nss-pam-ldapd commit: r1385 - in nss-pam-ldapd: . debian man
[
Date Prev][
Date Next]
[
Thread Prev][
Thread Next]
nss-pam-ldapd commit: r1385 - in nss-pam-ldapd: . debian man
- From: Commits of the nss-pam-ldapd project <nss-pam-ldapd-commits [at] lists.arthurdejong.org>
- To: nss-pam-ldapd-commits [at] lists.arthurdejong.org
- Reply-to: nss-pam-ldapd-users [at] lists.arthurdejong.org
- Subject: nss-pam-ldapd commit: r1385 - in nss-pam-ldapd: . debian man
- Date: Thu, 10 Mar 2011 22:45:19 +0100 (CET)
Author: arthur
Date: Thu Mar 10 22:45:14 2011
New Revision: 1385
URL: http://arthurdejong.org/viewvc/nss-pam-ldapd?view=rev&revision=1385
Log:
get files ready for 0.8.1 release
Modified:
nss-pam-ldapd/ChangeLog
nss-pam-ldapd/NEWS
nss-pam-ldapd/TODO
nss-pam-ldapd/configure.ac
nss-pam-ldapd/debian/changelog
nss-pam-ldapd/man/nslcd.8.xml
nss-pam-ldapd/man/nslcd.conf.5.xml
nss-pam-ldapd/man/pam_ldap.8.xml
Modified: nss-pam-ldapd/ChangeLog
==============================================================================
--- nss-pam-ldapd/ChangeLog Thu Mar 10 21:35:32 2011 (r1384)
+++ nss-pam-ldapd/ChangeLog Thu Mar 10 22:45:14 2011 (r1385)
@@ -1,3 +1,141 @@
+2011-03-10 20:35 arthur
+
+ * [r1384] Makefile.am, common/tio.c, compat/Makefile.am,
+ compat/ether.h, compat/ldap_compat.h, compat/pam_get_authtok.c,
+ man/Makefile.am, nslcd/attmap.c, nslcd/attmap.h, nslcd/common.c,
+ nslcd/common.h, nss/prototypes.h, pam/common.h, pynslcd/ether.py,
+ pynslcd/pynslcd.py, pynslcd/tio.py: update copyright headers to
+ add missing years
+
+2011-03-09 22:33 arthur
+
+ * [r1383] nslcd/pam.c: fix compiler warning
+
+2011-03-09 22:32 arthur
+
+ * [r1382] nslcd/pam.c, nslcd/passwd.c: properly handle
+ user-not-found errors when doing authentication (CVE-2011-0438)
+
+2011-03-06 15:58 arthur
+
+ * [r1381] pynslcd/Makefile.am, pynslcd/netgroup.py,
+ pynslcd/pynslcd.py: implement module for netgroup lookups
+
+2011-03-06 15:09 arthur
+
+ * [r1380] pynslcd/Makefile.am, pynslcd/network.py,
+ pynslcd/pynslcd.py: add network name lookups
+
+2011-03-06 15:06 arthur
+
+ * [r1379] tests/test.ldif.gz, tests/test_nsscmds.sh: add some test
+ groups and add the arthur user to them to test whether all are
+ returned correctly
+
+2011-03-06 14:52 arthur
+
+ * [r1378] Makefile.am: pass --enable-pynslcd with distcheck
+
+2011-03-06 14:52 arthur
+
+ * [r1377] pynslcd/Makefile.am: clean up compiled python files
+
+2011-03-06 14:49 arthur
+
+ * [r1376] pynslcd/host.py: fix search filter objectClass for hosts
+
+2011-03-06 14:23 arthur
+
+ * [r1375] nslcd/log.c, nslcd/log.h, nslcd/nslcd.c: ensure that
+ session id is only logged while handling a connection
+
+2011-03-06 13:01 arthur
+
+ * [r1374] man/nslcd.conf.5.xml: note that attribute mapping
+ expressions cannot be used for all attributes
+
+2011-02-14 21:12 arthur
+
+ * [r1373] pynslcd/Makefile.am, pynslcd/host.py, pynslcd/pynslcd.py,
+ pynslcd/tio.py: implement module for hostname lookups
+
+2011-02-14 21:11 arthur
+
+ * [r1372] pynslcd/ether.py: fix comment
+
+2011-02-14 21:08 arthur
+
+ * [r1371] pynslcd/Makefile.am, pynslcd/debugio.py: clean up and add
+ missing files to installation
