lists.arthurdejong.org
RSS feed

nss-pam-ldapd commit: r1358 - in nss-pam-ldapd: . debian man

[Date Prev][Date Next] [Thread Prev][Thread Next]

nss-pam-ldapd commit: r1358 - in nss-pam-ldapd: . debian man



Author: arthur
Date: Thu Dec 30 22:28:29 2010
New Revision: 1358
URL: http://arthurdejong.org/viewvc/nss-pam-ldapd?view=rev&revision=1358

Log:
get files ready for 0.8.0 release

Modified:
   nss-pam-ldapd/ChangeLog
   nss-pam-ldapd/NEWS
   nss-pam-ldapd/TODO
   nss-pam-ldapd/configure.ac
   nss-pam-ldapd/debian/changelog
   nss-pam-ldapd/man/nslcd.8.xml
   nss-pam-ldapd/man/nslcd.conf.5.xml
   nss-pam-ldapd/man/pam_ldap.8.xml

Modified: nss-pam-ldapd/ChangeLog
==============================================================================
--- nss-pam-ldapd/ChangeLog     Thu Dec 30 17:43:04 2010        (r1357)
+++ nss-pam-ldapd/ChangeLog     Thu Dec 30 22:28:29 2010        (r1358)
@@ -1,3 +1,545 @@
+2010-12-30 16:43  arthur
+
+       * [r1357] README, debian/copyright: update copyright information
+
+2010-12-30 16:26  arthur
+
+       * [r1356] debian/po/ca.po, debian/po/cs.po, debian/po/da.po,
+         debian/po/de.po, debian/po/es.po, debian/po/fi.po,
+         debian/po/fr.po, debian/po/gl.po, debian/po/it.po,
+         debian/po/ja.po, debian/po/nb.po, debian/po/nl.po,
+         debian/po/pt.po, debian/po/pt_BR.po, debian/po/ru.po,
+         debian/po/sv.po, debian/po/templates.pot, debian/po/vi.po,
+         debian/po/zh_CN.po: run debconf-updatepo (new and updated
+         templates)
+
+2010-12-30 16:25  arthur
+
+       * [r1355] debian/po/ca.po, debian/po/cs.po, debian/po/da.po,
+         debian/po/de.po, debian/po/es.po, debian/po/fi.po,
+         debian/po/fr.po, debian/po/gl.po, debian/po/it.po,
+         debian/po/ja.po, debian/po/nb.po, debian/po/nl.po,
+         debian/po/pt.po, debian/po/pt_BR.po, debian/po/ru.po,
+         debian/po/sv.po, debian/po/vi.po, debian/po/zh_CN.po: put headers
+         of .po files in a consistent format
+
+2010-12-30 13:13  arthur
+
+       * [r1354] ., AUTHORS, HACKING, README, configure.ac,
+         debian/copyright, nss/Makefile.am, nss/common.h, nss/ethers.c,
+         nss/exports.solaris, nss/group.c, nss/hosts.c, nss/netgroup.c,
+         nss/networks.c, nss/passwd.c, nss/protocols.c, nss/prototypes.h,
+         nss/rpc.c, nss/services.c, nss/shadow.c, nss/solnss.c: integrate
+         Solaris support developed by Ted C. Cheng of Symas Corporation
+         that was developed on the -solaris branch
+
+2010-12-29 22:20  arthur
+
+       * [r1348] Makefile.am, pam/Makefile.am: fix distcheck by passing
+         --with-pam-seclib-dir to configure and remove unneeded slashes
+
+2010-12-29 21:50  arthur
+
+       * [r1347] Makefile.am, configure.ac, py-compile, pynslcd,
+         pynslcd/Makefile.am, pynslcd/alias.py, pynslcd/cfg.py,
+         pynslcd/common.py, pynslcd/config.py.in, pynslcd/debugio.py,
+         pynslcd/ether.py, pynslcd/group.py, pynslcd/mypidfile.py,
+         pynslcd/pam.py, pynslcd/passwd.py, pynslcd/pynslcd.py,
+         pynslcd/shadow.py, pynslcd/tio.py: add an experimental (currently
+         partial) Python implementation of nslcd to see if we can get the
+         same features with easier to maintain code
+
+2010-12-28 22:52  arthur
+
+       * [r1346] man/nslcd.conf.5.xml, nslcd/attmap.c, nslcd/common.c,
+         nslcd/common.h, nslcd/group.c, nslcd/passwd.c, nslcd/shadow.c:
+         allow attribute mapping with an expression for the userPassword
+         attribute for passwd, group and shadow entries and by default map
+         it to the unmatchable password ("*") to avoid accidentally
+         leaking password information
+
+2010-12-26 17:09  arthur
+
+       * [r1345] nslcd/common.h, nslcd/myldap.c, nslcd/myldap.h,
+         nslcd/pam.c, nslcd/shadow.c: try to update the shadowLastChange
+         attribute of a user on password change (the update is only tried
