lists.arthurdejong.org
RSS feed

nss-pam-ldapd commit: r1096 - in nss-pam-ldapd: . debian man

[Date Prev][Date Next] [Thread Prev][Thread Next]

nss-pam-ldapd commit: r1096 - in nss-pam-ldapd: . debian man



Author: arthur
Date: Sun May  9 13:40:20 2010
New Revision: 1096
URL: http://arthurdejong.org/viewvc/nss-pam-ldapd?view=rev&revision=1096

Log:
get files ready for 0.7.4 release

Modified:
   nss-pam-ldapd/ChangeLog
   nss-pam-ldapd/NEWS
   nss-pam-ldapd/TODO
   nss-pam-ldapd/configure.ac
   nss-pam-ldapd/debian/changelog
   nss-pam-ldapd/man/nslcd.8.xml
   nss-pam-ldapd/man/nslcd.conf.5.xml
   nss-pam-ldapd/man/pam_ldap.8.xml

Modified: nss-pam-ldapd/ChangeLog
==============================================================================
--- nss-pam-ldapd/ChangeLog     Sun May  9 12:44:36 2010        (r1095)
+++ nss-pam-ldapd/ChangeLog     Sun May  9 13:40:20 2010        (r1096)
@@ -1,3 +1,136 @@
+2010-05-09 10:44  arthur
+
+       * [r1095] nslcd/myldap.c: only log "connected to LDAP server" if
+         the previous connect failed or we are failing over to a different
+         server
+
+2010-05-09 10:39  arthur
+
+       * [r1094] debian/nslcd.postinst, man/nslcd.conf.5.xml, nslcd/cfg.c,
+         nslcd/cfg.h, nslcd/myldap.c, tests/README, tests/nslcd-test.conf:
+         rename reconnect_maxsleeptime option to reconnect_retrytime
+
+2010-05-09 10:20  arthur
+
+       * [r1093] nslcd/myldap.c: don't log errno if it is not set (make
+         error less confusing)
+
+2010-05-09 10:08  arthur
+
+       * [r1092] nslcd/myldap.c: handle authentication searches a little
+         differently (only try once if an authentication error is
+         returned)
+
+2010-05-09 09:51  arthur
+
+       * [r1091] man/nslcd.conf.5.xml, nslcd/cfg.c, nslcd/cfg.h,
+         nslcd/myldap.c: refactor retry timing mechanism to use time
+         between first and last error to determin when to rerty and only
+         try once (and don't sleep) when we have been failing for a long
+         time
+
+2010-05-08 10:39  arthur
+
+       * [r1090] man/nslcd.conf.5.xml: fix wrapping of long line (thanks
+         lintian)
+
+2010-05-08 10:34  arthur
+
+       * [r1089] man/nslcd.conf.5.xml, nslcd/cfg.c, nslcd/cfg.h,
+         nslcd/pam.c: rename authz_search option to pam_authz_search
+
+2010-05-07 21:45  arthur
+
+       * [r1088] man/nslcd.conf.5.xml, man/pam_ldap.8.xml, nslcd/cfg.c,
+         nslcd/cfg.h, nslcd/pam.c: implement an authz_search option to
+         test whether the user is authorised
+
+2010-05-07 21:25  arthur
+
+       * [r1087] nslcd/alias.c, nslcd/ether.c, nslcd/group.c,
+         nslcd/host.c, nslcd/netgroup.c, nslcd/network.c, nslcd/passwd.c,
+         nslcd/protocol.c, nslcd/rpc.c, nslcd/service.c, nslcd/shadow.c:
+         tune some buffer sizes and small cleanups
+
+2010-05-07 20:43  arthur
+
+       * [r1086] tests/test_myldap.c: implement test for buffer overflow
+
+2010-05-07 20:40  arthur
+
+       * [r1085] nslcd/myldap.c: fix buffer overflow
+
+2010-05-07 11:23  arthur
+
+       * [r1084] man, man/Makefile.am: have the possibility to generate
+         HTML for manual pages (not done by default)
+
+2010-05-07 11:22  arthur
+
+       * [r1083] man/nslcd.conf.5.xml, man/pam_ldap.8.xml: use docbook
+         elements where possible
+
+2010-05-06 21:40  arthur
+
+       * [r1082] compat/pam_compat.h, configure.ac,
+         debian/libpam-ldapd.pam-auth-update, man/pam_ldap.8.xml,
+         pam/pam.c: implement a minimum_uid option for the PAM module to
+         ignore users that have a lower numeric user id
+
+2010-05-05 10:58  arthur
+
+       * [r1081] config.guess, config.sub: include updated files
+
+2010-05-03 20:29  arthur
+
+       * [r1080] debian/nslcd.config: also parse /etc/ldap.conf for
+         systems that use that for NSS and PAM configuration
+
+2010-04-13 19:21  arthur
+
+       * [r1079] nslcd/myldap.c, nslcd/myldap.h, nslcd/pam.c: don't have
+         myldap_set_credentials() try to open a connection but have the
+         PAM code perform a search with the new credentials so we re-use
+         the fail-over mechanism in myldap_search()
+
+2010-04-13 19:17  arthur
+
+       * [r1078] nslcd/cfg.c, nslcd/common.h, nslcd/myldap.c,
+         nslcd/myldap.h, nslcd/passwd.c, tests/test_myldap.c: also have
+         myldap_search() return an LDAP status code
+
+2010-04-01 19:49  arthur
+
+       * [r1077] tests/README, tests/test.ldif.gz, tests/test_nsscmds.sh:
+         small improvements to the test setup
+
+2010-03-20 16:01  arthur
+
+       * [r1076] man/nslcd.conf.5.xml, nslcd/cfg.c, nslcd/cfg.h,
+         nslcd/group.c: add an nss_initgroups_ignoreusers option to ignore
+         username to group lookups for the specified users
+
+2010-03-13 15:40  arthur
+
+       * [r1075] man/nslcd.conf.5.xml: remove commented-oud default option
+         because it is not implemented and we have a better mechanism now
+
+2010-02-28 08:10  arthur
+
+       * [r1074] nslcd/myldap.c: have less warnings when LDAP_OPT_X_TLS
+         isn't defined
+
+2010-02-28 08:07  arthur
+
+       * [r1073] man/nslcd.conf.5.xml: document which attributes may be
+         mapped with an expression
+
+2010-02-27 15:28  arthur
+
+       * [r1071] ChangeLog, NEWS, configure.ac, debian/changelog,
+         man/nslcd.8.xml, man/nslcd.conf.5.xml, man/pam_ldap.8.xml: get
+         files ready for 0.7.3 release
+
 2010-02-27 15:26  arthur
 
