* support the uniqueMember LDAP attribute that holds DN values
|
|
Packit |
6bd9ab |
* support ldap as a compat service in /etc/nsswitch.conf
|
|
Packit |
6bd9ab |
* implement _nss_ldap_initgroups_dyn() to allow username->groups searches
|
|
Packit |
6bd9ab |
* fix retry mechanism with get*ent() functions where a too small buffer was
|
|
Packit |
6bd9ab |
passed by libc (to support groups with a lot of members)
|
|
Packit |
6bd9ab |
* fix a bug in reporting of communications problems between nslcd and the NSS
|
|
Packit |
6bd9ab |
library
|
|
Packit |
6bd9ab |
* test and log failures of all LDAP library calls
|
|
Packit |
6bd9ab |
* improved tests
|
|
Packit |
6bd9ab |
* miscellaneous compatibility improvements to try to support more LDAP
|
|
Packit |
6bd9ab |
libraries and platforms
|
|
Packit |
6bd9ab |
* support compilation with OpenLDAP 2.4 and newer
|
|
Packit |
6bd9ab |
* some configure script improvements
|
|
Packit |
6bd9ab |
* Debian packaging improvements
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 0.4.1 to 0.5
|
|
Packit |
6bd9ab |
-------------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* major structural changes in the LDAP lookup code using a newly implemented
|
|
Packit |
6bd9ab |
module that does memory management, session handling, paging and all other
|
|
Packit |
6bd9ab |
painful things with a simple interface
|
|
Packit |
6bd9ab |
* rewritten LDAP query and result handling code, now generating warnings
|
|
Packit |
6bd9ab |
about incorrect entries in the LDAP directory
|
|
Packit |
6bd9ab |
* IPv6 addresses in host lookups are now supported
|
|
Packit |
6bd9ab |
* added Kerberos ccname support (with the krb5_ccname option) thanks to
|
|
Packit |
6bd9ab |
Andreas Schneider and Ralf Haferkamp from SuSE and remove --with-gssapi-dir,
|
|
Packit |
6bd9ab |
--enable-configurable-krb5-ccname-gssapi and
|
|
Packit |
6bd9ab |
--enable-configurable-krb5-ccname-env configure options and having automatic
|
|
Packit |
6bd9ab |
detection instead
|
|
Packit |
6bd9ab |
* added support for DNS SRV record lookups by specifying DNS as uri thanks to
|
|
Packit |
6bd9ab |
Ralf Haferkamp and Michael Calmer from SuSE
|
|
Packit |
6bd9ab |
* added support for DOMAIN as base DN which uses the host's domain to
|
|
Packit |
6bd9ab |
construct a DN
|
|
Packit |
6bd9ab |
* removed nss_connect_policy, bind_policy and sizelimit options
|
|
Packit |
6bd9ab |
* cleaned up and documented reconnect logic with reconnect_tries,
|
|
Packit |
6bd9ab |
reconnect_sleeptime and reconnect_maxsleeptime options
|
|
Packit |
6bd9ab |
* configuration values with spaces in them (e.g. distinguished names) are now
|
|
Packit |
6bd9ab |
handled properly
|
|
Packit |
6bd9ab |
* fix a small memory leak in the I/O module
|
|
Packit |
6bd9ab |
* miscellaneous code improvements (better source code comments, more
|
|
Packit |
6bd9ab |
consistent logging, portability improvements, more tests, etc)
|
|
Packit |
6bd9ab |
* improvements to documentation
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 0.4 to 0.4.1
|
|
Packit |
6bd9ab |
-------------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* added French debconf translation by Cyril Brulebois
|
|
Packit |
6bd9ab |
* added Japanese debconf translation by Kenshi Muto
|
|
Packit |
6bd9ab |
* fix a problem with network name lookups where the lookup would result
|
|
Packit |
6bd9ab |
in the wrong call to nslcd
|
|
Packit |
6bd9ab |
* fix wrong default filter for rpc lookups
|
|
Packit |
6bd9ab |
* fix a number of memory leaks (thanks valgrind)
|
|
Packit |
6bd9ab |
(all memory leaks during normal operation should be fixed now)
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 0.3 to 0.4
|
|
Packit |
6bd9ab |
-----------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* remove nss_schema configfile option
|
|
Packit |
6bd9ab |
* temporary remove support for uniqueMember group membership attributes (will
|
|
Packit |
6bd9ab |
be re-added in a later release)
|
|
Packit |
6bd9ab |
* removed support for nested groups, if this is really needed (please ask or
|
|
Packit |
6bd9ab |
file a bug if you want it) it can be re-added later on
|
|
Packit |
6bd9ab |
* added missing docbook sources for manual pages to tarball
|
|
Packit |
6bd9ab |
* major cleanups and simplifications in the core LDAP query code (we don't
|
|
Packit |
6bd9ab |
need to worry about SIGPIPE because nslcd does that globally, locking
|
|
Packit |
6bd9ab |
because a connection is only used by one thread) and more simplifications in
|
|
Packit |
6bd9ab |
the the LDAP connection and query state
|
|
Packit |
6bd9ab |
* get base, scope, filter and map configfile directives properly working
|
|
Packit |
6bd9ab |
* simplifications in LDAP reconnect logic (some work remains to be done in
|
|
Packit |
6bd9ab |
this area)
|
|
Packit |
6bd9ab |
* issue warnings or errors for untested or unsupported configuration options
|
|
Packit |
6bd9ab |
* properly handle multiple URIs in Debian configuration
|
|
Packit |
6bd9ab |
* documentation improvements
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 0.2.1 to 0.3
|
|
Packit |
6bd9ab |
-------------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* a bug in the communication buffer handling code was fixed
|
|
Packit |
6bd9ab |
* a bug in the dictionary code was fixed (code not yet in use)
|
|
Packit |
6bd9ab |
* a fix for the init script that used a wrong pidfile
|
|
Packit |
6bd9ab |
* configuration file handling code was rewritten to be better maintainable
|
|
Packit |
6bd9ab |
* some configuration file options have changed which means that compatibility
|
|
Packit |
6bd9ab |
with the nss_ldap configuration file is lost
|
|
Packit |
6bd9ab |
* configuration syntax is now documented in the nss-ldapd.conf(5) manual page
|
|
Packit |
6bd9ab |
* support for dnsconfig was removed
|
|
Packit |
6bd9ab |
* the configuration file no longer supports using multiple search bases
|
|
Packit |
6bd9ab |
* removed nss_initgroups and nss_initgroups_ignoreusers options
|
|
Packit |
6bd9ab |
* removed --enable-paged-results configure option and use pagesize
|
|
Packit |
6bd9ab |
configuration file option to specify usage of paging at runtime
|
|
Packit |
6bd9ab |
* added Portuguese debconf translation by Américo Monteiro
|
|
Packit |
6bd9ab |
* Debian package configuration improvements and simplifications
|
|
Packit |
6bd9ab |
* use docbook2x-man for generating manual pages
|
|
Packit |
6bd9ab |
* miscellaneous documentation improvements including improved manual pages
|
|
Packit |
6bd9ab |
* general code reorganisation and clean-ups to achieve another 9% code
|
|
Packit |
6bd9ab |
reduction relative to 0.2.1 release (more than 40% relative to nss_ldap)
|
|
Packit |
6bd9ab |
* SASL, Kerberos and SSL/TLS support remain untested
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 0.2 to 0.2.1
|
|
Packit |
6bd9ab |
-------------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* fix permissions of server socket (this fixes a problem where non-root users
|
|
Packit |
6bd9ab |
were unable to do lookups)
|
|
Packit |
6bd9ab |
* fix configure script to properly check for pthread support
|
|
Packit |
6bd9ab |
* small code improvements
|
|
Packit |
6bd9ab |
* general build system cleanups
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 0.1 to 0.2
|
|
Packit |
6bd9ab |
-----------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* fixes to the netgroup lookup code
|
|
Packit |
6bd9ab |
* more simplifications and improvements in the code almost 5% code reduction
|
|
Packit |
6bd9ab |
(compared to release 0.1) and 37% reduction in gcc warnings (from 443 in 251
|
|
Packit |
6bd9ab |
to 389 in 0.1 and 244 in 0.2)
|
|
Packit |
6bd9ab |
* a lot of code improvements thanks to flawfinder, more gcc warnings, splint
|
|
Packit |
6bd9ab |
and rats
|
|
Packit |
6bd9ab |
* license change from GNU Library General Public License to GNU Lesser General
|
|
Packit |
6bd9ab |
Public License (with the permission of Luke Howard)
|
|
Packit |
6bd9ab |
* fix logging code to be cleaner and always use our own logging module
|
|
Packit |
6bd9ab |
* a start has been made to make the code more testable and initial work to set
|
|
Packit |
6bd9ab |
up a testing framework has been done
|
|
Packit |
6bd9ab |
* implemented a timeout mechanism in the communication between the NSS part
|
|
Packit |
6bd9ab |
and the nslcd server part
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from nss_ldap 251 to nss-ldapd 0.1
|
|
Packit |
6bd9ab |
------------------------------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* initial release of nss-ldapd (should be functional but not yet stable enough
|
|
Packit |
6bd9ab |
for production use)
|
|
Packit |
6bd9ab |
* fork from the nss_ldap which was originally written by Luke Howard of PADL
|
|
Packit |
6bd9ab |
Software Pty Ltd. changing package name to nss-ldapd and versioning scheme
|
|
Packit |
6bd9ab |
* the functionality was split into a thin NSS library and a simple daemon
|
|
Packit |
6bd9ab |
proxying the requests to the LDAP server (see README for rationale)
|
|
Packit |
6bd9ab |
* a lot of dead and old compatibility code was removed (about 25% of the code
|
|
Packit |
6bd9ab |
was removed) (more simplifications to come)
|
|
Packit |
6bd9ab |
* the test code was rewritten
|
|
Packit |
6bd9ab |
* build script simplifications
|
|
Packit |
6bd9ab |
* default configuration file has been changed to /etc/nss-ldapd.conf
|
|
Packit |
6bd9ab |
* most documentation has been updated and rewritten
|
|
Packit |
6bd9ab |
* dropped support for non-glibc NSS interfaces and assumed OpenLDAP compatible
|
|
Packit |
6bd9ab |
library
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 250 to 251
|
|
Packit |
6bd9ab |
-----------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* remove doc/rfc2307.txt, it is available from
|
|
Packit |
6bd9ab |
http://www.ietf.org/rfc/rfc2307.txt
|
|
Packit |
6bd9ab |
* make objectClass a mappable attribute
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 249 to 250
|
|
Packit |
6bd9ab |
-----------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* don't use static _nss_ldap_no_members buffer, causes crash when nss_ldap is
|
|
Packit |
6bd9ab |
unloaded and memory is still referenced
|
|
Packit |
6bd9ab |
* fix for BUG#249: tcsh closes file descriptors, confuses nss_ldap and hangs
|
|
Packit |
6bd9ab |
(from David Houlder)
|
|
Packit |
6bd9ab |
* fix for BUG#257: initgroups() broken in RFC2307bis support disabled
|
|
Packit |
6bd9ab |
* fix for BUG#261: sslpath example wrong
|
|
Packit |
6bd9ab |
* fix for BUG#263: compile do_triple_permutations() when IRS enabled
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 248 to 249
|
|
Packit |
6bd9ab |
-----------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* fix for BUG#253: build broken on AIX
|
|
Packit |
6bd9ab |
* fix for BUG#255: deadlock in initgroups
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 247 to 248
|
|
Packit |
6bd9ab |
-----------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* fix regression in per-objectclass attribute mapping introduced in
|
|
Packit |
6bd9ab |
nss_ldap-246
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 246 to 247
|
|
Packit |
6bd9ab |
-----------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* double-check *ld != NULL even if mapped eror return from ldap_initialize()
|
|
Packit |
6bd9ab |
returns NSS_SUCCESS
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 245 to 246
|
|
Packit |
6bd9ab |
-----------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* paged results and RFC2307bis support are now always compiled in; they are by
|
|
Packit |
6bd9ab |
default disabled unless you configured with --enable-paged-results and
|
|
Packit |
6bd9ab |
--enable-rfc2307bis, respectively. See nss_ldap(5) for configuration
|
|
Packit |
6bd9ab |
options.
