Get files ready for 0.9.8 release0.9.8

author: Arthur de Jong <arthur@arthurdejong.org> 2017-06-26 12:55:26 +0200
committer: Arthur de Jong <arthur@arthurdejong.org> 2017-06-26 12:55:26 +0200
commit: 47fd03bc80d470de881c025ff934325bd7def0b5 (patch)
tree: e59f3c66c9f57d4adf0fa6edacedd534dab0d5f2
parent: 7920d85ef806cda6a37db16aff75f895cc67a3e1 (diff)
13 files changed, 313 insertions, 24 deletions
diff --git a/AUTHORS b/AUTHORS
index 38cbf45..456f6e9 100644
--- a/AUTHORS
+++ b/AUTHORS
@@ -142,3 +142,4 @@ Geoffrey McRae <gnif@xbmc.org>
 Mathieu Baeumler <mathieu.baeumler@gmail.com>
 Vasilis Tsiligiannis <vasilis.tsiligiannis@nokia.com>
 Giovanni Mascellani <mascellani@poisson.phc.unipi.it>
+Seth Wright <seth@crosse.org>
diff --git a/ChangeLog b/ChangeLog
index 6d3597c..f4e846c 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,273 @@
+2017-06-25  Arthur de Jong <arthur@arthurdejong.org>
+
+	* [7920d85] tests/test_ldapcmds.sh, tests/test_nsscmds.sh: Ignore
+	  password hashes in consistent manner
+
+	  This changes the getent and getent.ldap tests to ignore password
+	  hashes that may be present in shadow lookups in a consistent
+	  manner.
+
+	  This also adds minor compatibility improvements.
+
+2017-06-25  Arthur de Jong <arthur@arthurdejong.org>
+
+	* [65695aa] pynslcd/cfg.py, pynslcd/mypidfile.py, pynslcd/pynslcd.py:
+	  Create pidfile directory in pynslcd
+
+	  This ensures that /var/run/nslcd is created (when it does not
+	  exist) when starting pynslcd.
+
+2017-06-25  Arthur de Jong <arthur@arthurdejong.org>
+
+	* [419aab2] pynslcd/cfg.py, pynslcd/group.py, pynslcd/passwd.py:
+	  Add nss_uid_offset and nss_gid_offset to pynslcd
+
+2017-03-20  Seth Wright <seth@crosse.org>
+
+	* [5103173] man/nslcd.conf.5.xml, nslcd/cfg.c, nslcd/cfg.h,
+	  nslcd/group.c, nslcd/passwd.c: Add the ability to offset UID
+	  and GID numbers
+
+2017-06-18  Arthur de Jong <arthur@arthurdejong.org>
+
+	* [fee74d9] tests/Makefile.am, tests/test_ldapcmds.sh: Portability
+	  improvements to test_ldapcmds.sh
+
+	  This fixes an issue with the export statement in POSIX shell
+	  scripts, ensures that the commands in the output match those
+	  in the script, strips password hashes for shadow lookups (for
+	  systems without PAM where these are exposed) and only runs the
+	  tests if we enabled the utils.
+
+	  Fixes 246a1f3.
+
+2017-06-17  Arthur de Jong <arthur@arthurdejong.org>
+
+	* [5126b26] nslcd/ether.c: Use uint8_t instead of u_int8_t
+
+	  The former seems to be available on more platforms than the latter.
+
+	  Fixes be26510.
+
+2017-06-17  Arthur de Jong <arthur@arthurdejong.org>
+
+	* [fe3772f] compat/pam_compat.h: Fix HAVE_DECL_PAM_ERROR usage
+
+	  The macro is supposed to be defined to 0 (instead of undefined)
+	  if pam_info() and pam_error() are not found.
+
+	  Fixes 3d5ab89.
+
+2017-06-17  Arthur de Jong <arthur@arthurdejong.org>
+
+	* [ca62f59] nslcd/shadow.c: Also filter shadow entries by validnames
+
+2017-06-17  Arthur de Jong <arthur@arthurdejong.org>
+
+	* [e68b85a] nslcd/passwd.c, nslcd/shadow.c: Fix and clarify a
+	  few comments
+
+2017-06-16  Arthur de Jong <arthur@arthurdejong.org>
+
+	* [3d5ab89] compat/pam_compat.h, configure.ac: Fix pam_info()
+	  and pam_error() replacement
+
+	  On FreeBSD these are functions while on Linux they are macros
+	  causing them to be incorrectly replaced on FreeBSD. This resulted
+	  in a crash of the PAM module when e.g. presenting messages about
