1 files changed, 270 insertions, 0 deletions
diff --git a/ChangeLog b/ChangeLog
index 6d3597c..f4e846c 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,273 @@
+2017-06-25  Arthur de Jong <arthur@arthurdejong.org>
+
+	* [7920d85] tests/test_ldapcmds.sh, tests/test_nsscmds.sh: Ignore
+	  password hashes in consistent manner
+
+	  This changes the getent and getent.ldap tests to ignore password
+	  hashes that may be present in shadow lookups in a consistent
+	  manner.
+
+	  This also adds minor compatibility improvements.
+
+2017-06-25  Arthur de Jong <arthur@arthurdejong.org>
+
+	* [65695aa] pynslcd/cfg.py, pynslcd/mypidfile.py, pynslcd/pynslcd.py:
+	  Create pidfile directory in pynslcd
+
+	  This ensures that /var/run/nslcd is created (when it does not
+	  exist) when starting pynslcd.
+
+2017-06-25  Arthur de Jong <arthur@arthurdejong.org>
+
+	* [419aab2] pynslcd/cfg.py, pynslcd/group.py, pynslcd/passwd.py:
+	  Add nss_uid_offset and nss_gid_offset to pynslcd
+
+2017-03-20  Seth Wright <seth@crosse.org>
+
+	* [5103173] man/nslcd.conf.5.xml, nslcd/cfg.c, nslcd/cfg.h,
+	  nslcd/group.c, nslcd/passwd.c: Add the ability to offset UID
+	  and GID numbers
+
+2017-06-18  Arthur de Jong <arthur@arthurdejong.org>
+
+	* [fee74d9] tests/Makefile.am, tests/test_ldapcmds.sh: Portability
+	  improvements to test_ldapcmds.sh
+
+	  This fixes an issue with the export statement in POSIX shell
+	  scripts, ensures that the commands in the output match those
+	  in the script, strips password hashes for shadow lookups (for
+	  systems without PAM where these are exposed) and only runs the
+	  tests if we enabled the utils.
+
+	  Fixes 246a1f3.
+
+2017-06-17  Arthur de Jong <arthur@arthurdejong.org>
+
+	* [5126b26] nslcd/ether.c: Use uint8_t instead of u_int8_t
+
+	  The former seems to be available on more platforms than the latter.
+
+	  Fixes be26510.
+
+2017-06-17  Arthur de Jong <arthur@arthurdejong.org>
+
+	* [fe3772f] compat/pam_compat.h: Fix HAVE_DECL_PAM_ERROR usage
+
+	  The macro is supposed to be defined to 0 (instead of undefined)
+	  if pam_info() and pam_error() are not found.
+
+	  Fixes 3d5ab89.
+
+2017-06-17  Arthur de Jong <arthur@arthurdejong.org>
+
+	* [ca62f59] nslcd/shadow.c: Also filter shadow entries by validnames
+
+2017-06-17  Arthur de Jong <arthur@arthurdejong.org>
+
+	* [e68b85a] nslcd/passwd.c, nslcd/shadow.c: Fix and clarify a
+	  few comments
+
+2017-06-16  Arthur de Jong <arthur@arthurdejong.org>
+
+	* [3d5ab89] compat/pam_compat.h, configure.ac: Fix pam_info()
+	  and pam_error() replacement
+
+	  On FreeBSD these are functions while on Linux they are macros
+	  causing them to be incorrectly replaced on FreeBSD. This resulted
+	  in a crash of the PAM module when e.g. presenting messages about
+	  password expiry.
+
+2017-06-16  Arthur de Jong <arthur@arthurdejong.org>
+
+	* [b5d1dd2] tests/Makefile.am: Clean log from test_pamcmds.expect
+
+	  This removes test_pamcmds.log that is generated by
+	  test_pamcmds.expect when running the test suite. This avoids an
+	  error in the distcheck target.
