Commit Graph

133 Commits

Author SHA1 Message Date
Stephen Gallagher
da2a04f651 - Ensure that SSSD builds against libldb-1.0.0 on F15 and later
- Remove .la for memberOf
2011-02-11 11:41:33 -05:00
Stephen Gallagher
0ad47aae65 - Fix memberOf install path 2011-02-11 11:22:33 -05:00
Stephen Gallagher
e8ab291d89 - Add support for libldb 1.0.0 2011-02-11 09:36:41 -05:00
Dennis Gilmore
8923e26c46 - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild 2011-02-09 10:00:19 -06:00
Stephen Gallagher
d12cd5dd26 - Fix nested group member filter sanitization for RFC2307bis
- Put translated tool manpages into the sssd-tools subpackage
2011-02-01 09:20:57 -05:00
Stephen Gallagher
749bf2d662 Bump release number 2011-01-27 14:40:33 -05:00
Stephen Gallagher
7e3a2cd879 - Restore Requires: cyrus-sasl-gssapi as it is not auto-detected during
- rpmbuild
2011-01-27 14:38:13 -05:00
Stephen Gallagher
f151b0669b - New upstream release 1.5.1
- Addresses CVE-2010-4341 - DoS in sssd PAM responder can prevent logins
- Vast performance improvements when enumerate = true
- All PAM actions will now perform a forced initgroups lookup instead of just
- a user information lookup
-   This guarantees that all group information is available to other
-   providers, such as the simple provider.
- For backwards-compatibility, DNS lookups will also fall back to trying the
- SSSD domain name as a DNS discovery domain.
- Support for more password expiration policies in LDAP
-    389 Directory Server
-    FreeIPA
-    ActiveDirectory
- Support for ldap_tls_{cert,key,cipher_suite} config options
-Assorted bugfixes
2011-01-27 13:50:21 -05:00
Stephen Gallagher
3a15e92ce7 - CVE-2010-4341 - DoS in sssd PAM responder can prevent logins 2011-01-11 12:32:39 -05:00
Stephen Gallagher
5225c3262b - New upstream release 1.5.0
- Fixed issues with LDAP search filters that needed to be escaped
- Add Kerberos FAST support on platforms that support it
- Reduced verbosity of PAM_TEXT_INFO messages for cached credentials
- Added a Kerberos access provider to honor .k5login
- Addressed several thread-safety issues in the sss_client code
- Improved support for delayed online Kerberos auth
- Significantly reduced time between connecting to the network/VPN and
- acquiring a TGT
- Added feature for automatic Kerberos ticket renewal
- Provides the kerberos ticket for long-lived processes or cron jobs
- even when the user logs out
- Added several new features to the LDAP access provider
- Support for 'shadow' access control
- Support for authorizedService access control
- Ability to mix-and-match LDAP access control features
- Added an option for a separate password-change LDAP server for those
- platforms where LDAP referrals are not supported
- Added support for manpage translations
2010-12-22 14:08:33 -05:00
Stephen Gallagher
9600ada0fd Fix release number 2010-11-18 08:44:23 -05:00
Stephen Gallagher
069ad4076b - Solve a shutdown race-condition that sometimes left processes running
- Resolves: rhbz#606887 - SSSD stops on upgrade
2010-11-18 08:41:39 -05:00
Stephen Gallagher
4e1de07cd8 - Log startup errors to the syslog
- Allow cache cleanup to be disabled in sssd.conf
2010-11-16 12:48:57 -05:00
Stephen Gallagher
9d5bcde0eb - New upstream release 1.4.1
- Add support for netgroups to the proxy provider
- Fixes a minor bug with UIDs/GIDs >= 2^31
- Fixes a segfault in the kerberos provider
- Fixes a segfault in the NSS responder if a data provider crashes
- Correctly use sdap_netgroup_search_base
2010-11-01 09:02:47 -04:00
Stephen Gallagher
75efc48618 Fix incorrect tarball URL 2010-10-18 16:06:09 -04:00
Stephen Gallagher
