get files ready for 0.6.2 release0.6.2

git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-ldapd@728 ef36b2f9-881f-0410-afb5-c4e39611909c
author: Arthur de Jong <arthur@arthurdejong.org> 2008-05-04 22:07:45 +0200
committer: Arthur de Jong <arthur@arthurdejong.org> 2008-05-04 22:07:45 +0200
commit: 1717acbdf80603435d895fde93e09ab0a7885123 (patch)
tree: f253f66d0186f8b87eadbff2b250676acdd9abaa
parent: a2e1056039435439361cd396c30e8b5597cfc011 (diff)
7 files changed, 380 insertions, 13 deletions
diff --git a/ChangeLog b/ChangeLog
index 00b4e6f..cac95b3 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,305 @@
+2008-05-04 15:47  arthur
+
+	* [r727] HACKING, README: some documentation cleanups and updates
+
+2008-05-04 12:06  arthur
+
+	* [r726] tests/test_nslcd_group.c: add some tests for
+	  isvalidgroupname()
+
+2008-05-04 10:15  arthur
+
+	* [r725] man/nss-ldapd.conf.5.xml, nslcd/cfg.c, nslcd/cfg.h,
+	  nslcd/nslcd.c: make number of threads configurable with the
+	  threads keyword
+
+2008-05-04 09:39  arthur
+
+	* [r724] nslcd/myldap.h: add reference to note about
+	  thread-safeness of OpenLDAP
+
+2008-05-04 09:38  arthur
+
+	* [r723] nslcd/nslcd.c: fix copyright year
+
+2008-05-03 15:30  arthur
+
+	* [r722] nslcd/passwd.c: implement a cache for dn2uid() lookups
+	  that saves some time doing LDAP searches for groups with a lot of
+	  members, based on a patch by Petter Reinholdtsen
+	  <pere@hungry.com>
+
+2008-05-03 12:04  arthur
+
+	* [r721] debian/libnss-ldapd.nslcd.init: add soft dependency on
+	  slapd, simplify network and file system dependencies and add
+	  reverse dependencies on some common daemons that may want to do
+	  NSS lookups
+
+2008-05-02 20:52  arthur
+
+	* [r720] nss/netgroup.c, nss/prototypes.h: remove checking for
+	  first entry and always return NSS_STATUS_RETURN when no more data
+	  is available in the netgroup (this has the side effect of not
+	  returning NSS_STATUS_NOTFOUND for non-existing netgroups but
+	  seems to be what other NSS modules do) to properly handle empty
+	  netgroups
+
+2008-05-02 15:57  arthur
+
+	* [r719] tests, tests/Makefile.am, tests/test_nslcd_group.c: add
+	  file for testing nslcd/group.c
+
+2008-05-02 15:55  arthur
+
+	* [r718] tests/Makefile.am: don't even compile the test programs on
+	  make check
+
+2008-05-02 15:39  arthur
+
+	* [r717] tests/Makefile.am: don't compile test code on every build
+	  and fix LDADD lists to include correct objects
+
+2008-05-02 14:53  arthur
+
+	* [r716] nslcd/cfg.c, nslcd/cfg.h, nslcd/myldap.c: only support
+	  tls-related options if LDAP library supports TLS, only add rebind
+	  code if ldap_set_rebind_proc() is found and only set
+	  LDAP_X_OPT_CONNECT_TIMEOUT if that option is supported
+
+2008-05-01 07:26  arthur
+
+	* [r715] nslcd/myldap.c: support ranged attribute values
+
+2008-05-01 06:32  arthur
+
+	* [r714] nss/common.h: fix comment of return value of
+	  NSS_STATUS_TRYAGAIN
+
+2008-05-01 06:25  arthur
+
+	* [r713] tests/test_myldap.c: fix a warning
+
+2008-05-01 06:22  arthur
+
+	* [r712] tests/test_myldap.c: ensure that filter_get_var() and
+	  filter_get_var() return non-NULL to enable parsing of config file
+	  with attribute mapping and filter settings and use base from
+	  config file
+
+2008-04-29 20:03  arthur
+
+	* [r711] man/nss-ldapd.conf.5.xml: make language about pagesize
+	  option a little clearer
+
+2008-04-27 21:15  arthur
+
+	* [r710] nslcd/cfg.c: support the case where an attribute mapping
+	  variable is NULL
+
+2008-04-26 14:19  arthur
+
+	* [r709] nslcd/myldap.c: also close the LDAP connection on
+	  LDAP_SERVER_DOWN (besides LDAP_UNAVAILABLE)
+
+2008-04-26 13:48  arthur
+
+	* [r708] man/nss-ldapd.conf.5.xml, nss/common.c: increase time out
+	  values because now nslcd will error out more quickly if the LDAP
+	  server is known to be unavailable
+
+2008-04-26 13:46  arthur
+
+	* [r707] nslcd/nslcd.c: spelling fix in comment
+
+2008-04-26 13:46  arthur
+
+	* [r706] man/nss-ldapd.conf.5.xml: some spelling fixes and a
+	  clarification of the retry mechanism
+
+2008-04-26 13:20  arthur
+
+	* [r705] nslcd/cfg.c: fix log message of incorrect map statement
+
+2008-04-26 13:16  arthur
+
+	* [r704] nslcd/passwd.c: make log message a little more descriptive
+
+2008-04-26 13:16  arthur
+
+	* [r703] configure.ac: fix quote in comment
+
+2008-04-26 13:13  arthur
+
+	* [r702] nslcd/myldap.c: ensure that the connection to the LDAP
+	  server is closed whenever any of the ldap_*() functions return
+	  LDAP_UNAVAILABLE
+
+2008-04-25 16:40  arthur
+
+	* [r701] man/nss-ldapd.conf.5.xml, nslcd/cfg.c, nslcd/cfg.h,
+	  nslcd/myldap.c, tests/nss-ldapd-test.conf, tests/test_cfg.c,
+	  tests/test_myldap.c: implement new timing mechanism for retries
