
18 changed files with 1348 additions and 0 deletions
@ -0,0 +1,86 @@
@@ -0,0 +1,86 @@
|
||||
#!/bin/sh |
||||
# |
||||
# chkconfig: - 12 88 |
||||
# description: Provides naming services using a directory server. |
||||
# processname: /usr/sbin/nslcd |
||||
# config: /etc/nslcd.conf |
||||
# pidfile: /var/run/nslcd/nslcd.pid |
||||
# |
||||
|
||||
### BEGIN INIT INFO |
||||
# Provides: nslcd |
||||
# Required-Start: $network |
||||
# Required-Stop: |
||||
# Default-Start: |
||||
# Default-Stop: |
||||
# Short-Description: naming services LDAP client daemon |
||||
# Description: Provides naming services using a directory server. |
||||
### END INIT INFO |
||||
|
||||
program=/usr/sbin/nslcd |
||||
prog=${program##*/} |
||||
pidfile=/var/run/nslcd/nslcd.pid |
||||
|
||||
if [ -f /etc/rc.d/init.d/functions ]; then |
||||
. /etc/rc.d/init.d/functions |
||||
fi |
||||
|
||||
RETVAL=0 |
||||
|
||||
start() { |
||||
echo -n $"Starting $prog: " |
||||
daemon $program |
||||
RETVAL=$? |
||||
echo |
||||
[ $RETVAL -eq 0 ] && touch /var/lock/subsys/$prog |
||||
return $RETVAL |
||||
} |
||||
|
||||
stop() { |
||||
echo -n $"Stopping $prog: " |
||||
killproc $program |
||||
RETVAL=$? |
||||
echo |
||||
if [ $RETVAL -eq 0 ]; then |
||||
rm -f /var/lock/subsys/$prog |
||||
fi |
||||
} |
||||
|
||||
restart() { |
||||
stop |
||||
start |
||||
} |
||||
|
||||
# See how we were called. |
||||
case "$1" in |
||||
start) |
||||
[ -f /var/lock/subsys/$prog ] && exit 0 |
||||
$1 |
||||
;; |
||||
stop) |
||||
[ -f /var/lock/subsys/$prog ] || exit 0 |
||||
$1 |
||||
;; |
||||
restart) |
||||
$1 |
||||
;; |
||||
status) |
||||
status -p $pidfile $program |
||||
RETVAL=$? |
||||
;; |
||||
condrestart|try-restart) |
||||
[ -f /var/lock/subsys/$prog ] && restart || : |
||||
;; |
||||
reload) |
||||
echo "can't reload configuration, you have to restart it" |
||||
RETVAL=3 |
||||
;; |
||||
force-reload) |
||||
restart |
||||
;; |
||||
*) |
||||
echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload}" |
||||
exit 1 |
||||
;; |
||||
esac |
||||
exit $RETVAL |
@ -0,0 +1,14 @@
@@ -0,0 +1,14 @@
|
||||
[Unit] |
||||
Description=Naming services LDAP client daemon. |
||||
After=syslog.target network.target named.service dirsrv.target slapd.service |
||||
Documentation=man:nslcd(8) man:nslcd.conf(5) |
||||
|
||||
[Service] |
||||
Type=forking |
||||
PIDFile=/var/run/nslcd/nslcd.pid |
||||
ExecStart=/usr/sbin/nslcd |
||||
RestartSec=10s |
||||
Restart=on-failure |
||||
|
||||
[Install] |
||||
WantedBy=multi-user.target |
@ -0,0 +1,2 @@
@@ -0,0 +1,2 @@
|
||||
# nslcd needs a directory in /var/run to store its pid file and socket |
||||
d /var/run/nslcd 0755 nslcd root |
@ -0,0 +1,30 @@
@@ -0,0 +1,30 @@
|
||||
From ec2ac2cc7eaa945f3d07d2528ddd4b8d9b8d38e1 Mon Sep 17 00:00:00 2001 |
||||
From: Arthur de Jong <arthur@arthurdejong.org> |
||||
Date: Sun, 6 Oct 2013 14:14:39 +0000 |
||||
Subject: [PATCH 3/3] in nslcd, log EPIPE only on debug level (4897033 from |
||||
0.9) |
||||
|
||||
git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd-0.8@2032 ef36b2f9-881f-0410-afb5-c4e39611909c |
||||
--- |
||||
nslcd/common.h | 5 ++++- |
||||
1 file changed, 4 insertions(+), 1 deletion(-) |
||||
|
||||
diff --git a/nslcd/common.h b/nslcd/common.h |
||||
index 736d7c09c9cd6d333fc4caa0a15144cc83eb9ecd..c48decb58df5262f459e0862f677960c31e20df7 100644 |
||||
--- a/nslcd/common.h |
||||
+++ b/nslcd/common.h |
||||
@@ -43,7 +43,10 @@ |
||||
stream */ |
||||
|
||||
#define ERROR_OUT_WRITEERROR(fp) \ |
||||
- log_log(LOG_WARNING,"error writing to client: %s",strerror(errno)); \ |
||||
+ if (errno==EPIPE) \ |
||||
+ log_log(LOG_DEBUG, "error writing to client: %s", strerror(errno)); \ |
||||
+ else \ |
||||
+ log_log(LOG_WARNING, "error writing to client: %s", strerror(errno)); \ |
||||
return -1; |
||||
|
||||
#define ERROR_OUT_READERROR(fp) \ |
||||
-- |
||||
1.8.3.1 |
||||
|
@ -0,0 +1,111 @@
@@ -0,0 +1,111 @@
|
||||
From 335f7e085b45556276d2c1f224648a7eed28e4fd Mon Sep 17 00:00:00 2001 |
||||
From: Arthur de Jong <arthur@arthurdejong.org> |
||||
Date: Sun, 6 Oct 2013 14:11:51 +0000 |
||||
Subject: [PATCH 2/3] use a timeout when skipping remaining result data |
||||
(c9e2f97 from 0.9) |
||||
|
||||
git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd-0.8@2031 ef36b2f9-881f-0410-afb5-c4e39611909c |
