forked from PADL/nss_ldap
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathChangeLog
1670 lines (1181 loc) · 47.5 KB
/
ChangeLog
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
$Id$
===============================================================
266 Luke Howard <[email protected]>
* fix for BUG#129: native linker doesn't use LDFLAGS
* fix for BUG#143: don't use getrdnvalue for groups
* fix for BUG#240: return "x" for shadowAccount password
* fix for BUG#402: incorrectly detected glibc on armel
* fix for BUG#411: memory leak in do_init()
* fix for BUG#412: check whether resolv.conf has changed
* fix for BUG#412: don't close nested contexts
* fix for BUG#412: make syslog debugging configurable
* fix for BUG#412: support configurable site name
* fix for BUG#412: tidy up bootparams code
* fix for BUG#412: use macros for ldap_get_option calls
* fix for BUG#412: better debugging of NSS status codes
* fix for BUG#412: rewrite and abstract Kerberos support
* fix for BUG#412: allow runtime configuration of LDAP
configuration file and keytab using environment
* fix for BUG#412: correctly clamp max sleep time
* fix for BUG#412: sort SRV records by weight and priority
* fix for BUG#412: support microsecond backoff granularity
* fix for BUG#414: SIGPIPE handling in atfork()
* fix for BUG#416: FreeBSD 7.x/8.x compatibility
* fix for BUG#420: _nss_ldap_parse_net() dumps core on
AIX 5.3 and 6.1
* fix for BUG#425: nss_ldap doesn't parse IPv4 addresses
correctly on non-ipv6 systems
265 Luke Howard <[email protected]>
* fix for BUG#132: add versioning information to binary
* fix for BUG#403: add AM_MAINTAINER_MODE
* fix for BUG#388: bad LDAP query for ether lookups
* fix for BUG#391: clarify bind timelimit defaults
in ldap.conf
* fix for BUG#392: call do_close() if ldap_result()
or ldap_parse_result() fails (before returning
NSS_UNAVAIL)
* fix for BUG#401: FreeBSD thread library check
* fix for BUG#409: deallocate context in
_nss_ldap_ent_context_release() to avoid bad usage
* fix for BUG#410: don't leak file descriptors in
_nss_ldap_readconfig
264 Luke Howard <[email protected]>
* fix for BUG#378: MAP_H_ERRNO() should map NSS_TRYAGAIN
to NETDB_INTERNAL not TRY_AGAIN
* fix for BUG#379: ldaps:// URIs only work if "ssl on"
is set
* fix for BUG#248: nss_ldap exposes malformed entries
to the system
263 Luke Howard <[email protected]>
* fix for BUG#374: nss_ldap returns success from
setnetgrent() when the requested netgroup doesn't
exist
* fix for BUG#376: getXXent() only returns NULL once
before implicitly calling setXXent(), whereas other
backends continue to return NULL (Red Hat BUG#466794)
262 Luke Howard <[email protected]>
* fix for BUG#370: nss_ldap fails to work on Solaris
without that patch applied
261 Luke Howard <[email protected]>
* fix for Debian BUG#486778: ldap.conf template is
missing a comment in the first line
260 Luke Howard <[email protected]>
* patch from Ralf Haferkamp <[email protected]>:
only set errno for NSS_TRYAGAIN
259 Luke Howard <[email protected]>
* fix for BUG#348: fix memory leak
* fix for BUG#349: nss_ldap crashes after START_TLS timeout
(assertion failure in libldap)
* fix for BUG#350: assertion failure in ldap_result (called
from do_result())
* fix for BUG#351: double ldap_msgfree()
258 Luke Howard <[email protected]>
* fix for BUG#343: nss_srv_domain should take a domain
not a record
* fix for BUG#339: replacement code for Kerbeors
SASL operations
* fix for BUG#338: nss_ldap constructs LDAP URIs
incorrectly
* fix for BUG#337: configure fails to detect resolver
functions
* fix for BUG#332: --enable-schema-mapping incorrectly
maps pw_change
* fix for BUG#293: add nss_getgrent_skipmembers
parameter to ldap.conf, if enabled will not request
member attributes for group lookups, greatly increasing
performance for large groups
* fix for BUG#272: nss_ldap's install target doesn't
always create the right solink for x86_64 glibc
* fix for BUG#284: an error occurs during bulding with
cyrus-sasl2 when the compiler option 'as-needed' is used
257 Luke Howard <[email protected]>
* patch from Ralf Haferkamp <[email protected]>:
block SIGPIPE in atfork handler
256 Luke Howard <[email protected]>
* patch from Tomas Janousek <[email protected]>
to check for pthread_once(); __pthread_once does
not imply __pthread_atfork being non-NULL
* fix for BUG#315: memory corruption/crash in
initgroups parsing
255 Luke Howard <[email protected]>
* fix for BUG#303: SSL port behavior change since
version 241
* fix for BUG#304: fd leak in do_close_no_unbind
* fix for BUG#313: assertion in do_init() when no
host/uri is configured
* patch from Adrian Bridgett <[email protected]>
for Debian BUG#375533: Assertion failure in
libnss-ldap
254 Luke Howard <[email protected]>
* fix for BUG#292: array bounds check in ldap-network.c
* fix for BUG#296: fix stack buffer optimization
* fix for BUG#297: gethostbyname2 queried with AF_INET6
returns OK with IPv4 address
* fix for Novell BUG#215911: crasher parsing nested
groups
253 Luke Howard <[email protected]>
* fix crasher if an empty buffer is passed to
initgroups (glibc NSS only)
* fix for BUG#283: netgroup assertion failure in
Solaris mountd
252 Luke Howard <[email protected]>
* doc/lookup_nssldap.c: rewrite for autofs-4.1.3
251 Luke Howard <[email protected]>
* remove doc/rfc2307.txt, it is available from
http://www.ietf.org/rfc/rfc2307.txt
* make objectClass a mappable attribute
250 Luke Howard <[email protected]>
* don't use static _nss_ldap_no_members buffer,
causes crash when nss_ldap is unloaded and memory
is still referenced
* fix for BUG#249: tcsh closes file descriptors,
confuses nss_ldap and hangs (from David Houlder)
* fix for BUG#257: initgroups() broken in RFC2307bis
support disabled
* fix for BUG#261: sslpath example wrong
* fix for BUG#263: compile do_triple_permutations()
when IRS enabled
249 Luke Howard <[email protected]>
* fix for BUG#253: build broken on AIX
* fix for BUG#255: deadlock in initgroups
248 Luke Howard <[email protected]>
* fix regression in per-objectclass attribute mapping
introduced in nss_ldap-246
247 Luke Howard <[email protected]>
* double-check *ld != NULL even if mapped eror return
from ldap_initialize() returns NSS_SUCCESS
246 Luke Howard <[email protected]>
* paged results and RFC2307bis support are now always
compiled in; they are by default disabled unless
you configured with --enable-paged-results and
--enable-rfc2307bis, respectively. See nss_ldap(5)
for configuration options.
* fix for BUG#219: paged results delivers wrong results
* fix for BUG#222: use asynchronous start TLS if
available, using bind_timeout value
* fix for BUG#235: make DNS SRV lookup domain
configurable (nss_srv_domain)
* fix for BUG#240: return "*" rather than "x" for
userPassword if not present
* fix for BUG#245: paged results broken since nss_ldap-241
* patch from Ralf Haferkamp <[email protected]>:
compile fix for IPv6
* compile for Solaris
* schema mapping is always enabled, cleanup schema
mapping code
* allow for map-specific objectclass mapping
* partial implementation of Solaris Simplified LDAP
API, allows automountd support on Solaris via nss_ldap
* for Linux automounter, always close connection after
endautomntent() to avoid persistent connection
* add nss_connect_policy argument to ldap.conf
245 Luke Howard <[email protected]>
* don't leak LDAP connection if do_bind() failed or
descriptor owner had changed. If do_bind() failed the
underlying descriptor would also be leaked, causing a
large number of sockets to be consumed during failover
* add nss_initgroups_ignoreusers parameter to ldap.conf,
returns NOTFOUND if nss_ldap's initgroups() is called
for users (comma separated)
* try to deal with systems that have headers for both
versions of the SASL library installed
* better logging of failed connections and reconnections
* patch from Dean Michaels <[email protected]>:
build with Netscape 5 library on Solaris
* patch from Ralf Haferkamp <[email protected]>:
manual page fix to bind_policy
244 Luke Howard <[email protected]>
* patch from Ralf Haferkamp <[email protected]>:
enusre bytesleft macro does not return values < 0
* include <sys/param.h> in ldap-nss.c
243 Luke Howard <[email protected]>