+         if the attribute is present to begin with)
+
+2010-12-26 15:00  arthur
+
+       * [r1344] common/tio.c: return connection reset when connection was
+         closed by the other end
+
+2010-12-26 14:56  arthur
+
+       * [r1343] tests/nslcd-test.conf: paging isn't supported by OpenLDAP
+         when chasing referrals
+
+2010-12-26 11:05  arthur
+
+       * [r1342] nslcd/cfg.c: also support the tls_cacert option as an
+         alias for tls_cacertfile
+
+2010-12-26 11:04  arthur
+
+       * [r1341] man/nslcd.conf.5.xml: add notes on ignored options when
+         using GnuTLS (based on #513270 which was reported against the
+         openldap package by Peter Palfrader)
+
+2010-12-24 14:32  arthur
+
+       * [r1340] nslcd/common.c: also support tilde (~) in user and group
+         names, except as first character
+
+2010-12-24 14:31  arthur
+
+       * [r1339] nslcd/common.c: make logic of character tests easier to
+         read
+
+2010-12-20 10:18  arthur
+
+       * [r1338] man/nslcd.conf.5.xml, nslcd/cfg.c, nslcd/cfg.h,
+         nslcd/group.c, nslcd/passwd.c: implement a nss_min_uid option to
+         filter user entries returned by LDAP
+
+2010-12-18 17:39  arthur
+
+       * [r1337] tests/test_nsscmds.sh: sort group members by alphabet to
+         not be dependant on the order of attributes returned and the
+         internal softing of the set
+
+2010-12-18 17:35  arthur
+
+       * [r1336] tests/README, tests/test.ldif.gz, tests/test_nsscmds.sh:
+         update tests with current test set-up (with chasing a referral
+         and some other minor changes)
+
+2010-12-12 22:32  arthur
+
+       * [r1328] nslcd/myldap.c: pass the ld to do_bind() instead of the
+         session to use the correct ld from do_rebind()
+
+2010-12-12 22:24  arthur
+
+       * [r1327] nslcd/pam.c: always return a positive authorisation
+         result during authentication because we don't do any
+         authorisation checks during authentication and this may confuse
+         the PAM module if it's only used for authorisation
+
+2010-12-12 22:22  arthur
+
+       * [r1326] pam/pam.c: fallback to standard PAM error message if one
+         wasn't returned by nslcd
+
+2010-12-12 22:15  arthur
+
+       * [r1325] nslcd/myldap.c: fix comment
+
+2010-12-11 21:40  arthur
+
+       * [r1322] tests/test_myldap.c: include extra assertion checks
+
+2010-12-08 22:54  arthur
+
+       * [r1319] nslcd/myldap.c, nslcd/myldap.h, nslcd/nslcd.c: in each
+         worker wake up once in a while to check whether any existing LDAP
+         connections should be closed
+
+2010-12-03 16:16  arthur
+
+       * [r1318] nslcd/pam.c: in try_bind(), perform the search ourselves
+         instead of using lookup_dn2uid() to also be able to match
+         administrator DNs (thanks to Thaddeus J. Kollar for spotting
+         this)
+
+2010-12-03 16:03  arthur
+
+       * [r1317] nslcd/pam.c: fix handling of try_bind() result code in
+         nslcd_pam_authc() (patch by Thaddeus J. Kollar)
+
+2010-11-26 11:39  arthur
+
+       * [r1316] nslcd/nslcd.c: close all open file descriptors on start
+
+2010-11-17 20:08  arthur
+
+       * [r1315] nslcd/common.h, nslcd/pam.c, nslcd/passwd.c: return
+         correct PAM status code for when LDAP server is unavailable
+         (based on a patch by Pierre Gambarotto)
+
+2010-11-17 19:55  arthur
+
+       * [r1314] nslcd/pam.c: switch all internal functions to return an
+         LDAP status code
+
+2010-11-17 19:41  arthur
+
+       * [r1313] nslcd/pam.c: return correct kind of error code from
+         try_pwmod() (bug)
+
+2010-11-10 21:12  arthur
+
+       * [r1312] debian/nslcd.config, debian/nslcd.postinst,
+         debian/nslcd.templates: implement configuring SASL authentication
+         using Debconf, based on a patch by Daniel Dehennin
+
+2010-11-10 20:05  arthur
+
+       * [r1311] debian/nslcd.config: fix for problem with undefined