|
|
Packit |
6bd9ab |
* fix for BUG#219: paged results delivers wrong results
|
|
Packit |
6bd9ab |
* fix for BUG#222: use asynchronous start TLS if available, using bind_timeout
|
|
Packit |
6bd9ab |
value
|
|
Packit |
6bd9ab |
* fix for BUG#235: make DNS SRV lookup domain configurable (nss_srv_domain)
|
|
Packit |
6bd9ab |
* fix for BUG#240: return "*" rather than "x" for userPassword if not present
|
|
Packit |
6bd9ab |
* fix for BUG#245: paged results broken since nss_ldap-241
|
|
Packit |
6bd9ab |
* patch from Ralf Haferkamp <rhafer@suse.de>: compile fix for IPv6
|
|
Packit |
6bd9ab |
* compile for Solaris
|
|
Packit |
6bd9ab |
* schema mapping is always enabled, cleanup schema mapping code
|
|
Packit |
6bd9ab |
* allow for map-specific objectclass mapping
|
|
Packit |
6bd9ab |
* partial implementation of Solaris Simplified LDAP API, allows automountd
|
|
Packit |
6bd9ab |
support on Solaris via nss_ldap
|
|
Packit |
6bd9ab |
* for Linux automounter, always close connection after endautomntent() to
|
|
Packit |
6bd9ab |
avoid persistent connection
|
|
Packit |
6bd9ab |
* add nss_connect_policy argument to ldap.conf
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 244 to 245
|
|
Packit |
6bd9ab |
-----------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* don't leak LDAP connection if do_bind() failed or descriptor owner had
|
|
Packit |
6bd9ab |
changed. If do_bind() failed the underlying descriptor would also be leaked,
|
|
Packit |
6bd9ab |
causing a large number of sockets to be consumed during failover
|
|
Packit |
6bd9ab |
* add nss_initgroups_ignoreusers parameter to ldap.conf, returns NOTFOUND if
|
|
Packit |
6bd9ab |
nss_ldap's initgroups() is called for users (comma separated)
|
|
Packit |
6bd9ab |
* try to deal with systems that have headers for both versions of the SASL
|
|
Packit |
6bd9ab |
library installed
|
|
Packit |
6bd9ab |
* better logging of failed connections and reconnections
|
|
Packit |
6bd9ab |
* patch from Dean Michaels <dean@interdynamix.com>: build with Netscape 5
|
|
Packit |
6bd9ab |
library on Solaris
|
|
Packit |
6bd9ab |
* patch from Ralf Haferkamp <rhafer@suse.de>: manual page fix to bind_policy
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 243 to 244
|
|
Packit |
6bd9ab |
-----------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* patch from Ralf Haferkamp <rhafer@suse.de>: enusre bytesleft macro does not
|
|
Packit |
6bd9ab |
return values < 0
|
|
Packit |
6bd9ab |
* include <sys/param.h> in ldap-nss.c
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 242 to 243
|
|
Packit |
6bd9ab |
-----------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* fix for BUG#225: invalid pointer dereferencing when reading rootpw
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 241 to 242
|
|
Packit |
6bd9ab |
-----------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* fixes for compiling on Solaris 10
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 240 to 241
|
|
Packit |
6bd9ab |
-----------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* new, more robust reconnection logic
|
|
Packit |
6bd9ab |
* both "host" and "uri" directives can be used in ldap.conf
|
|
Packit |
6bd9ab |
* new (undocumented) nss_reconnect_tries, nss_reconnect_sleeptime,
|
|
Packit |
6bd9ab |
nss_reconnect_maxsleeptime, nss_reconnect_maxconntries directives
|
|
Packit |
6bd9ab |
* reload configuration file if changed
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 239 to 240
|
|
Packit |
6bd9ab |
-----------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* new API for resolving automounts (requires custom autofs plugin for Linux at
|
|
Packit |
6bd9ab |
present): _nss_ldap_setautomntent(), _nss_ldap_getautomntent(),
|
|
Packit |
6bd9ab |
_nss_ldap_endautomntent(), _nss_ldap_getautomntbyname_r()
|
|
Packit |
6bd9ab |
* fix for BUG#200: rename SOCKLEN_T as it conflicts on AIX
|
|
Packit |
6bd9ab |
* fix for BUG#205: accept line feeds in ldap.conf
|
|
Packit |
6bd9ab |
* fix for BUG#211: nss_ldap fails to start TLS on referred connections
|
|
Packit |
6bd9ab |
* fix for BUG#213: initgroups crash if RFC2307bis undefined
|
|
Packit |
6bd9ab |
* turn down reconnection logging volume
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 238 to 239
|
|
Packit |
6bd9ab |
-----------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* support for initgroups using backlinks (selectable at runtime if RFC2307bis
|
|
Packit |
6bd9ab |
support is enabled, using the nss_initgroups backlink configuration
|
|
Packit |
6bd9ab |
directive)
|
|
Packit |
6bd9ab |
* support for dynamically expanding filter sizes
|
|
Packit |
6bd9ab |
* from Peter Marschall <peter@adpm.de>: revert the deletion of blanks/tabs in
|
|
Packit |
6bd9ab |
ldap.conf that happened between 235 and 238
|
|
Packit |
6bd9ab |
* from Peter Marschall <peter@adpm.de>: This patch changes configure.in and
|
|
Packit |
6bd9ab |
Makefile.am so that ldap.conf gets installed in the place and with the name
|
|
Packit |
6bd9ab |
that is given to the configure option --with-ldap-conf-file. In addition to
|
|
Packit |
6bd9ab |
that it fixes a long standing bug in Makefile.am that tries to install a
|
|
Packit |
6bd9ab |
file before the destination directory is guaranteed to be created (hunk #3),
|
|
Packit |
6bd9ab |
and uses $(mkinstalldirs) for AIX (hunk #2).
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 237 to 238
|
|
Packit |
6bd9ab |
-----------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* more manual page updates
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 236 to 237
|
|
Packit |
6bd9ab |
-----------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* more manual page updates
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 235 to 236
|
|
Packit |
6bd9ab |
-----------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* fix for BUG#201: typo in ldap-schema.c causing build to fail
|
|
Packit |
6bd9ab |
* add manual page for nss_ldap
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 234 to 235
|
|
Packit |
6bd9ab |
-----------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* fix for BUG#198: make pagesize configurable
|
|
Packit |
6bd9ab |
* fix for BUG#199: correct fix for BUG#138 (blind last char remove in
|
|
Packit |
6bd9ab |
ldap.secret)
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 233 to 234
|
|
Packit |
6bd9ab |
-----------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* don't reacquire global lock in do_next_page()
|
|
Packit |
6bd9ab |
* restore old "bind_policy hard" behaviour (don't try to reconnect if
|
|
Packit |
6bd9ab |
initialization failed). The behaviour introduced in nss_ldap-227 can be
|
|
Packit |
6bd9ab |
enabled with "bind_policy hard_init".