+	  to quickly fail lookups to LDAP server that have been failing for
+	  some time, removing the reconnect_tries option and giving
+	  reconnect_sleeptime and reconnect_maxsleeptime options a new
+	  meaning
+
+2008-04-25 16:38  arthur
+
+	* [r700] tests/test_myldap.c: include missing include
+
+2008-04-25 16:37  arthur
+
+	* [r699] tests/test_myldap.c: ignore SIGPIPE in myldap tests
+
+2008-04-25 16:36  arthur
+
+	* [r698] tests/test_myldap.c: fix assert to be test instead of
+	  assignment
+
+2008-04-25 15:38  arthur
+
+	* [r697] tests/test_myldap.c, tests/test_myldap.sh: have the binary
+	  look up the file name and only use the shell script wrapper to
+	  determine if LDAP server is available
+
+2008-04-25 12:19  arthur
+
+	* [r696] compat/ether.h: fix typos in references to
+	  HAVE_ETHER_NTOA_R and HAVE_ETHER_ATON_R macros
+
+2008-04-23 20:53  arthur
+
+	* [r695] tests/test_nsscmds.sh: fix order of members in group in
+	  tests because of new hashing dict (maybe we should fix the script
+	  instead to always sort members properly)
+
+2008-04-23 20:50  arthur
+
+	* [r694] common/dict.c: fix problem where first item in the
+	  hashtable could be returned twice while looping
+
+2008-04-23 20:44  arthur
+
+	* [r693] tests/test_dict.c: add test for problem with duplicate
+	  entries being returned while looping over results
+
+2008-04-23 20:22  arthur
+
+	* [r692] nslcd/passwd.c: don't issue warning when
+	  myldap_get_entry() returns NULL and LDAP_SUCCESS
+
+2008-04-21 18:22  arthur
+
+	* [r691] common/dict.c: allocate room for key string just after
+	  entry to save on calls to malloc() and make it simpler
+
+2008-04-20 20:01  arthur
+
+	* [r690] nslcd/group.c, nslcd/passwd.c: fix tests for valid user
+	  and group names
+
+2008-04-20 19:50  arthur
+
+	* [r689] nslcd/common.h, nslcd/group.c, nslcd/passwd.c: add checks
+	  for valid user and group names in incoming requests and for data
+	  returned from LDAP
+
+2008-04-20 19:43  arthur
+
+	* [r688] nslcd/group.c: only support uniqueMember containing DN
+	  values
+
+2008-04-20 14:09  arthur
+
+	* [r687] nslcd/group.c: fix warning message to not refer to alias
+
+2008-04-20 14:07  arthur
+
+	* [r686] nslcd/myldap.c: make warning message more verbose, fix
+	  comment and don't try to store empty results
+
+2008-04-19 20:29  arthur
+
+	* [r685] debian/libnss-ldapd.config: only guess the searchbase if
+	  the value doesn't seem to be preseeded (based on a patch by
+	  Petter Reinholdtsen <pere@hungry.com>)
+
+2008-04-19 20:27  arthur
+
+	* [r684] common/dict.c: fix wrapping and indenting of comments
+
+2008-04-19 11:04  arthur
+
+	* [r683] nslcd/group.c: correctly call set_free() instead of free()
+
+2008-04-19 10:38  arthur
+
+	* [r682] nslcd/group.c: use the new set data structure to gather
+	  the group members
+
+2008-04-19 10:26  arthur
+
+	* [r681] common/Makefile.am, common/set.c, common/set.h, tests,
+	  tests/Makefile.am, tests/test_set.c: implement a set that uses
+	  the dict module as back-end
+
+2008-04-19 10:22  arthur
+
+	* [r680] common/dict.c: implement new dict module that uses a
+	  hashtable which is around 40 times faster for large (around 2000)
+	  entries but with around 40% more memory used
+
+2008-04-19 09:33  arthur
+
+	* [r679] tests/Makefile.am, tests/test_dict.c, tests/usernames.txt:
+	  some new tests for the dictionary module
+
+2008-04-19 06:07  arthur
+
+	* [r678] nslcd/passwd.c: add test for emtpy DN
+
+2008-04-18 19:57  arthur
+
+	* [r677] nslcd/myldap.c: instead of using the dict module to build
+	  a cache just store the values in an fixed-sized array because no
+	  more than 9 attributes are currently retrieved from an entry and
+	  we never retrieve the same value more than once (so the cache is
+	  useless)
+
+2008-04-17 21:37  arthur
+
+	* [r676] common/dict.h: add note about freed values
+
+2008-04-17 21:12  arthur
+
+	* [r675] common/dict.c, common/dict.h, nslcd/myldap.c,
+	  tests/test_dict.c: change dict_values_first() and
+	  dict_values_next() into dict_loop_first() and dict_loop_next() to
+	  have a looping mechanism over keys and values
+
+2008-04-13 13:20  arthur
+
+	* [r674] tests/nss-ldapd-test.conf: remote hopefully last reference
+	  to rootbind{dn,pw}
+
+2008-04-06 20:35  arthur
+
+	* [r673] nslcd/common.h: return values of dn2uid() and uid2dn()
+	  should always be used
+
+2008-04-06 20:31  arthur
+
+	* [r672] nslcd/group.c: properly handle the case where dn2uid()
+	  couldn't do a DN->uid lookup
+
+2008-04-06 11:18  arthur
+
+	* [r670] ChangeLog, NEWS, TODO, configure.ac, debian/changelog,
+	  man/nslcd.8.xml, man/nss-ldapd.conf.5.xml: get files ready for
+	  0.6.1 release
+
 2008-04-06 10:50  arthur
 