+
+2011-02-11 22:18 arthur
+
+ * [r1370] configure.ac: fix FreeBSD nss_ldap soname (as seen in
+ current FreeBSD packaging)
+
+2011-02-11 22:16 arthur
+
+ * [r1369] nslcd/nslcd.c: create the directory for the socket and
+ pidfile
+
+2011-01-29 20:19 arthur
+
+ * [r1368] man/nslcd.conf.5.xml: document a proper replacement for
+ pam_check_host_attr (thanks Luca Capello) and add a section on
+ quoting
+
+2011-01-29 20:15 arthur
+
+ * [r1367] man/nslcd.conf.5.xml, nslcd/cfg.c, nslcd/common.c,
+ nslcd/common.h, nslcd/pam.c: implement a fqdn variable that can
+ be used inside pam_authz_search filters
+
+2011-01-23 20:59 arthur
+
+ * [r1366] man/nslcd.conf.5.xml: name pam_check_service_attr and
+ pam_check_host_attr options in manual page and indicate how
+ pam_authz_search replaces them
+
+2011-01-05 19:39 arthur
+
+ * [r1365] AUTHORS, HACKING, configure.ac, debian/copyright,
+ nss/Makefile.am, nss/bsdnss.c, nss/exports.freebsd,
+ nss/prototypes.h: add FreeBSD support, partially imported from
+ the FreeBSD port (thanks to Jacques Vidrine, Artem Kazakov and
+ Alexander V. Chernikov)
+
+2011-01-01 14:46 arthur
+
+ * [r1364] nss/Makefile.am: put solnss.c under
+ EXTRA_nss_ldap_so_SOURCES
+
+2011-01-01 14:25 arthur
+
+ * [r1363] man/nslcd.8.xml, man/nslcd.conf.5.xml,
+ man/pam_ldap.8.xml: add ids to options so we can more easily
+ reference them from elsewhere (especially useful for generated
+ HTML)
+
+2011-01-01 14:12 arthur
+
+ * [r1362] nslcd/myldap.c: include definition of rc in all code
+ paths because it's used most of the time
+
+2011-01-01 14:10 arthur
+
+ * [r1361] configure.ac: fix quoting of NSS_MODULE_OBJS expression
+ to one that is supported by more shells
+
+2011-01-01 14:07 arthur
+
+ * [r1360] nss/Makefile.am: ensure that solnss.c ends up in tarball
+
+2010-12-30 21:28 arthur
+
+ * [r1358] ChangeLog, NEWS, TODO, configure.ac, debian/changelog,
+ man/nslcd.8.xml, man/nslcd.conf.5.xml, man/pam_ldap.8.xml: get
+ files ready for 0.8.0 release
+
2010-12-30 16:43 arthur
* [r1357] README, debian/copyright: update copyright information
Modified: nss-pam-ldapd/NEWS
==============================================================================
--- nss-pam-ldapd/NEWS Thu Mar 10 21:35:32 2011 (r1384)
+++ nss-pam-ldapd/NEWS Thu Mar 10 22:45:14 2011 (r1385)
@@ -1,3 +1,21 @@
+changes from 0.8.0 to 0.8.1
+---------------------------
+
+* SECURITY FIX: the PAM module will allow authentication for users that do not
+ exist in LDAP, this allows login to local users with an
+ incorrect password (CVE-2011-0438)
+ the explotability of the problem depends on the details of the
+ PAM stack and the use of the minimum_uid PAM option
+* include a file that was missing for Solaris support
+* add FreeBSD support, partially imported from the FreeBSD port (thanks to
+ Jacques Vidrine, Artem Kazakov and Alexander V. Chernikov)
+* document how to replace name pam_check_service_attr and pam_check_host_attr
+ options in PADL's pam_ldap with with pam_authz_search in nss-pam-ldapd
+* implement a fqdn variable that can be used in pam_authz_search filters
+* create the directory to hold the socket and pidfile on startup