* fix for BUG#225: invalid pointer dereferencing when
reading rootpw
242 Luke Howard <[email protected]>
* fixes for compiling on Solaris 10
241 Luke Howard <[email protected]>
* new, more robust reconnection logic
* both "host" and "uri" directives can be used in
ldap.conf
* new (undocumented) nss_reconnect_tries,
nss_reconnect_sleeptime, nss_reconnect_maxsleeptime,
nss_reconnect_maxconntries directives
* reload configuration file if changed
240 Luke Howard <[email protected]>
* new API for resolving automounts (requires custom
autofs plugin for Linux at present):
_nss_ldap_setautomntent(), _nss_ldap_getautomntent(),
_nss_ldap_endautomntent(), _nss_ldap_getautomntbyname_r()
* fix for BUG#200: rename SOCKLEN_T as it conflicts on AIX
* fix for BUG#205: accept line feeds in ldap.conf
* fix for BUG#211: nss_ldap fails to start TLS on referred
connections
* fix for BUG#213: initgroups crash if RFC2307bis undefined
* turn down reconnection logging volume
239 Luke Howard <[email protected]>
* support for initgroups using backlinks (selectable
at runtime if RFC2307bis support is enabled, using
the nss_initgroups backlink configuration directive)
* support for dynamically expanding filter sizes
* from Peter Marschall <[email protected]>:
revert the deletion of blanks/tabs in ldap.conf that
happened between 235 and 238
* from Peter Marschall <[email protected]>:
This patch changes configure.in and Makefile.am so that
ldap.conf gets installed in the place and with the name
that is given to the configure option --with-ldap-conf-file.
In addition to that it fixes a long standing bug in
Makefile.am that tries to install a file before the
destination directory is guaranteed to be created (hunk #3),
and uses $(mkinstalldirs) for AIX (hunk #2).
238 Luke Howard <[email protected]>
* more manual page updates
237 Luke Howard <[email protected]>
* more manual page updates
236 Luke Howard <[email protected]>
* fix for BUG#201: typo in ldap-schema.c causing build
to fail
* add manual page for nss_ldap
235 Luke Howard <[email protected]>
* fix for BUG#198: make pagesize configurable
* fix for BUG#199: correct fix for BUG#138
(blind last char remove in ldap.secret)
234 Luke Howard <[email protected]>
* don't reacquire global lock in do_next_page()
* restore old "bind_policy hard" behaviour (don't try to
reconnect if initialization failed). The behaviour
introduced in nss_ldap-227 can be enabled with
"bind_policy hard_init".
233 Luke Howard <[email protected]>
* if do_open() returns NSS_UNAVAIL, don't try to do
server reconnect; only do it if NSS_TRYAGAIN is returned
This should fix the problems introduced by the fixes in
nss_ldap-227 (delayed binding)
232 Luke Howard <[email protected]>
* fix for BUG#138 (blind last char remove in ldap.secret)
230 Luke Howard <[email protected]>
* don't free gss_krb5_ccache_name() output (Heimdal)
229 Luke Howard <[email protected]>
* more debugging in initgroups and _nss_ldap_getentry()
* fix _nss_ldap_getentry() enumeration behaviour, and
optimize by not searching if the requested attribute
cannot be mapped
228 Luke Howard <[email protected]>
* fix for BUG#188: better documentation for OpenLDAP
SSL options
* fix for BUG#189: do not configure tls_checkpeer
unless it is explicitly specifier in ldap.conf
* fix for BUG#190: set ls_state to LS_UNINITIALIZED
after fork
227 Luke Howard <[email protected]>
* separate initializing LDAP session with actually
connecting to the DSA, so that we don't try to
bind until we actually need to search (which allows
the retry logic in the search function to also apply
to binding). NB: this will only provide improved
behaviour for LDAP client libraries that support
ldap_init() or ldap_initialize() rather than ldap_open
* fix for BUG#183: support pw_change and pw_expire
on BSD
* fix for BUG#187: NSS_BUFLEN_DEFAULT causing problems
on IRS platforms
* fix for glibc 2.1 from Alexander Spannagel
226 Luke Howard <[email protected]>
* make LDAP_NSS_NGROUPS configurable with
--with-ngroups (experts only) option
225 Luke Howard <[email protected]>
* make LDAP_NSS_NGROUPS 64 - better choice for
small directories
