Commit Graph

284 Commits

Author SHA1 Message Date
Stephen Gallagher
7a33e7710b - Resolves: rhbz#677768 - name service caches names, so id command shows
-                         recently deleted users
2011-02-21 15:42:00 -05:00
Stephen Gallagher
da2a04f651 - Ensure that SSSD builds against libldb-1.0.0 on F15 and later
- Remove .la for memberOf
2011-02-11 11:41:33 -05:00
Stephen Gallagher
0ad47aae65 - Fix memberOf install path 2011-02-11 11:22:33 -05:00
Stephen Gallagher
e8ab291d89 - Add support for libldb 1.0.0 2011-02-11 09:36:41 -05:00
Dennis Gilmore
8923e26c46 - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild 2011-02-09 10:00:19 -06:00
Stephen Gallagher
d12cd5dd26 - Fix nested group member filter sanitization for RFC2307bis
- Put translated tool manpages into the sssd-tools subpackage
2011-02-01 09:20:57 -05:00
Stephen Gallagher
749bf2d662 Bump release number 2011-01-27 14:40:33 -05:00
Stephen Gallagher
7e3a2cd879 - Restore Requires: cyrus-sasl-gssapi as it is not auto-detected during
- rpmbuild
2011-01-27 14:38:13 -05:00
Stephen Gallagher
f151b0669b - New upstream release 1.5.1
- Addresses CVE-2010-4341 - DoS in sssd PAM responder can prevent logins
- Vast performance improvements when enumerate = true
- All PAM actions will now perform a forced initgroups lookup instead of just
- a user information lookup
-   This guarantees that all group information is available to other
-   providers, such as the simple provider.
- For backwards-compatibility, DNS lookups will also fall back to trying the
- SSSD domain name as a DNS discovery domain.
- Support for more password expiration policies in LDAP
-    389 Directory Server
-    FreeIPA
-    ActiveDirectory
- Support for ldap_tls_{cert,key,cipher_suite} config options
-Assorted bugfixes
2011-01-27 13:50:21 -05:00
Stephen Gallagher
3a15e92ce7 - CVE-2010-4341 - DoS in sssd PAM responder can prevent logins 2011-01-11 12:32:39 -05:00
Stephen Gallagher
5225c3262b - New upstream release 1.5.0
- Fixed issues with LDAP search filters that needed to be escaped
- Add Kerberos FAST support on platforms that support it
- Reduced verbosity of PAM_TEXT_INFO messages for cached credentials
- Added a Kerberos access provider to honor .k5login
- Addressed several thread-safety issues in the sss_client code
- Improved support for delayed online Kerberos auth
- Significantly reduced time between connecting to the network/VPN and
- acquiring a TGT
- Added feature for automatic Kerberos ticket renewal
- Provides the kerberos ticket for long-lived processes or cron jobs
- even when the user logs out
- Added several new features to the LDAP access provider
- Support for 'shadow' access control
- Support for authorizedService access control
- Ability to mix-and-match LDAP access control features
- Added an option for a separate password-change LDAP server for those
- platforms where LDAP referrals are not supported
- Added support for manpage translations
2010-12-22 14:08:33 -05:00
Stephen Gallagher
9600ada0fd Fix release number 2010-11-18 08:44:23 -05:00
Stephen Gallagher
069ad4076b - Solve a shutdown race-condition that sometimes left processes running
- Resolves: rhbz#606887 - SSSD stops on upgrade
2010-11-18 08:41:39 -05:00
Stephen Gallagher
4e1de07cd8 - Log startup errors to the syslog
- Allow cache cleanup to be disabled in sssd.conf
2010-11-16 12:48:57 -05:00
Stephen Gallagher
9d5bcde0eb - New upstream release 1.4.1
- Add support for netgroups to the proxy provider
- Fixes a minor bug with UIDs/GIDs >= 2^31
- Fixes a segfault in the kerberos provider
- Fixes a segfault in the NSS responder if a data provider crashes
- Correctly use sdap_netgroup_search_base
2010-11-01 09:02:47 -04:00
Stephen Gallagher