||||
--- |
||||
common/tio.c | 6 +++--- |
||||
common/tio.h | 4 ++-- |
||||
nss/common.h | 10 +++++++--- |
||||
3 files changed, 12 insertions(+), 8 deletions(-) |
||||
|
||||
diff --git a/common/tio.c b/common/tio.c |
||||
index 9aef80ca91faedad8f75e09b9070d22ed4a0878d..780ea38f175482dfed5e1c754ef75e93ffd83768 100644 |
||||
--- a/common/tio.c |
||||
+++ b/common/tio.c |
||||
@@ -2,7 +2,7 @@ |
||||
tio.c - timed io functions |
||||
This file is part of the nss-pam-ldapd library. |
||||
|
||||
- Copyright (C) 2007, 2008, 2010, 2011, 2012 Arthur de Jong |
||||
+ Copyright (C) 2007, 2008, 2010, 2011, 2012, 2013 Arthur de Jong |
||||
|
||||
This library is free software; you can redistribute it and/or |
||||
modify it under the terms of the GNU Lesser General Public |
||||
@@ -298,7 +298,7 @@ int tio_skip(TFILE *fp, size_t count) |
||||
} |
||||
|
||||
/* Read all available data from the stream and empty the read buffer. */ |
||||
-int tio_skipall(TFILE *fp) |
||||
+int tio_skipall(TFILE *fp,int skiptimeout) |
||||
{ |
||||
struct pollfd fds[1]; |
||||
int rv; |
||||
@@ -318,7 +318,7 @@ int tio_skipall(TFILE *fp) |
||||
/* see if any data is available */ |
||||
fds[0].fd=fp->fd; |
||||
fds[0].events=POLLIN; |
||||
- rv=poll(fds,1,0); |
||||
+ rv=poll(fds,1,skiptimeout); |
||||
/* check the poll() result */ |
||||
if (rv==0) |
||||
return 0; /* no file descriptor ready */ |
||||
diff --git a/common/tio.h b/common/tio.h |
||||
index cd3f370732e4c54815187bb8012fd5a5ff8972af..b38d458aedd660ff95ff2e57f9df790ffd51ff6d 100644 |
||||
--- a/common/tio.h |
||||
+++ b/common/tio.h |
||||
@@ -2,7 +2,7 @@ |
||||
tio.h - timed io functions |
||||
This file is part of the nss-pam-ldapd library. |
||||
|
||||
- Copyright (C) 2007, 2008, 2010, 2012 Arthur de Jong |
||||
+ Copyright (C) 2007, 2008, 2010, 2012, 2013 Arthur de Jong |
||||
|
||||
This library is free software; you can redistribute it and/or |
||||
modify it under the terms of the GNU Lesser General Public |
||||
@@ -59,7 +59,7 @@ int tio_read(TFILE *fp,void *buf,size_t count); |
||||
int tio_skip(TFILE *fp,size_t count); |
||||
|
||||
/* Read all available data from the stream and empty the read buffer. */ |
||||
-int tio_skipall(TFILE *fp); |
||||
+int tio_skipall(TFILE *fp,int skiptimeout); |
||||
|
||||
/* Write the specified buffer to the stream. */ |
||||
int tio_write(TFILE *fp,const void *buf,size_t count); |
||||
diff --git a/nss/common.h b/nss/common.h |
||||
index e8d8e0526499c252f69a558384ddae8504009d26..3f93a4fb4704092dd5b1a41b024d33abf59cba60 100644 |
||||
--- a/nss/common.h |
||||
+++ b/nss/common.h |
||||
@@ -2,7 +2,7 @@ |
||||
common.h - common functions for NSS lookups |
||||
|
||||
Copyright (C) 2006 West Consulting |
||||
- Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011, 2012 Arthur de Jong |
||||
+ Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013 Arthur de Jong |
||||
|
||||
This library is free software; you can redistribute it and/or |
||||
modify it under the terms of the GNU Lesser General Public |
||||
@@ -35,6 +35,10 @@ |
||||
#include "solnss.h" |
||||
#endif /* NSS_FLAVOUR_SOLARIS */ |
||||
|
||||
+/* skip timeout determines the maximum time to wait when closing the |
||||
+ connection and reading whatever data that is available */ |
||||
+#define SKIP_TIMEOUT 500 |
||||
+ |
||||
/* These are macros for handling read and write problems, they are |
||||
NSS specific due to the return code so are defined here. They |
||||
genrally close the open file, set an error code and return with |
||||
@@ -127,7 +131,7 @@ |
||||
/* close socket and we're done */ \ |
||||
if ((retv==NSS_STATUS_SUCCESS)||(retv==NSS_STATUS_TRYAGAIN)) \ |
||||
{ \ |
||||
- (void)tio_skipall(fp); \ |
||||
+ (void)tio_skipall(fp,SKIP_TIMEOUT); \ |
||||
(void)tio_close(fp); \ |
||||
} \ |
||||
return retv; |
||||
@@ -203,7 +207,7 @@ |
||||
NSS_AVAILCHECK; \ |
||||
if (fp!=NULL) \ |
||||
{ \ |
||||
- (void)tio_skipall(fp); \ |
||||
+ (void)tio_skipall(fp,SKIP_TIMEOUT); \ |
||||
(void)tio_close(fp); \ |
||||
fp=NULL; \ |
||||
} \ |
||||
-- |
||||
1.8.3.1 |
||||
|
@ -0,0 +1,39 @@
@@ -0,0 +1,39 @@
|
||||
From 841dd859360ff07d705e869d2a402f6b181a14f9 Mon Sep 17 00:00:00 2001 |
||||
From: Arthur de Jong <arthur@arthurdejong.org> |
||||
Date: Sun, 1 Sep 2013 09:47:18 +0000 |