+         values in read_config() function
+
+2010-11-07 22:13  arthur
+
+       * [r1310] debian/nslcd.config: split reading values from a
+         configfile into a separate function and also ensure that
+         tls_reqcert is correctly read
+
+2010-11-07 22:05  arthur
+
+       * [r1309] debian/nslcd.postinst: add comment describing function
+
+2010-11-07 20:04  arthur
+
+       * [r1308] debian/nslcd.postinst: split updating configuration file
+         based on debconf value to separate function and make config
+         option renaming consistent
+
+2010-11-07 19:45  arthur
+
+       * [r1307] pam/Makefile.am: fix installation directory for PAM
+         module (was broken in r1239)
+
+2010-11-07 17:08  arthur
+
+       * [r1306] debian/nslcd.postinst: move special casing of handling
+         bindpw removal to cfg_disable() function
+
+2010-11-07 17:06  arthur
+
+       * [r1305] debian/nslcd.config, debian/nslcd.postinst: handle
+         tls_reqcert option consistently with other options
+
+2010-11-07 16:38  arthur
+
+       * [r1304] debian/nslcd.config: remove extra slash character
+
+2010-11-07 13:55  arthur
+
+       * [r1303] configure.ac: guess NSS SONAME on freebsd
+
+2010-11-07 13:54  arthur
+
+       * [r1302] configure.ac: use NSS flavour to determine which exports
+         file to use
+
+2010-11-07 13:13  arthur
+
+       * [r1301] nslcd/alias.c, nslcd/common.h, nslcd/ether.c,
+         nslcd/group.c, nslcd/host.c, nslcd/log.c, nslcd/log.h,
+         nslcd/netgroup.c, nslcd/network.c, nslcd/pam.c, nslcd/passwd.c,
+         nslcd/protocol.c, nslcd/rpc.c, nslcd/service.c, nslcd/shadow.c:
+         log the request with any logged messages
+
+2010-11-07 13:08  arthur
+
+       * [r1300] compat/ldap_compat.h: SASL compatibility definition
+
+2010-11-04 20:45  arthur
+
+       * [r1298] nslcd/nslcd.c: move acceptconnection() function body
+         inside the worker() so we can more easily break out of the
+         connection handling thread, close the server socket inside the
+         signal handler to cause all threads waiting on accept() to fail
+         and ensure that signals are handled in the main thread by
+         blocking them in the worker threads (r1290 from -solaris branch)
+
+2010-11-04 20:36  arthur
+
+       * [r1297] nslcd/common.h, nslcd/pam.c, nslcd/passwd.c: avoid
+         unneeded strdup()s by using a passed buffer to lookup_dn2uid()
+         and using strcmp() in dn2uid() to see if the existing cached
+         value is ok
+
+2010-11-04 20:35  arthur
+
+       * [r1296] nslcd/passwd.c: fix race condition that could cause a
+         memory leak
+
+2010-11-04 20:31  arthur
+
+       * [r1295] common/nslcd-prot.c, nslcd/nslcd.c: pass the actual size
+         of the address family and the path length to bind() and connect()
+         for named sockets
+
+2010-11-03 20:55  arthur
+
+       * [r1294] nslcd/myldap.c: call myldap_session_check() before adding
+         a new search to the session so the connection actually gets
+         closed on timeout (the connection isn't closed when there are
+         active searches)
+
+2010-10-16 21:30  arthur
+
+       * [r1288] configure.ac: chage test for compiling with gcc to be
+         simpler and not use deprecated ac_cv_prog_gcc
+
+2010-10-16 20:20  arthur
+
+       * [r1287] nslcd/nslcd.c: fix log message
+
+2010-10-16 11:34  arthur
+
+       * [r1286] nslcd/cfg.h: remove obsolete note
+
+2010-10-15 10:31  arthur
+
+       * [r1279] common/dict.c, common/dict.h, common/set.c, common/set.h,
+         tests/test_set.c: implement dict_getany() and set_pop() functions
+         to be able to pick and remove entries
+
+2010-10-15 10:21  arthur
+
+       * [r1278] common/dict.c, common/dict.h, common/set.h,
+         tests/test_dict.c, tests/test_set.c: make DICTs and SETs
+         case-sensitive
+
+2010-10-15 09:22  arthur
+