        * [r1070] debian/NEWS: add blank line for apt-listchanges

Modified: nss-pam-ldapd/NEWS
==============================================================================
--- nss-pam-ldapd/NEWS  Sun May  9 12:44:36 2010        (r1095)
+++ nss-pam-ldapd/NEWS  Sun May  9 13:40:20 2010        (r1096)
@@ -1,3 +1,22 @@
+changes from 0.7.3 to 0.7.4
+---------------------------
+
+* fix a buffer overflow that should have no security consequences
+* perform proper fail-over when authenticating in the PAM module
+* add an nss_initgroups_ignoreusers option to ignore user name to group
+  lookups for the specified users
+* add an pam_authz_search option to perform a flexible authorisation check on
+  login (e.g. to restrict which users can login to which hosts, etc)
+* implement a minimum_uid option for the PAM module to ignore users that have
+  a lower numeric user id
+* change the way retries are done to error out quicker if the LDAP server is
+  down for some time (this should make the system more responsive when the
+  LDAP server is unavailable) and rename the reconnect_maxsleeptime option to
+  reconnect_retrytime to better describe the behaviour
+* only log "connected to LDAP server" if the previous connection failed
+* documentation improvements
+
+
 changes from 0.7.2 to 0.7.3
 ---------------------------
 

Modified: nss-pam-ldapd/TODO
==============================================================================
--- nss-pam-ldapd/TODO  Sun May  9 12:44:36 2010        (r1095)
+++ nss-pam-ldapd/TODO  Sun May  9 13:40:20 2010        (r1096)
@@ -22,7 +22,6 @@
 * maybe make myldap code thread-safe (use locking)
 * review changes in nss_ldap and merge any useful changes
 * maybe rate-limit LDAP entry warnings
-* test non-ASCII characters in fields (mostly cn)
 * only parse configuration options if they are available on the platform
 * have some more general mechanism to disable NSS lookups from nslcd
 * maybe support memberOf attribute in passwd entries that map to groups

Modified: nss-pam-ldapd/configure.ac
==============================================================================
--- nss-pam-ldapd/configure.ac  Sun May  9 12:44:36 2010        (r1095)
+++ nss-pam-ldapd/configure.ac  Sun May  9 13:40:20 2010        (r1096)
@@ -32,8 +32,8 @@
 configure.ac file for more details.])
 