||||
Subject: [PATCH 1/3] fix buffer overflow on interrupted read (thanks John |
||||
Sullivan) (07a8170 from 0.9) |
||||
|
||||
git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd-0.8@2029 ef36b2f9-881f-0410-afb5-c4e39611909c |
||||
--- |
||||
AUTHORS | 1 + |
||||
common/tio.c | 4 ++-- |
||||
2 files changed, 3 insertions(+), 2 deletions(-) |
||||
|
||||
diff --git a/AUTHORS b/AUTHORS |
||||
index 5debe5f7c2a059e67f47098df8647c66eab85c13..65ee0789cb8c300c59f7b00b75e80b5b51d96ac9 100644 |
||||
--- a/AUTHORS |
||||
+++ b/AUTHORS |
||||
@@ -119,3 +119,4 @@ Maxim Vetrov <muxas@mail.ru> |
||||
Matthew L. Dailey <matthew.l.dailey@dartmouth.edu> |
||||
Chris Hiestand <chiestand@salk.edu> |
||||
Jon Severinsson <jon@severinsson.net> |
||||
+John Sullivan <jsrhbz@kanargh.force9.co.uk> |
||||
diff --git a/common/tio.c b/common/tio.c |
||||
index 4456198fe84ea72966edb06700c0fff751dd3451..9aef80ca91faedad8f75e09b9070d22ed4a0878d 100644 |
||||
--- a/common/tio.c |
||||
+++ b/common/tio.c |
||||
@@ -283,8 +283,8 @@ int tio_read(TFILE *fp, void *buf, size_t count) |
||||
} |
||||
else if ((rv<0)&&(errno!=EINTR)&&(errno!=EAGAIN)) |
||||
return -1; /* something went wrong with the read */ |
||||
- /* skip the read part in the buffer */ |
||||
- fp->readbuffer.len=rv; |
||||
+ else if (rv>0) |
||||
+ fp->readbuffer.len=rv; /* skip the read part in the buffer */ |
||||
#ifdef DEBUG_TIO_STATS |
||||
fp->bytesread+=rv; |
||||
#endif /* DEBUG_TIO_STATS */ |
||||
-- |
||||
1.8.3.1 |
||||
|
@ -0,0 +1,12 @@
@@ -0,0 +1,12 @@
|
||||
diff -up nss-pam-ldapd-0.8.13/nslcd/pam.c.str_cmp nss-pam-ldapd-0.8.13/nslcd/pam.c |
||||
--- nss-pam-ldapd-0.8.13/nslcd/pam.c.str_cmp 2017-10-23 21:18:19.867943857 +0200 |
||||
+++ nss-pam-ldapd-0.8.13/nslcd/pam.c 2017-10-23 21:18:35.935986527 +0200 |
||||
@@ -133,7 +133,7 @@ static void update_username(MYLDAP_ENTRY |
||||
return; |
||||
} |
||||
/* check if the username is different and update it if needed */ |
||||
- if (strcmp(username,value)!=0) |
||||
+ if (STR_CMP(username,value)!=0) |
||||
{ |
||||
log_log(LOG_INFO,"username changed from \"%s\" to \"%s\"",username,value); |
||||
strcpy(username,value); |
@ -0,0 +1,77 @@
@@ -0,0 +1,77 @@
|
||||
Always use a function that we know will catch out-of-range values for UIDs and |
||||
GIDs, which are currently unsigned 32-bit numbers everywhere, and which won't |
||||
produce a result that'll silently be truncated if we store the result in a |
||||
uid_t or gid_t. |
||||
--- nss-pam-ldapd/nslcd/common.c |
||||
+++ nss-pam-ldapd/nslcd/common.c |
||||
@@ -273,19 +273,23 @@ long int binsid2id(const char *binsid) |
||||
((((long int)binsid[i+2])&0xff)<<16)|((((long int)binsid[i+3])&0xff)<<24); |
||||
} |
||||
|
||||
-#ifdef WANT_STRTOUI |
||||
-/* provide a strtoui() implementation, similar to strtoul() but returning |
||||
+/* provide a strtoid() implementation, similar to strtoul() but returning |
||||
an range-checked unsigned int instead */ |
||||
-unsigned int strtoui(const char *nptr,char **endptr,int base) |
||||
+unsigned int strtoid(const char *nptr,char **endptr,int base) |
||||
{ |
||||
- unsigned long val; |
||||
- val=strtoul(nptr,endptr,base); |
||||
- if (val>UINT_MAX) |
||||
+ long long val; |
||||
+ /* use the fact that long long is 64-bit, even on 32-bit systems */ |
||||
+ val=strtoll(nptr,endptr,base); |
||||
+ if (val>UINT32_MAX) |
||||
{ |
||||
errno=ERANGE; |
||||
- return UINT_MAX; |
||||
+ return UINT32_MAX; |
||||
} |
||||
- /* If errno was set by strtoul, we'll pass it back as-is */ |
||||
- return (unsigned int)val; |
||||
+ else if (val < 0) |
||||
+ { |
||||
+ errno=EINVAL; |
||||
+ return UINT32_MAX; |
||||
+ } |
||||
+ /* If errno was set, we'll pass it back as-is */ |
||||
+ return (uint32_t)val; |
||||
} |
||||
-#endif /* WANT_STRTOUI */ |
||||
--- nss-pam-ldapd/nslcd/common.h |
||||
+++ nss-pam-ldapd/nslcd/common.h |
||||
@@ -139,31 +139,9 @@ int nsswitch_db_uses_ldap(const char *fi |
||||
#endif /* _POSIX_HOST_NAME_MAX */ |
||||
#endif /* not HOST_NAME_MAX */ |
||||
|
||||
-/* provide strtouid() function alias */ |
||||
-#if SIZEOF_UID_T == SIZEOF_UNSIGNED_LONG_INT |
||||
-#define strtouid (uid_t)strtoul |
||||
-#elif SIZEOF_UID_T == SIZEOF_UNSIGNED_LONG_LONG_INT |
||||
-#define strtouid (uid_t)strtoull |
||||