+       * [r1277] nss/common.h: split out checking of NSS module
+         availability and buffer correctness to separate macros (taken
+         from the -solaris branch)
+
+2010-10-15 09:05  arthur
+
+       * [r1276] nslcd/myldap.c: set a longer socket timout for the normal
+         connection (just in case mostly) and a short one to use when
+         shutting down the connection (also see
+         http://www.openldap.org/its/index.cgi?selectid=6673)
+
+2010-10-14 19:05  arthur
+
+       * [r1274] configure.ac: set {nss,pam}_ldap_so_LINK from configure
+         to allow custom linker properties for Solaris (r1261 and r1263
+         from -solaris branch)
+
+2010-10-14 19:03  arthur
+
+       * [r1273] configure.ac: also include sys/types.h for
+         ethernet-related tests (same as in compat/ether.h) (r1259 from
+         -solaris branch)
+
+2010-10-14 19:00  arthur
+
+       * [r1272] nss/group.c: move _nss_ldap_initgroups_dyn() definition
+         to the end to have more logical order
+
+2010-10-14 18:39  arthur
+
+       * [r1271] nslcd/myldap.c: simplify SASL includes
+
+2010-10-13 21:20  arthur
+
+       * [r1270] nss/Makefile.am: link local modules before .a files from
+         common directory to pick symbols up in correct order
+
+2010-10-13 21:01  arthur
+
+       * [r1269] configure.ac: move ethernet function checks outside
+         nslcd-specific tests to also compile without warnings when only
+         compiling NSS module
+
+2010-10-13 19:58  arthur
+
+       * [r1267] nslcd/pam.c: make buffer sizes for PAM requests
+         consistent (and large enough for most situations)
+
+2010-10-13 19:42  arthur
+
+       * [r1266] configure.ac: rename --with-nss-ldap-maps to
+         --with-nss-maps
+
+2010-10-13 19:25  arthur
+
+       * [r1265] compat/ldap_passwd_s.c: small fix
+
+2010-10-12 20:30  arthur
+
+       * [r1264] nslcd/myldap.c: set timeout options on LDAP socket to
+         avoid problems when the LDAP library hangs on a read() (e.g. at
+         ldap_unbind())
+
+2010-10-10 19:57  arthur
+
+       * [r1256] nslcd/myldap.c, nss/netgroup.c, pam/pam.c: make use of
+         UNUSED() consistent throughout the code
+
+2010-10-10 19:53  arthur
+
+       * [r1255] nss/rpc.c: correctly name shared file handle
+
+2010-10-10 19:46  arthur
+
+       * [r1254] ChangeLog: undo changes to ChangeLog accidentally checked
+         in in r1253)
+
+2010-10-10 19:45  arthur
+
+       * [r1253] ChangeLog, configure.ac, nss/Makefile.am,
+         nss/exports.glibc, nss/exports.solaris, nss/nss_ldap.map,
+         pam/Makefile.am: put all logic on how to run linker for NSS and
+         PAM components in configure script (remove stuff from
+         Makefile.ams) and add Solaris version script (renaming version
+         scripts as needed) (r1250 from -solaris branch)
+
+2010-10-10 19:32  arthur
+
+       * [r1252] compat/ether.c, compat/ether.h: move missing declarations
+         of ether_ntoa() and ether_aton() to header file so they are
+         available for other sources also (r1243 from -solaris branch)
+
+2010-10-10 19:31  arthur
+
+       * [r1251] configure.ac: fix test of returnlen struct member check
+         (r1244 from -solaris branch)
+
+2010-10-08 11:24  arthur
+
+       * [r1245] nss/services.c: correctly name shared file handle
+
+2010-10-04 19:37  arthur
+
+       * [r1240] nss/Makefile.am, nss/aliases.c, nss/ethers.c,
+         nss/group.c, nss/hosts.c, nss/netgroup.c, nss/networks.c,
+         nss/passwd.c, nss/protocols.c, nss/rpc.c, nss/services.c,
+         nss/shadow.c, pam/Makefile.am: improve consistency of code layout
+
+2010-10-04 19:35  arthur
+
+       * [r1239] compat/nss_compat.h, configure.ac, nss/Makefile.am,
+         nss/common.h, nss/hosts.c, nss/networks.c, nss/prototypes.h,
+         pam/Makefile.am: merge some of the changes for Solaris
+         portability to ease merging, adding --with-pam-seclib-dir,