+	  password expiry.
+
+2017-06-16  Arthur de Jong <arthur@arthurdejong.org>
+
+	* [b5d1dd2] tests/Makefile.am: Clean log from test_pamcmds.expect
+
+	  This removes test_pamcmds.log that is generated by
+	  test_pamcmds.expect when running the test suite. This avoids an
+	  error in the distcheck target.
+
+2017-06-16  Arthur de Jong <arthur@arthurdejong.org>
+
+	* [246a1f3] tests/test_ldapcmds.sh: Fix running test_ldapcmds.sh
+	  during distcheck
+
+	  This ensures that Python can find both getent.py (from source
+	  directory) and constants.py (from build directory) when running
+	  the tests from the distcheck target.
+
+	  This also makes the script more similar to test_nsscmds.sh.
+
+	  Fixes 9c803d7.
+
+2017-06-15  Arthur de Jong <arthur@arthurdejong.org>
+
+	* [43862ba] : Add pam_authc_search option
+
+	  This option can be used to configure the search operation that
+	  should be performed after authentication.
+
+2017-06-15  Arthur de Jong <arthur@arthurdejong.org>
+
+	* [5141b09] man/nslcd.conf.5.xml, nslcd/pam.c: Allow skipping
+	  post-authentication search altogether
+
+2017-06-14  Arthur de Jong <arthur@arthurdejong.org>
+
+	* [0cafb08] nslcd/myldap.c, nslcd/myldap.h, nslcd/pam.c,
+	  nslcd/usermod.c: Implement myldap_bind() function
+
+	  This function integrates the myldap_set_credentials() and
+	  myldap_get_policy_response() and performs the bind operation
+	  witout actually performing a search.
+
+	  The function performs a "fake" search that returns after performing
+	  the LDAP BIND operation.
+
+	  This replaces a number of dummy search operations that were there
+	  to ensure that the connection was open. This allows us to skip
+	  the search operation after authentication.
+
+2017-06-14  Arthur de Jong <arthur@arthurdejong.org>
+
+	* [9564dd0] nslcd/pam.c: Implement handling of pam_authc_search
+	  option
+
+	  This allows performing a different, configurable search from
+	  the default BASE search after the BIND operation.
+
+2017-06-14  Arthur de Jong <arthur@arthurdejong.org>
+
+	* [f72aaa2] man/nslcd.conf.5.xml: Document pam_authc_search option
+
+2017-06-14  Arthur de Jong <arthur@arthurdejong.org>
+
+	* [5d11cb8] nslcd/cfg.c, nslcd/cfg.h, nslcd/pam.c: Add
+	  pam_authc_search option parsing
+
+2017-06-14  Arthur de Jong <arthur@arthurdejong.org>
+
+	* [bcc3a08] nslcd/pam.c, pynslcd/pam.py: Reorganise PAM search
+	  var building functions
+
+	  This moves the autzsearch_var_add(), autzsearch_vars_free(),
+	  autzsearch_var_get() and do_autzsearches() functions to the top of
+	  the file using more generic names and introduces search_vars_new()
+	  in prepartion of other similar searches.
+
+	  This also renames the remaining authzsearch functions to
+	  authz_search to be consistent with the pam_authz_search option.
+
+2017-06-13  Arthur de Jong <arthur@arthurdejong.org>
+
+	* [ebc0f76] README, configure.ac, tests/test.ldif: Switch to
+	  HTTPS URLs
+
+2017-06-13  Arthur de Jong <arthur@arthurdejong.org>
+
+	* [be26510] compat/ether.c, compat/ether.h, configure.ac,
+	  nslcd/ether.c, pynslcd/ether.py: Query ethernet addresses in
+	  compact and long format
+
+	  This ensures that when querying the address 0:18:8a:54:1a:8b
+	  both that format and 00:18:8a:54:1a:8b is searched for in LDAP.
+
+	  This was triggerred by the fact that ether_ntoa() on FreeBSD
+	  returns the long format while glibc uses the compact format.
+