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 232 to 233
|
|
Packit |
6bd9ab |
-----------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* if do_open() returns NSS_UNAVAIL, don't try to do server reconnect; only do
|
|
Packit |
6bd9ab |
it if NSS_TRYAGAIN is returned This should fix the problems introduced by
|
|
Packit |
6bd9ab |
the fixes in nss_ldap-227 (delayed binding)
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 231 to 232
|
|
Packit |
6bd9ab |
-----------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* fix for BUG#138 (blind last char remove in ldap.secret)
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 229 to 230
|
|
Packit |
6bd9ab |
-----------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* don't free gss_krb5_ccache_name() output (Heimdal)
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 228 to 229
|
|
Packit |
6bd9ab |
-----------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* more debugging in initgroups and _nss_ldap_getentry()
|
|
Packit |
6bd9ab |
* fix _nss_ldap_getentry() enumeration behaviour, and optimize by not
|
|
Packit |
6bd9ab |
searching if the requested attribute cannot be mapped
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 227 to 228
|
|
Packit |
6bd9ab |
-----------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* fix for BUG#188: better documentation for OpenLDAP SSL options
|
|
Packit |
6bd9ab |
* fix for BUG#189: do not configure tls_checkpeer unless it is explicitly
|
|
Packit |
6bd9ab |
specifier in ldap.conf
|
|
Packit |
6bd9ab |
* fix for BUG#190: set ls_state to LS_UNINITIALIZED after fork
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 226 to 227
|
|
Packit |
6bd9ab |
-----------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* separate initializing LDAP session with actually connecting to the DSA, so
|
|
Packit |
6bd9ab |
that we don't try to bind until we actually need to search (which allows the
|
|
Packit |
6bd9ab |
retry logic in the search function to also apply to binding). NB: this will
|
|
Packit |
6bd9ab |
only provide improved behavior for LDAP client libraries that support
|
|
Packit |
6bd9ab |
ldap_init() or ldap_initialize() rather than ldap_open
|
|
Packit |
6bd9ab |
* fix for BUG#183: support pw_change and pw_expire on BSD
|
|
Packit |
6bd9ab |
* fix for BUG#187: NSS_BUFLEN_DEFAULT causing problems on IRS platforms
|
|
Packit |
6bd9ab |
* fix for glibc 2.1 from Alexander Spannagel
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 225 to 226
|
|
Packit |
6bd9ab |
-----------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* make LDAP_NSS_NGROUPS configurable with --with-ngroups (experts only) option
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 224 to 225
|
|
Packit |
6bd9ab |
-----------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* make LDAP_NSS_NGROUPS 64 - better choice for small directories
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 223 to 224
|
|
Packit |
6bd9ab |
-----------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* don't double-free on realloc() failure in do_parse_group_members()
|
|
Packit |
6bd9ab |
* don't pass LDAP session as an argument, as it may refer to a stale LDAP
|
|
Packit |
6bd9ab |
handle. If this does not work we will need to replace LDAPMessage pointers
|
|
Packit |
6bd9ab |
with pointers to a structure that contains a reference-counted LDAP handle
|
|
Packit |
6bd9ab |
as well as the message
|
|
Packit |
6bd9ab |
* fix crasher when internal group membership buffer was reallocated
|
|
Packit |
6bd9ab |
(introduced with nested group expansion code)
|
|
Packit |
6bd9ab |
* immediately return NSS_TRYAGAIN and errno=ERANGE if there is not enough
|
|
Packit |
6bd9ab |
buffer space to handle LDAP_NSS_NGROUPS groups; this prevents getgrXXX()
|
|
Packit |
6bd9ab |
from expensive repeated directory searches when there is a priori knowledge
|
|
Packit |
6bd9ab |
that group memberships are large
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 222 to 223
|
|
Packit |
6bd9ab |
-----------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* allow empty lines in /etc/ldap.conf
|
|
Packit |
6bd9ab |
* do loop detection in nested groups
|
|
Packit |
6bd9ab |
* fixes for building with IRS on FreeBSD 4.10
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 221 to 222
|
|
Packit |
6bd9ab |
-----------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* fix deadlock in _nss_ldap_getentry()
|
|
Packit |
6bd9ab |
* support more AIX usersec attributes
|
|
Packit |
6bd9ab |
* more AIX porting fixes
|
|
Packit |
6bd9ab |
* support Heimdal as well as MIT Kerberos
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 220 to 221
|
|
Packit |
6bd9ab |
-----------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* AIX fix from <carlos.celso@embraer.com.br> Recall #169033
|
|
Packit |
6bd9ab |
* support for expansion of nested RFC2307bis groups
|
|
Packit |
6bd9ab |
* support for searching using range retrieval
|
|
Packit |
6bd9ab |
* fix memory leak with private contexts
|
|
Packit |
6bd9ab |
* fix memory leak in do_result()
|
|
Packit |
6bd9ab |
* implement _nss_ldap_getentry for AIX enumeration
|
|
Packit |
6bd9ab |
* implement netgroups for IRS/AIX
|
|
Packit |
6bd9ab |
* remove dependency on Berkeley DB - schema mapping and RFC2307bis no longer
|
|
Packit |
6bd9ab |
requires DB
|
|
Packit |
6bd9ab |
* remove old NeXT cruft in resolve.c
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 218 to 220
|
|
Packit |
6bd9ab |
-----------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* fix for BUG#169: getntohost() on Solaris
|
|
Packit |
6bd9ab |
* fix for BUG#170: _nss_ldap_getgroupsbymember_r fails to return all groups
|
|
Packit |
6bd9ab |
when NSCD is running and attribute mapping is enabled on Solaris
|
|
Packit |
6bd9ab |
* fix for BUG#173: reinstate use of sigaction() (XXX what is the correct fix
|
|
Packit |
6bd9ab |
here?)
|
|
Packit |
6bd9ab |
* fix for BUG#174: innetgr() depth checking
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 217 to 218
|
|
Packit |
6bd9ab |
-----------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* fix for BUG#168: set errnop to ENOENT if not found
|
|
Packit |
6bd9ab |
* check for -lgssapi before -lgssapi_krb5
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 216 to 217
|
|
Packit |
6bd9ab |
-----------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* fix for BUG#167: compilation fails on Solaris
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 215 to 216
|
|
Packit |
6bd9ab |
-----------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* patch from Thorsten Kukuk to avoid overwriting sockaddr storage for IPv6;
|
|
Packit |
6bd9ab |
use struct sockaddr_storage if available
|
|
Packit |
6bd9ab |
* fix for BUG#153: use asynchronous search API in initgroups()
|
|
Packit |
6bd9ab |
* fix for BUG#157: check for __pthread_once rather than __pthread_atfork on
|
|
Packit |
6bd9ab |
glibc, as the latter is no longer exported
|
|
Packit |
6bd9ab |
* fix for BUG#158: escape netgroup search filters correctly
|
|
Packit |
6bd9ab |
* fix for BUG#161: remove redundant lock in _nss_ldap_innetgr()
|
|
Packit |
6bd9ab |
* fix for BUG#164: set schema element array size to LM_NONE + 1 not LM_NONE
|
|
Packit |
6bd9ab |
* fix for BUG#165: make _nss_ldap_result() private
|
|
Packit |
6bd9ab |
* fix for BUG#166: chase all nested netgroups in innetgr()
|
|
Packit |
6bd9ab |
* fix deadlock if getXXXent() called without first calling setXXXent()
|
|
Packit |
6bd9ab |
* only request gidNumber attribute when initgroups() (avoids sending back rest
|
|
Packit |
6bd9ab |
of a group's entry)
|
|
Packit |
6bd9ab |
* don't request any attributes when mapping a user to a DN (we want the DN
|
|
Packit |
6bd9ab |
only)
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 214 to 215
|
|
Packit |
6bd9ab |
-----------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* choose between using native GSS-API and putenv() for setting ccache path
|
|
Packit |
6bd9ab |
* per-map attribute mapping for attributes that appear in multiple maps
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 213 to 214
|
|
Packit |
6bd9ab |
-----------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* define LDAP_DEPRECATED for compiling against OpenLDAP 2.2
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 212 to 213
|
|
Packit |
6bd9ab |
-----------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* fix netgroup compilation error when debugging is enabled
|
|
Packit |
6bd9ab |
* support GSS-API for setting ccache name
|
|
Packit |
6bd9ab |
* initgroups() should require user to be a POSIX account
|
|
Packit |
6bd9ab |
* define LOGNAME_MAX for HP-UX
|
|
Packit |
6bd9ab |
* do not use sigprocmask() - this blocks rather than disabling signals
|
|
Packit |
6bd9ab |
* SASL version check fix from Howard Chu
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 211 to 212
|
|
Packit |
6bd9ab |
-----------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* Solaris netgroup support test release
|
|
Packit |
6bd9ab |
* fix crasher in do_sasl_interact()
|
|
Packit |
6bd9ab |
* do_sasl_interact() needs to strdup() result for Cyrus SASL 1.x but not 2.x
|
|
Packit |
6bd9ab |
* merge in LDAP debug patch from Howard Chu
|
|
Packit |
6bd9ab |
* try alternate search descriptors on NSS_NOTFOUND as well as NSS_SUCCESS
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 210 to 211
|
|
Packit |
6bd9ab |
-----------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* do AT_OC_MAP cache initialization at config init
|
|
Packit |
6bd9ab |
* BSD build fixes
|
|
Packit |
6bd9ab |
* replace [h]errno2nssstat lookup tables with switch statement; should help
|
|
Packit |
6bd9ab |
building on AIX!