+         --with-pam-ldap-soname and --with-nss-flavour options and having
+         some auto-detection for SONAMEs and NSS flavour
+
+2010-10-02 19:19  arthur
+
+       * [r1235] .: ignore configure.lineno
+
+2010-10-01 08:11  arthur
+
+       * [r1233] compat/ether.c, compat/ldap_passwd_s.c, configure.ac: use
+         AC_CHECK_DECLS to check for definitions of functions we provide a
+         replacement definition for
+
+2010-09-30 19:09  arthur
+
+       * [r1229] debian/po/vi.po: updated Vietnamese (vi) translation of
+         debconf templates by Clytie Siddall
+
+2010-09-30 18:20  arthur
+
+       * [r1228] configure.ac: fix test quoting
+
+2010-09-29 19:37  arthur
+
+       * [r1227] compat/ether.c, configure.ac: only provide definitions
+         for ether_aton() and ether_ntoa() for platforms missing a
+         definition
+
+2010-09-29 19:01  arthur
+
+       * [r1226] compat/ether.c: fix definitions of ether_aton() and
+         ether_ntoa()
+
+2010-09-28 21:04  arthur
+
+       * [r1225] compat/nss_compat.h, compat/pam_get_authtok.c,
+         configure.ac: begin merging some of the compatibility
+         improvements from Ted C. Cheng of Symas Corporation
+
+2010-09-28 19:39  arthur
+
+       * [r1224] compat/nss_compat.h: no need to provide a enum nss_status
+         replacement because we don't use it
+
+2010-09-28 19:39  arthur
+
+       * [r1223] tests/test_aliases.c, tests/test_ethers.c,
+         tests/test_group.c, tests/test_hosts.c, tests/test_netgroup.c,
+         tests/test_networks.c, tests/test_passwd.c,
+         tests/test_protocols.c, tests/test_rpc.c, tests/test_services.c,
+         tests/test_shadow.c: also switch to nss_status_t for test code
+
+2010-09-28 19:35  arthur
+
+       * [r1222] configure.ac: simplify appending OBJEXT sed expression
+
+2010-09-27 21:25  arthur
+
+       * [r1221] nslcd/myldap.c: remove variables which are no longer
+         necessary due to r1220
+
+2010-09-27 21:19  arthur
+
+       * [r1220] nslcd/myldap.c: remove disabling keepalives since we
+         handle SIGPIPE anyway
+
+2010-09-26 20:43  arthur
+
+       * [r1219] nslcd/myldap.c: remove ugly empty line
+
+2010-09-26 12:34  arthur
+
+       * [r1218] configure.ac: properly define PACKAGE_URL
+
+2010-09-26 11:19  arthur
+
+       * [r1217] nslcd/group.c: update description of group schema
+         supported
+
+2010-09-26 11:08  arthur
+
+       * [r1216] Makefile.am: switch to nicer mechanism to specify
+         subdirectories to build
+
+2010-09-25 21:50  arthur
+
+       * [r1215] configure.ac, nss/Makefile.am: have a way to limit which
+         NSS maps should be built
+
+2010-09-24 13:04  arthur
+
+       * [r1214] compat/nss_compat.h, nss/aliases.c, nss/common.h,
+         nss/ethers.c, nss/group.c, nss/hosts.c, nss/netgroup.c,
+         nss/networks.c, nss/passwd.c, nss/protocols.c, nss/prototypes.h,
+         nss/rpc.c, nss/services.c, nss/shadow.c: switch to using
+         nss_status_t throughout the code and provide compatibility code
+         to use whatever nss_status type is used on the system
+
+2010-09-23 21:21  arthur
+
+       * [r1208] nslcd/myldap.c: add some more error cases which should
+         trigger a disconnect
+
+2010-09-20 20:41  arthur
+
+       * [r1207] nslcd/myldap.c: handle errors from ldap_result()
+         consistently and also retry in case it times out
+
+2010-09-05 09:30  arthur
+
+       * [r1206] man/nslcd.conf.5.xml, nslcd/cfg.c, nslcd/cfg.h,
+         nslcd/common.h, nslcd/nslcd.c, nslcd/pam.c, pam/pam.c: implement
+         a rootpwmodpw option that allows root users to change user
+         passwords without a password prompt
+
+2010-08-28 19:46  arthur
+
+       * [r1204] ChangeLog, NEWS, configure.ac, debian/changelog,
+         man/nslcd.8.xml, man/nslcd.conf.5.xml, man/pam_ldap.8.xml: get
+         files ready for 0.7.9 release
+
 2010-08-28 19:19  arthur
 
