diff options
| author | Arthur de Jong <arthur@arthurdejong.org> | 2008-06-15 15:43:41 +0200 |
|---|---|---|
| committer | Arthur de Jong <arthur@arthurdejong.org> | 2008-06-15 15:43:41 +0200 |
| commit | 9ea3c9677f2b3c7718d016fa22cc2af775aecfed (patch) | |
| tree | e6534d1a0d579efb429c38df280fcd2706ff51dc | |
| parent | 52ff94bdd89425aca68c28d12512ec72b0986e2f (diff) | |
get files ready for 0.6.3 release0.6.3
git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-ldapd@767 ef36b2f9-881f-0410-afb5-c4e39611909c
| -rw-r--r-- | ChangeLog | 191 | ||||
| -rw-r--r-- | NEWS | 22 | ||||
| -rw-r--r-- | TODO | 19 | ||||
| -rw-r--r-- | configure.ac | 4 | ||||
| -rw-r--r-- | debian/changelog | 29 | ||||
| -rw-r--r-- | man/nslcd.8.xml | 4 | ||||
| -rw-r--r-- | man/nss-ldapd.conf.5.xml | 4 |
7 files changed, 255 insertions, 18 deletions
@@ -1,3 +1,194 @@ +2008-06-15 13:01 arthur + + * [r764] debian/libnss-ldapd.nslcd.init: create /var/run/nslcd + directory with owner nslcd:nslcd by default so nslcd can remove + socket and pidfile at exit + +2008-06-15 12:39 arthur + + * [r763] nslcd/nslcd.c: give pidfile and socket creation functions + more logical names + +2008-06-14 11:31 arthur + + * [r762] AUTHORS, configure.ac, man/nss-ldapd.conf.5.xml, + nslcd/cfg.c, nslcd/cfg.h, nslcd/myldap.c: implement SASL + authentication based on a patch by Dan White <dwhite@olp.net> + +2008-06-14 11:28 arthur + + * [r761] man/nss-ldapd.conf.5.xml: make formatting of manual page + options consistent + +2008-06-13 21:04 arthur + + * [r760] tests, tests/Makefile.am, tests/test_common.c: add some + very basic tests for the isvalidname() function + +2008-06-13 20:55 arthur + + * [r759] nslcd/common.c, nslcd/common.h, nslcd/group.c, + nslcd/passwd.c: combine isvalidusername() and isvalidgroupname() + into isvalidname() because they are similar enough and we just + want to check to see if it is a reasonable name (e.g. not a DN) + +2008-06-12 21:38 arthur + + * [r758] common/tio.c: restore the old writing code which masks + SIGPIPE on platforms that can't use send() + +2008-06-12 21:29 arthur + + * [r757] nslcd/cfg.c: don't perform SSL/TLS sanity checks if it + isn't available on the platform + +2008-06-12 21:22 arthur + + * [r756] tests: ignore test_getpeercred + +2008-06-11 19:32 arthur + + * [r755] tests: ignore core files + +2008-06-11 19:31 arthur + + * [r754] tests/test_getpeercred.c: remove test socket at end of + test + +2008-06-06 21:55 arthur + + * [r753] compat/getpeercred.c: use the cr_ prefix when getting a + xucred struct (needed for kfreebsd) + +2008-06-06 21:51 arthur + + * [r752] tests/Makefile.am, tests/test_getpeercred.c: implement a + very basic test for getpeercred() + +2008-06-06 18:27 arthur + + * [r751] nslcd/cfg.c: remove warning on using ssl option + +2008-06-06 18:22 arthur + + * [r750] nslcd/cfg.c: check that all URLs start with https:// if + "ssl on" is specified + +2008-06-06 18:14 arthur + + * [r749] nslcd/myldap.c: also set TLS options if an ldaps:// URL is + specified + +2008-06-06 17:27 arthur + + * [r748] debian/control: add dependency on adduser as required by + the previous commit + +2008-06-06 17:16 arthur + + * [r747] debian/libnss-ldapd.postinst: create a nslcd user in + postinst and ensure that it is used by default + +2008-06-06 15:53 arthur + + * [r746] man/nss-ldapd.conf.5.xml: add uid and gid options to + manual page + +2008-06-06 15:47 arthur + + * [r745] nslcd/cfg.c, nslcd/cfg.h, nslcd/nslcd.c: add uid and gid + configuration keywords that set the user id and group id of the + running nslcd process + +2008-06-06 14:19 arthur + + * [r744] nslcd/nslcd.c: environ is defined in unistd.h + +2008-06-06 14:18 arthur + + * [r743] nslcd/nslcd.c, nss/common.c: increase write buffer size in + nslcd to free up threads earlier and increase timeout for nslcd + to nss communication to one minute (at both places) + +2008-06-06 14:06 arthur + + * [r742] common/dict.c, compat/ether.c, nslcd/group.c, + nslcd/myldap.c, nslcd/passwd.c, tests/test_tio.c: miscellaneous + portability improvements + +2008-05-18 15:03 arthur + + * [r741] TODO: from a review of glibc 2.3.6 code it shows that + strerror() is only non-threadsafe in some