+	  Since we are no longer using the libc version of ether_ntoa() we
+	  can also drop the compatibility implementation of ether_ntoa_r().
+
+2017-06-07  Arthur de Jong <arthur@arthurdejong.org>
+
+	* [becc883] nslcd/passwd.c: Log entries and lookups failing
+	  nss_min_uid
+
+	  This logs (at debug level) any LDAP uidNumber attribute values
+	  (or translated objectSid attribute values) that are lower than
+	  nss_min_uid.	It also logs getpwuid() requests for such uids.
+
+2017-06-04  Arthur de Jong <arthur@arthurdejong.org>
+
+	* [5a84be2] utils/chsh.py, utils/cmdline.py, utils/getent.py,
+	  utils/nslcd.py, utils/shells.py, utils/users.py: Make nslcd-utils
+	  Python 3 compatible
+
+	  This changes the getent.ldap and chsh.ldap commands to be
+	  compatible with Python 2 and Python 3 with the same code.
+
+	  This does switch to raw I/O because Python 3 does not support
+	  bufferred I/O on sockets.
+
+2017-06-04  Arthur de Jong <arthur@arthurdejong.org>
+
+	* [9c803d7] tests/Makefile.am, tests/test_ldapcmds.sh,
+	  tests/test_nsscmds.sh, tests/testenv.sh: Add tests for getent.ldap
+	  command
+
+	  This more or less duplicates the tests from test_nsscmds.sh to
+	  test_ldapcmds.sh with some modifications for the differences
+	  in output.
+
+	  This also extends the test_nsscmds.sh tests to handle the case
+	  where shadow lookups do not go through LDAP.
+
+2017-06-04  Arthur de Jong <arthur@arthurdejong.org>
+
+	* [a357131] utils/getent.py: Fix output of getent.ldap networks
+
+	  Contrary to the hosts output the network name is listed first.
+
+2017-06-03  Arthur de Jong <arthur@arthurdejong.org>
+
+	* [58c7a94] utils/getent.py: Fix IPv6 lookups in getent.ldap
+
+2017-06-03  Arthur de Jong <arthur@arthurdejong.org>
+
+	* [5173e55] man/getent.ldap.1.xml, utils/getent.py: Accept multiple
+	  key arguments to getent.ldap
+
+	  This allows supplying multiple arguments to getent.ldap that
+	  will each act as a search key for lookups, similar to what normal
+	  getent allows.
+
+2017-02-07  Arthur de Jong <arthur@arthurdejong.org>
+
+	* [53f797b] nslcd/nslcd.c: Exit with 0 when stopping nslcd
+
+	  When receiving a signal this will result in nslcd returning with
+	  a success exit code.
+
+	  Thanks Stanislav Moravec for pointing this out.
+
+2016-09-04  Arthur de Jong <arthur@arthurdejong.org>
+
+	* [c12cd14] nslcd/nslcd.c: Remove duplicate break statement
+
+2016-09-04  Arthur de Jong <arthur@arthurdejong.org>
+
+	* [d8ad7b1] nslcd/myldap.c: Do not try all LDAP servers on failed
+	  authentication
+
+	  See https://bugs.launchpad.net/bugs/1618190
+
+2016-08-30  Arthur de Jong <arthur@arthurdejong.org>
+
+	* [a3da150] utils/nslcd.py: Replace Python assertions with exceptions
+
+	  The assertions can be optimised out when compiling the modules
+	  with -O which would break the protocol handling. This ensures
+	  that errors are properly handled even if optimisation is enabled.
+
+	  Thanks Yu-Chun Huang for reporting this.
+	  https://github.com/arthurdejong/nss-pam-ldapd/issues/14
+
+2016-08-14  Arthur de Jong <arthur@arthurdejong.org>
+
+	* [c286bb5] AUTHORS, ChangeLog, NEWS, README, configure.ac,
+	  man/chsh.ldap.1.xml, man/getent.ldap.1.xml, man/nslcd.8.xml,
+	  man/nslcd.conf.5.xml, man/pam_ldap.8.xml, man/pynslcd.8.xml,
+	  nslcd/nslcd.c, pynslcd/pynslcd.py, utils/cmdline.py: Get files
+	  ready for 0.9.7 release
+
 2016-08-14  Arthur de Jong <arthur@arthurdejong.org>
 