224 Luke Howard <[email protected]>
* don't double-free on realloc() failure in
do_parse_group_members()
* don't pass LDAP session as an argument, as
it may refer to a stale LDAP handle. If this
does not work we will need to replace LDAPMessage
pointers with pointers to a structure that
contains a reference-counted LDAP handle as well
as the message
* fix crasher when internal group membership
buffer was reallocated (introduced with nested
group expansion code)
* immediately return NSS_TRYAGAIN and errno=ERANGE
if there is not enough buffer space to handle
LDAP_NSS_NGROUPS groups; this prevents getgrXXX()
from expensive repeated directory searches when
there is a priori knowledge that group memberships
are large
223 Luke Howard <[email protected]>
* allow empty lines in /etc/ldap.conf
* do loop detection in nested groups
* fixes for building with IRS on FreeBSD 4.10
222 Luke Howard <[email protected]>
* fix deadlock in _nss_ldap_getentry()
* support more AIX usersec attributes
* more AIX porting fixes
* support Heimdal as well as MIT Kerberos
221 Luke Howard <[email protected]>
* AIX fix from <[email protected]>
Recall #169033
* support for expansion of nested RFC2307bis groups
* support for searching using range retrieval
* fix memory leak with private contexts
* fix memory leak in do_result()
* implement _nss_ldap_getentry for AIX enumeration
* implement netgroups for IRS/AIX
* remove dependency on Berkeley DB - schema mapping
and RFC2307bis no longer requires DB
* remove old NeXT cruft in resolve.c
220 Luke Howard <[email protected]>
* fix for BUG#169: getntohost() on Solaris
* fix for BUG#170: _nss_ldap_getgroupsbymember_r fails
to return all groups when NSCD is running and
attribute mapping is enabled on Solaris
* fix for BUG#173: reinstate use of sigaction()
(XXX what is the correct fix here?)
* fix for BUG#174: innetgr() depth checking
218 Luke Howard <[email protected]>
* fix for BUG#168: set errnop to ENOENT if not found
* check for -lgssapi before -lgssapi_krb5
217 Luke Howard <[email protected]>
* fix for BUG#167: compilation fails on Solaris
216 Luke Howard <[email protected]>
* patch from Thorsten Kukuk to avoid overwriting
sockaddr storage for IPv6; use struct
sockaddr_storage if available
* fix for BUG#153: use asynchronous search API
in initgroups()
* fix for BUG#157: check for __pthread_once rather
than __pthread_atfork on glibc, as the latter is
no longer exported
* fix for BUG#158: escape netgroup search filters
correctly
* fix for BUG#161: remove redundant lock in
_nss_ldap_innetgr()
* fix for BUG#164: set schema element array size
to LM_NONE + 1 not LM_NONE
* fix for BUG#165: make _nss_ldap_result() private
* fix for BUG#166: chase all nested netgroups in
innetgr()
* fix deadlock if getXXXent() called without first
calling setXXXent()
* only request gidNumber attribute when initgroups()
(avoids sending back rest of a group's entry)
* don't request any attributes when mapping a user
to a DN (we want the DN only)
215 Luke Howard <[email protected]>
* choose between using native GSS-API and putenv()
for setting ccache path
* per-map attribute mapping for attributes that
appear in multiple maps
214 Luke Howard <[email protected]>
* define LDAP_DEPRECATED for compiling against
OpenLDAP 2.2
213 Luke Howard <[email protected]>
* fix netgroup compilation error when debugging is
enabled
* support GSS-API for setting ccache name
* initgroups() should require user to be a POSIX
account
* define LOGNAME_MAX for HP-UX
* do not use sigprocmask() - this blocks rather
than disabling signals
* SASL version check fix from Howard Chu
212 Luke Howard <[email protected]>
* Solaris netgroup support test release
* fix crasher in do_sasl_interact()
* do_sasl_interact() needs to strdup() result for
Cyrus SASL 1.x but not 2.x
* merge in LDAP debug patch from Howard Chu
* try alternate search descriptors on NSS_NOTFOUND
as well as NSS_SUCCESS
211 Luke Howard <[email protected]>
* do AT_OC_MAP cache initialization at config init
* BSD build fixes
* replace [h]errno2nssstat lookup tables with switch
statement; should help building on AIX!