d8a8ec9a9a Fix tarball URL 2010-10-18 16:04:39 -04:00
Stephen Gallagher
4926f3ae3a Merge branch 'master' into f14 2010-10-18 15:37:53 -04:00
Stephen Gallagher
e439c0b36c Uploading SSSD 1.4.0 tarball 2010-10-18 14:50:39 -04:00
Stephen Gallagher
9b0ef1cecd - New upstream release 1.4.0
- Added support for netgroups to the LDAP provider
- Performance improvements made to group processing of RFC2307 LDAP servers
- Fixed nested group issues with RFC2307bis LDAP servers without a memberOf plugin
- Build-system improvements to support Gentoo
- Split out several libraries into the ding-libs tarball
- Manpage reviewed and updated
2010-10-18 14:44:48 -04:00
Stephen Gallagher
d856e9b109 Merge branch 'master' into f14 2010-10-04 09:48:41 -04:00
Stephen Gallagher
2d631b340a - Fix pre and post script requirements 2010-10-04 09:47:22 -04:00
Stephen Gallagher
c0762ac0e0 Merge branch 'master' into f14 2010-10-04 09:27:12 -04:00
Stephen Gallagher
3f786445f0 - Resolves: rhbz#606887 - sssd stops on upgrade 2010-10-04 09:23:20 -04:00
Stephen Gallagher
8cdc9d4fbc - Resolves: rhbz#626205 - Unable to unlock screen 2010-10-04 09:14:17 -04:00
Stephen Gallagher
c7ce53cc09 - Resolves: rhbz#637955 - libini_config-devel needs libcollection-devel but
-                         doesn't require it
2010-09-28 08:07:15 -04:00
Stephen Gallagher
c99e02ae14 Bump release number and fix changelog message 2010-09-28 07:55:09 -04:00
Stephen Gallagher
d19c240979 - Resolves: 637955 - libini_config-devel needs libcollection-devel but
-                    doesn't require it
2010-09-28 07:49:22 -04:00
Stephen Gallagher
6931ca88fa - Resolves: rhbz#632615 - the krb5 locator plugin isn't packaged for multilib 2010-09-16 09:34:47 -04:00
Stephen Gallagher
cfa7be9344 - Resolves: rhbz#632615 - the krb5 locator plugin isn't packaged for multilib 2010-09-16 09:32:53 -04:00
Stephen Gallagher
8c665d0af5 Resolves: CVE-2010-2940 2010-08-24 12:10:04 -04:00
Fedora Release Engineering
22218bb857 dist-git conversion 2010-07-29 13:10:57 +00:00
dmalcolm
eb2fc3c856 - Rebuilt for
https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild
2010-07-22 06:37:10 +00:00
Stephen Gallagher
bd215c451c - New upstream version 1.2.91 (1.3.0rc1)
- Improved LDAP failover
- Synchronous sysdb API (provides performance enhancements)
- Better online reconnection detection
2010-07-09 18:52:22 +00:00
Stephen Gallagher
d41b28e7ec - New stable upstream version 1.2.1
- Resolves: rhbz#595529 - spec file should eschew %define in favor of
- %global
- Resolves: rhbz#593644 - Empty list of simple_allow_users causes sssd
    service
- to fail while restart.
- Resolves: rhbz#599026 - Makefile typo causes SSSD not to use the kernel
- keyring
- Resolves: rhbz#599724 - sssd is broken on Rawhide
2010-06-21 11:37:06 +00:00
Stephen Gallagher
d5f2e4a868 - New stable upstream version 1.2.0
- Support ServiceGroups for FreeIPA v2 HBAC rules
- Fix long-standing issue with auth_provider = proxy
- Better logging for TLS issues in LDAP
2010-05-24 19:19:33 +00:00
Stephen Gallagher
439d34ed5c - New LDAP access provider allows for filtering user access by LDAP
attribute
- Reduced default timeout for detecting offline status with LDAP
- GSSAPI ticket lifetime made configurable
- Better offline->online transition support in Kerberos
2010-05-18 18:02:30 +00:00
Stephen Gallagher
6a6c9eb9a8 - Release new upstream version 1.1.91
- Enhancements when using SSSD with FreeIPA v2
- Support for deferred kinit
- Support for DNS SRV records for failover
2010-05-07 21:36:48 +00:00
Simo Sorce
e5b19bf276 - Bump up release number to avoid library sub-packages version issues with
previous releases.