 	* [r669] config.guess, config.sub: include updated files
diff --git a/NEWS b/NEWS
index 44f1911..8e43d2c 100644
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,34 @@
+changes form 0.6.1 to 0.6.2
+---------------------------
+
+* all user and group names are now checked for validity are specified in the
+  POSIX Portable Filename Character Set
+* support retrieval of ranged attribute values as sometimes returned by Active
+  Directory
+* added the threads keyword to configure the number of threads that should be
+  started in nslcd
+* handle empty netgroups properly
+* change the time out and retry mechanism for connecting to the LDAP server to
+  return an error quickly if the LDAP server is known to be unavailable for a
+  long time (this removed the reconnect_tries option and changes the meaning
+  of the reconnect_sleeptime and reconnect_maxsleeptime options)
+* increased the time out values between the NSS module and nslcd because of
+  new retry mechanism
+* implement new dict and set modules that use a hashtable to map keys
+  efficiently
+* use the new set to store group membership to simplify memory management and
+  eliminate duplicate members
+* the uniqueMember attribute now only supports DN values
+* implement a cache for DN to user name lookups (15 minute timeout) used for
+  the uniqueMember attribute to save on doing LDAP searches for groups with a
+  lot of members, based on a patch by Petter Reinholdtsen
+* improvements to the tests
+* if any of the ldap calls return LDAP_UNAVAILABLE or LDAP_SERVER_DOWN the
+  connection is closed
+* improve dependencies in LSB init script header to improve dependency based
+  booting
+
+
 changes from 0.6 to 0.6.1
 -------------------------
 