+
+2017-06-16  Arthur de Jong <arthur@arthurdejong.org>
+
+	* [246a1f3] tests/test_ldapcmds.sh: Fix running test_ldapcmds.sh
+	  during distcheck
+
+	  This ensures that Python can find both getent.py (from source
+	  directory) and constants.py (from build directory) when running
+	  the tests from the distcheck target.
+
+	  This also makes the script more similar to test_nsscmds.sh.
+
+	  Fixes 9c803d7.
+
+2017-06-15  Arthur de Jong <arthur@arthurdejong.org>
+
+	* [43862ba] : Add pam_authc_search option
+
+	  This option can be used to configure the search operation that
+	  should be performed after authentication.
+
+2017-06-15  Arthur de Jong <arthur@arthurdejong.org>
+
+	* [5141b09] man/nslcd.conf.5.xml, nslcd/pam.c: Allow skipping
+	  post-authentication search altogether
+
+2017-06-14  Arthur de Jong <arthur@arthurdejong.org>
+
+	* [0cafb08] nslcd/myldap.c, nslcd/myldap.h, nslcd/pam.c,
+	  nslcd/usermod.c: Implement myldap_bind() function
+
+	  This function integrates the myldap_set_credentials() and
+	  myldap_get_policy_response() and performs the bind operation
+	  witout actually performing a search.
+
+	  The function performs a "fake" search that returns after performing
+	  the LDAP BIND operation.
+
+	  This replaces a number of dummy search operations that were there
+	  to ensure that the connection was open. This allows us to skip
+	  the search operation after authentication.
+
+2017-06-14  Arthur de Jong <arthur@arthurdejong.org>
+
+	* [9564dd0] nslcd/pam.c: Implement handling of pam_authc_search
+	  option
+
+	  This allows performing a different, configurable search from
+	  the default BASE search after the BIND operation.
+
+2017-06-14  Arthur de Jong <arthur@arthurdejong.org>
+
+	* [f72aaa2] man/nslcd.conf.5.xml: Document pam_authc_search option
+
+2017-06-14  Arthur de Jong <arthur@arthurdejong.org>
+
+	* [5d11cb8] nslcd/cfg.c, nslcd/cfg.h, nslcd/pam.c: Add
+	  pam_authc_search option parsing
+
+2017-06-14  Arthur de Jong <arthur@arthurdejong.org>
+
+	* [bcc3a08] nslcd/pam.c, pynslcd/pam.py: Reorganise PAM search
+	  var building functions
+
+	  This moves the autzsearch_var_add(), autzsearch_vars_free(),
+	  autzsearch_var_get() and do_autzsearches() functions to the top of
+	  the file using more generic names and introduces search_vars_new()
+	  in prepartion of other similar searches.
+
+	  This also renames the remaining authzsearch functions to
+	  authz_search to be consistent with the pam_authz_search option.
+
+2017-06-13  Arthur de Jong <arthur@arthurdejong.org>
+
+	* [ebc0f76] README, configure.ac, tests/test.ldif: Switch to
+	  HTTPS URLs
+
+2017-06-13  Arthur de Jong <arthur@arthurdejong.org>
+
+	* [be26510] compat/ether.c, compat/ether.h, configure.ac,
+	  nslcd/ether.c, pynslcd/ether.py: Query ethernet addresses in
+	  compact and long format
+
+	  This ensures that when querying the address 0:18:8a:54:1a:8b
+	  both that format and 00:18:8a:54:1a:8b is searched for in LDAP.
+
+	  This was triggerred by the fact that ether_ntoa() on FreeBSD
+	  returns the long format while glibc uses the compact format.
+
+	  Since we are no longer using the libc version of ether_ntoa() we
+	  can also drop the compatibility implementation of ether_ntoa_r().
+
+2017-06-07  Arthur de Jong <arthur@arthurdejong.org>
+
+	* [becc883] nslcd/passwd.c: Log entries and lookups failing
+	  nss_min_uid
+
+	  This logs (at debug level) any LDAP uidNumber attribute values
+	  (or translated objectSid attribute values) that are lower than
+	  nss_min_uid.	It also logs getpwuid() requests for such uids.