-#elif SIZEOF_UID_T == SIZEOF_UNSIGNED_INT |
||||
-#define WANT_STRTOUI 1 |
||||
-#define strtouid (uid_t)strtoui |
||||
-#else |
||||
-#error unable to find implementation for strtouid() |
||||
-#endif |
||||
- |
||||
-/* provide strtouid() function alias */ |
||||
-#if SIZEOF_GID_T == SIZEOF_UNSIGNED_LONG_INT |
||||
-#define strtogid (gid_t)strtoul |
||||
-#elif SIZEOF_GID_T == SIZEOF_UNSIGNED_LONG_LONG_INT |
||||
-#define strtogid (gid_t)strtoull |
||||
-#elif SIZEOF_GID_T == SIZEOF_UNSIGNED_INT |
||||
-#ifndef WANT_STRTOUI |
||||
-#define WANT_STRTOUI 1 |
||||
-#endif |
||||
-#define strtogid (uid_t)strtoui |
||||
-#else |
||||
-#error unable to find implementation for strtogid() |
||||
-#endif |
||||
+uint32_t strtoid(const char *nptr,char **endptr,int base); |
||||
+#define strtouid (uid_t)strtoid |
||||
+#define strtogid (gid_t)strtoid |
||||
|
||||
#ifdef WANT_STRTOUI |
||||
/* provide a strtoui() if it is needed */ |
@ -0,0 +1,36 @@
@@ -0,0 +1,36 @@
|
||||
Defaults changed to allow opening and closing parentheses everywhere. Defaults |
||||
changed again to make characters after the first optional, and again to go back |
||||
to disallowing names which end with "\". |
||||
--- man/nslcd.conf.5.xml |
||||
+++ man/nslcd.conf.5.xml |
||||
@@ -712,7 +712,7 @@ |
||||
characters and the 'i' flag may be appended at the end to indicate |
||||
that the match should be case-insensetive. |
||||
The default value is |
||||
- <literal>/^[a-z0-9._@$][a-z0-9._@$ \\~-]*[a-z0-9._@$~-]$/i</literal> |
||||
+ <literal>/^[a-z0-9._@$()]([a-z0-9._@$() \\~-]*[a-z0-9._@$()~-])?$/i</literal> |
||||
</para> |
||||
</listitem> |
||||
</varlistentry> |
||||
--- nslcd/cfg.c |
||||
+++ nslcd/cfg.c |
||||
@@ -134,7 +134,7 @@ static void cfg_defaults(struct ldap_con |
||||
cfg->ldc_pam_authz_search[i]=NULL; |
||||
cfg->ldc_nss_min_uid=0; |
||||
parse_validnames_statement(__FILE__,__LINE__,"", |
||||
- "/^[a-z0-9._@$][a-z0-9._@$ \\~-]*[a-z0-9._@$~-]$/i",cfg); |
||||
+ "/^[a-z0-9._@$()]([a-z0-9._@$() \\~-]*[a-z0-9._@$()~-])?$/i",cfg); |
||||
cfg->pam_password_prohibit_message=NULL; |
||||
} |
||||
|
||||
--- tests/test_common.c |
||||
+++ tests/test_common.c |
||||
@@ -39,6 +39,8 @@ static void test_isvalidname(void) |
||||
assert(!isvalidname("\\foo\\bar")); |
||||
assert(!isvalidname("foo\\bar\\")); |
||||
assert(isvalidname("me")); /* try short name */ |
||||
+ assert(isvalidname("f")); |
||||
+ assert(isvalidname("(foo bar)")); |
||||
} |
||||
|
||||
/* the main program... */ |
@ -0,0 +1,46 @@
@@ -0,0 +1,46 @@
|
||||
From e34fccc883e1fb6e7c0e1663e11ff9f96191971f Mon Sep 17 00:00:00 2001 |
||||
From: Lukas Slebodnik <lslebodn@redhat.com> |
||||
Date: Mon, 27 Jan 2014 17:04:32 +0100 |
||||
Subject: [PATCH 1/2] Fix use after free in read_hostent and read_netent. |
||||
|
||||
if NSS_STATUS_TRYAGAIN is returned from read_one_hostent or |
||||
read_one_netent function tio_skipall will be called with NULL pointer |
||||
It could happend in functions: |
||||
_nss_ldap_getnetbyname_r |
||||
_nss_ldap_getnetbyaddr_r |
||||
_nss_ldap_gethostbyname2_r |
||||
_nss_ldap_gethostbyaddr_r |
||||
--- |
||||
nss/hosts.c | 2 -- |
||||
nss/networks.c | 2 -- |
||||
2 files changed, 4 deletions(-) |
||||
|
||||
diff --git a/nss/hosts.c b/nss/hosts.c |
||||
index 86b6a77..0e7027e 100644 |
||||
--- a/nss/hosts.c |
||||
+++ b/nss/hosts.c |
||||
@@ -51,8 +51,6 @@ |
||||
|
||||
#undef ERROR_OUT_BUFERROR |
||||
#define ERROR_OUT_BUFERROR(fp) \ |
||||
- (void)tio_close(fp); \ |
||||
- fp=NULL; \ |
||||
*errnop=ERANGE; \ |
||||
*h_errnop=TRY_AGAIN; \ |
||||
return NSS_STATUS_TRYAGAIN; |
||||
diff --git a/nss/networks.c b/nss/networks.c |
||||
index 859ef0e..1403b45 100644 |
||||
--- a/nss/networks.c |
||||
+++ b/nss/networks.c |
||||
@@ -51,8 +51,6 @@ |
||||
|
||||
#undef ERROR_OUT_BUFERROR |
||||
#define ERROR_OUT_BUFERROR(fp) \ |
||||
- (void)tio_close(fp); \ |
||||
- fp=NULL; \ |
||||
*errnop=ERANGE; \ |
||||
*h_errnop=TRY_AGAIN; \ |
||||
return NSS_STATUS_TRYAGAIN; |
||||
-- |
||||
1.8.5.3 |
||||
|
@ -0,0 +1,41 @@
@@ -0,0 +1,41 @@
|
||||
From ec86b3d715ae9583288b12686a0552586caa6270 Mon Sep 17 00:00:00 2001 |
||||
From: Lukas Slebodnik <lslebodn@redhat.com> |
||||
Date: Mon, 27 Jan 2014 17:17:33 +0100 |
||||
Subject: [PATCH 2/2] Use right h_errnop for retrying with larger buffer. |
||||
|