210 Luke Howard <[email protected]>
* initialize DBT structures
* fix SASL crasher
209 Luke Howard <[email protected]>
* fix SASL breakage
208 Luke Howard <[email protected]>
* use socklen_t not int
* remove OpenLDAP SASL code
* incorporated patches from (see below) Geert Jansen
* add the "sasl_secprops" option to configure SASL
security layers (usage as for OpenLDAP ldap.conf)
* add the "krb5_ccname" option to specify the
location of the Kerberos ticket cache
(requires --enable-configurable-krb5-ccname for
now as it is a fairly coarse solution to a lack
of appropriate API in the Kerberos libraries)
* add support for native Active Directory password
policy attributes (enabled if shadowLastChange is
mapped to pwdLastSet)
* add "nss_override_attribute_value" and
"nss_default_attribute_value" keywords for over-
riding and setting default attribute values,
respectively
207 Luke Howard <[email protected]>
* work without LDAP_OPT_X_TLS_RANDOM_FILE
* fix schema mapping regression from nss_ldap-205;
attribute mapping now works again
205 Luke Howard <[email protected]>
* build with Sleepycat DB without db185 compat layer
(tested with 4.x; needs testing on 3.x)
204 Luke Howard <[email protected]>
* Linux netgroup implementation from Larry Lile
* Multiple service search descriptor support from
Symas
* IPv6 patch from Thorsten Kukuk at SuSE
203 Luke Howard <[email protected]>
* fix for BUG#115
* fix for BUG#121
202 Luke Howard <[email protected]>
* getsockname() fixes from Howard Chu
* configuration parser crasher fix
201 Luke Howard <[email protected]>
* Berkeley DB fixes from Howard Chu
* Netscape client library build fix
200 Luke Howard <[email protected]>
* use sigprocmask() if available to block SIGPIPE
* fix build breakage with OpenLDAP HEAD
199 Luke Howard <[email protected]>
* HP-UX port
* BUG#111: incorrect debugging statement in
_nss_ldap_enter()
* export required symbols only on Linux
* corrected symbol names for glibc alias enumeration
functions
* the DNS response parser doesn't stop after parsing the
right number of records, and doesn't handle long responses
(Nalin at RedHat)
198 Luke Howard <[email protected]>
* BUG#108: fix potential buffer overflow in dnsconfig.c
(could be triggered if no flat file configuration
for nss_ldap and large DNS SRV data for domain;
because nss_ldap in SRV mode trusts DNS we do
not believe this to be exploitable to elevate
privilege in the default configuration)
* do not malloc() configuration structure; use
buffer
197 Luke Howard <[email protected]>
* improved AIX documentation from Dejan Muhamedagic
* define LDAP_OPT_SSL for Solaris 9
196 Luke Howard <[email protected]>
* return NSS_TRYAGAIN not NSS_NOTFOUND for insufficient
buffer space in dn2uid_cache_get()
* support automake 1.5 and friends
* out of box build on AIX 4.3.3
* fixed BUG#104: do_ssl_options() return code ignored
195 Luke Howard <[email protected]>
* fixed BUG#98: large groups cause buffer length
wraparound with rfc2307bis
194 Luke Howard <[email protected]>
* bugfix for Debian Bug report #147553: lack of global
mutex use in initgroups()
193 Luke Howard <[email protected]>
* support for PADL GSS-SASL client library
192 Luke Howard <[email protected]>
* more carefully compare cached socket and peer
addresses
191 Luke Howard <[email protected]>
* added configurable [hard|soft] reconnect, see the
bind_policy parameter in ldap.conf.
190 Luke Howard <[email protected]>
* check for Netscape 4 SDK without SSL; don't require
pthreads for these
189 Luke Howard <[email protected]>
* patch for building on OpenLDAP 1.x from Nalin
at RedHat
188 Luke Howard <[email protected]>
* specify runtime path for LDAP library correctly to
native Solaris linker
* check for gcc correctly
* use native linker on Solaris and AIX
187 Luke Howard <[email protected]>
* make bogusSd in ldap-nss.c conditional on
!HAVE_LDAP_LD_FREE
* merge in paged result support from Max Caines
* bugfixes for Debian Bug report #140854
186 Luke Howard <[email protected]>
* incorporated patch for Debian Bug report #140854,
where nss_ldap could in some cases close a
descriptor it did not own. Patch was provided
by Luca Filipozzi.