 	* [db9494e] tests/Makefile.am: Only run doctests when building
diff --git a/NEWS b/NEWS
index dbf58c7..a586148 100644
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,21 @@
+changes from 0.9.7 to 0.9.8
+---------------------------
+
+* add a pam_authc_search option that can be used to configure the search
+  operation that is performed after authentication
+* add nss_uid_offset and nss_gid_offset options that can be used to
+  change returned numeric user and group ids from LDAP (thanks Seth Wright)
+* do not retry failed user password on second LDAP server
+* fix a crash in the PAM module on FreeBSD when showing password expiration
+  messages
+* the validnames option now also applies to shadow lookups
+* support ethernet addresses in LDAP in compact and long formats
+* improvements to getent.ldap command (a few minor bug fixes and preparations
+  for Python 3 support)
+* log entries and lookups failing nss_min_uid at debug level
+* improvements to the test suite (including tests for getent.ldap)
+
+
 changes from 0.9.6 to 0.9.7
 ---------------------------
 
diff --git a/configure.ac b/configure.ac
index 564f9c8..e984627 100644
--- a/configure.ac
+++ b/configure.ac
@@ -23,7 +23,7 @@ AC_PREREQ(2.61)
 AC_COPYRIGHT(
 [Copyright (C) 2006 Luke Howard
 Copyright (C) 2006 West Consulting
-Copyright (C) 2006-2016 Arthur de Jong
+Copyright (C) 2006-2017 Arthur de Jong
 
 This configure script is derived from configure.ac which is free software;
 you can redistribute it and/or modify it under the terms of the GNU Lesser
@@ -33,10 +33,10 @@ configure.ac file for more details.])
 
 # initialize and set version and bugreport address
 AC_INIT([nss-pam-ldapd],
-        [0.9.7],
+        [0.9.8],
         [nss-pam-ldapd-users@lists.arthurdejong.org],,
         [https://arthurdejong.org/nss-pam-ldapd/])
-RELEASE_MONTH="Aug 2016"
+RELEASE_MONTH="Jun 2017"
 AC_SUBST(RELEASE_MONTH)
 AC_CONFIG_SRCDIR([nslcd.h])
 AC_CONFIG_MACRO_DIR([m4])
diff --git a/man/chsh.ldap.1.xml b/man/chsh.ldap.1.xml
index 345775d..2c3e993 100644
--- a/man/chsh.ldap.1.xml
+++ b/man/chsh.ldap.1.xml
@@ -5,7 +5,7 @@
 <!--
    chsh.ldap.1.xml - docbook manual page for chsh.ldap
 
-   Copyright (C) 2013-2016 Arthur de Jong
+   Copyright (C) 2013-2017 Arthur de Jong
 
    This library is free software; you can redistribute it and/or
    modify it under the terms of the GNU Lesser General Public
@@ -35,9 +35,9 @@
  <refmeta>
   <refentrytitle>chsh.ldap</refentrytitle>
   <manvolnum>1</manvolnum>
-  <refmiscinfo class="version">Version 0.9.7</refmiscinfo>
+  <refmiscinfo class="version">Version 0.9.8</refmiscinfo>
   <refmiscinfo class="manual">User Commands</refmiscinfo>
-  <refmiscinfo class="date">Aug 2016</refmiscinfo>
+  <refmiscinfo class="date">Jun 2017</refmiscinfo>
  </refmeta>
 