||||
The libc nsswitch code expects h_errno to be set to NETDB_INTERNAL when |
||||
it needs to try again with a larger buffer. |
||||
--- |
||||
nss/hosts.c | 2 +- |
||||
nss/networks.c | 2 +- |
||||
2 files changed, 2 insertions(+), 2 deletions(-) |
||||
|
||||
diff --git a/nss/hosts.c b/nss/hosts.c |
||||
index 0e7027e..2bf4c86 100644 |
||||
--- a/nss/hosts.c |
||||
+++ b/nss/hosts.c |
||||
@@ -52,7 +52,7 @@ |
||||
#undef ERROR_OUT_BUFERROR |
||||
#define ERROR_OUT_BUFERROR(fp) \ |
||||
*errnop=ERANGE; \ |
||||
- *h_errnop=TRY_AGAIN; \ |
||||
+ *h_errnop=NETDB_INTERNAL; \ |
||||
return NSS_STATUS_TRYAGAIN; |
||||
|
||||
#undef ERROR_OUT_WRITEERROR |
||||
diff --git a/nss/networks.c b/nss/networks.c |
||||
index 1403b45..f3cb269 100644 |
||||
--- a/nss/networks.c |
||||
+++ b/nss/networks.c |
||||
@@ -52,7 +52,7 @@ |
||||
#undef ERROR_OUT_BUFERROR |
||||
#define ERROR_OUT_BUFERROR(fp) \ |
||||
*errnop=ERANGE; \ |
||||
- *h_errnop=TRY_AGAIN; \ |
||||
+ *h_errnop=NETDB_INTERNAL; \ |
||||
return NSS_STATUS_TRYAGAIN; |
||||
|
||||
#undef ERROR_OUT_WRITEERROR |
||||
-- |
||||
1.8.5.3 |
||||
|
@ -0,0 +1,17 @@
@@ -0,0 +1,17 @@
|
||||
diff -up nss-pam-ldapd-0.8.13/nslcd/myldap.c.avoid_lockout_on_bad_password nss-pam-ldapd-0.8.13/nslcd/myldap.c |
||||
--- nss-pam-ldapd-0.8.13/nslcd/myldap.c.avoid_lockout_on_bad_password 2017-10-24 12:04:22.275105596 +0200 |
||||
+++ nss-pam-ldapd-0.8.13/nslcd/myldap.c 2017-10-24 12:04:39.355175121 +0200 |
||||
@@ -967,6 +967,13 @@ static int do_retry_search(MYLDAP_SEARCH |
||||
/* try to start the search */ |
||||
pthread_mutex_unlock(&uris_mutex); |
||||
rc=do_try_search(search); |
||||
+ /* if we are authenticating a user and get an error regarding failed |
||||
+ password we should error out instead of trying all servers */ |
||||
+ if ((search->session->binddn[0] != '\0') && (rc == LDAP_INVALID_CREDENTIALS)) |
||||
+ { |
||||
+ do_close(search->session); |
||||
+ return rc; |
||||
+ } |
||||
if (rc==LDAP_SUCCESS) |
||||
{ |
||||
pthread_mutex_lock(&uris_mutex); |
@ -0,0 +1,35 @@
@@ -0,0 +1,35 @@
|
||||
diff -up nss-pam-ldapd-0.8.13/nslcd/myldap.c.long_password nss-pam-ldapd-0.8.13/nslcd/myldap.c |
||||
--- nss-pam-ldapd-0.8.13/nslcd/myldap.c.long_password 2017-10-24 12:38:29.315411416 +0200 |
||||
+++ nss-pam-ldapd-0.8.13/nslcd/myldap.c 2017-10-24 12:38:52.727517587 +0200 |
||||
@@ -88,7 +88,7 @@ struct ldap_session |
||||
/* the username to bind with */ |
||||
char binddn[256]; |
||||
/* the password to bind with if any */ |
||||
- char bindpw[64]; |
||||
+ char bindpw[128]; |
||||
/* timestamp of last activity */ |
||||
time_t lastactivity; |
||||
/* index into ldc_uris: currently connected LDAP uri */ |
||||
diff -up nss-pam-ldapd-0.8.13/nslcd/pam.c.long_password nss-pam-ldapd-0.8.13/nslcd/pam.c |
||||
--- nss-pam-ldapd-0.8.13/nslcd/pam.c.long_password 2017-10-24 12:39:50.761780765 +0200 |
||||
+++ nss-pam-ldapd-0.8.13/nslcd/pam.c 2017-10-24 12:41:15.083163153 +0200 |
||||
@@ -246,7 +246,7 @@ int nslcd_pam_authc(TFILE *fp,MYLDAP_SES |
||||
int rc; |
||||
char username[256]; |
||||
char servicename[64]; |
||||
- char password[64]; |
||||
+ char password[128]; |
||||
const char *userdn; |
||||
MYLDAP_ENTRY *entry; |
||||
int authzrc=NSLCD_PAM_SUCCESS; |
||||
@@ -617,8 +617,8 @@ int nslcd_pam_pwmod(TFILE *fp,MYLDAP_SES |
||||
char userdn[256]; |
||||
int asroot; |
||||
char servicename[64]; |
||||
- char oldpassword[64]; |
||||
- char newpassword[64]; |
||||
+ char oldpassword[128]; |
||||
+ char newpassword[128]; |
||||
const char *binddn=NULL; /* the user performing the modification */ |
||||
MYLDAP_ENTRY *entry; |
||||
char authzmsg[1024]; |
@ -0,0 +1,98 @@
@@ -0,0 +1,98 @@
|
||||
diff -up nss-pam-ldapd-0.8.13/nslcd/group.c.uid_formatting nss-pam-ldapd-0.8.13/nslcd/group.c |
||||
--- nss-pam-ldapd-0.8.13/nslcd/group.c.uid_formatting 2013-02-23 22:24:00.000000000 +0100 |
||||
+++ nss-pam-ldapd-0.8.13/nslcd/group.c 2017-10-24 14:17:27.489696761 +0200 |
||||
@@ -109,10 +109,8 @@ static int mkfilter_group_bygid(gid_t gi |
||||
} |
||||
else |
||||
{ |
||||
- return mysnprintf(buffer,buflen, |
||||
- "(&%s(%s=%d))", |
||||
- group_filter, |
||||
- attmap_group_gidNumber,(int)gid); |
||||
+ return mysnprintf(buffer,buflen,"(&%s(%s=%lu))", |
||||
+ group_filter,attmap_group_gidNumber,(unsigned long int)gid); |