185 Luke Howard <[email protected]>
* updated copyrights
* fix for BUG#82: set close on exec (Debian bug 136953)
184 Luke Howard <[email protected]>
* return NSS_TRYAGAIN if no buffer space in ldap-grp.c
183 Luke Howard <[email protected]>
* return error strings in AIX authentication routine
* initialise schema in getgroupsbymember()
* fix for tls_checkpeer; pass NULL session in to
set global option
* BUG#77: configurable config file locations
181 Luke Howard <[email protected]>
* ignore SIGPIPE whilst inside nss_ldap library routines
to prevent crashing on down LDAP server; possible fix
for Debian bug 130006
* removed --enable-no-so-keepalive; always try to
disable SO_KEEPALIVE on underlying socket to LDAP
server
* include local copy of irs.h under AIX
* general cleanup of locking code
* _nss_ldap_no_members appears to only need defining for
when RFC2307bis is enabled
180 Luke Howard <[email protected]>
* pull in libpthreads on AIX
179 Luke Howard <[email protected]>
* a couple more patches for AIX
178 Luke Howard <[email protected]>
* patch from Gabor Gombas for AIX support
* Makefile.am: sasl.o needed by NSS_LDAP
* aix_authmeth.c: method_passwordexpired is
really method_passwdexpired; but since the struct
was bzero()ed no need to set it to NULL
* configure.in: support both gcc and xlc_r
* exports.aix: sv_byport was not exported
* ldap-grp.c: getgrset() returned group names instead of
gid numbers
177 Luke Howard <[email protected]>
* patch for building on AIX from IBM
* added simple authentication support for AIX
* cleaned up SASL patch to not break if Cyrus
SASL is not installed
176 Luke Howard <[email protected]>
* fixed bug in SASL patch which had required
OpenLDAP headers
175 Luke Howard <[email protected]>
* incorporated GSS-API SASL patches
* rebind to server on LDAP_LOCAL_ERROR
174 Luke Howard <[email protected]>
* added patches from Maxim Batourine for compiling
with Sun workshop compiler
* added notes re: 64-bit compile on Solaris from
above source
173 Luke Howard <[email protected]>
* notes on IRS in doc/README.IRS
* added irs.h for AIX compat
* patch from Bob Guo for stripping trailing
spaces in ldap.conf.
172 Luke Howard <[email protected]>
* fixed schema mapping bug by storing a copy of the
mapped schema in the Berkeley DB rather than the
element itself. Because the DB library returns
static storage, this was causing problems where
the schema mapping calls were used to build the
attribute table in ldap-schema.c. This bugfix was
sponsored by n2h2.com; thanks!
171 Luke Howard <[email protected]>
* added ldap.conf stanza for AIX
* workaround for schema mapping bug.
170 Luke Howard <[email protected]>
* use _nss_ldap_getrdnvalue() for determining canonical
group name
169 Luke Howard <[email protected]>
* fixed typo in ldap-service.c; prefix filters now
with _nss_ldap
168 Luke Howard <[email protected]>
* initialize old_handler to SIG_DFL
* incorporate Stephan Cremer's mapping patches,
a big thanks to Stephan for these!
* use LDAP_OPT_NETWORK_TIMEOUT if available for
network connect timeout
* removed hard-coded schema mapping for
authPassword, NDS and MSSFU
167 Luke Howard <[email protected]>
* support for new OpenLDAP rebind proc prototype
* in rebind function, respect timeout
* fix for PADL Release Control
166 Luke Howard <[email protected]>
* corrected small typos
165 Luke Howard <[email protected]>
* posixMember is a distinguished name, don't pretend it
is a login name
* cleaned up code referencing different member syntaxes
164 Luke Howard <[email protected]>
* removed IDS_UID code, never worked properly
163 Luke Howard <[email protected]>
* removed context_free function, usage confusing
162 Luke Howard <[email protected]>
* in reconnect harness, do not treat entry not found
errors as requiring a reconnect
161 Luke Howard <[email protected]>
* hopefully fixed use of synchronous searches in
_nss_ldap_getbyname()
160 Luke Howard <[email protected]>
* patch from RedHat to check for DB3, override
install user/group optionally
* use synchoronous searches for _nss_ldap_getbyname()
* only set SSL options if we have values for those
options
159 Luke Howard <[email protected]>
* make do_ssl_options() take a config parameter;
avoid segfault with SSL?
158 Luke Howard <[email protected]>
* in the distinguished name to login cache (dn2uid)
make sure we use the AT(uid) macro for the uid
attribute rather than the hard-coded value of "uid"
This should enable the cache for MSSFU support.