  <refnamediv id="name">
diff --git a/man/getent.ldap.1.xml b/man/getent.ldap.1.xml
index 24f24bd..d4b136a 100644
--- a/man/getent.ldap.1.xml
+++ b/man/getent.ldap.1.xml
@@ -35,9 +35,9 @@
  <refmeta>
   <refentrytitle>getent.ldap</refentrytitle>
   <manvolnum>1</manvolnum>
-  <refmiscinfo class="version">Version 0.9.7</refmiscinfo>
+  <refmiscinfo class="version">Version 0.9.8</refmiscinfo>
   <refmiscinfo class="manual">User Commands</refmiscinfo>
-  <refmiscinfo class="date">Aug 2016</refmiscinfo>
+  <refmiscinfo class="date">Jun 2017</refmiscinfo>
  </refmeta>
 
  <refnamediv id="name">
diff --git a/man/nslcd.8.xml b/man/nslcd.8.xml
index 563474f..9fceb72 100644
--- a/man/nslcd.8.xml
+++ b/man/nslcd.8.xml
@@ -6,7 +6,7 @@
    nslcd.8.xml - docbook manual page for nslcd
 
    Copyright (C) 2006 West Consulting
-   Copyright (C) 2006-2016 Arthur de Jong
+   Copyright (C) 2006-2017 Arthur de Jong
 
    This library is free software; you can redistribute it and/or
    modify it under the terms of the GNU Lesser General Public
@@ -36,9 +36,9 @@
  <refmeta>
   <refentrytitle>nslcd</refentrytitle>
   <manvolnum>8</manvolnum>
-  <refmiscinfo class="version">Version 0.9.7</refmiscinfo>
+  <refmiscinfo class="version">Version 0.9.8</refmiscinfo>
   <refmiscinfo class="manual">System Manager's Manual</refmiscinfo>
-  <refmiscinfo class="date">Aug 2016</refmiscinfo>
+  <refmiscinfo class="date">Jun 2017</refmiscinfo>
  </refmeta>
 
  <refnamediv id="name">
diff --git a/man/nslcd.conf.5.xml b/man/nslcd.conf.5.xml
index 2e711cf..ce5b21f 100644
--- a/man/nslcd.conf.5.xml
+++ b/man/nslcd.conf.5.xml
@@ -36,9 +36,9 @@
  <refmeta>
   <refentrytitle>nslcd.conf</refentrytitle>
   <manvolnum>5</manvolnum>
-  <refmiscinfo class="version">Version 0.9.7</refmiscinfo>
+  <refmiscinfo class="version">Version 0.9.8</refmiscinfo>
   <refmiscinfo class="manual">System Manager's Manual</refmiscinfo>
-  <refmiscinfo class="date">Aug 2016</refmiscinfo>
+  <refmiscinfo class="date">Jun 2017</refmiscinfo>
  </refmeta>
 
  <refnamediv id="name">
diff --git a/man/pam_ldap.8.xml b/man/pam_ldap.8.xml
index 0483e64..e7f2704 100644
--- a/man/pam_ldap.8.xml
+++ b/man/pam_ldap.8.xml
@@ -5,7 +5,7 @@
 <!--
    pam_ldap.8.xml - docbook manual page for pam_ldap PAM module
 
-   Copyright (C) 2009-2016 Arthur de Jong
+   Copyright (C) 2009-2017 Arthur de Jong
 
    This library is free software; you can redistribute it and/or
    modify it under the terms of the GNU Lesser General Public
@@ -35,9 +35,9 @@
  <refmeta>
   <refentrytitle>pam_ldap</refentrytitle>
   <manvolnum>8</manvolnum>
-  <refmiscinfo class="version">Version 0.9.7</refmiscinfo>
+  <refmiscinfo class="version">Version 0.9.8</refmiscinfo>
   <refmiscinfo class="manual">System Manager's Manual</refmiscinfo>
-  <refmiscinfo class="date">Aug 2016</refmiscinfo>
+  <refmiscinfo class="date">Jun 2017</refmiscinfo>
  </refmeta>
 
  <refnamediv id="name">
diff --git a/man/pynslcd.8.xml b/man/pynslcd.8.xml
index 334a476..8b423b9 100644
--- a/man/pynslcd.8.xml
+++ b/man/pynslcd.8.xml
@@ -5,7 +5,7 @@
 <!--
    pynslcd.8.xml - docbook manual page for pynslcd
 