||||
} |
||||
} |
||||
|
||||
diff -up nss-pam-ldapd-0.8.13/nslcd/nslcd.c.uid_formatting nss-pam-ldapd-0.8.13/nslcd/nslcd.c |
||||
--- nss-pam-ldapd-0.8.13/nslcd/nslcd.c.uid_formatting 2017-10-24 14:17:05.117590857 +0200 |
||||
+++ nss-pam-ldapd-0.8.13/nslcd/nslcd.c 2017-10-24 14:17:27.490696766 +0200 |
||||
@@ -402,8 +402,8 @@ static void handleconnection(int sock,MY |
||||
if (getpeercred(sock,&uid,&gid,&pid)) |
||||
log_log(LOG_DEBUG,"connection from unknown client: %s",strerror(errno)); |
||||
else |
||||
- log_log(LOG_DEBUG,"connection from pid=%d uid=%d gid=%d", |
||||
- (int)pid,(int)uid,(int)gid); |
||||
+ log_log(LOG_DEBUG,"connection from pid=%lu uid=%lu gid=%lu", |
||||
+ (unsigned long int)pid,(unsigned long int)uid,(unsigned long int)gid); |
||||
/* create a stream object */ |
||||
if ((fp=tio_fdopen(sock,READ_TIMEOUT,WRITE_TIMEOUT, |
||||
READBUFFER_MINSIZE,READBUFFER_MAXSIZE, |
||||
@@ -519,7 +519,7 @@ static void create_pidfile(const char *f |
||||
log_log(LOG_ERR,"cannot truncate pid file (%s): %s",filename,strerror(errno)); |
||||
exit(EXIT_FAILURE); |
||||
} |
||||
- mysnprintf(buffer,sizeof(buffer),"%d\n",(int)getpid()); |
||||
+ mysnprintf(buffer,sizeof(buffer),"%lu\n",(unsigned long int)getpid()); |
||||
if (write(fd,buffer,strlen(buffer))!=(int)strlen(buffer)) |
||||
{ |
||||
log_log(LOG_ERR,"error writing pid file (%s): %s",filename,strerror(errno)); |
||||
@@ -755,11 +755,11 @@ int main(int argc,char *argv[]) |
||||
#ifdef HAVE_INITGROUPS |
||||
/* load supplementary groups */ |
||||
if (initgroups(nslcd_cfg->ldc_uidname,nslcd_cfg->ldc_gid)<0) |
||||
- log_log(LOG_WARNING,"cannot initgroups(\"%s\",%d) (ignored): %s", |
||||
- nslcd_cfg->ldc_uidname,(int)nslcd_cfg->ldc_gid,strerror(errno)); |
||||
+ log_log(LOG_WARNING,"cannot initgroups(\"%s\",%lu) (ignored): %s", |
||||
+ nslcd_cfg->ldc_uidname,(unsigned long int)nslcd_cfg->ldc_gid,strerror(errno)); |
||||
else |
||||
- log_log(LOG_DEBUG,"initgroups(\"%s\",%d) done", |
||||
- nslcd_cfg->ldc_uidname,(int)nslcd_cfg->ldc_gid); |
||||
+ log_log(LOG_DEBUG,"initgroups(\"%s\",%lu) done", |
||||
+ nslcd_cfg->ldc_uidname,(unsigned long int)nslcd_cfg->ldc_gid); |
||||
#else /* not HAVE_INITGROUPS */ |
||||
#ifdef HAVE_SETGROUPS |
||||
/* just drop all supplemental groups */ |
||||
@@ -777,20 +777,22 @@ int main(int argc,char *argv[]) |
||||
{ |
||||
if (setgid(nslcd_cfg->ldc_gid)!=0) |
||||
{ |
||||
- log_log(LOG_ERR,"cannot setgid(%d): %s",(int)nslcd_cfg->ldc_gid,strerror(errno)); |
||||
+ log_log(LOG_ERR,"cannot setgid(%lu): %s", |
||||
+ (unsigned long int)nslcd_cfg->ldc_gid,strerror(errno)); |
||||
exit(EXIT_FAILURE); |
||||
} |
||||
- log_log(LOG_DEBUG,"setgid(%d) done",(int)nslcd_cfg->ldc_gid); |
||||
+ log_log(LOG_DEBUG,"setgid(%lu) done",(unsigned long int)nslcd_cfg->ldc_gid); |
||||
} |
||||
/* change to nslcd uid */ |
||||
if (nslcd_cfg->ldc_uid!=NOUID) |
||||
{ |
||||
if (setuid(nslcd_cfg->ldc_uid)!=0) |
||||
{ |
||||
- log_log(LOG_ERR,"cannot setuid(%d): %s",(int)nslcd_cfg->ldc_uid,strerror(errno)); |
||||
+ log_log(LOG_ERR,"cannot setuid(%lu): %s", |
||||
+ (unsigned long int)nslcd_cfg->ldc_uid,strerror(errno)); |
||||
exit(EXIT_FAILURE); |
||||
} |
||||
- log_log(LOG_DEBUG,"setuid(%d) done",(int)nslcd_cfg->ldc_uid); |
||||
+ log_log(LOG_DEBUG,"setuid(%lu) done",(unsigned long int)nslcd_cfg->ldc_uid); |
||||
} |
||||
/* block all these signals so our worker threads won't handle them */ |
||||
sigemptyset(&signalmask); |
||||
diff -up nss-pam-ldapd-0.8.13/nslcd/passwd.c.uid_formatting nss-pam-ldapd-0.8.13/nslcd/passwd.c |
||||
--- nss-pam-ldapd-0.8.13/nslcd/passwd.c.uid_formatting 2013-02-23 22:24:00.000000000 +0100 |
||||
+++ nss-pam-ldapd-0.8.13/nslcd/passwd.c 2017-10-24 14:17:27.490696766 +0200 |
||||
@@ -115,10 +115,8 @@ static int mkfilter_passwd_byuid(uid_t u |
||||
} |
||||
else |
||||
{ |
||||
- return mysnprintf(buffer,buflen, |
||||
- "(&%s(%s=%d))", |
||||
- passwd_filter, |
||||
- attmap_passwd_uidNumber,(int)uid); |
||||
+ return mysnprintf(buffer,buflen, "(&%s(%s=%lu))", |
||||
+ passwd_filter,attmap_passwd_uidNumber,(unsigned long int)uid); |
||||
} |
||||
} |
||||
|
@ -0,0 +1,24 @@
@@ -0,0 +1,24 @@
|
||||
diff -up nss-pam-ldapd-0.8.13/man/nslcd.conf.5.uri_list nss-pam-ldapd-0.8.13/man/nslcd.conf.5 |
||||
