From 47fd03bc80d470de881c025ff934325bd7def0b5 Mon Sep 17 00:00:00 2001 From: Arthur de Jong Date: Mon, 26 Jun 2017 12:55:26 +0200 Subject: Get files ready for 0.9.8 release --- AUTHORS | 1 + ChangeLog | 270 ++++++++++++++++++++++++++++++++++++++++++++++++++ NEWS | 18 ++++ configure.ac | 6 +- man/chsh.ldap.1.xml | 6 +- man/getent.ldap.1.xml | 4 +- man/nslcd.8.xml | 6 +- man/nslcd.conf.5.xml | 4 +- man/pam_ldap.8.xml | 6 +- man/pynslcd.8.xml | 6 +- nslcd/nslcd.c | 4 +- pynslcd/pynslcd.py | 2 +- utils/cmdline.py | 4 +- 13 files changed, 313 insertions(+), 24 deletions(-) diff --git a/AUTHORS b/AUTHORS index 38cbf45..456f6e9 100644 --- a/AUTHORS +++ b/AUTHORS @@ -142,3 +142,4 @@ Geoffrey McRae Mathieu Baeumler Vasilis Tsiligiannis Giovanni Mascellani +Seth Wright diff --git a/ChangeLog b/ChangeLog index 6d3597c..f4e846c 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,273 @@ +2017-06-25 Arthur de Jong + + * [7920d85] tests/test_ldapcmds.sh, tests/test_nsscmds.sh: Ignore + password hashes in consistent manner + + This changes the getent and getent.ldap tests to ignore password + hashes that may be present in shadow lookups in a consistent + manner. + + This also adds minor compatibility improvements. + +2017-06-25 Arthur de Jong + + * [65695aa] pynslcd/cfg.py, pynslcd/mypidfile.py, pynslcd/pynslcd.py: + Create pidfile directory in pynslcd + + This ensures that /var/run/nslcd is created (when it does not + exist) when starting pynslcd. + +2017-06-25 Arthur de Jong + + * [419aab2] pynslcd/cfg.py, pynslcd/group.py, pynslcd/passwd.py: + Add nss_uid_offset and nss_gid_offset to pynslcd + +2017-03-20 Seth Wright + + * [5103173] man/nslcd.conf.5.xml, nslcd/cfg.c, nslcd/cfg.h, + nslcd/group.c, nslcd/passwd.c: Add the ability to offset UID + and GID numbers + +2017-06-18 Arthur de Jong + + * [fee74d9] tests/Makefile.am, tests/test_ldapcmds.sh: Portability + improvements to test_ldapcmds.sh + + This fixes an issue with the export statement in POSIX shell + scripts, ensures that the commands in the output match those + in the script, strips password hashes for shadow lookups (for + systems without PAM where these are exposed) and only runs the + tests if we enabled the utils. + + Fixes 246a1f3. + +2017-06-17 Arthur de Jong + + * [5126b26] nslcd/ether.c: Use uint8_t instead of u_int8_t + + The former seems to be available on more platforms than the latter. + + Fixes be26510. + +2017-06-17 Arthur de Jong + + * [fe3772f] compat/pam_compat.h: Fix HAVE_DECL_PAM_ERROR usage + + The macro is supposed to be defined to 0 (instead of undefined) + if pam_info() and pam_error() are not found. + + Fixes 3d5ab89. + +2017-06-17 Arthur de Jong + + * [ca62f59] nslcd/shadow.c: Also filter shadow entries by validnames + +2017-06-17 Arthur de Jong + + * [e68b85a] nslcd/passwd.c, nslcd/shadow.c: Fix and clarify a + few comments + +2017-06-16 Arthur de Jong + + * [3d5ab89] compat/pam_compat.h, configure.ac: Fix pam_info() + and pam_error() replacement + + On FreeBSD these are functions while on Linux they are macros + causing them to be incorrectly replaced on FreeBSD. This resulted + in a crash of the PAM module when e.g. presenting messages about + password expiry. + +2017-06-16 Arthur de Jong + + * [b5d1dd2] tests/Makefile.am: Clean log from test_pamcmds.expect + + This removes test_pamcmds.log that is generated by + test_pamcmds.expect when running the test suite. This avoids an + error in the distcheck target. + +2017-06-16 Arthur de Jong + + * [246a1f3] tests/test_ldapcmds.sh: Fix running test_ldapcmds.sh + during distcheck + + This ensures that Python can find both getent.py (from source + directory) and constants.py (from build directory) when running + the tests from the distcheck target. + + This also