157 Luke Howard <[email protected]>
* for MSSFU, use posixMember for group memberships
rather than member (reported by Andy Rechenberg)
* ignore SIGPIPE before calling do_close() for
idle_timeout
156 Luke Howard <[email protected]>
* logic was around the wrong way in do_search(),
all searches were broken!
* --disable-ssl option for configure
* removed "Obsoletes: pam_ldap" from spec file
155 Luke Howard <[email protected]>
* do not use private API when setting OpenLDAP TLS
options (do_ssl_options())
154 Luke Howard <[email protected]>
* notes from Scott M. Stone <[email protected]>
* idle timeout patch from Steve Barrus
153 Luke Howard <[email protected]>
* SSL fix
152 Luke Howard <[email protected]>
* further patch from Jarkko for TLS/SSL auth:
support for LDAPS/cipher suite selection/
client key/cert authentication
151 Luke Howard <[email protected]>
* patch from Andrew Rechenberg for Active
Directory schema support
* patch from Jarkko Turkulainen <[email protected]> for
peer certificate support with OpenLDAP
150 Luke Howard <[email protected]>
* patch from Anselm Kruis for URI support
149 Luke Howard <[email protected]>
* fixed compile on Solaris, broken in 145 by
malformed Linux patch
148 Luke Howard <[email protected]>
* check for HAVE_LDAP_SET_OPTION always
147 Luke Howard <[email protected]>
* check for ldap_set_option(), as LDAP_OPT_REFERRALS
is defined for OpenLDAP 1.x but without the
ldap_set_option() function
146 Luke Howard <[email protected]>
* mass reindentation, GNU style
* patch from Simon Wilkinson <[email protected]>
for compatibility with old initgroups entry
point
* request authPassword attribute if
--enable-authpassword
* authPassword support in ldap-spwd.c (shadow)
145 Luke Howard <[email protected]>
* preliminary support for authPassword attribute
* updated COPYING
* patch from Szymon Juraszczyk to suppot
_nss_ldap_initgroups_dyn prototype
144 Luke Howard <[email protected]>
* when specifying filters with nss_base_XXX,
only escape the filter argument not the entire
filter
143 Luke Howard <[email protected]>
* patch from [email protected] to avoid
corrupting the heap when the configuration
file exists but has no host and base values.
_nss_ldap_readconfigfromdns() will write to
the region which was already freed.
142 Luke Howard <[email protected]>
* patch from Simon Wilkinson <[email protected]>
for memory leak in ldap-service.c
141 Luke Howard <[email protected]>
* fix for BUG#54 (AIX detection broken)
* use -rpath on all platforms except Solaris,
not just Linux
140 Luke Howard <[email protected]>
* fix configure bug for DISABLE_SO_KEEPALIVE
* fix alignment bug in util.c; this was causing
Solaris to crash whenever per-map search
descriptors were specified in ldap.conf
139 Luke Howard <[email protected]>
* updated INSTALL file with boilerplate
* fixed pointer error in ldap-nss.c
138 Luke Howard <[email protected]>
* close config file FILE * if out of buffer space
for parsing search descriptor
* fixed bug where non-recognized directives in
ldap.conf would cause the configuration file to
not be parsed at all, if they were the last
entries in the config file.
137.1 Luke Howard <[email protected]>
* patch from [email protected]; return { NULL } not
NULL for no group members
* cleaned up usage of libc-lock.h weak aliases
to pthreads API; use in ltf.c also
* use __libc_atfork() or pthread_atfork() to
close off connection on fork, rather than
checking PIDs; this is expensive and breaks
on Linux where each thread may have a
different PID.
137 Gabor Gombas <[email protected]>
* build nss_ldap as a loadable module on AIX
* doco on AIX
136 Luke Howard <[email protected]>
* define -DPIC for FreeBSD
* link with -shared not --shared
* fixes for AIX
135 Luke Howard <[email protected]>
* merged ldap.conf
* fixed bug in concatenating relative search
bases in ldap-nss.c (profile support)
134 Luke Howard <[email protected]>
* fixed Makefile.am
* reordered DB search order in util.c
133 Luke Howard <[email protected]>
* make /usr/lib directory in Makefile.am
* new spec file from Joe Little
132 Luke Howard <[email protected]>
* fixed rebind preprocessor logic
131 Luke Howard <[email protected]>