--- nss-pam-ldapd-0.8.13/man/nslcd.conf.5.uri_list 2017-10-24 14:08:54.429271306 +0200 |
||||
+++ nss-pam-ldapd-0.8.13/man/nslcd.conf.5 2017-10-24 14:09:31.691444445 +0200 |
||||
@@ -46,7 +46,7 @@ Note that you should use values that don |
||||
to resolve. |
||||
.SS "GENERAL CONNECTION OPTIONS" |
||||
.TP |
||||
-\*(T<\fBuri\fR\*(T> \fIURI\fR |
||||
+\*(T<\fBuri\fR\*(T> \fIURI\fR ... |
||||
Specifies the LDAP URI of the |
||||
server to connect to. |
||||
The URI scheme may be \*(T<ldap\*(T>, |
||||
@@ -66,8 +66,9 @@ When using the ldapi scheme, %2f should |
||||
(e.g. ldapi://%2fvar%2frun%2fslapd%2fldapi/), although most of the |
||||
time this should not be needed. |
||||
|
||||
-This option may be specified multiple times. Normally, only the first |
||||
-server will be used with the following servers as fall-back (see |
||||
+This option may be specified multiple times and/or with more URIs on the |
||||
+line, separated by space. Normally, only the first server will be used |
||||
+with the following servers as fall-back (see |
||||
\*(T<\fBbind_timelimit\fR\*(T> below). |
||||
|
||||
If LDAP lookups are used for host name resolution, |
@ -0,0 +1,10 @@
@@ -0,0 +1,10 @@
|
||||
diff -up nss-pam-ldapd-0.8.14/nslcd/nslcd.c.retcode nss-pam-ldapd-0.8.14/nslcd/nslcd.c |
||||
--- nss-pam-ldapd-0.8.14/nslcd/nslcd.c.retcode 2017-02-08 09:52:39.687834074 +0100 |
||||
+++ nss-pam-ldapd-0.8.14/nslcd/nslcd.c 2017-02-08 09:52:54.630891580 +0100 |
||||
@@ -866,5 +866,5 @@ int main(int argc,char *argv[]) |
||||
log_log(LOG_ERR,"thread %d is still running, shutting down anyway",i); |
||||
} |
||||
/* we're done */ |
||||
- return EXIT_FAILURE; |
||||
+ return EXIT_SUCCESS; |
||||
} |
@ -0,0 +1,30 @@
@@ -0,0 +1,30 @@
|
||||
diff -up nss-pam-ldapd-0.8.13/tests/test_pamcmds.expect.rh_test_msgs nss-pam-ldapd-0.8.13/tests/test_pamcmds.expect |
||||
--- nss-pam-ldapd-0.8.13/tests/test_pamcmds.expect.rh_test_msgs 2014-01-20 15:32:33.253018468 +0100 |
||||
+++ nss-pam-ldapd-0.8.13/tests/test_pamcmds.expect 2014-01-20 15:38:00.452957296 +0100 |
||||
@@ -40,7 +40,7 @@ proc reset_password {} { |
||||
expect { |
||||
"LDAP administrator password" { send "test\r"; exp_continue } |
||||
-regexp "(New|Retype new) password:" { send "test\r"; exp_continue } |
||||
- "password updated successfully" {} |
||||
+ "passwd: all authentication tokens updated successfully" {} |
||||
"Invalid credentials" abort |
||||
"Authentication token manipulation error" abort |
||||
default abort |
||||
@@ -114,7 +114,7 @@ proc test_login_unknown {uid passwd} { |
||||
expect { |
||||
"Password:" { send "$passwd\r"; exp_continue } |
||||
"Unknown id" {} |
||||
- "No passwd entry for user" {} |
||||
+ "su: user $uid does not exist" {} |
||||
"\$ " abort |
||||
default abort |
||||
} |
||||
@@ -156,7 +156,7 @@ expect { |
||||
} |
||||
expect { |
||||
-regexp "(New|Retype new) password:" { send "newpassword\r"; exp_continue } |
||||
- "password updated successfully" {} |
||||
+ "passwd: all authentication tokens updated successfully" {} |
||||
"Invalid credentials" abort |
||||
"Authentication token manipulation error" abort |
||||
"\$ " abort |
@ -0,0 +1,640 @@
@@ -0,0 +1,640 @@
|
||||
%if 0%{?fedora} > 15 || 0%{?rhel} > 6 |
||||
%global systemd 1 |
||||
%global sysvinit 0 |
||||
%else |
||||
%global systemd 0 |
||||
%global sysvinit 1 |
||||
%endif |
||||
|
||||
# Fedora had these in F18, but we didn't cut over to use them until after F18 |
||||
# was frozen, so pretend it didn't happen until F19. |
||||
%if 0%{?fedora} > 18 || 0%{?rhel} > 6 |
||||
%global systemd_macros 1 |
||||
%else |
||||
%global systemd_macros 0 |
||||
%endif |
||||
|
||||
%if 0%{?fedora} > 14 || 0%{?rhel} > 6 |
||||
%global tmpfiles 1 |
||||
%else |
||||
%global tmpfiles 0 |
||||
%endif |
||||
|
||||
# Fedora had it in F17, but moving things around in already-released versions |
||||
# is a bad idea, so pretend it didn't happen until F19. |
||||
%if 0%{?fedora} > 18 || 0%{?rhel} > 6 |
||||
%global separate_usr 0 |
||||
%global nssdir %{_libdir} |
||||
%global pamdir %{_libdir}/security |
||||
%else |
||||
%global separate_usr 1 |
||||
%global nssdir /%{_lib} |
||||
%global pamdir /%{_lib}/security |
||||
%endif |
||||
|
||||
# For distributions that support it, build with RELRO |
||||
%if (0%{?fedora} > 15 || 0%{?rhel} >= 7) |
||||