makes the script more similar to test_nsscmds.sh. + + Fixes 9c803d7. + +2017-06-15 Arthur de Jong + + * [43862ba] : Add pam_authc_search option + + This option can be used to configure the search operation that + should be performed after authentication. + +2017-06-15 Arthur de Jong + + * [5141b09] man/nslcd.conf.5.xml, nslcd/pam.c: Allow skipping + post-authentication search altogether + +2017-06-14 Arthur de Jong + + * [0cafb08] nslcd/myldap.c, nslcd/myldap.h, nslcd/pam.c, + nslcd/usermod.c: Implement myldap_bind() function + + This function integrates the myldap_set_credentials() and + myldap_get_policy_response() and performs the bind operation + witout actually performing a search. + + The function performs a "fake" search that returns after performing + the LDAP BIND operation. + + This replaces a number of dummy search operations that were there + to ensure that the connection was open. This allows us to skip + the search operation after authentication. + +2017-06-14 Arthur de Jong + + * [9564dd0] nslcd/pam.c: Implement handling of pam_authc_search + option + + This allows performing a different, configurable search from + the default BASE search after the BIND operation. + +2017-06-14 Arthur de Jong + + * [f72aaa2] man/nslcd.conf.5.xml: Document pam_authc_search option + +2017-06-14 Arthur de Jong + + * [5d11cb8] nslcd/cfg.c, nslcd/cfg.h, nslcd/pam.c: Add + pam_authc_search option parsing + +2017-06-14 Arthur de Jong + + * [bcc3a08] nslcd/pam.c, pynslcd/pam.py: Reorganise PAM search + var building functions + + This moves the autzsearch_var_add(), autzsearch_vars_free(), + autzsearch_var_get() and do_autzsearches() functions to the top of + the file using more generic names and introduces search_vars_new() + in prepartion of other similar searches. + + This also renames the remaining authzsearch functions to + authz_search to be consistent with the pam_authz_search option. + +2017-06-13 Arthur de Jong + + * [ebc0f76] README, configure.ac, tests/test.ldif: Switch to + HTTPS URLs + +2017-06-13 Arthur de Jong + + * [be26510] compat/ether.c, compat/ether.h, configure.ac, + nslcd/ether.c, pynslcd/ether.py: Query ethernet addresses in + compact and long format + + This ensures that when querying the address 0:18:8a:54:1a:8b + both that format and 00:18:8a:54:1a:8b is searched for in LDAP. + + This was triggerred by the fact that ether_ntoa() on FreeBSD + returns the long format while glibc uses the compact format. + + Since we are no longer using the libc version of ether_ntoa() we + can also drop the compatibility implementation of ether_ntoa_r(). + +2017-06-07 Arthur de Jong + + * [becc883] nslcd/passwd.c: Log entries and lookups failing + nss_min_uid + + This logs (at debug level) any LDAP uidNumber attribute values + (or translated objectSid attribute values) that are lower than + nss_min_uid. It also logs getpwuid() requests for such uids. + +2017-06-04 Arthur de Jong + + * [5a84be2] utils/chsh.py, utils/cmdline.py, utils/getent.py, + utils/nslcd.py, utils/shells.py, utils/users.py: Make nslcd-utils + Python 3 compatible + + This changes the getent.ldap and chsh.ldap commands to be + compatible with Python 2 and Python 3 with the same code. + + This does switch to raw I/O because Python 3 does not support + bufferred I/O on sockets. + +2017-06-04 Arthur de Jong + + * [9c803d7] tests/Makefile.am, tests/test_ldapcmds.sh, + tests/test_nsscmds.sh, tests/testenv.sh: Add tests for getent.ldap + command + + This more or less duplicates the tests from test_nsscmds.sh to + test_ldapcmds.sh with some modifications for the differences + in output. + + This also extends the test_nsscmds.sh tests to handle the case + where shadow lookups do not go through LDAP. + +2017-06-04 Arthur de Jong + + * [a357131] utils/getent.py: Fix output of getent.ldap networks + + Contrary to the hosts output the network name is listed first. + +2017-06-03 Arthur de Jong + + * [58c7a94] utils/getent.py: Fix IPv6 lookups in getent.ldap + +2017-06-03 Arthur de Jong + + * [5173e55] man/getent.ldap.1.xml, utils/getent.py: Accept multiple + key arguments to getent.ldap + + This allows supplying multiple arguments to getent.ldap that + will each act as a search key for lookups, similar to what normal + getent allows. + +2017-02-07 Arthur de Jong + + * [53f797b] nslcd/nslcd.c: Exit with 0 when stopping nslcd + + When receiving a signal this will result in nslcd returning with + a success exit code. + + Thanks Stanislav Moravec for pointing this out. + +2016-09-04 Arthur de Jong + + * [c12cd14] nslcd/nslcd.c: Remove duplicate break statement + +2016-09-04 Arthur de Jong + + * [d8ad7b1] nslcd/myldap.c: Do not try all LDAP servers on failed + authentication + + See https://bugs.launchpad.net/bugs/1618190 + +2016-08-30 Arthur de Jong + + * [a3da150] utils/nslcd.py: Replace Python assertions with exceptions + + The assertions can be optimised out when compiling the modules + with -O which would break the protocol handling. This ensures + that errors are properly handled even if optimisation is enabled. + + Thanks Yu-Chun Huang for reporting this. + https://github.com/arthurdejong/nss-pam-ldapd/issues/14 + +2016-08-14 Arthur de Jong + + * [c286bb5] AUTHORS, ChangeLog, NEWS, README, configure.ac, + man/chsh.ldap.1.xml, man/getent.ldap.1.xml, man/nslcd.8.xml, + man/nslcd.conf.5.xml, man/pam_ldap.8.xml, man/pynslcd.8.xml, + nslcd/nslcd.c, pynslcd/pynslcd.py, utils/cmdline.py: Get files + ready for 0.9.7 release + 2016-08-14 Arthur de Jong * [db9494e] tests/Makefile.am: Only run doctests when building diff --git a/NEWS b/NEWS index dbf58c7..a586148 100644 --- a/NEWS +++ b/NEWS @@ -1,3 +1,21 @@ +changes from 0.9.7 to 0.9.8 +--------------------------- + +* add a pam_authc_search option that can be used to configure the search + operation that is performed after authentication +* add nss_uid_offset and nss_gid_offset options that can be used to + change returned numeric user and group ids from LDAP (thanks Seth Wright) +* do not retry failed user password on second LDAP server +* fix a crash in the PAM module on FreeBSD when showing password expiration + messages +* the validnames option now also applies to shadow lookups +* support ethernet addresses in LDAP in compact and long formats +* improvements to getent.ldap command (a few minor bug fixes and preparations + for Python 3 support) +* log entries and lookups failing nss_min_uid at debug level +* improvements to the test suite (including tests for getent.ldap) + + changes from 0.9.6 to 0.9.7 --------------------------- diff --git a/configure.ac b/configure.ac index 564f9c8..e984627 100644 --- a/configure.ac +++ b/configure.ac @@ -23,7 +23,7 @@ AC_PREREQ(2.61) AC_COPYRIGHT( [Copyright (C) 2006 Luke Howard Copyright (C) 2006 West Consulting -Copyright (C) 2006-2016 Arthur de Jong +Copyright (C) 2006-2017 Arthur de Jong This configure script is derived from configure.ac which is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser @@ -33,10 +33,10 @@ configure.ac file for more details.]) # initialize and set version and bugreport address AC_INIT([nss-pam-ldapd], - [0.9.7], + [0.9.8], [nss-pam-ldapd-users@lists.arthurdejong.org],, [https://arthurdejong.org/nss-pam-ldapd/]) -RELEASE_MONTH="Aug 2016" +RELEASE_MONTH="Jun 2017" AC_SUBST(RELEASE_MONTH) AC_CONFIG_SRCDIR([nslcd.h]) AC_CONFIG_MACRO_DIR([m4]) diff --git a/man/chsh.ldap.1.xml b/man/chsh.ldap.1.xml index 345775d..2c3e993 100644 --- a/man/chsh.ldap.1.xml +++ b/man/chsh.ldap.1.xml @@ -5,7 +5,7 @@