75efc48618 Fix incorrect tarball URL 2010-10-18 16:06:09 -04:00
Stephen Gallagher
d8a8ec9a9a Fix tarball URL 2010-10-18 16:04:39 -04:00
Stephen Gallagher
4926f3ae3a Merge branch 'master' into f14 2010-10-18 15:37:53 -04:00
Stephen Gallagher
e439c0b36c Uploading SSSD 1.4.0 tarball 2010-10-18 14:50:39 -04:00
Stephen Gallagher
9b0ef1cecd - New upstream release 1.4.0
- Added support for netgroups to the LDAP provider
- Performance improvements made to group processing of RFC2307 LDAP servers
- Fixed nested group issues with RFC2307bis LDAP servers without a memberOf plugin
- Build-system improvements to support Gentoo
- Split out several libraries into the ding-libs tarball
- Manpage reviewed and updated
2010-10-18 14:44:48 -04:00
Stephen Gallagher
d856e9b109 Merge branch 'master' into f14 2010-10-04 09:48:41 -04:00
Stephen Gallagher
2d631b340a - Fix pre and post script requirements 2010-10-04 09:47:22 -04:00
Stephen Gallagher
c0762ac0e0 Merge branch 'master' into f14 2010-10-04 09:27:12 -04:00
Stephen Gallagher
3f786445f0 - Resolves: rhbz#606887 - sssd stops on upgrade 2010-10-04 09:23:20 -04:00
Stephen Gallagher
8cdc9d4fbc - Resolves: rhbz#626205 - Unable to unlock screen 2010-10-04 09:14:17 -04:00
Stephen Gallagher
c7ce53cc09 - Resolves: rhbz#637955 - libini_config-devel needs libcollection-devel but
-                         doesn't require it
2010-09-28 08:07:15 -04:00
Stephen Gallagher
c99e02ae14 Bump release number and fix changelog message 2010-09-28 07:55:09 -04:00
Stephen Gallagher
d19c240979 - Resolves: 637955 - libini_config-devel needs libcollection-devel but
-                    doesn't require it
2010-09-28 07:49:22 -04:00
Stephen Gallagher
6931ca88fa - Resolves: rhbz#632615 - the krb5 locator plugin isn't packaged for multilib 2010-09-16 09:34:47 -04:00
Stephen Gallagher
cfa7be9344 - Resolves: rhbz#632615 - the krb5 locator plugin isn't packaged for multilib 2010-09-16 09:32:53 -04:00
Stephen Gallagher
8c665d0af5 Resolves: CVE-2010-2940 2010-08-24 12:10:04 -04:00
Fedora Release Engineering
22218bb857 dist-git conversion 2010-07-29 13:10:57 +00:00
dmalcolm
eb2fc3c856 - Rebuilt for
https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild
2010-07-22 06:37:10 +00:00
Stephen Gallagher
bd215c451c - New upstream version 1.2.91 (1.3.0rc1)
- Improved LDAP failover
- Synchronous sysdb API (provides performance enhancements)
- Better online reconnection detection
2010-07-09 18:52:22 +00:00
Stephen Gallagher
d41b28e7ec - New stable upstream version 1.2.1
- Resolves: rhbz#595529 - spec file should eschew %define in favor of
- %global
- Resolves: rhbz#593644 - Empty list of simple_allow_users causes sssd
    service
- to fail while restart.
- Resolves: rhbz#599026 - Makefile typo causes SSSD not to use the kernel
- keyring
- Resolves: rhbz#599724 - sssd is broken on Rawhide
2010-06-21 11:37:06 +00:00
Stephen Gallagher
d5f2e4a868 - New stable upstream version 1.2.0
- Support ServiceGroups for FreeIPA v2 HBAC rules
- Fix long-standing issue with auth_provider = proxy
- Better logging for TLS issues in LDAP
2010-05-24 19:19:33 +00:00
Stephen Gallagher
439d34ed5c - New LDAP access provider allows for filtering user access by LDAP
attribute
- Reduced default timeout for detecting offline status with LDAP
- GSSAPI ticket lifetime made configurable
- Better offline->online transition support in Kerberos
2010-05-18 18:02:30 +00:00
Stephen Gallagher
6a6c9eb9a8 - Release new upstream version 1.1.91
- Enhancements when using SSSD with FreeIPA v2
- Support for deferred kinit
- Support for DNS SRV records for failover
2010-05-07 21:36:48 +00:00
Simo Sorce
e5b19bf276 - Bump up release number to avoid library sub-packages version issues with
previous releases.
