RSS feed

nss-pam-ldapd annotated tag 0.9.0 created. 0.9.0

[Date Prev][Date Next] [Thread Prev][Thread Next]

nss-pam-ldapd annotated tag 0.9.0 created. 0.9.0

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "nss-pam-ldapd".

The annotated tag, 0.9.0 has been created
        at  3c9565dd454848cf99b02fbe6c0d9489f9ae4b19 (tag)
   tagging  187c626daac51ae1d6ce100930e61612650719c8 (commit)
  replaces  0.8.12
 tagged by  Arthur de Jong
        on  Fri Apr 5 16:16:18 2013 +0200

- Log -----------------------------------------------------------------
Release 0.9.0
Version: GnuPG v1.4.12 (GNU/Linux)


Arthur de Jong (160):
      ensure that values are logged as unsigned numbers
      small fix for .gitignore
      move all nsswitch-parsing related functions to nsswitch.c
      if nsswitch.conf is missing a shadow entry, fall back to checking the 
passwd mapping
      remove inline keyword (should have been removed in r1840)
      rephrase test to more clearly explain what we're testing and be a little 
more verbose
      make test even more verbose and set number of writes back at 10000 to 
avoid issues with systems with large buffers
      update microseconds when setting deadline, not seconds (thanks Julien 
      also output debugging info in test_timeout_reader test
      also test for correct value of errno on timeout and make read and write 
timeout tests consistent
      remove unneeded brackets
      merge into and generate it from configure
      switch protocol from host byte order to network byte order and switch use 
of uid_t and gid_t in the protocol to int32
      change PAM protocol to be more consistent and simpler
      make nslcd actions hexadecimal values with some structure to make 
debugging easier
      also no longer use NSS_BYINT32() in Solaris (fixes r1864)
      fix logic error (use && instead of & for logical and)
      don't process the passwd_byuid request at all for uids < nss_min_uid
      update C coding style to a more commonly used style
      update the netgroup by name request to have one result entry per netgroup 
with multiple rows within one result
      adapt Solaris netgroup lookup code
      merge NSS_BYNAME and NSS_BYINT32 into NSS_BYGEN and rename to NSS_GETONE
      move the action argument to NSLCD_HANDLE to the front
      fix typo in comment
      more comment fixes
      re-order enum values to use the same order as elsewhere
      another comment typo fix
      implement a lookup_netgroup command for systems that cannot use getent to 
list netgroups
      remove unnecessary comment
      make the way manual pages are selected for installation more maintainable
      add dependency information to regenerate
      use the newer style AM_INIT_AUTOMAKE
      remove the ldc_ prefix from struct ldap_config fields
      reorganise and rename configuration options to be in line with manual page
      remove undocumented restart configuration option
      remove deprecated use_sasl, reconnect_tries, reconnect_maxsleeptime and 
tls_checkpeer options which have been replaced some time ago
      code style fix
      fix setting restart option log message (fixes r1889)
      update pynslcd PAM protocol handling to be in line with r1865
      retry updating the lastChange attribute with the normal nslcd LDAP 
connection if the update with the user's connection failed
      log and return a diagnostic message instead of just the LDAP error on 
password change failure
      log hex values when debugging the protocol
      remove not needed define
      inline most is_valid_...() functions
      save the old password if either the authentication or the authorisation 
response is NEW_AUTHTOK_REQD
      change ethernet address formatting from FIXME to note
      update FIXMEs
      some simplifications in the current pynslcd PAM request handling
      perform search for pam_authz_search on all search bases
      do not recheck the user password in first password phase if it was stored 
in the authentication phase
      request and parse password policy controls when doing user authentication 
in pynslcd
      fix typo in comment
      drop -Wcase-qual when using --enable-warnings because it was causing too 
much noise
      fix a problem in memory handling in myldap_get_values_len() if malloc() 
would fail
      fix memory leak in myldap_get_values_len() when using ranged attributes 
(very unlikely to occur)
      check result of set_tolist() to ensure that memory allocation problems 
are logged
      have myldap_get_ranged_values() return a list of values instead of a set
      reorganise configuration file parsing code
      check whether setnetgrent() returns int or void (for FreeBSD)
      support systems without ETIME
      fix parsing of scope option in pynslcd
      support children search scope for systems that have it
      fix the way manual pages are generated and distributed
      dump full nslcd configuration at debug level on start-up
      use the AX_TLS macro to find correct thread-local storage class compiler 
      use pthreads thread-local storage as fallback mechanism if compiler 
doesn't provide a keyword for TLS
      restructure timeout calculation in tio to reduce the number of times 
gettimeofday() is called
      fix copyright year
      make checking dlsym() result a little safer
      implement a netgroup_all request
      disable pynslcd cache for now
      add an --enable-utils option to configure to build command-line utilities