diff --git a/TODO b/TODO
index df2bdc9..0743adc 100644
--- a/TODO
+++ b/TODO
@@ -1,13 +1,11 @@
 probably before we can call this stable
 ---------------------------------------
 * fix usage of strerror() as it is not thread safe
-* error out quickly when the LDAP server is down
 * fix race condition when setting signal mask in common/tio.c
   (using pthread_sigmask() adds a dependency on the pthread library,
   we should probably just do locking)
 * find problem with reachability of LDAP server
 * find out why HAVE_GSSPAI is not always set to what configure outputs
-* do not use LDAP_DEPRECATED enabled functions
 * have the daemon run under a special uid/gid
 
 other items
@@ -27,8 +25,6 @@ other items
   by different sessions (sessions need to be cleaned up)
 * add sanity checking code (e.g. not too large buffer allocation and checking
   that host, user, etc do not contain funky characters) in all server modules
-* implement running under a different uid/gid (maybe chroot jail)
-* include a generic init script
 * log some statistics: "passwd=100 shadow=10 host=20 rpc=10" (10 req/minute)
 * in the server: once the request is done pass the flushing of the buffers to
   a separate thread so our workers are available to handle new requests
@@ -41,7 +37,6 @@ other items
   periodically from elsewhere (e.g. the main loop)
 * add an option to create an extra socket somewhere (so it may be used with
   chroot jails)
-* make number of threads/connections configurable in config
 * make I/O timeout between NSS lib and daemon configurable with configure
 * ethers: also look in ipHostNumber attribute to look up an IPv4 (IPv6)
   address and return it as an alternative entry
@@ -54,7 +49,11 @@ other items
   the requested value (they can differ in case)
 * test non-ASCII characters in fields (mostly cn)
 * implement attribute defaults (for when they're missing from the directory)
-* implement attribute overrides (to always return a specific value, not matter what the directory says)
-* see if we can use LD_LIBRARY_PATH to run our tests in so we don't need to install NSS library in system path
+* implement attribute overrides (to always return a specific value, no matter
+  what the directory says)
+* see if we can use LD_LIBRARY_PATH to run our tests in so we don't need to
+  install NSS library in system path
 * only parse configuration options if they are available on the platform
 * have some more general mechanism to disable NSS module in nslcd
+* do not use LDAP_DEPRECATED enabled functions
+* support searchbase autodetection
diff --git a/configure.ac b/configure.ac
index 5e2c43d..e263c29 100644
--- a/configure.ac
+++ b/configure.ac
@@ -32,8 +32,8 @@ version 2.1 of the License, or (at your option) any later version. See the
 configure.ac file for more details.])
 