        * [r1203] debian/po/nl.po: unfuzzy a few Dutch translations and

Modified: nss-pam-ldapd/NEWS
==============================================================================
--- nss-pam-ldapd/NEWS  Thu Dec 30 17:43:04 2010        (r1357)
+++ nss-pam-ldapd/NEWS  Thu Dec 30 22:28:29 2010        (r1358)
@@ -1,3 +1,70 @@
+changes from 0.7.13 to 0.8.0
+----------------------------
+
+* include Solaris support developed by Ted C. Cheng of Symas Corporation
+* include an experimental partial implementation of nslcd in Python (disabled
+  by default, see --enable-pynslcd configure option)
+* implement a nss_min_uid option to filter user entries returned by LDAP
+* implement a rootpwmodpw option that allows the root user to change a user's
+  password without a password prompt
+* try to update the shadowLastChange attribute on password change
+* all log messages now include a description of the request to more easily
+  track problems when not running in debug mode
+* allow attribute mapping expressions for the userPassword attribute for
+  passwd, group and shadow entries and by default map it to the unmatchable
+  password ("*") to avoid accidentally leaking password information
+* numerous compatibility improvements
+* add --with-pam-seclib-dir and --with-pam-ldap-soname configure options to
+  allow more control of hot to install the PAM module
+* add --with-nss-flavour and --with-nss-maps configure options to support
+  other C libraries and limit which NSS modules to install
+* allow tilde (~) in user and group names
+* improvements to the timeout mechanism (connections are now actively timed
+  out using the idle_timelimit option)
+* set socket timeouts on the LDAP connection to disconnect regardless of LDAP
+  and possibly TLS handling of connection
+* better disconnect/reconnect handling of error conditions
+* some code improvements and cleanups and several smaller bug fixes
+* all internal string comparisons are now also case sensitive (e.g. for
+  providing DN to username lookups, etc)
+* signal handling in the daemon was changed to behave more reliable across
+  different threading implementations
+* nslcd will now always return a positive authorisation result during
+  authentication to avoid confusing the PAM module when it is only used for
+  authorisation
+* Debian packaging improvement: implement configuring SASL authentication
+  using Debconf, based on a patch by Daniel Dehennin
+
+
+changes from 0.7.12 to 0.7.13
+-----------------------------
+
+* fix handling of idle_timelimit option
+* fix error code for problem while doing password modification
+
+
+changes from 0.7.11 to 0.7.12
+-----------------------------
+
+* set a short socket timeout when shutting down the connection to the LDAP
+  server to avoid disconnect problems when using TLS
+
+
+changes from 0.7.10 to 0.7.11
+-----------------------------
+
+* grow the buffer for the PAM ruser to not reject logins for users with
+  a ruser including a domain part
+* Debian packaging improvements
+
+
+changes from 0.7.9 to 0.7.10
+----------------------------
+
+* handle errors from ldap_result() better and disconnect (and reconnect)
+  in more cases
+
+
 changes from 0.7.8 to 0.7.9
 ---------------------------
 

Modified: nss-pam-ldapd/TODO
==============================================================================
--- nss-pam-ldapd/TODO  Thu Dec 30 17:43:04 2010        (r1357)
+++ nss-pam-ldapd/TODO  Thu Dec 30 22:28:29 2010        (r1358)
@@ -1,15 +1,10 @@
-* test reachability problems with LDAP server more
 * write more unit tests
-* maybe implement a connection object in the myldap module that is shared
-  by different sessions (sessions need to be cleaned up)
 * add sanity checking code (e.g. not too large buffer allocation and checking
   that host, user, etc do not contain funky characters) in all server modules
 * log some statistics: "passwd=100 shadow=10 host=20 rpc=10" (10 req/minute)
 * in the server: once the request is done pass the flushing of the buffers to
   a separate thread so our workers are available to handle new requests
   (test whether this actually improves performace)
-* split out idle checking into separate function so we may be able to call it
-  periodically from elsewhere (e.g. the main loop)
 * add an option to create an extra socket somewhere (so it may be used in
   chroot jails)
 * make I/O timeout between NSS lib and daemon configurable with configure
@@ -17,15 +12,23 @@
   address and return it as an alternative entry (investigate whether this is
   sane)
 * protocols/rpc: the description attribute should be used as an alias?
-* do more checks with failing LDAP connections (e.g. killing connections)
-* maybe make myldap code thread-safe (use locking)
 * review changes in nss_ldap and merge any useful changes
 * maybe rate-limit LDAP entry warnings
-* only parse nslcd.conf options if they are available on the platform
-* maybe support memberOf attribute in passwd entries that map to groups
 * setnetgrent() may need to return an error if the netgroup is undefined
 * handle repeated calls to getent() better (see 
http://bugzilla.padl.com/show_bug.cgi?id=376)
 * make it possible to start nslcd real early in the boot process and have
   it become available when it determines it can (other timeout/retry mechanism
   on startup)
 * write a simple PAM test application
+* make user/group name filtering configurable (with regular expression)
+  (perhaps even extend the filtering to other data)
+* implement requesting and handling password policy information when binding
+  as a user
+* integrate the FreeBSD code
+* implement nested groups
+* implement other services in nslcd: sudo and autofs are candidates
+* restart unscd on postinst, just like nscd (or perhaps do nscd -i <MAP>)
+* instead of library symbol, use environment variable to disable NSS module
+* properly test Solaris support
+* fix buffer handling in read_**string() functions (Solaris support)
+* complete pynslcd implementation