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 209 to 210
|
|
Packit |
6bd9ab |
-----------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* initialize DBT structures
|
|
Packit |
6bd9ab |
* fix SASL crasher
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 208 to 209
|
|
Packit |
6bd9ab |
-----------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* fix SASL breakage
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 207 to 208
|
|
Packit |
6bd9ab |
-----------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* use socklen_t not int
|
|
Packit |
6bd9ab |
* remove OpenLDAP SASL code
|
|
Packit |
6bd9ab |
* incorporated patches from (see below) Geert Jansen
|
|
Packit |
6bd9ab |
* add the "sasl_secprops" option to configure SASL security layers (usage as
|
|
Packit |
6bd9ab |
for OpenLDAP ldap.conf)
|
|
Packit |
6bd9ab |
* add the "krb5_ccname" option to specify the location of the Kerberos ticket
|
|
Packit |
6bd9ab |
cache (requires --enable-configurable-krb5-ccname for now as it is a fairly
|
|
Packit |
6bd9ab |
coarse solution to a lack of appropriate API in the Kerberos libraries)
|
|
Packit |
6bd9ab |
* add support for native Active Directory password policy attributes (enabled
|
|
Packit |
6bd9ab |
if shadowLastChange is mapped to pwdLastSet)
|
|
Packit |
6bd9ab |
* add "nss_override_attribute_value" and "nss_default_attribute_value"
|
|
Packit |
6bd9ab |
keywords for over- riding and setting default attribute values, respectively
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 205 to 207
|
|
Packit |
6bd9ab |
-----------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* work without LDAP_OPT_X_TLS_RANDOM_FILE
|
|
Packit |
6bd9ab |
* fix schema mapping regression from nss_ldap-205; attribute mapping now works
|
|
Packit |
6bd9ab |
again
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 204 to 205
|
|
Packit |
6bd9ab |
-----------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* build with Sleepycat DB without db185 compat layer (tested with 4.x; needs
|
|
Packit |
6bd9ab |
testing on 3.x)
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 203 to 204
|
|
Packit |
6bd9ab |
-----------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* Linux netgroup implementation from Larry Lile
|
|
Packit |
6bd9ab |
* Multiple service search descriptor support from Symas
|
|
Packit |
6bd9ab |
* IPv6 patch from Thorsten Kukuk at SuSE
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 202 to 203
|
|
Packit |
6bd9ab |
-----------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* fix for BUG#115
|
|
Packit |
6bd9ab |
* fix for BUG#121
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 201 to 202
|
|
Packit |
6bd9ab |
-----------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* getsockname() fixes from Howard Chu
|
|
Packit |
6bd9ab |
* configuration parser crasher fix
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 200 to 201
|
|
Packit |
6bd9ab |
-----------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* Berkeley DB fixes from Howard Chu
|
|
Packit |
6bd9ab |
* Netscape client library build fix
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 199 to 200
|
|
Packit |
6bd9ab |
-----------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* use sigprocmask() if available to block SIGPIPE
|
|
Packit |
6bd9ab |
* fix build breakage with OpenLDAP HEAD
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 198 to 199
|
|
Packit |
6bd9ab |
-----------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* HP-UX port
|
|
Packit |
6bd9ab |
* BUG#111: incorrect debugging statement in _nss_ldap_enter()
|
|
Packit |
6bd9ab |
* export required symbols only on Linux
|
|
Packit |
6bd9ab |
* corrected symbol names for glibc alias enumeration functions
|
|
Packit |
6bd9ab |
* the DNS response parser doesn't stop after parsing the right number of
|
|
Packit |
6bd9ab |
records, and doesn't handle long responses (Nalin at RedHat)
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 197 to 198
|
|
Packit |
6bd9ab |
-----------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* BUG#108: fix potential buffer overflow in dnsconfig.c (could be triggered if
|
|
Packit |
6bd9ab |
no flat file configuration for nss_ldap and large DNS SRV data for domain;
|
|
Packit |
6bd9ab |
because nss_ldap in SRV mode trusts DNS we do not believe this to be
|
|
Packit |
6bd9ab |
exploitable to elevate privilege in the default configuration)
|
|
Packit |
6bd9ab |
* do not malloc() configuration structure; use buffer
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 196 to 197
|
|
Packit |
6bd9ab |
-----------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* improved AIX documentation from Dejan Muhamedagic
|
|
Packit |
6bd9ab |
* define LDAP_OPT_SSL for Solaris 9
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 195 to 196
|
|
Packit |
6bd9ab |
-----------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* return NSS_TRYAGAIN not NSS_NOTFOUND for insufficient buffer space in
|
|
Packit |
6bd9ab |
dn2uid_cache_get()
|
|
Packit |
6bd9ab |
* support automake 1.5 and friends
|
|
Packit |
6bd9ab |
* out of box build on AIX 4.3.3
|
|
Packit |
6bd9ab |
* fixed BUG#104: do_ssl_options() return code ignored
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 194 to 195
|
|
Packit |
6bd9ab |
-----------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* fixed BUG#98: large groups cause buffer length wraparound with rfc2307bis
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 193 to 194
|
|
Packit |
6bd9ab |
-----------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* bugfix for Debian Bug report #147553: lack of global mutex use in
|
|
Packit |
6bd9ab |
initgroups()
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 192 to 193
|
|
Packit |
6bd9ab |
-----------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* support for PADL GSS-SASL client library
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 191 to 192
|
|
Packit |
6bd9ab |
-----------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* more carefully compare cached socket and peer addresses
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 190 to 191
|
|
Packit |
6bd9ab |
-----------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* added configurable [hard|soft] reconnect, see the bind_policy parameter in
|
|
Packit |
6bd9ab |
ldap.conf.
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 189 to 190
|
|
Packit |
6bd9ab |
-----------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* check for Netscape 4 SDK without SSL; don't require pthreads for these
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 188 to 189
|
|
Packit |
6bd9ab |
-----------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* patch for building on OpenLDAP 1.x from Nalin at RedHat
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 187 to 188
|
|
Packit |
6bd9ab |
-----------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* specify runtime path for LDAP library correctly to native Solaris linker
|
|
Packit |
6bd9ab |
* check for gcc correctly
|
|
Packit |
6bd9ab |
* use native linker on Solaris and AIX
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 186 to 187
|
|
Packit |
6bd9ab |
-----------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* make bogusSd in ldap-nss.c conditional on !HAVE_LDAP_LD_FREE
|
|
Packit |
6bd9ab |
* merge in paged result support from Max Caines
|
|
Packit |
6bd9ab |
* bugfixes for Debian Bug report #140854
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 185 to 186
|
|
Packit |
6bd9ab |
-----------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* incorporated patch for Debian Bug report #140854, where nss_ldap could in
|
|
Packit |
6bd9ab |
some cases close a descriptor it did not own. Patch was provided by Luca
|
|
Packit |
6bd9ab |
Filipozzi.
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 184 to 185
|
|
Packit |
6bd9ab |
-----------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* updated copyrights
|
|
Packit |
6bd9ab |
* fix for BUG#82: set close on exec (Debian bug 136953)
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 183 to 184
|
|
Packit |
6bd9ab |
-----------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* return NSS_TRYAGAIN if no buffer space in ldap-grp.c
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 181 to 183
|
|
Packit |
6bd9ab |
-----------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* return error strings in AIX authentication routine
|
|
Packit |
6bd9ab |
* initialize schema in getgroupsbymember()
|
|
Packit |
6bd9ab |
* fix for tls_checkpeer; pass NULL session in to set global option
|
|
Packit |
6bd9ab |
* BUG#77: configurable config file locations
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 181 to 181
|
|
Packit |
6bd9ab |
-----------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* ignore SIGPIPE whilst inside nss_ldap library routines to prevent crashing
|
|
Packit |
6bd9ab |
on down LDAP server; possible fix for Debian bug 130006
|
|
Packit |
6bd9ab |
* removed --enable-no-so-keepalive; always try to disable SO_KEEPALIVE on
|
|
Packit |
6bd9ab |
underlying socket to LDAP server
|
|
Packit |
6bd9ab |
* include local copy of irs.h under AIX
|
|
Packit |
6bd9ab |
* general cleanup of locking code
|
|
Packit |
6bd9ab |
* _nss_ldap_no_members appears to only need defining for when RFC2307bis is
|
|
Packit |
6bd9ab |
enabled
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 179 to 180
|
|
Packit |
6bd9ab |
-----------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* pull in libpthreads on AIX
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 178 to 179
|
|
Packit |
6bd9ab |
-----------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* a couple more patches for AIX
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 177 to 178
|
|
Packit |
6bd9ab |
-----------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* patch from Gabor Gombas for AIX support
|
|
Packit |
6bd9ab |
* Makefile.am: sasl.o needed by NSS_LDAP
|
|
Packit |
6bd9ab |
* aix_authmeth.c: method_passwordexpired is really method_passwdexpired; but
|
|
Packit |
6bd9ab |
since the struct was bzero()ed no need to set it to NULL
|
|
Packit |
6bd9ab |
* configure.in: support both gcc and xlc_r
|
|
Packit |
6bd9ab |
* exports.aix: sv_byport was not exported
|
|
Packit |
6bd9ab |
* ldap-grp.c: getgrset() returned group names instead of gid numbers
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 176 to 177
|
|
Packit |
6bd9ab |
-----------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* patch for building on AIX from IBM
|
|
Packit |
6bd9ab |
* added simple authentication support for AIX
|
|
Packit |
6bd9ab |
* cleaned up SASL patch to not break if Cyrus SASL is not installed
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 175 to 176
|
|
Packit |
6bd9ab |
-----------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* fixed bug in SASL patch which had required OpenLDAP headers
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 174 to 175
|
|
Packit |
6bd9ab |
-----------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* incorporated GSS-API SASL patches
|
|
Packit |
6bd9ab |
* rebind to server on LDAP_LOCAL_ERROR
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 173 to 174
|
|
Packit |
6bd9ab |
-----------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* added patches from Maxim Batourine for compiling with Sun workshop compiler
|
|
Packit |
6bd9ab |
* added notes re: 64-bit compile on Solaris from above source
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 172 to 173
|
|
Packit |
6bd9ab |
-----------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* notes on IRS in doc/README.IRS
|
|
Packit |
6bd9ab |
* added irs.h for AIX compat
|
|
Packit |
6bd9ab |
* patch from Bob Guo for stripping trailing spaces in ldap.conf.
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 171 to 172
|
|
Packit |
6bd9ab |
-----------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* fixed schema mapping bug by storing a copy of the mapped schema in the
|
|
Packit |
6bd9ab |
Berkeley DB rather than the element itself. Because the DB library returns
|
|
Packit |
6bd9ab |
static storage, this was causing problems where the schema mapping calls
|
|
Packit |
6bd9ab |
were used to build the attribute table in ldap-schema.c. This bugfix was
|
|
Packit |
6bd9ab |
sponsored by n2h2.com; thanks!
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 170 to 171
|
|
Packit |
6bd9ab |
-----------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* added ldap.conf stanza for AIX
|
|
Packit |
6bd9ab |
* workaround for schema mapping bug.