+
+2017-06-04  Arthur de Jong <arthur@arthurdejong.org>
+
+	* [5a84be2] utils/chsh.py, utils/cmdline.py, utils/getent.py,
+	  utils/nslcd.py, utils/shells.py, utils/users.py: Make nslcd-utils
+	  Python 3 compatible
+
+	  This changes the getent.ldap and chsh.ldap commands to be
+	  compatible with Python 2 and Python 3 with the same code.
+
+	  This does switch to raw I/O because Python 3 does not support
+	  bufferred I/O on sockets.
+
+2017-06-04  Arthur de Jong <arthur@arthurdejong.org>
+
+	* [9c803d7] tests/Makefile.am, tests/test_ldapcmds.sh,
+	  tests/test_nsscmds.sh, tests/testenv.sh: Add tests for getent.ldap
+	  command
+
+	  This more or less duplicates the tests from test_nsscmds.sh to
+	  test_ldapcmds.sh with some modifications for the differences
+	  in output.
+
+	  This also extends the test_nsscmds.sh tests to handle the case
+	  where shadow lookups do not go through LDAP.
+
+2017-06-04  Arthur de Jong <arthur@arthurdejong.org>
+
+	* [a357131] utils/getent.py: Fix output of getent.ldap networks
+
+	  Contrary to the hosts output the network name is listed first.
+
+2017-06-03  Arthur de Jong <arthur@arthurdejong.org>
+
+	* [58c7a94] utils/getent.py: Fix IPv6 lookups in getent.ldap
+
+2017-06-03  Arthur de Jong <arthur@arthurdejong.org>
+
+	* [5173e55] man/getent.ldap.1.xml, utils/getent.py: Accept multiple
+	  key arguments to getent.ldap
+
+	  This allows supplying multiple arguments to getent.ldap that
+	  will each act as a search key for lookups, similar to what normal
+	  getent allows.
+
+2017-02-07  Arthur de Jong <arthur@arthurdejong.org>
+
+	* [53f797b] nslcd/nslcd.c: Exit with 0 when stopping nslcd
+
+	  When receiving a signal this will result in nslcd returning with
+	  a success exit code.
+
+	  Thanks Stanislav Moravec for pointing this out.
+
+2016-09-04  Arthur de Jong <arthur@arthurdejong.org>
+
+	* [c12cd14] nslcd/nslcd.c: Remove duplicate break statement
+
+2016-09-04  Arthur de Jong <arthur@arthurdejong.org>
+
+	* [d8ad7b1] nslcd/myldap.c: Do not try all LDAP servers on failed
+	  authentication
+
+	  See https://bugs.launchpad.net/bugs/1618190
+
+2016-08-30  Arthur de Jong <arthur@arthurdejong.org>
+
+	* [a3da150] utils/nslcd.py: Replace Python assertions with exceptions
+
+	  The assertions can be optimised out when compiling the modules
+	  with -O which would break the protocol handling. This ensures
+	  that errors are properly handled even if optimisation is enabled.
+
+	  Thanks Yu-Chun Huang for reporting this.
+	  https://github.com/arthurdejong/nss-pam-ldapd/issues/14
+
+2016-08-14  Arthur de Jong <arthur@arthurdejong.org>
+
+	* [c286bb5] AUTHORS, ChangeLog, NEWS, README, configure.ac,
+	  man/chsh.ldap.1.xml, man/getent.ldap.1.xml, man/nslcd.8.xml,
+	  man/nslcd.conf.5.xml, man/pam_ldap.8.xml, man/pynslcd.8.xml,
+	  nslcd/nslcd.c, pynslcd/pynslcd.py, utils/cmdline.py: Get files
+	  ready for 0.9.7 release
+
 2016-08-14  Arthur de Jong <arthur@arthurdejong.org>
 
 	* [db9494e] tests/Makefile.am: Only run doctests when building