Modified: nss-pam-ldapd/configure.ac
==============================================================================
--- nss-pam-ldapd/configure.ac  Thu Dec 30 17:43:04 2010        (r1357)
+++ nss-pam-ldapd/configure.ac  Thu Dec 30 22:28:29 2010        (r1358)
@@ -33,10 +33,10 @@
 
 # initialize and set version and bugreport address
 AC_INIT([nss-pam-ldapd],
-        [0.7.9],
+        [0.8.0],
         [nss-pam-ldapd-users@lists.arthurdejong.org],,
         [http://arthurdejong.org/nss-pam-ldapd/])
-RELEASE_MONTH="Aug 2010"
+RELEASE_MONTH="Dec 2010"
 AC_SUBST(RELEASE_MONTH)
 AC_CONFIG_SRCDIR([nslcd.h])
 

Modified: nss-pam-ldapd/debian/changelog
==============================================================================
--- nss-pam-ldapd/debian/changelog      Thu Dec 30 17:43:04 2010        (r1357)
+++ nss-pam-ldapd/debian/changelog      Thu Dec 30 22:28:29 2010        (r1358)
@@ -1,3 +1,72 @@
+nss-pam-ldapd (0.8.0) experimental; urgency=low
+
+  * include Solaris support developed by Ted C. Cheng of Symas Corporation
+  * include an experimental partial implementation of nslcd in Python
+    (disabled by default, see --enable-pynslcd configure option)
+  * implement a nss_min_uid option to filter user entries returned by LDAP
+  * implement a rootpwmodpw option that allows the root user to change a
+    user's password without a password prompt
+  * try to update the shadowLastChange attribute on password change
+  * all log messages now include a description of the request to more easily
+    track problems when not running in debug mode
+  * allow attribute mapping expressions for the userPassword attribute for
+    passwd, group and shadow entries and by default map it to the unmatchable
+    password ("*") to avoid accidentally leaking password information
+  * numerous compatibility improvements
+  * add --with-pam-seclib-dir and --with-pam-ldap-soname configure options to
+    allow more control of hot to install the PAM module
+  * add --with-nss-flavour and --with-nss-maps configure options to support
+    other C libraries and limit which NSS modules to install
+  * allow tilde (~) in user and group names (closes: #607640)
+  * improvements to the timeout mechanism (connections are now actively timed
+    out using the idle_timelimit option)
+  * set socket timeouts on the LDAP connection to disconnect regardless of
+    LDAP and possibly TLS handling of connection
+  * better disconnect/reconnect handling of error conditions
+  * some code improvements and cleanups and several smaller bug fixes
+  * all internal string comparisons are now also case sensitive (e.g. for
+    providing DN to username lookups, etc)
+  * signal handling in the daemon was changed to behave more reliable across
+    different threading implementations
+  * nslcd will now always return a positive authorisation result during
+    authentication to avoid confusing the PAM module when it is only used for
+    authorisation (closes: #604147)
+  * implement configuring SASL authentication using Debconf, based on a patch
+    by Daniel Dehennin (closes: #586532) (not called for translations yet
+    because the English text is likely to change)
+
+ -- Arthur de Jong <adejong@debian.org>  Thu, 30 Dec 2010 20:00:00 +0100
+
+nss-pam-ldapd (0.7.13) unstable; urgency=low
+
+  * fix handling of idle_timelimit option
+  * fix error code for problem while doing password modification
+
+ -- Arthur de Jong <adejong@debian.org>  Sat, 11 Dec 2010 22:00:00 +0100
+
+nss-pam-ldapd (0.7.12) unstable; urgency=low
+
+  * set a short socket timeout when shutting down the connection to the LDAP
+    server to avoid disconnect problems when using TLS
+    (addresses part of #596983)
+
+ -- Arthur de Jong <adejong@debian.org>  Fri, 29 Oct 2010 18:00:00 +0200
+
+nss-pam-ldapd (0.7.11) unstable; urgency=low
+
+  * updated Vietnamese debconf translation by Clytie Siddall (closes: #598500)
+  * grow the buffer for the PAM ruser to not reject logins for users with
+    a ruser including a domain part (closes: #600065)
+
+ -- Arthur de Jong <adejong@debian.org>  Fri, 15 Oct 2010 15:30:00 +0200
+
+nss-pam-ldapd (0.7.10) unstable; urgency=low
+
+  * handle errors from ldap_result() better and disconnect (and reconnect)
+    in more cases (closes: #596983)
+
+ -- Arthur de Jong <adejong@debian.org>  Fri, 24 Sep 2010 09:00:00 +0200
+
 nss-pam-ldapd (0.7.9) unstable; urgency=low
 