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 169 to 170
|
|
Packit |
6bd9ab |
-----------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* use _nss_ldap_getrdnvalue() for determining canonical group name
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 168 to 169
|
|
Packit |
6bd9ab |
-----------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* fixed typo in ldap-service.c; prefix filters now with _nss_ldap
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 167 to 168
|
|
Packit |
6bd9ab |
-----------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* initialize old_handler to SIG_DFL
|
|
Packit |
6bd9ab |
* incorporate Stephan Cremer's mapping patches, a big thanks to Stephan for
|
|
Packit |
6bd9ab |
these!
|
|
Packit |
6bd9ab |
* use LDAP_OPT_NETWORK_TIMEOUT if available for network connect timeout
|
|
Packit |
6bd9ab |
* removed hard-coded schema mapping for authPassword, NDS and MSSFU
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 166 to 167
|
|
Packit |
6bd9ab |
-----------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* support for new OpenLDAP rebind proc prototype
|
|
Packit |
6bd9ab |
* in rebind function, respect timeout
|
|
Packit |
6bd9ab |
* fix for PADL Release Control
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 165 to 166
|
|
Packit |
6bd9ab |
-----------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* corrected small typos
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 164 to 165
|
|
Packit |
6bd9ab |
-----------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* posixMember is a distinguished name, don't pretend it is a login name
|
|
Packit |
6bd9ab |
* cleaned up code referencing different member syntaxes
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 163 to 164
|
|
Packit |
6bd9ab |
-----------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* removed IDS_UID code, never worked properly
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 162 to 163
|
|
Packit |
6bd9ab |
-----------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* removed context_free function, usage confusing
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 161 to 162
|
|
Packit |
6bd9ab |
-----------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* in reconnect harness, do not treat entry not found errors as requiring a
|
|
Packit |
6bd9ab |
reconnect
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 160 to 161
|
|
Packit |
6bd9ab |
-----------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* hopefully fixed use of synchronous searches in _nss_ldap_getbyname()
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 159 to 160
|
|
Packit |
6bd9ab |
-----------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* patch from RedHat to check for DB3, override install user/group optionally
|
|
Packit |
6bd9ab |
* use synchronous searches for _nss_ldap_getbyname()
|
|
Packit |
6bd9ab |
* only set SSL options if we have values for those options
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 158 to 159
|
|
Packit |
6bd9ab |
-----------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* make do_ssl_options() take a config parameter; avoid segfault with SSL?
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 157 to 158
|
|
Packit |
6bd9ab |
-----------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* in the distinguished name to login cache (dn2uid) make sure we use the
|
|
Packit |
6bd9ab |
AT(uid) macro for the uid attribute rather than the hard-coded value of
|
|
Packit |
6bd9ab |
"uid" This should enable the cache for MSSFU support.
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 156 to 157
|
|
Packit |
6bd9ab |
-----------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* for MSSFU, use posixMember for group memberships rather than member
|
|
Packit |
6bd9ab |
(reported by Andy Rechenberg)
|
|
Packit |
6bd9ab |
* ignore SIGPIPE before calling do_close() for idle_timeout
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 155 to 156
|
|
Packit |
6bd9ab |
-----------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* logic was around the wrong way in do_search(), all searches were broken!
|
|
Packit |
6bd9ab |
* --disable-ssl option for configure
|
|
Packit |
6bd9ab |
* removed "Obsoletes: pam_ldap" from spec file
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 154 to 155
|
|
Packit |
6bd9ab |
-----------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* do not use private API when setting OpenLDAP TLS options (do_ssl_options())
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 153 to 154
|
|
Packit |
6bd9ab |
-----------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* notes from Scott M. Stone <sstone@foo3.com>
|
|
Packit |
6bd9ab |
* idle timeout patch from Steve Barrus
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 152 to 153
|
|
Packit |
6bd9ab |
-----------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* SSL fix
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 151 to 152
|
|
Packit |
6bd9ab |
-----------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* further patch from Jarkko for TLS/SSL auth: support for LDAPS/cipher suite
|
|
Packit |
6bd9ab |
selection/ client key/cert authentication
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 150 to 151
|
|
Packit |
6bd9ab |
-----------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* patch from Andrew Rechenberg for Active Directory schema support
|
|
Packit |
6bd9ab |
* patch from Jarkko Turkulainen <jt@wapit.com> for peer certificate support
|
|
Packit |
6bd9ab |
with OpenLDAP
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 149 to 150
|
|
Packit |
6bd9ab |
-----------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* patch from Anselm Kruis for URI support
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 148 to 149
|
|
Packit |
6bd9ab |
-----------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* fixed compile on Solaris, broken in 145 by malformed Linux patch
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 147 to 148
|
|
Packit |
6bd9ab |
-----------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* check for HAVE_LDAP_SET_OPTION always
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 146 to 147
|
|
Packit |
6bd9ab |
-----------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* check for ldap_set_option(), as LDAP_OPT_REFERRALS is defined for OpenLDAP
|
|
Packit |
6bd9ab |
1.x but without the ldap_set_option() function
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 145 to 146
|
|
Packit |
6bd9ab |
-----------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* mass re-indentation, GNU style
|
|
Packit |
6bd9ab |
* patch from Simon Wilkinson <sxw@sxw.org.uk> for compatibility with old
|
|
Packit |
6bd9ab |
initgroups entry point
|
|
Packit |
6bd9ab |
* request authPassword attribute if --enable-authpassword
|
|
Packit |
6bd9ab |
* authPassword support in ldap-spwd.c (shadow)
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 144 to 145
|
|
Packit |
6bd9ab |
-----------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* preliminary support for authPassword attribute
|
|
Packit |
6bd9ab |
* updated COPYING
|
|
Packit |
6bd9ab |
* patch from Szymon Juraszczyk to suppot _nss_ldap_initgroups_dyn prototype
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 143 to 144
|
|
Packit |
6bd9ab |
-----------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* when specifying filters with nss_base_XXX, only escape the filter argument
|
|
Packit |
6bd9ab |
not the entire filter
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 142 to 143
|
|
Packit |
6bd9ab |
-----------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* patch from nalin@redhat.com to avoid corrupting the heap when the
|
|
Packit |
6bd9ab |
configuration file exists but has no host and base values.
|
|
Packit |
6bd9ab |
_nss_ldap_readconfigfromdns() will write to the region which was already
|
|
Packit |
6bd9ab |
freed.
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 141 to 142
|
|
Packit |
6bd9ab |
-----------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* patch from Simon Wilkinson <sxw@sxw.org.uk> for memory leak in
|
|
Packit |
6bd9ab |
ldap-service.c
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 140 to 141
|
|
Packit |
6bd9ab |
-----------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* fix for BUG#54 (AIX detection broken)
|
|
Packit |
6bd9ab |
* use -rpath on all platforms except Solaris,
|
|
Packit |
6bd9ab |
not just Linux
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 139 to 140
|
|
Packit |
6bd9ab |
-----------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* fix configure bug for DISABLE_SO_KEEPALIVE
|
|
Packit |
6bd9ab |
* fix alignment bug in util.c; this was causing Solaris to crash whenever
|
|
Packit |
6bd9ab |
per-map search descriptors were specified in ldap.conf
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 138 to 139
|
|
Packit |
6bd9ab |
-----------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* updated INSTALL file with boilerplate
|
|
Packit |
6bd9ab |
* fixed pointer error in ldap-nss.c
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 137.1 to 138
|
|
Packit |
6bd9ab |
-------------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* close config file FILE * if out of buffer space for parsing search
|
|
Packit |
6bd9ab |
descriptor
|
|
Packit |
6bd9ab |
* fixed bug where non-recognized directives in ldap.conf would cause the
|
|
Packit |
6bd9ab |
configuration file to not be parsed at all, if they were the last entries in
|
|
Packit |
6bd9ab |
the config file.
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 137 to 137.1
|
|
Packit |
6bd9ab |
-------------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* patch from nalin@redhat.com; return { NULL } not NULL for no group members
|
|
Packit |
6bd9ab |
* cleaned up usage of libc-lock.h weak aliases to pthreads API; use in ltf.c
|
|
Packit |
6bd9ab |
also
|
|
Packit |
6bd9ab |
* use __libc_atfork() or pthread_atfork() to close off connection on fork,
|
|
Packit |
6bd9ab |
rather than checking PIDs; this is expensive and breaks on Linux where each
|
|
Packit |
6bd9ab |
thread may have a different PID.