+* implement host, network and netgroup support in pynslcd
+
+
changes from 0.7.13 to 0.8.0
----------------------------
Modified: nss-pam-ldapd/TODO
==============================================================================
--- nss-pam-ldapd/TODO Thu Mar 10 21:35:32 2011 (r1384)
+++ nss-pam-ldapd/TODO Thu Mar 10 22:45:14 2011 (r1385)
@@ -24,7 +24,6 @@
(perhaps even extend the filtering to other data)
* implement requesting and handling password policy information when binding
as a user
-* integrate the FreeBSD code
* implement nested groups
* implement other services in nslcd: sudo and autofs are candidates
* restart unscd on postinst, just like nscd (or perhaps do nscd -i <MAP>)
@@ -32,3 +31,5 @@
* properly test Solaris support
* fix buffer handling in read_**string() functions (Solaris support)
* complete pynslcd implementation
+* in nslcd/pam.c check shadow properties if present
+* write test cases for the PAM code
Modified: nss-pam-ldapd/configure.ac
==============================================================================
--- nss-pam-ldapd/configure.ac Thu Mar 10 21:35:32 2011 (r1384)
+++ nss-pam-ldapd/configure.ac Thu Mar 10 22:45:14 2011 (r1385)
@@ -23,7 +23,7 @@
AC_COPYRIGHT(
[Copyright (C) 2006 Luke Howard
Copyright (C) 2006 West Consulting
-Copyright (C) 2006, 2007, 2008, 2009, 2010 Arthur de Jong
+Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011 Arthur de Jong
This configure script is derived from configure.ac which is free software;
you can redistribute it and/or modify it under the terms of the GNU Lesser
@@ -33,10 +33,10 @@
# initialize and set version and bugreport address
AC_INIT([nss-pam-ldapd],
- [0.8.0],
+ [0.8.1],
[nss-pam-ldapd-users@lists.arthurdejong.org],,
[http://arthurdejong.org/nss-pam-ldapd/])
-RELEASE_MONTH="Dec 2010"
+RELEASE_MONTH="Mar 2011"
AC_SUBST(RELEASE_MONTH)
AC_CONFIG_SRCDIR([nslcd.h])
Modified: nss-pam-ldapd/debian/changelog
==============================================================================
--- nss-pam-ldapd/debian/changelog Thu Mar 10 21:35:32 2011 (r1384)
+++ nss-pam-ldapd/debian/changelog Thu Mar 10 22:45:14 2011 (r1385)
@@ -1,3 +1,21 @@
+nss-pam-ldapd (0.8.1) experimental; urgency=low
+
+ * SECURITY FIX: the PAM module will allow authentication for users that do
+ not exist in LDAP, this allows login to local users with an
+ incorrect password (CVE-2011-0438)
+ the explotability of the problem depends on the details of
+ the PAM stack and the use of the minimum_uid PAM option
+ * add FreeBSD support, partially imported from the FreeBSD port (thanks to
+ Jacques Vidrine, Artem Kazakov and Alexander V. Chernikov)
+ * document how to replace name pam_check_service_attr and
+ pam_check_host_attr options in PADL's pam_ldap with with pam_authz_search
+ in nss-pam-ldapd (closes: #610925)
+ * implement a fqdn variable that can be used in pam_authz_search filters
+ * create the directory to hold the socket and pidfile on startup
+ * implement host, network and netgroup support in pynslcd
+
+ -- Arthur de Jong <adejong@debian.org> Thu, 10 Mar 2011 22:00:00 +0100
+
nss-pam-ldapd (0.8.0) experimental; urgency=low