 # initialize and set version and bugreport address
-AC_INIT([nss-pam-ldapd],[0.7.3],[nss-pam-ldapd-users@lists.arthurdejong.org])
-RELEASE_MONTH="Feb 2010"
+AC_INIT([nss-pam-ldapd],[0.7.4],[nss-pam-ldapd-users@lists.arthurdejong.org])
+RELEASE_MONTH="May 2010"
 AC_SUBST(RELEASE_MONTH)
 AC_CONFIG_SRCDIR([nslcd.h])
 

Modified: nss-pam-ldapd/debian/changelog
==============================================================================
--- nss-pam-ldapd/debian/changelog      Sun May  9 12:44:36 2010        (r1095)
+++ nss-pam-ldapd/debian/changelog      Sun May  9 13:40:20 2010        (r1096)
@@ -1,3 +1,27 @@
+nss-pam-ldapd (0.7.4) unstable; urgency=low
+
+  * fix a buffer overflow that should have no security consequences
+  * perform proper fail-over when authenticating in the PAM module
+    (closes: #577593)
+  * add an nss_initgroups_ignoreusers option to ignore user name to group
+    lookups for the specified users
+  * add an pam_authz_search option to perform a flexible authorisation check
+    on login (e.g. to restrict which users can login to which hosts, etc)
+  * implement a minimum_uid option for the PAM module to ignore users that
+    have a lower numeric user id and make 1000 the default value for Debian
+    (closes: #579574)
+  * change the way retries are done to error out quicker if the LDAP server
+    is down for some time (this should make the system more responsive when
+    the LDAP server is unavailable) and rename the reconnect_maxsleeptime
+    option to reconnect_retrytime to better describe the behaviour
+  * only log "connected to LDAP server" if the previous connection failed
+    (closes: #483795)
+  * documentation improvements
+  * debian/nslcd.config: also parse /etc/ldap.conf for systems that put NSS
+    and PAM configuration there
+
+ -- Arthur de Jong <adejong@debian.org>  Sat, 08 May 2010 12:00:00 +0200
+
 nss-pam-ldapd (0.7.3) unstable; urgency=low
 
   * allow password modification by root using the rootpwmoddn configuration

Modified: nss-pam-ldapd/man/nslcd.8.xml
==============================================================================
--- nss-pam-ldapd/man/nslcd.8.xml       Sun May  9 12:44:36 2010        (r1095)
+++ nss-pam-ldapd/man/nslcd.8.xml       Sun May  9 13:40:20 2010        (r1096)
@@ -36,9 +36,9 @@
  <refmeta>
   <refentrytitle>nslcd</refentrytitle>
   <manvolnum>8</manvolnum>
-  <refmiscinfo class="version">Version 0.7.3</refmiscinfo>
+  <refmiscinfo class="version">Version 0.7.4</refmiscinfo>
   <refmiscinfo class="manual">System Manager's Manual</refmiscinfo>
-  <refmiscinfo class="date">Dec 2009</refmiscinfo>
+  <refmiscinfo class="date">May 2010</refmiscinfo>
  </refmeta>
 
  <refnamediv id="name">

Modified: nss-pam-ldapd/man/nslcd.conf.5.xml
==============================================================================
--- nss-pam-ldapd/man/nslcd.conf.5.xml  Sun May  9 12:44:36 2010        (r1095)
+++ nss-pam-ldapd/man/nslcd.conf.5.xml  Sun May  9 13:40:20 2010        (r1096)
@@ -36,9 +36,9 @@
  <refmeta>
   <refentrytitle>nslcd.conf</refentrytitle>
   <manvolnum>5</manvolnum>
-  <refmiscinfo class="version">Version 0.7.3</refmiscinfo>
+  <refmiscinfo class="version">Version 0.7.4</refmiscinfo>
   <refmiscinfo class="manual">System Manager's Manual</refmiscinfo>
-  <refmiscinfo class="date">Dec 2009</refmiscinfo>
+  <refmiscinfo class="date">May 2010</refmiscinfo>
  </refmeta>
 
  <refnamediv id="name">

Modified: nss-pam-ldapd/man/pam_ldap.8.xml
==============================================================================
--- nss-pam-ldapd/man/pam_ldap.8.xml    Sun May  9 12:44:36 2010        (r1095)
+++ nss-pam-ldapd/man/pam_ldap.8.xml    Sun May  9 13:40:20 2010        (r1096)
@@ -35,9 +35,9 @@
  <refmeta>
   <refentrytitle>pam_ldap</refentrytitle>
   <manvolnum>8</manvolnum>
-  <refmiscinfo class="version">Version 0.7.3</refmiscinfo>
+  <refmiscinfo class="version">Version 0.7.4</refmiscinfo>
   <refmiscinfo class="manual">System Manager's Manual</refmiscinfo>
-  <refmiscinfo class="date">Dec 2009</refmiscinfo>
+  <refmiscinfo class="date">May 2010</refmiscinfo>
  </refmeta>
 
  <refnamediv id="name">
--
To unsubscribe send an email to
nss-pam-ldapd-commits-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-commits