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 136 to 137
|
|
Packit |
6bd9ab |
-----------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* build nss_ldap as a loadable module on AIX
|
|
Packit |
6bd9ab |
* doco on AIX
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 135 to 136
|
|
Packit |
6bd9ab |
-----------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* define -DPIC for FreeBSD
|
|
Packit |
6bd9ab |
* link with -shared not --shared
|
|
Packit |
6bd9ab |
* fixes for AIX
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 134 to 135
|
|
Packit |
6bd9ab |
-----------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* merged ldap.conf
|
|
Packit |
6bd9ab |
* fixed bug in concatenating relative search bases in ldap-nss.c (profile
|
|
Packit |
6bd9ab |
support)
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 133 to 134
|
|
Packit |
6bd9ab |
-----------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* fixed Makefile.am
|
|
Packit |
6bd9ab |
* reordered DB search order in util.c
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 132 to 133
|
|
Packit |
6bd9ab |
-----------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* make /usr/lib directory in Makefile.am
|
|
Packit |
6bd9ab |
* new spec file from Joe Little
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 131 to 132
|
|
Packit |
6bd9ab |
-----------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* fixed rebind preprocessor logic
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 130 to 131
|
|
Packit |
6bd9ab |
-----------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* created files for automake happiness
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 129 to 130
|
|
Packit |
6bd9ab |
-----------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* fixed typo preventing build with Netscape client library
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 128 to 129
|
|
Packit |
6bd9ab |
-----------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* updated version number
|
|
Packit |
6bd9ab |
* fixed build bug on Solaris
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 127 to 128
|
|
Packit |
6bd9ab |
-----------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* fixed logic bug in util.c introduced in nss_ldap-127
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 126 to 127
|
|
Packit |
6bd9ab |
-----------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* updating copyright notices
|
|
Packit |
6bd9ab |
* autoconf support; IRIX and OSF/1 support has been dropped (dl-*.[ch]) as no
|
|
Packit |
6bd9ab |
one really used this, the implementation was a hack, and these operating
|
|
Packit |
6bd9ab |
systems have their own LDAP implementations now
|
|
Packit |
6bd9ab |
* added support for "referrals" and "restart" options to ldap.conf
|
|
Packit |
6bd9ab |
* use OpenLDAP 2.x rebind proc with correct arguments
|
|
Packit |
6bd9ab |
* added "timelimit" and "bind_timelimit" directives to ldap.conf
|
|
Packit |
6bd9ab |
* fixed bug with dereferencing aliases
|
|
Packit |
6bd9ab |
* preliminary support for profiles; recognise profile semantics in
|
|
Packit |
6bd9ab |
ldap-nss.c/util.c
|
|
Packit |
6bd9ab |
* parity with pam_ldap; "ssl" directive in ldap.conf can now specify "yes" or
|
|
Packit |
6bd9ab |
"start_tls" for Start TLS
|
|
Packit |
6bd9ab |
* hopefully fixed Berkeley DB include mess in util.c
|
|
Packit |
6bd9ab |
* fixed potential buffer overflow in util.c
|
|
Packit |
6bd9ab |
* default to LDAP protocol version 3
|
|
Packit |
6bd9ab |
* fixed leaks in util.c, dnsconfig.c
|
|
Packit |
6bd9ab |
* accept on/yes/true for boolean configuration values
|
|
Packit |
6bd9ab |
* tested building on FreeBSD, Solaris 8, Linux
|
|
Packit |
6bd9ab |
* tested functionality on RedHat 6.2
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 124 to 126
|
|
Packit |
6bd9ab |
-----------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* fixed up Linux Makefiles to build libnss_ldap
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 123 to 124
|
|
Packit |
6bd9ab |
-----------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* patch from nalin@redhat.com for StartTLS
|
|
Packit |
6bd9ab |
* fixed up indenting
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 122.BZ52.2 to 123
|
|
Packit |
6bd9ab |
------------------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* rolled in BUG#52 branch with fixes for AIX
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 122.BZ52.1 to 122.BZ52.2
|
|
Packit |
6bd9ab |
-------------------------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* included ldap-schema.c; omitted from previous checkpoint
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 122 to 122.BZ52.1
|
|
Packit |
6bd9ab |
------------------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* preliminary fix for BUG#52 (support for different naming contexts for each
|
|
Packit |
6bd9ab |
map)
|
|
Packit |
6bd9ab |
* fixed bug in enumerating services map
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 121 to 122
|
|
Packit |
6bd9ab |
-----------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* fixed BUG#50 (check return value of ldap_simple_bind())
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 120 to 121
|
|
Packit |
6bd9ab |
-----------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* fixed BUG#49 (fix acknowledged race condition)
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 119 to 120
|
|
Packit |
6bd9ab |
-----------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* added Makefile.aix and exports.aix (forgot)
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 118 to 119
|
|
Packit |
6bd9ab |
-----------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* patch from Gabor Gombas <gombasg@inf.elte.hu> to support AIX implementation
|
|
Packit |
6bd9ab |
of BIND IRS
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 117 to 118
|
|
Packit |
6bd9ab |
-----------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* Makefile.RPM.openldap2 from Joe Little
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 116 to 117
|
|
Packit |
6bd9ab |
-----------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* permanently ignore SIGPIPE when using SSL. This bug should be fixed
|
|
Packit |
6bd9ab |
properly.
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 115 to 116
|
|
Packit |
6bd9ab |
-----------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* added irs-nss.diff and README.IRS from Emile Heitor
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 113 to 115
|
|
Packit |
6bd9ab |
-----------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* fixed filter escaping
|
|
Packit |
6bd9ab |
* call ldapssl_client_init() once only
|
|
Packit |
6bd9ab |
* include db_185.h not db.h for dn2uid cache
|
|
Packit |
6bd9ab |
* fixes for FreeBSD (IRS) support from Emile Heitor
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 110 to 113
|
|
Packit |
6bd9ab |
-----------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* patch from Ben Collins to escape '*' in filters
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 109 to 110
|
|
Packit |
6bd9ab |
-----------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* patch from Phlilip Liu for async binds
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 108 to 109
|
|
Packit |
6bd9ab |
-----------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* omit socket check for -DSSL; it doesn't work
|
|
Packit |
6bd9ab |
* updated CONTRIBUTORS
|
|
Packit |
6bd9ab |
* updated README re HAVE_LDAP_LD_FREE
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 107 to 108
|
|
Packit |
6bd9ab |
-----------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* included "deref" option in /etc/ldap.conf, compatible with OpenLDAP syntax.
|
|
Packit |
6bd9ab |
Patch from Michael Mattice.
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 106.2 to 107
|
|
Packit |
6bd9ab |
-------------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* fixed argument to _nss_ldap_getent() in ldap-ethers.c
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 106.1 to 106.2
|
|
Packit |
6bd9ab |
---------------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* if root, use rootbinddn/rootbindpw in rebind proc
|
|
Packit |
6bd9ab |
* include objectClass in pwd required attributes
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 105 to 106.1
|
|
Packit |
6bd9ab |
-------------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* if user is a shadowAccount, then don't return password in getpwent(),
|
|
Packit |
6bd9ab |
getpwuid() or getpwnam()
|
|
Packit |
6bd9ab |
* incorporated patch (from Doug Nazar):
|
|
Packit |
6bd9ab |
* allow getgrent() to be called without setgrent(); note arguments to
|
|
Packit |
6bd9ab |
_nss_ldap_getent() have changed.
|
|
Packit |
6bd9ab |
* return NSS_NOTFOUND instead of NSS_UNAVAIL at the end of a search
|
|
Packit |
6bd9ab |
* initialize len for getpeername()
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 104 to 105
|
|
Packit |
6bd9ab |
-----------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* incorporated patch for deadlock under Solaris (from Dave Begley)
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 103 to 104
|
|
Packit |
6bd9ab |
-----------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* new spec file
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 102 to 103
|
|
Packit |
6bd9ab |
-----------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* don't call ldap_parse_result() with V2 API
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 101 to 102
|
|
Packit |
6bd9ab |
-----------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* added defines for LDAP_MSG_ONE et al if not in ldap.h
|
|
Packit |
6bd9ab |
* removed LDAP_MORE_RESULTS_TO_RETURN test
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 100 to 101
|
|
Packit |
6bd9ab |
-----------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* fixed spec file
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 99 to 100
|
|
Packit |
6bd9ab |
----------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* support for asynchronous search API!
|
|
Packit |
6bd9ab |
* added some contributors
|
|
Packit |
6bd9ab |
* notes about ldap_ld_free()
|
|
Packit |
6bd9ab |
* merged in ChangeLog
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 98 to 99
|
|
Packit |
6bd9ab |
---------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* added some netgroup implementation tips
|
|
Packit |
6bd9ab |
* do_close_no_unbind() cleanup
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 97 to 98
|
|
Packit |
6bd9ab |
---------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* /etc/nss_ldap.secret -> /etc/ldap.secret (sorry, Doug!)
|
|
Packit |
6bd9ab |
* deleted crypt-mechanism code. Junk.
|
|
Packit |
6bd9ab |
* fixed call to _nss_ldap_read() after changing prototypes in nss_ldap-88
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 96 to 97
|
|
Packit |
6bd9ab |
---------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* #ifndef HAVE_LDAP_LD_FREE, still call ldap_unbind(), but having closed the
|
|
Packit |
6bd9ab |
descriptor.
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 95 to 96
|
|
Packit |
6bd9ab |
---------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* re-orged
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 94 to 95
|
|
Packit |
6bd9ab |
---------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* disable SO_KEEPALIVE on socket rather than blocking SIGPIPE. Need to figure
|
|
Packit |
6bd9ab |
out the right way to do this.
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 93 to 94
|
|
Packit |
6bd9ab |
---------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* committed some changes for the parent/child close problem. It relies on
|
|
Packit |
6bd9ab |
internal libldap APIs so it may be non-portable but should work with
|
|
Packit |
6bd9ab |
OpenLDAP and Netscape client libraries, and perhaps most UMich- derived
|
|
Packit |
6bd9ab |
client libraries. There's a possible workaround for client libraries without
|
|
Packit |
6bd9ab |
this; undefine HAVE_LDAP_LD_FREE to test this.
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 92 to 93
|
|
Packit |
6bd9ab |
---------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* important fix: make sure return status is reset after do_open() ==
|
|
Packit |
6bd9ab |
NSS_SUCCESS, just in case no entries are returned. This bug was introduced
|
|
Packit |
6bd9ab |
in nss_ldap-88 and could potentially cause a security hole.
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 91 to 92
|
|
Packit |
6bd9ab |
---------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* signal handling fix: don't restore handler unnecessarily.
|
|
Packit |
6bd9ab |
* don't open nss_ldap.secret unless a root pw is specified in ldap.conf
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 90 to 91
|
|
Packit |
6bd9ab |
---------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* reorganized SIGPIPE blocking code
|
|
Packit |
6bd9ab |
* added SSL support
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 89 to 90
|
|
Packit |
6bd9ab |
---------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* only reconnect if we've changed to/from root
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 88 to 89
|
|
Packit |
6bd9ab |
---------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* cleaned up a few things
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 87 to 88
|
|
Packit |
6bd9ab |
---------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* added breaks to switch in _nss_ldap_lookup (thanks to Nathan.Hawkins@FMR.COM
|
|
Packit |
6bd9ab |
for pointing this out)
|
|
Packit |
6bd9ab |
* save signal handler and ignore SIGPIPE for appropriate sections of do_open()
|
|
Packit |
6bd9ab |
and confirm connection is still active (patch from rpatel@globix.com)
|
|
Packit |
6bd9ab |
* allow root users to bind as a different user, to provide quasi-shadow
|
|
Packit |
6bd9ab |
password support (patch from nazard@dragoninc.on.ca)
|
|
Packit |
6bd9ab |
* under Linux, make Makefile look at last libc version (patch from
|
|
Packit |
6bd9ab |
nazard@dragoninc.on.ca)
|
|
Packit |
6bd9ab |
* never clobber nsswitch.ldap/ldap.conf when making install (patch from
|
|
Packit |
6bd9ab |
nazard@dragoninc.on.ca)
|
|
Packit |
6bd9ab |
* change do_open() to not unbind the parent ldap connection when the pid
|
|
Packit |
6bd9ab |
changes but simply open a new connection (patch from nazard@dragoninc.on.ca)
|
|
Packit |
6bd9ab |
* changed _nss_ldap_lookup() and _nss_ldap_read() prototypes to return
|
|
Packit |
6bd9ab |
NSS_STATUS error codes, so that NSS_UNAVAIL percolates as appropriate.