2010-04-02 15:48:31 +00:00
Stephen Gallagher
db77daa344 - New upstream release 1.1.1
- Fixed the IPA provider (which was segfaulting at start)
- Fixed a bug in the SSSDConfig API causing some options to revert to
- their defaults
- This impacted the Authconfig UI
- Ensure that SASL binds to LDAP auto-retry when interrupted by a signal
2010-04-01 15:19:19 +00:00
Stephen Gallagher
58c745dac6 - Release SSSD 1.1.0 final
- Fix two potential segfaults
- Fix memory leak in monitor
- Better error message for unusable confdb
2010-03-22 19:54:48 +00:00
Stephen Gallagher
026e8e0f23 - Release candidate for SSSD 1.1
- Add simple access provider
- Create subpackages for libcollection, libini_config, libdhash and
    librefarray
- Support IPv6
- Support LDAP referrals
- Fix cache issues
- Better feedback from PAM when offline
2010-03-17 16:53:01 +00:00
Stephen Gallagher
7362f8c6bd - Rebuild against new libtevent 2010-02-24 20:44:32 +00:00
Stephen Gallagher
94dadd289a - Fix licenses in sources and on RPMs 2010-02-19 15:39:59 +00:00
Stephen Gallagher
48e4ae867d - Fix regression on 64-bit platforms 2010-01-25 18:52:14 +00:00
Stephen Gallagher
2600cc3d21 - Fixes link error on platforms that do not do implicit linking
- Fixes double-free segfault in PAM
- Fixes double-free error in async resolver
- Fixes support for TCP-based DNS lookups in async resolver
- Fixes memory alignment issues on ARM processors
- Manpage fixes
2010-01-22 15:15:20 +00:00
Stephen Gallagher
23f12b722f - Fixes a bug in the failover code that prevented the SSSD from detecting
when it went back online
- Fixes a bug causing long (sometimes multiple-minute) waits for NSS
    requests
- Several segfault bugfixes
2010-01-14 17:03:05 +00:00
Stephen Gallagher
2de26e9e6f Updating to SSSD 1.0.1
Fixes: CVE-2010-0014
2010-01-11 14:23:23 +00:00
Stephen Gallagher
d9fd9eee1e Fix https://bugzilla.redhat.com/show_bug.cgi?id=549482 2009-12-21 20:39:34 +00:00
Stephen Gallagher
f5d8b9bca4 == Highlights ==
One serious security issue was resolved related to the kerberos provider.
Users who authenticate against Kerberos and have cached credentials could
    log in with a zero-length password
The network exposure of this bug was limited, as users logged in this way
    would not have valid network credentials (by lucky accident).
This issue was present only in the 0.99.x preview releases and not in any
    of the stable releases (0.7.1 and earlier)
Stability fixes since the 0.99.1 preview release
Added or updated several translations
Fixed long-standing "I have no name!" issue with X-based terminals
SSSD now passes "make distcheck" cleanly
SSSD PAM now conforms better to standards regarding PAM_PRELIM_CHECK
== Detailed Changelog == Göran Uddeborg (2):
Update SV translation
Update SV translation
Marina Latini (1):
Update IT translation
Martin Nagy (2):
Don't consider one address with different port numbers as the same
Change the first server pick logic
Sergei V. Kovylov (1):
sssd.spec for SLES
Simo Sorce (2):
Fix upgrade bug #323
Fix ldap child memory hierarchy and other issues
Stephen Gallagher (14):
Properly close STDERR when daemonizing
Fix tight loop in monitor
Don't set explicit default for "timeout" in domains
Fix warning in server.c
Raise DEBUG level of sdap_get_generic_done()
Change default for enumeration to TRUE
Fix tight-loop in monitor part 2
Properly handle EINTR from poll()
Updating ES translation
Add DEBUG messages to getpwnam_callback and getpwuid_callback
Clarify access_provider manpage entry
Do not blindly accept zero-length passwords
Fix broken password changes for local users
Release SSSD 1.0
Sumit Bose (9):
Use sys.exit instead of exit
Check for minimal version of check
Build python modules in builddir
Use --with-ldb-lib-dir while running make distcheck
Cleanup db files after test run
disable password migration code
Handle chauthtok with PAM_PRELIM_CHECK separately
Do not overwrite valid TGTs when offline
Fix for #345
2009-12-18 23:53:16 +00:00
Stephen Gallagher
336aac3e2c David O'Brien (1):
Copy-edit sssd-ipa man page
Dmitri Pal (5):
COMMON Improvements to the trace macro
COLLECTION Create reference to the top level collection
Cleaning FIXME comments
Cleaning FIXME comments.