-   Copyright (C) 2012-2016 Arthur de Jong
+   Copyright (C) 2012-2017 Arthur de Jong
 
    This library is free software; you can redistribute it and/or
    modify it under the terms of the GNU Lesser General Public
@@ -35,9 +35,9 @@
  <refmeta>
   <refentrytitle>pynslcd</refentrytitle>
   <manvolnum>8</manvolnum>
-  <refmiscinfo class="version">Version 0.9.7</refmiscinfo>
+  <refmiscinfo class="version">Version 0.9.8</refmiscinfo>
   <refmiscinfo class="manual">System Manager's Manual</refmiscinfo>
-  <refmiscinfo class="date">Aug 2016</refmiscinfo>
+  <refmiscinfo class="date">Jun 2017</refmiscinfo>
  </refmeta>
 
  <refnamediv id="name">
diff --git a/nslcd/nslcd.c b/nslcd/nslcd.c
index ed44a84..82c09ab 100644
--- a/nslcd/nslcd.c
+++ b/nslcd/nslcd.c
@@ -2,7 +2,7 @@
    nslcd.c - ldap local connection daemon
 
    Copyright (C) 2006 West Consulting
-   Copyright (C) 2006-2016 Arthur de Jong
+   Copyright (C) 2006-2017 Arthur de Jong
 
    This library is free software; you can redistribute it and/or
    modify it under the terms of the GNU Lesser General Public
@@ -121,7 +121,7 @@ static void display_version(FILE *fp)
 {
   fprintf(fp, "%s\n", PACKAGE_STRING);
   fprintf(fp, "Written by Luke Howard and Arthur de Jong.\n\n");
-  fprintf(fp, "Copyright (C) 1997-2016 Luke Howard, Arthur de Jong and West Consulting\n"
+  fprintf(fp, "Copyright (C) 1997-2017 Luke Howard, Arthur de Jong and West Consulting\n"
               "This is free software; see the source for copying conditions.  There is NO\n"
               "warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.\n");
 }
diff --git a/pynslcd/pynslcd.py b/pynslcd/pynslcd.py
index b7ff7f4..d367a8c 100755
--- a/pynslcd/pynslcd.py
+++ b/pynslcd/pynslcd.py
@@ -91,7 +91,7 @@ def display_version(fp):
     fp.write('%(PACKAGE_STRING)s\n'
              'Written by Arthur de Jong.\n'
              '\n'
-             'Copyright (C) 2010-2016 Arthur de Jong\n'
+             'Copyright (C) 2010-2017 Arthur de Jong\n'
              'This is free software; see the source for copying conditions.  There is NO\n'
              'warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.\n'
              % {'PACKAGE_STRING': constants.PACKAGE_STRING, })
diff --git a/utils/cmdline.py b/utils/cmdline.py
index a268f98..7283875 100644
--- a/utils/cmdline.py
+++ b/utils/cmdline.py
@@ -2,7 +2,7 @@
 
 # cmdline.py - functions for handling command-line options
 #
-# Copyright (C) 2013-2016 Arthur de Jong
+# Copyright (C) 2013-2017 Arthur de Jong
 #
 # This library is free software; you can redistribute it and/or
 # modify it under the terms of the GNU Lesser General Public
@@ -28,7 +28,7 @@ version_string = '''
 %s
 Written by Arthur de Jong.
 
-Copyright (C) 2013-2016 Arthur de Jong
+Copyright (C) 2013-2017 Arthur de Jong
 This is free software; see the source for copying conditions.  There is NO
 warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
 '''.strip() % constants.PACKAGE_STRING
author	Arthur de Jong <arthur@arthurdejong.org>	2017-06-26 12:55:26 +0200
committer	Arthur de Jong <arthur@arthurdejong.org>	2017-06-26 12:55:26 +0200
commit	47fd03bc80d470de881c025ff934325bd7def0b5 (patch)
tree	e59f3c66c9f57d4adf0fa6edacedd534dab0d5f2
parent	7920d85ef806cda6a37db16aff75f895cc67a3e1 (diff)