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 86 to 87
|
|
Packit |
6bd9ab |
---------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* fixed looking up DN-membered groups by member. Thanks to Jeff Mandel for
|
|
Packit |
6bd9ab |
spotting this hard to find bug.
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 85 to 86
|
|
Packit |
6bd9ab |
---------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* member for NDS vs uniqueMember (needs further investigation; -DNDS)
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 84 to 85
|
|
Packit |
6bd9ab |
---------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* check non-NULLity of userdn before freeing
|
|
Packit |
6bd9ab |
* use AT(uid) for groupsbymember filter
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 81 to 84
|
|
Packit |
6bd9ab |
---------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* implemented _nss_ldap_initgroups()
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 80 to 81
|
|
Packit |
6bd9ab |
---------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* removed extraneous do_sleep() code
|
|
Packit |
6bd9ab |
* updated spec file
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 2.79 to 80
|
|
Packit |
6bd9ab |
-----------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* (really 2.80) changed version number a la Solaris 7!
|
|
Packit |
6bd9ab |
* cleaned up schema stuff into ldap-schema.h
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 2.78 to 2.79
|
|
Packit |
6bd9ab |
-------------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* implemented exponential backoff reconnect logic
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 2.76 to 2.78
|
|
Packit |
6bd9ab |
-------------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* removed ldap.conf.ragenet from lineup
|
|
Packit |
6bd9ab |
* removed spurious do_close()
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 2.75 to 2.76
|
|
Packit |
6bd9ab |
-------------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* added -lresolv to Solaris makefiles
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 2.72 to 2.75
|
|
Packit |
6bd9ab |
-------------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* incorporated RPM patches from stein@terminator.net
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 2.71 to 2.72
|
|
Packit |
6bd9ab |
-------------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* implemented getgroupsbymember() for Solaris. Supplementary groups should be
|
|
Packit |
6bd9ab |
initialized now. (NB: doesn't appear to be quite working for RFC2307bis
|
|
Packit |
6bd9ab |
yet.)
|
|
Packit |
6bd9ab |
* GNU indent-ified
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 2.70 to 2.71
|
|
Packit |
6bd9ab |
-------------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* removed -DDEBUG as default build flag
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 2.69 to 2.70
|
|
Packit |
6bd9ab |
-------------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* put /usr/ucblib back into linker search path for Solaris.
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 2.68 to 2.69
|
|
Packit |
6bd9ab |
-------------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* added timeout, unavailable, and server busy conditions to rebind logic
|
|
Packit |
6bd9ab |
* indent -gnu all source files
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 2.65 to 2.68
|
|
Packit |
6bd9ab |
-------------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* mods for glibc 2.1 (__set_errno is obselete it seems)
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 2.64 to 2.65
|
|
Packit |
6bd9ab |
-------------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* mods to compile with OpenLDAP 2
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 2.63 to 2.64
|
|
Packit |
6bd9ab |
-------------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* changed alias schema to Sun SDS nisMailAlias schema
|
|
Packit |
6bd9ab |
* updated TODO list to reflect Bugzilla entries
|
|
Packit |
6bd9ab |
* restored capitalization of attributes for "niceness"
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 2.62 to 2.63
|
|
Packit |
6bd9ab |
-------------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* added patch from gero@faveve.uni-stuttgart.de for parsing of ldap.conf with
|
|
Packit |
6bd9ab |
tabs
|
|
Packit |
6bd9ab |
* some fixes for BSDI BSD/OS IRS
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 2.61 to 2.62
|
|
Packit |
6bd9ab |
-------------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* added experimental support for DN-membered groups; to enable, define
|
|
Packit |
6bd9ab |
RFC2307BIS
|
|
Packit |
6bd9ab |
* fixed align bug (where buflen wasn't being decremented after pointer
|
|
Packit |
6bd9ab |
alignment)
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 2.60 to 2.61
|
|
Packit |
6bd9ab |
-------------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* added warning about compiling with DS 4.1 LDAP SDK
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 2.59 to 2.60
|
|
Packit |
6bd9ab |
-------------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* fixed missing close brace
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 2.56 to 2.59
|
|
Packit |
6bd9ab |
-------------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* pw_comment field defaults to pw_gecos (Solaris only)
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 2.55 to 2.56
|
|
Packit |
6bd9ab |
-------------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* fixed Makefile.linux.mozilla NSSLIBVER
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 2.54.6 to 2.55
|
|
Packit |
6bd9ab |
---------------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* merged in glibc-2.1 branch
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 2.54.5 to 2.54.6
|
|
Packit |
6bd9ab |
-----------------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* misc fixes.
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 2.54.4 to 2.54.5
|
|
Packit |
6bd9ab |
-----------------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* misc fixes.
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 2.54.3 to 2.54.4
|
|
Packit |
6bd9ab |
-----------------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* glibc-2.1 patches from bcollins@debian.org
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 2.51 to 2.54.3
|
|
Packit |
6bd9ab |
---------------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* glibc-2.1 support. (Recall #93)
|
|
Packit |
6bd9ab |
* set erange correctly on Solaris (related to above)
|
|
Packit |
6bd9ab |
* added rebind function
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 2.49 to 2.51
|
|
Packit |
6bd9ab |
-------------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* added stuff for RC
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 2.47 to 2.49
|
|
Packit |
6bd9ab |
-------------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* configuration file is now case insensitive
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 2.45 to 2.47
|
|
Packit |
6bd9ab |
-------------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* RFC2052BIS (_ldap._tcp) support
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 2.44 to 2.45
|
|
Packit |
6bd9ab |
-------------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* added #include <stdlib.h> to globals.c
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 2.42 to 2.44
|
|
Packit |
6bd9ab |
-------------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* NULL search base allowed (omit basedn from config file)
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 2.39 to 2.42
|
|
Packit |
6bd9ab |
-------------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* fixed potential crasher in dnsconfig.c
|
|
Packit |
6bd9ab |
* LDAP session is now persistent for performance reasons. Removed references
|
|
Packit |
6bd9ab |
to the session anywhere outside ldap-nss.c. The process ID is cached and the
|
|
Packit |
6bd9ab |
session reopened after a fork().
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 2.38 to 2.39
|
|
Packit |
6bd9ab |
-------------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* fixed warning in ldap-ethers.c (removed const from struct ether)
|
|
Packit |
6bd9ab |
* added ldap_version keyword to ldap.conf for parity with pam_ldap
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 2.37 to 2.38
|
|
Packit |
6bd9ab |
-------------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* debugged ldap_explode_rdn() code
|
|
Packit |
6bd9ab |
* added support for Mozilla LDAP client library; see Makefile.linux.mozilla
|
|
Packit |
6bd9ab |
and ltf.c for more information. Thanks to Netscape for making their library
|
|
Packit |
6bd9ab |
available.
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 2.36 to 2.37
|
|
Packit |
6bd9ab |
-------------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* moved to CVS repository and Linux as development environment
|
|
Packit |
6bd9ab |
* incorporated ldap-service.c fix from Greg
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 2.35 to 2.36
|
|
Packit |
6bd9ab |
-------------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* util.c: will use ldap_explode_rdn() if it exists
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 2.34 to 2.35
|
|
Packit |
6bd9ab |
-------------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* made util.c compile again. Silly me.
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 2.33 to 2.34
|
|
Packit |
6bd9ab |
-------------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* fixed #endif in testpw.c
|
|
Packit |
6bd9ab |
* fixed another DN freeing leak in util.c
|
|
Packit |
6bd9ab |
* added RFC 2307 to distribution (fixed the two typos in it:
|
|
Packit |
6bd9ab |
* fixed bug in ...getrdnvalue() (thanks, Greg)
|
|
Packit |
6bd9ab |
* diff rfc2307.txt ~/rfc2307.txt
|
|
Packit |
6bd9ab |
480c480
|
|
Packit |
6bd9ab |
< MUST ( cn $ ipProtocolNumber )
|
|
Packit |
6bd9ab |
---
|
|
Packit |
6bd9ab |
> MUST ( cn $ ipProtocolNumber $ description )
|
|
Packit |
6bd9ab |
1038c1038
|
|
Packit |
6bd9ab |
< lester:X5/DBrWPOQQaI:10:10:Lester:/home/lester:/bin/csh
|
|
Packit |
6bd9ab |
---
|
|
Packit |
6bd9ab |
> lester:X5/DBrWPOQQaI:10:10:Lester:/home/lester:/bin/sh
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 2.32 to 2.33
|
|
Packit |
6bd9ab |
-------------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* rolled in more patches from greg@rage.net:
|
|
Packit |
6bd9ab |
* removed _r from setXXXent and endXXXent functions for GNU_NSS
|
|
Packit |
6bd9ab |
* cleaned up testpw.c to use pthreads and protos
|
|
Packit |
6bd9ab |
* fixed prototype for gethostbyaddr_r on GNU_NSS
|
|
Packit |
6bd9ab |
* braced conditional in getservbyname_r
|
|
Packit |
6bd9ab |
* merged in Makefile.linux and README.LINUX diffs
|
|
Packit |
6bd9ab |
* added htons(port) in getservbyport_r
|
|
Packit |
6bd9ab |
* added nsswitch.test
|
|
Packit |
6bd9ab |
* added ldaptest.pl
|
|
Packit |
6bd9ab |
* added ldap.conf.ragenet
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 2.31 to 2.32
|
|
Packit |
6bd9ab |
-------------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* moved Makefile to Makefile.solaris
|
|
Packit |
6bd9ab |
* cleaned up mutex code for Linux, hopefully
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 2.30 to 2.31
|
|
Packit |
6bd9ab |
-------------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* fixed leak in util.c (need to free dn)
|
|
Packit |
6bd9ab |
* rolled in patches from greg@rage.net:
|
|
Packit |
6bd9ab |
* fixed ldap-ethers.c to use struct ether
|
|
Packit |
6bd9ab |
* fixed bracing in ldap-hosts.c (?)
|
|
Packit |
6bd9ab |
* added SSLEAY patch to ldap-nss.h
|
|
Packit |
6bd9ab |
* fixed locking in ldap-nss.h
|
|
Packit |
6bd9ab |
* Makefile changes incorporated into Makefile.linux
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 2.29e to 2.30
|
|
Packit |
6bd9ab |
--------------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* synced into DevMan repository again
|
|
Packit |
6bd9ab |
* RFC 2307 is the one!