      implement a getent command to query nslcd while bypassing NSS stack
      add getent.ldap(1) manual page
      archive 2012 changelog messages into a year file including the change 
from Subversion
      generate ChangeLog with git2cl
      fix docbook tag for file name
      implement functions for configuring alternative logging
      handle the log configuration option in nslcd
      handle the log configuration option in pynslcd
      document the log option
      allow names with one character in default validnames option and allow 
parentheses (taken from Fedora packages)
      clarify NSLCD_ACTION_SERVICE_* request parameter description
      extra sanity check to ensure not too many file descriptors are open
      also search for alternative macAddress representation in pynslcd
      define and export an _nss_ldap_version symbol
      log version information from the NSS module
      add missing include statement for NULL definition
      include information about when some of the options were added
      update TODO (setnetgrent() returns an error since r1874)
      move parsing to command line arguments to main body
      move update_lastchange() function from shadow to pam code
      log a more meaningful error in nslcd when trying to authenticate as 
administrator when rootpwmoddn is not set
      add some missing checks to the configure script
      pass the session along to the do_bind() function
      request and parse password policy controls when doing user authentication 
in nslcd
      provide a replacement implementation of 
ldap_parse_passwordpolicy_control() for systems that don't have it
      provide a basic replacement implementation of 
ldap_passwordpolicy_err2txt() for systems that don't have it
      return the password policy bind information via PAM
      update the trimming expressions code to follow the new coding style
      add tests for trimming expressions
      support trimming expressions with full shell glob matching in pynslcd
      document the trimming expressions in the nslcd.conf(5) manual page
      move signame() function to common.c to make it available to all modules
      implement functionality to send a cache invalidation signal to nscd
      implement parsing of the nscd_invalidate option
      start the nscd invalidator and invalidate the nscd cache after 
reconnecting to the LDAP server after failure
      document the nscd_invalidate option
      fix the description of the tio_time_remaining() function
      fix default logging configuration setting in pynslcd
      move Search class to search module
      move get_connection function to search module as Connection class as 
subclass of ReconnectLDAPObject to automatically reconnect to the LDAP server
      clean up imports and use ldap.filter.escape_filter_chars() directly
      ensure consistent naming of DN variables
      log hex value of action id to make debugging easier
      also support systems without bet_get_enum()
      only log protocol name if it is present
      small portability fix in
      guess the value for --with-pam-seclib-dir if it is not specified
      fix a few compiler warnings
      implement a lookup_shadow test command for use on systems that don't 
allow querying shadow via getent
      fix the text representation of shadow information for nscd on Solaris
      fix service request logging
      spelling fixes
      Unpack the LDIF file to make diffs clearer
      Implement support for nested groups in nslcd
      Implement support for nested groups in pynslcd
      Implement a nss_nested_groups configuration option
      Add tests for nested group functionality
      Implement support for nested groups
      Fix comment for nss_nested_groups config option
      Fix manual page generation
      Do not rely on printf() being able to print NULL strings
      Make the NSS tests dependant on the configuration of nsswitch.conf
      Also perform authentication search using LDAPSearch class
      Rename validate_request to validate
      Switch to using os.environ instead of os.putenv()
      Functionality for clearing the nscd cache in pynslcd
      Parse the nscd_invalidate option
      Start the nscd invalidator process if needed
      Detect and handle connection failure and recovery
      Implement clearing of nscd cache in pynslcd
      Build command-line utilities by default if Python is available
      Give an error when the Python interpreter is missing
      Preset default configure values consistently
      Mark unsupported pynslcd configuration options
      Fix test for absence of Python
      Rename authentication function and return connection
      Define a NSLCD_ACTION_USERMOD request
      Handle user modification requests in nslcd
      Handle user modification requests in pynslcd
      Initial version of a chsh.ldap utility
      Implement used modification functionality
      Implement password modification in pynslcd
      Update the shadowLastChange on password change in pynslcd
      Fix comment
      Ignore missing Python in initial test
      Fix docbook validation
      Include the file in the distribution
      Get files ready for 0.9.0 release

Jakub Hrozek (1):
      NSS: Return TRYAGAIN on zero-length buffer

Steve Hill (1):
      Implement a mkfilter_group_bymemberdn() function

Thorsten Glaser (1):
      allow trimming expressions with ${foo#bar} syntax in nslcd


To unsubscribe send an email to or see