INI Correcting build warnings.
Fabian Affolter (1):
Add German translation
Göran Uddeborg (2):
Add Swedish translation for sss_client
Add Swedish translation for SSSD server
Jakub Hrozek (13):
Warn visibly about permission problems with the config file
Better error message when there is no local domain configured
Setup ldap child logging from IPA backend
Check the services started against a list of known services
Handle spaces in config parser
Fail on nonexistent input file
Do not start with provider=files
Reduce code duplication between LDAP child and Kerberos child
Change ares usage to be c-ares 1.7.0 compatible
Import ares 1.7.0 helpers
Don't build the SRV and TXT parsing code except for tests
Document the failover feature in manpages
Consolidate code for splitting strings by separator
Martin Nagy (3):
Fix egg-info file generation in the spec file
Add some debugging statements to fail_over and resolver
Correctly restart server status after the timeout
Simo Sorce (17):
Fix tabs
Fix memberof plugin
Compute and save memberuid in cache as well
Use memberuid and not member in group enumerations
Use the custom password field in groups too.
Resolve nested groups also when rfc2307bis is used
Make strdn build functions more available
Fix nested group memberships
Allow nesting to fix #310
Fix bug #311, properly set callback attribute
Change dhash API to be talloc-friendly
Add private pointer for delete callback
Add comments to document latest changes
Add rebuild task to memberof plugin
Handle the special 02 upgrade case for 04->05
Fix for #316
Fix for #322, update from old database versions.
Stephen Gallagher (28):
Remove ELAPI from build and tarball
Stop configuring ELAPI
Make debug log timestamps human-readable
Raise debug log level for LDB_DEBUG_WARNING
Add allocation error check
Avoid returning uninitialized result.
Fix potential uninitialized value errors in nsssrv_cmd.c
Fix potential uninitialized value error in responder_dp.c
SSSDDomain.remove_provider() requires only the provider type
Make SSSDDomain.remove_provider() remove configured options
Run dhash tests
Add SSSDDomain.set_name() function to SSSDConfig API
Reduce the verbosity of the SSSDConfigTest
Fix broken SSSDChangeConf.set() function
Fix SSSDConfig API bugs around [de-]activation of domains
Fix RPM spec for RHEL6
fix deactivate_domain()
SSSDConfig.get_domain() should properly detect active state
Ensure that list_active_domains returns the real value
Properly deny id_provider=files
Add missing options to sssd-ipa configuraion
Add missing SSSDConfig file for IPA for make install
Fix processing of Boolean values in SSSDConfig
Add 'permit' and 'deny' access providers to SSSDConfig API
Remove default for ldap_use_start_tls in IPA providers
Run SSSDConfig tests during 'make check'
Fix stupid copy-paste error
Updating to version 0.99.1
Sumit Bose (13):
Do not include libsss_ipa.la in rpm package
Immediately return a krb5 change password request when offline
Check LDAP structure before calling ldap_unbind_ext()
Add sysdb_search_custom request
Do not treat missing proc files as errors.
Add basic OS detection
Make packaging of *.egg-info files more flexible
Try to renew Kerberos credentials
Add checks to test the memberuid handling
Add offline support for ipa_access
Add dummy credentials to an empty ccache file
Always update sysdb to the latest version
Fix DEBUG message for sysdb_init
beckerde (1):
Add Spanish translation
ruigo (1):
Add Portuguese translation
2009-12-11 14:16:51 +00:00