 # initialize and set version and bugreport address
-AC_INIT([nss-ldapd],[0.6.1],[arthur@ch.tudelft.nl])
-RELEASE_MONTH="Apr 2008"
+AC_INIT([nss-ldapd],[0.6.2],[arthur@ch.tudelft.nl])
+RELEASE_MONTH="May 2008"
 AC_SUBST(RELEASE_MONTH)
 AC_CONFIG_SRCDIR([nslcd.h])
 
diff --git a/debian/changelog b/debian/changelog
index 3bba2fc..9bc64bc 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,38 @@
+nss-ldapd (0.6.2) unstable; urgency=low
+
+  * all user and group names are now checked for validity are specified in the
+    POSIX Portable Filename Character Set
+  * support retrieval of ranged attribute values as sometimes returned by
+    Active Directory (closes: #476454)
+  * added the threads keyword to configure the number of threads that should
+    be started in nslcd
+  * handle empty netgroups properly (closes: #478764)
+  * change the time out and retry mechanism for connecting to the LDAP server
+    to return an error quickly if the LDAP server is known to be unavailable
+    for a long time (this removed the reconnect_tries option and changes the
+    meaning of the reconnect_sleeptime and reconnect_maxsleeptime options)
+    (closes: #474174)
+  * increased the time out values between the NSS module and nslcd because of
+    new retry mechanism
+  * implement new dict and set modules that use a hashtable to map keys
+    efficiently
+  * use the new set to store group membership to simplify memory management
+    and eliminate duplicate members (closes: #474218)
+  * the uniqueMember attribute now only supports DN values
+  * implement a cache for DN to user name lookups (15 minute timeout) used for
+    the uniqueMember attribute to save on doing LDAP searches for groups with
+    a lot of members, based on a patch by Petter Reinholdtsen
+    (closes: #478267)
+  * only guess default search base in package configuration if the value
+    doesn't seem to be preseeded (closes: #475830)
+  * improvements to the tests
+  * if any of the ldap calls return LDAP_UNAVAILABLE or LDAP_SERVER_DOWN the
+    connection is closed
+  * improve dependencies in LSB init script header to improve dependency based
+    booting (closes: #478807)
+
+ -- Arthur de Jong <adejong@debian.org>  Sun, 04 May 2008 14:30:00 +0200
+
 nss-ldapd (0.6.1) unstable; urgency=low
 
   * new release (closes: #474232)
diff --git a/man/nslcd.8.xml b/man/nslcd.8.xml
index af50b12..06b4711 100644
--- a/man/nslcd.8.xml
+++ b/man/nslcd.8.xml
@@ -36,9 +36,9 @@
  <refmeta>
   <refentrytitle>nslcd</refentrytitle>
   <manvolnum>8</manvolnum>
-  <refmiscinfo class="version">Version 0.6.1</refmiscinfo>
+  <refmiscinfo class="version">Version 0.6.2</refmiscinfo>
   <refmiscinfo class="manual">System Manager's Manual</refmiscinfo>
-  <refmiscinfo class="date">Apr 2008</refmiscinfo>
+  <refmiscinfo class="date">May 2008</refmiscinfo>
  </refmeta>
 
  <refnamediv id="name">
diff --git a/man/nss-ldapd.conf.5.xml b/man/nss-ldapd.conf.5.xml
index 2b9343e..9eaa41c 100644
--- a/man/nss-ldapd.conf.5.xml
+++ b/man/nss-ldapd.conf.5.xml
@@ -36,9 +36,9 @@
  <refmeta>
   <refentrytitle>nss-ldapd.conf</refentrytitle>
   <manvolnum>5</manvolnum>
-  <refmiscinfo class="version">Version 0.6.1</refmiscinfo>
+  <refmiscinfo class="version">Version 0.6.2</refmiscinfo>
   <refmiscinfo class="manual">System Manager's Manual</refmiscinfo>
-  <refmiscinfo class="date">Apr 2008</refmiscinfo>
+  <refmiscinfo class="date">May 2008</refmiscinfo>
  </refmeta>
 
  <refnamediv id="name">
author	Arthur de Jong <arthur@arthurdejong.org>	2008-05-04 22:07:45 +0200
committer	Arthur de Jong <arthur@arthurdejong.org>	2008-05-04 22:07:45 +0200
commit	1717acbdf80603435d895fde93e09ab0a7885123 (patch)
tree	f253f66d0186f8b87eadbff2b250676acdd9abaa
parent	a2e1056039435439361cd396c30e8b5597cfc011 (diff)