* include Solaris support developed by Ted C. Cheng of Symas Corporation
Modified: nss-pam-ldapd/man/nslcd.8.xml
==============================================================================
--- nss-pam-ldapd/man/nslcd.8.xml Thu Mar 10 21:35:32 2011 (r1384)
+++ nss-pam-ldapd/man/nslcd.8.xml Thu Mar 10 22:45:14 2011 (r1385)
@@ -6,7 +6,7 @@
nslcd.8.xml - docbook manual page for nslcd
Copyright (C) 2006 West Consulting
- Copyright (C) 2006, 2007, 2008, 2009, 2010 Arthur de Jong
+ Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011 Arthur de Jong
This library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
@@ -36,9 +36,9 @@
<refmeta>
<refentrytitle>nslcd</refentrytitle>
<manvolnum>8</manvolnum>
- <refmiscinfo class="version">Version 0.8.0</refmiscinfo>
+ <refmiscinfo class="version">Version 0.8.1</refmiscinfo>
<refmiscinfo class="manual">System Manager's Manual</refmiscinfo>
- <refmiscinfo class="date">Dec 2010</refmiscinfo>
+ <refmiscinfo class="date">Mar 2011</refmiscinfo>
</refmeta>
<refnamediv id="name">
Modified: nss-pam-ldapd/man/nslcd.conf.5.xml
==============================================================================
--- nss-pam-ldapd/man/nslcd.conf.5.xml Thu Mar 10 21:35:32 2011 (r1384)
+++ nss-pam-ldapd/man/nslcd.conf.5.xml Thu Mar 10 22:45:14 2011 (r1385)
@@ -6,7 +6,7 @@
nslcd.conf.5.xml - docbook manual page for nslcd.conf
Copyright (C) 1997-2005 Luke Howard
- Copyright (C) 2007, 2008, 2009, 2010 Arthur de Jong
+ Copyright (C) 2007, 2008, 2009, 2010, 2011 Arthur de Jong
This library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
@@ -36,9 +36,9 @@
<refmeta>
<refentrytitle>nslcd.conf</refentrytitle>
<manvolnum>5</manvolnum>
- <refmiscinfo class="version">Version 0.8.0</refmiscinfo>
+ <refmiscinfo class="version">Version 0.8.1</refmiscinfo>
<refmiscinfo class="manual">System Manager's Manual</refmiscinfo>
- <refmiscinfo class="date">Dec 2010</refmiscinfo>
+ <refmiscinfo class="date">Mar 2011</refmiscinfo>
</refmeta>
<refnamediv id="name">
Modified: nss-pam-ldapd/man/pam_ldap.8.xml
==============================================================================
--- nss-pam-ldapd/man/pam_ldap.8.xml Thu Mar 10 21:35:32 2011 (r1384)
+++ nss-pam-ldapd/man/pam_ldap.8.xml Thu Mar 10 22:45:14 2011 (r1385)
@@ -5,7 +5,7 @@
<!--
pam_ldap.8.xml - docbook manual page for pam_ldap PAM module
- Copyright (C) 2009, 2010 Arthur de Jong
+ Copyright (C) 2009, 2010, 2011 Arthur de Jong
This library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
@@ -35,9 +35,9 @@
<refmeta>
<refentrytitle>pam_ldap</refentrytitle>
<manvolnum>8</manvolnum>
- <refmiscinfo class="version">Version 0.8.0</refmiscinfo>
+ <refmiscinfo class="version">Version 0.8.1</refmiscinfo>
<refmiscinfo class="manual">System Manager's Manual</refmiscinfo>
- <refmiscinfo class="date">Dec 2010</refmiscinfo>
+ <refmiscinfo class="date">Mar 2011</refmiscinfo>
</refmeta>
<refnamediv id="name">
--
To unsubscribe send an email to
nss-pam-ldapd-commits-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-commits
- nss-pam-ldapd commit: r1385 - in nss-pam-ldapd: . debian man,
Commits of the nss-pam-ldapd project