2010-04-02 15:48:31 +00:00
Stephen Gallagher
db77daa344 - New upstream release 1.1.1
- Fixed the IPA provider (which was segfaulting at start)
- Fixed a bug in the SSSDConfig API causing some options to revert to
- their defaults
- This impacted the Authconfig UI
- Ensure that SASL binds to LDAP auto-retry when interrupted by a signal
2010-04-01 15:19:19 +00:00
Stephen Gallagher
58c745dac6 - Release SSSD 1.1.0 final
- Fix two potential segfaults
- Fix memory leak in monitor
- Better error message for unusable confdb
2010-03-22 19:54:48 +00:00
Stephen Gallagher
026e8e0f23 - Release candidate for SSSD 1.1
- Add simple access provider
- Create subpackages for libcollection, libini_config, libdhash and
    librefarray
- Support IPv6
- Support LDAP referrals
- Fix cache issues
- Better feedback from PAM when offline
2010-03-17 16:53:01 +00:00
Stephen Gallagher
7362f8c6bd - Rebuild against new libtevent 2010-02-24 20:44:32 +00:00
Stephen Gallagher
94dadd289a - Fix licenses in sources and on RPMs 2010-02-19 15:39:59 +00:00
Stephen Gallagher
48e4ae867d - Fix regression on 64-bit platforms 2010-01-25 18:52:14 +00:00
Stephen Gallagher
2600cc3d21 - Fixes link error on platforms that do not do implicit linking
- Fixes double-free segfault in PAM
- Fixes double-free error in async resolver
- Fixes support for TCP-based DNS lookups in async resolver
- Fixes memory alignment issues on ARM processors
- Manpage fixes
2010-01-22 15:15:20 +00:00
Stephen Gallagher
23f12b722f - Fixes a bug in the failover code that prevented the SSSD from detecting
when it went back online
- Fixes a bug causing long (sometimes multiple-minute) waits for NSS
    requests
- Several segfault bugfixes
2010-01-14 17:03:05 +00:00
Stephen Gallagher
2de26e9e6f Updating to SSSD 1.0.1
Fixes: CVE-2010-0014
2010-01-11 14:23:23 +00:00
Stephen Gallagher
d9fd9eee1e Fix https://bugzilla.redhat.com/show_bug.cgi?id=549482 2009-12-21 20:39:34 +00:00
Stephen Gallagher
f5d8b9bca4 == Highlights ==
One serious security issue was resolved related to the kerberos provider.
Users who authenticate against Kerberos and have cached credentials could
    log in with a zero-length password
The network exposure of this bug was limited, as users logged in this way
    would not have valid network credentials (by lucky accident).
This issue was present only in the 0.99.x preview releases and not in any
    of the stable releases (0.7.1 and earlier)
Stability fixes since the 0.99.1 preview release
Added or updated several translations
Fixed long-standing "I have no name!" issue with X-based terminals
SSSD now passes "make distcheck" cleanly
SSSD PAM now conforms better to standards regarding PAM_PRELIM_CHECK
== Detailed Changelog == Göran Uddeborg (2):
Update SV translation
Update SV translation
Marina Latini (1):
Update IT translation
Martin Nagy (2):
Don't consider one address with different port numbers as the same
Change the first server pick logic
Sergei V. Kovylov (1):
sssd.spec for SLES
Simo Sorce (2):
Fix upgrade bug #323
Fix ldap child memory hierarchy and other issues
Stephen Gallagher (14):
Properly close STDERR when daemonizing
Fix tight loop in monitor
Don't set explicit default for "timeout" in domains
Fix warning in server.c
Raise DEBUG level of sdap_get_generic_done()
Change default for enumeration to TRUE
Fix tight-loop in monitor part 2
Properly handle EINTR from poll()
Updating ES translation
Add DEBUG messages to getpwnam_callback and getpwuid_callback
Clarify access_provider manpage entry
Do not blindly accept zero-length passwords
Fix broken password changes for local users
Release SSSD 1.0
Sumit Bose (9):
Use sys.exit instead of exit
Check for minimal version of check
Build python modules in builddir
Use --with-ldb-lib-dir while running make distcheck
Cleanup db files after test run
disable password migration code
Handle chauthtok with PAM_PRELIM_CHECK separately
Do not overwrite valid TGTs when offline
Fix for #345
2009-12-18 23:53:16 +00:00