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 2.29d to 2.29e
|
|
Packit |
6bd9ab |
---------------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* util.c: fixed memory leak (call to ldap_value_free())
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 2.29c to 2.29d
|
|
Packit |
6bd9ab |
---------------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* ldap-ethers.c: fixed to use HOSTNAME attribute
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 2.29b to 2.29c
|
|
Packit |
6bd9ab |
---------------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* ieee8022Device -> ieee802Device
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 2.29a to 2.29b
|
|
Packit |
6bd9ab |
---------------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* added ieee8022Device and bootableDevice classes,
|
|
Packit |
6bd9ab |
at Sun's request.
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 2.29 to 2.29a
|
|
Packit |
6bd9ab |
--------------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* dc -> cn
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 2.28 to 2.29
|
|
Packit |
6bd9ab |
-------------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* changed host/network/ethers naming schema see the -02 draft revision for
|
|
Packit |
6bd9ab |
more info
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 2.27 to 2.28
|
|
Packit |
6bd9ab |
-------------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* ldap-pwd.c, ldap-spwd.c: fixed tmpbuf stuff. Yuck.
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 2.26 to 2.27
|
|
Packit |
6bd9ab |
-------------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* ANNOUNCE: reflected draft-howard-nis-schema-01.txt
|
|
Packit |
6bd9ab |
* ldap-spwd.c: default for shadow integer values is -1, not 0 and fixed
|
|
Packit |
6bd9ab |
crasher (thanks to dj@gregor.com)
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 2.25 to 2.26
|
|
Packit |
6bd9ab |
-------------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* globals.c: added offset stuff back for mapping errnumbers. Weird: this stuff
|
|
Packit |
6bd9ab |
*was* in an earlier version of the work area. I have no idea where it went.
|
|
Packit |
6bd9ab |
Scary.
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 2.24 to 2.25
|
|
Packit |
6bd9ab |
-------------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* irs-nss.h: added prototype for irs_ldap_acc()
|
|
Packit |
6bd9ab |
* ldap-*.[ch]: removed redundent PARSER macro
|
|
Packit |
6bd9ab |
* unbroke for GNU NSS (context_key_t changed to context_handle_t)
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 2.23 to 2.24
|
|
Packit |
6bd9ab |
-------------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* irs-nss.c: added dispatch table for IRS library
|
|
Packit |
6bd9ab |
* testpw5.c: added additional test program
|
|
Packit |
6bd9ab |
* ldap-nss.c: removed spurious debug statement
|
|
Packit |
6bd9ab |
* ldap-nss.c, util.c, dnsconfig.c: cleaned up memory allocation for config.
|
|
Packit |
6bd9ab |
(This could be improved, but there is no longer a static ldap_config_t
|
|
Packit |
6bd9ab |
structure.)
|
|
Packit |
6bd9ab |
* Makefile: general cleanup
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 2.22 to 2.23
|
|
Packit |
6bd9ab |
-------------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* default destructor is now simply wrapped around by individual backend
|
|
Packit |
6bd9ab |
destructors
|
|
Packit |
6bd9ab |
* __EXTENSIONS__ defined for Solaris 2.6 to import strncasecmp()
|
|
Packit |
6bd9ab |
* getbyname: fixed crasher in ldap-nss.c due to uninitialized variable
|
|
Packit |
6bd9ab |
* ldap-parse.h, assorted others: tidied up resolver calls to use NSS_ARGS()
|
|
Packit |
6bd9ab |
macro and not to interfere with the previous backend's status (bad thing!)
|
|
Packit |
6bd9ab |
* ldap-service.c: cleaned up potential uninitialized var in parser
|
|
Packit |
6bd9ab |
* ldap-nss.c: no valued arrays are now { NULL } instead of NULL.
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 2.21 to 2.22
|
|
Packit |
6bd9ab |
-------------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* testpw.c: XXX problem. dies with segfault, but gdb doesn't give me enough
|
|
Packit |
6bd9ab |
information; it's definitely within nss_ldap.so though. I just can't see the
|
|
Packit |
6bd9ab |
symbols. (Maybe dbx would be better...) However, testpw doesn't work at
|
|
Packit |
6bd9ab |
*all* under 2.5.1, and technically it shouldn't as it's not linked against
|
|
Packit |
6bd9ab |
liblthread. I haven't been able to duplicate this with testpw2, which is the
|
|
Packit |
6bd9ab |
same code linked with the thread library.
|
|
Packit |
6bd9ab |
* backported to NeXT
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 2.20 to 2.21
|
|
Packit |
6bd9ab |
-------------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* resolve.h: renamed functions so as to keep namespace clean
|
|
Packit |
6bd9ab |
* snprintf.h: tidied up for systems which already have snprintf() and renamed
|
|
Packit |
6bd9ab |
anyway to keep namespace clean (_nss_ldap_snprintf)
|
|
Packit |
6bd9ab |
* ldap-*.h: made character constants const to avoid nasty warnings
|
|
Packit |
6bd9ab |
* globals.[ch]: as above
|
|
Packit |
6bd9ab |
* README, TODO, ANNOUNCE: general documentation updates
|
|
Packit |
6bd9ab |
* ldap-nss.c, et al: general work on Solaris 2.6 port, to get nscd working.
|
|
Packit |
6bd9ab |
Lots of fiddling with the locking.
|
|
Packit |
6bd9ab |
* Major architectural changes to Solaris NSS implementation. Thread specific
|
|
Packit |
6bd9ab |
data is now stored in the backend, where it should be: just like it is in
|
|
Packit |
6bd9ab |
IRS. Locking is a little more coarse now, but it will do for the moment.
|
|
Packit |
6bd9ab |
* Paul Henson's DCE module gave me the inspiration to do the backend stuff the
|
|
Packit |
6bd9ab |
"right" way -- thanks, Paul!
|
|
Packit |
6bd9ab |
* As a result, a lot of the bugs listed in TODO have mysteriously fixed
|
|
Packit |
6bd9ab |
themselves. :-)
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 2.19 to 2.20
|
|
Packit |
6bd9ab |
-------------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* Makefile.*: ensured resolve.[ch] and dnsconfig.[ch] were there.
|
|
Packit |
6bd9ab |
* Makefile: should link now with gcc -shared instead of requiring cc.
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 2.18 to 2.19
|
|
Packit |
6bd9ab |
-------------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* testpw4.c: added irs hostbyname() test
|
|
Packit |
6bd9ab |
* Makefile: added correct flags to build position indepdenent code with Sun's
|
|
Packit |
6bd9ab |
compiler (thanks, Bill). Added SRV sources.
|
|
Packit |
6bd9ab |
* testpw.c: works under NeXT, cleaned up a bit.
|
|
Packit |
6bd9ab |
* ldap.conf: documented what this file does
|
|
Packit |
6bd9ab |
* util.c: ignore blank lines in ldap.conf properly
|
|
Packit |
6bd9ab |
* resolve.h: fixed up for Solaris
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 2.17 to 2.18
|
|
Packit |
6bd9ab |
-------------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* ldap-network.c: fixed infinite loop in getnetbyname()
|
|
Packit |
6bd9ab |
* util.c: goto out causes a compiler warning under Solaris. Documented this.
|
|
Packit |
6bd9ab |
Should fix this, I suppose, but we need to break out of two blocks. (We
|
|
Packit |
6bd9ab |
could remove the code that handles multivalued DNs, as it's fairly unlikely
|
|
Packit |
6bd9ab |
that someone will use a DN of o=Xedoc+dc=xedoc,c=US+dc=com, but who knows?)
|
|
Packit |
6bd9ab |
* ldap-ethers.c: line 215, result was not assigned to an lvalue (should have
|
|
Packit |
6bd9ab |
been args->status, not args). Fixed.
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 2.16 to 2.17
|
|
Packit |
6bd9ab |
-------------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* Cleaned up documentation and testpw4.c
|
|
Packit |
6bd9ab |
* dnsconfig.c: Fixed strtok() bug which was clobbering domain
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 2.15 to 2.16
|
|
Packit |
6bd9ab |
-------------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* util.c (_nss_ldap_readconfig) fixed strtok() typo
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 2.2 to 2.15
|
|
Packit |
6bd9ab |
------------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* dnsconfig.c: got DNS SRV support working under NEXTSTEP
|
|
Packit |
6bd9ab |
* util.c: (_nss_ldap_getdomainname) made host and network DN parsing compliant
|
|
Packit |
6bd9ab |
with current draft
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
changes from 2.1 to 2.2
|
|
Packit |
6bd9ab |
-----------------------
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
* I'll get around to merging in the RCS log here one day. Nothing very
|
|
Packit |
6bd9ab |
exciting happened, I just backported the code to NEXTSTEP and compiled it.
|