   * fix for --with-nss-ldap-soname configure option by Julien Cristau

Modified: nss-pam-ldapd/man/nslcd.8.xml
==============================================================================
--- nss-pam-ldapd/man/nslcd.8.xml       Thu Dec 30 17:43:04 2010        (r1357)
+++ nss-pam-ldapd/man/nslcd.8.xml       Thu Dec 30 22:28:29 2010        (r1358)
@@ -36,9 +36,9 @@
  <refmeta>
   <refentrytitle>nslcd</refentrytitle>
   <manvolnum>8</manvolnum>
-  <refmiscinfo class="version">Version 0.7.9</refmiscinfo>
+  <refmiscinfo class="version">Version 0.8.0</refmiscinfo>
   <refmiscinfo class="manual">System Manager's Manual</refmiscinfo>
-  <refmiscinfo class="date">Aug 2010</refmiscinfo>
+  <refmiscinfo class="date">Dec 2010</refmiscinfo>
  </refmeta>
 
  <refnamediv id="name">

Modified: nss-pam-ldapd/man/nslcd.conf.5.xml
==============================================================================
--- nss-pam-ldapd/man/nslcd.conf.5.xml  Thu Dec 30 17:43:04 2010        (r1357)
+++ nss-pam-ldapd/man/nslcd.conf.5.xml  Thu Dec 30 22:28:29 2010        (r1358)
@@ -36,9 +36,9 @@
  <refmeta>
   <refentrytitle>nslcd.conf</refentrytitle>
   <manvolnum>5</manvolnum>
-  <refmiscinfo class="version">Version 0.7.9</refmiscinfo>
+  <refmiscinfo class="version">Version 0.8.0</refmiscinfo>
   <refmiscinfo class="manual">System Manager's Manual</refmiscinfo>
-  <refmiscinfo class="date">Aug 2010</refmiscinfo>
+  <refmiscinfo class="date">Dec 2010</refmiscinfo>
  </refmeta>
 
  <refnamediv id="name">

Modified: nss-pam-ldapd/man/pam_ldap.8.xml
==============================================================================
--- nss-pam-ldapd/man/pam_ldap.8.xml    Thu Dec 30 17:43:04 2010        (r1357)
+++ nss-pam-ldapd/man/pam_ldap.8.xml    Thu Dec 30 22:28:29 2010        (r1358)
@@ -35,9 +35,9 @@
  <refmeta>
   <refentrytitle>pam_ldap</refentrytitle>
   <manvolnum>8</manvolnum>
-  <refmiscinfo class="version">Version 0.7.9</refmiscinfo>
+  <refmiscinfo class="version">Version 0.8.0</refmiscinfo>
   <refmiscinfo class="manual">System Manager's Manual</refmiscinfo>
-  <refmiscinfo class="date">Aug 2010</refmiscinfo>
+  <refmiscinfo class="date">Dec 2010</refmiscinfo>
  </refmeta>
 
  <refnamediv id="name">
--
To unsubscribe send an email to
nss-pam-ldapd-commits-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-commits