verly unlikely + circumstances + +2008-05-17 08:34 arthur + + * [r740] common/tio.c: use send() with a flag to ignore SIGPIPE + instead of write() so we don't have to muck with signal handlers + +2008-05-16 21:41 arthur + + * [r739] nslcd/log.c, nslcd/log.h, nslcd/nslcd.c: include a random + string in every log message to be able to group log messages for + a single request + +2008-05-16 16:24 arthur + + * [r738] common/tio.c, nslcd/myldap.c: add sanity checks to sleep + calls to never sleep too long (problems could occur when the + clock moves backwards) + +2008-05-16 15:38 arthur + + * [r737] nss/group.c: remove comment about limitation that has now + been removed + +2008-05-16 15:34 arthur + + * [r736] nss/common.c: grow the read buffer maximum size to 2Mbyte + to allow for groups with about 150000 members maximum + +2008-05-15 19:26 arthur + + * [r735] README: add some documentation on supported group to + member mappings + +2008-05-15 19:08 arthur + + * [r734] nslcd/myldap.h: improve documentation for + myldap_get_rdn_value() function + +2008-05-11 14:41 arthur + + * [r733] nslcd/myldap.c: close the connection and retry the search + (once) if the search fails with the first call to + myldap_get_entry() (starting a search doesn't always give an + error when the connection has been broken) + +2008-05-11 14:36 arthur + + * [r732] nslcd/myldap.c: split retry mechanism of myldap_search() + into a new do_retry_search() function + +2008-05-11 14:29 arthur + + * [r731] nslcd/myldap.c: allocate the search memory region in + myldap_search() instead of in do_try_search() and have the latter + return an LDAP status code + +2008-05-11 13:28 arthur + + * [r730] nslcd/myldap.c: also allow closing of searches that no + longer have a valid connection and integrate myldap_search_free() + into myldap_search_close() + +2008-05-04 20:07 arthur + + * [r728] ChangeLog, NEWS, TODO, configure.ac, debian/changelog, + man/nslcd.8.xml, man/nss-ldapd.conf.5.xml: get files ready for + 0.6.2 release + 2008-05-04 15:47 arthur * [r727] HACKING, README: some documentation cleanups and updates @@ -1,3 +1,25 @@ +changes form 0.6.2 to 0.6.3 +--------------------------- + +* retry connection and search if getting results failed with connection + problems (some errors only occur when getting the results, not when starting + the search) +* add support for groups with up to around 150000 members (assuming user names + on average are a little under 10 characters) +* problem with possible SIGPIPE race condition was fixed by using send() + instead of write() +* add uid and gid configuration keywords that set the user and group of the + nslcd daemon +* add some documentation on supported group to member mappings +* add sanity checking to code for when clock moves backward +* log messages now include a session id that makes it easier to track errors + to requests (especially useful in debugging mode) +* miscellaneous portability improvements +* increase buffers and timeouts to handle large lookups more gracefully +* implement SASL authentication based on a patch by Dan White +* allow more characters in user and group names + + changes form 0.6.1 to 0.6.2 --------------------------- @@ -1,25 +1,15 @@ probably before we can call this stable --------------------------------------- -* fix race condition when setting signal mask in common/tio.c - (using pthread_sigmask() adds a dependency on the pthread library, - we should probably just do locking) * find problem with reachability of LDAP server -* find out why HAVE_GSSPAI is not always set to what configure outputs -* have the daemon run under a special uid/gid +* do not require ssl on if ldaps:// URLs are used other items ----------- -* set up (test) connection to LDAP server before creating socket -* Debian packaging: maybe remove stuff from /etc/nsswitch.conf on remove or - purge (maybe prompt?) * probably document that you should use libpam-ldap for authentication without exposing the passwords through NSS * document test suite (instructions for setting up environment (server), LDIF file, nsswitch.conf and nss-ldapd.conf) * write more unit tests -* maybe support bootparams (check README also) -* maybe support publickey (check README also) -* maybe support netmasks (check README also) * maybe implement a connection object in the myldap module that is shared by different sessions (sessions need to be cleaned up) * add sanity checking code (e.g. not too large buffer allocation and checking @@ -54,5 +44,10 @@ other items install NSS library in system path * only parse configuration options if they are available on the platform * have some more general mechanism to disable NSS module in nslcd -* do not use LDAP_DEPRECATED enabled functions * support searchbase autodetection +* start the LDAP search and connection in myldap_get_entry() instead of + in myldap_search() +* maybe use datagram sockets for NSS/nslcd communication +* support multiple search bases +* support memberOf attribute in passwd entries that map to groups +* get tls_checkpeer working in combination with ssl on diff --git a/configure.ac b/configure.ac index f06b89c..c03a879 100644 --- a/configure.ac +++ b/configure.ac @@ -32,8 +32,8 @@ version 2.1 of the License, or (at your option) any later version. See the configure.ac file for more details.]) # initialize and set version and bugreport address -AC_INIT([nss-ldapd],[0.6.2],[arthur@ch.tudelft.nl]) -RELEASE_MONTH="May 2008" +AC_INIT([nss-ldapd],[0.6.3],[arthur@ch.tudelft.nl]) +RELEASE_MONTH="Jun 2008" AC_SUBST(RELEASE_MONTH) AC_CONFIG_SRCDIR([nslcd.h]) diff --git a/debian/changelog b/debian/changelog index 9bc64bc..cdb5503 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,32 @@ +nss-ldapd (0.6.3) unstable; urgency=low + + * retry connection and search if getting results failed with connection + problems (some errors only occur when getting the results, not when + starting the search) (closes: #474178, #484798) + * add support for groups with up to around 150000 members (assuming user + names on average are a little under 10 characters) + (closes: #481077, #479552) + * problem with possible SIGPIPE race condition was fixed by using send() + instead of write() + * add uid and gid configuration keywords that set the user and group of the + nslcd daemon + * run nslcd as user nslcd and group nslcd by default (note that this can + affect access to SSL/TLS and/or SASL files) + * add some documentation on supported group to member mappings + * add sanity checking to code for when clock moves backward + (closes: #480197) + * log messages now include a session id that makes it easier to track errors + to requests (especially useful in debugging mode) + * miscellaneous portability improvements + * increase buffers and timeouts to handle large lookups more gracefully + (further addresses #474174) + * implement SASL authentication based on a patch by Dan White + * allow more characters in user and group names + * upgrade to standards-version 3.8.0 (no changes needed) + * removed lintian override (seems to be no longer necessary) + + -- Arthur de Jong <adejong@debian.org> Sun, 15 Jun 2008 15:00:00 +0200 + nss-ldapd (0.6.2) unstable; urgency=low * all user and group names are now checked for validity are specified in the diff --git a/man/nslcd.8.xml b/man/nslcd.8.xml index 06b4711..548154f 100644 --- a/man/nslcd.8.xml +++ b/man/nslcd.8.xml @@ -36,9 +36,9 @@ <refmeta> <refentrytitle>nslcd</refentrytitle> <manvolnum>8</manvolnum> - <refmiscinfo class="version">Version 0.6.2</refmiscinfo> + <refmiscinfo class="version">Version 0.6.3</refmiscinfo> <refmiscinfo class="manual">System Manager's Manual</refmiscinfo> - <refmiscinfo class="date">May 2008</refmiscinfo> + <refmiscinfo class="date">Jun 2008</refmiscinfo> </refmeta> <refnamediv id="name"> diff --git a/man/nss-ldapd.conf.5.xml b/man/nss-ldapd.conf.5.xml index 05661aa..e90317c 100644 --- a/man/nss-ldapd.conf.5.xml +++ b/man/nss-ldapd.conf.5.xml @@ -36,9 +36,9 @@ <refmeta> <refentrytitle>nss-ldapd.conf</refentrytitle> <manvolnum>5</manvolnum> - <refmiscinfo class="version">Version 0.6.2</refmiscinfo> + <refmiscinfo class="version">Version 0.6.3</refmiscinfo> <refmiscinfo class="manual">System Manager's Manual</refmiscinfo> - <refmiscinfo class="date">May 2008</refmiscinfo> + <refmiscinfo class="date">Jun 2008</refmiscinfo> </refmeta> <refnamediv id="name"> |