%define _hardened_build 1 |
||||
%endif |
||||
|
||||
Name: nss-pam-ldapd |
||||
Version: 0.8.13 |
||||
Release: 16%{?dist} |
||||
Summary: An nsswitch module which uses directory servers |
||||
Group: System Environment/Base |
||||
License: LGPLv2+ |
||||
URL: http://arthurdejong.org/nss-pam-ldapd/ |
||||
Source0: http://arthurdejong.org/nss-pam-ldapd/nss-pam-ldapd-%{version}.tar.gz |
||||
Source1: http://arthurdejong.org/nss-pam-ldapd/nss-pam-ldapd-%{version}.tar.gz.sig |
||||
Source2: nslcd.init |
||||
Source3: nslcd.tmpfiles |
||||
Source4: nslcd.service |
||||
Patch1: nss-pam-ldapd-0.8.12-validname.patch |
||||
Patch2: nss-pam-ldapd-0.8.12-In-nslcd-log-EPIPE-only-on-debug-level.patch |
||||
Patch3: nss-pam-ldapd-0.8.12-uid-overflow.patch |
||||
Patch4: nss-pam-ldapd-0.8.12-Use-a-timeout-when-skipping-remaining-result-data.patch |
||||
Patch5: nss-pam-ldapd-0.8.12-fix-buffer-overflow-on-interrupted-read-thanks-John-.patch |
||||
Patch6: nss-pam-ldapd-rh-msgs-in-tests.patch |
||||
Patch7: nss-pam-ldapd-0.8.13-Fix-use-after-free-in-read_hostent-and-read_netent.patch |
||||
Patch8: nss-pam-ldapd-0.8.13-Use-right-h_errnop-for-retrying-with-larger-buffer.patch |
||||
Patch9: nss-pam-ldapd-exitcode.patch |
||||
Patch10: nss-pam-ldapd-0.8.12-str-cmp.patch |
||||
Patch11: nss-pam-ldapd-0.8.13-avoid-lockout-on-bad-password.patch |
||||
Patch12: nss-pam-ldapd-0.8.13-password-longer-than-64-chars.patch |
||||
Patch13: nss-pam-ldapd-0.8.13-uri-man-fix.patch |
||||
Patch14: nss-pam-ldapd-0.8.13-uid_formatting.patch |
||||
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) |
||||
BuildRequires: openldap-devel, krb5-devel |
||||
BuildRequires: autoconf, automake |
||||
BuildRequires: pam-devel |
||||
Obsoletes: nss-ldapd < 0.7 |
||||
Provides: nss-ldapd = %{version}-%{release} |
||||
|
||||
# Obsolete PADL's nss_ldap |
||||
Provides: nss_ldap = 265-12 |
||||
Obsoletes: nss_ldap < 265-11 |
||||
|
||||
%if 0%{?fedora} > 18 || 0%{?rhel} > 6 |
||||
# Obsolete PADL's pam_ldap |
||||
Provides: pam_ldap = 185-15 |
||||
Obsoletes: pam_ldap < 185-15 |
||||
%global build_pam_ldap 1 |
||||
%else |
||||
# Pull in the pam_ldap module, which is its own package in F14 and later, to |
||||
# keep upgrades from removing the module. We used to disable nss-pam-ldapd's |
||||
# own pam_ldap.so when it wasn't mature enough. |
||||
Requires: pam_ldap%{?_isa} |
||||
%global build_pam_ldap 0 |
||||
%endif |
||||
|
||||
# Pull in nscd, which is recommended. |
||||
Requires: nscd |
||||
%if %{sysvinit} |
||||
Requires(post): /sbin/ldconfig, chkconfig, grep, sed |
||||
Requires(preun): chkconfig, initscripts |
||||
Requires(postun): /sbin/ldconfig, initscripts |
||||
%endif |
||||
%if %{systemd} |
||||
BuildRequires: systemd-units |
||||
Requires(post): systemd-units |
||||
Requires(preun): systemd-units |
||||
Requires(postun): systemd-units |
||||
Requires(post): systemd-sysv |
||||
%endif |
||||
|
||||
%description |
||||
The nss-pam-ldapd daemon, nslcd, uses a directory server to look up name |
||||
service information (users, groups, etc.) on behalf of a lightweight |
||||
nsswitch module. |
||||
|
||||
%prep |
||||
%setup -q |
||||
%patch1 -p0 -b .validname |
||||
%patch2 -p1 -b .epipe |
||||
%patch3 -p1 -b .overflow |
||||
%patch4 -p1 -b .skiptimeout |
||||
%patch5 -p1 -b .readall |
||||
%patch6 -p1 -b .test_msgs |
||||
%patch7 -p1 -b .use_after_free |
||||
%patch8 -p1 -b .errnop_val |
||||
%patch9 -p1 -b .exit_code |
||||
%patch10 -p1 -b .str_cmp |
||||
%patch11 -p1 -b .avoid_lockout_on_bad_password |
||||
%patch12 -p1 -b .long_password |
||||
%patch13 -p1 -b .uri_list |
||||
%patch14 -p1 -b .uid_formatting |
||||
autoreconf -f -i |
||||
|
||||
%build |
||||
CFLAGS="$RPM_OPT_FLAGS -fPIC" ; export CFLAGS |
||||
%configure --libdir=%{nssdir} \ |
||||
%if %{build_pam_ldap} |
||||
--with-pam-seclib-dir=%{pamdir} |
||||
%else |
||||
--disable-pam |
||||
%endif |
||||
make %{?_smp_mflags} |
||||
|
||||
%check |
||||
make check |
||||
|
||||
%install |
||||
rm -rf $RPM_BUILD_ROOT |
||||
make install DESTDIR=$RPM_BUILD_ROOT |
||||
mkdir -p $RPM_BUILD_ROOT/{%{_initddir},%{_libdir},%{_unitdir}} |
||||
%if %{sysvinit} |
||||
install -p -m755 %{SOURCE2} $RPM_BUILD_ROOT/%{_initddir}/nslcd |
||||
%endif |
||||
%if %{systemd} |
||||
install -p -m644 %{SOURCE4} $RPM_BUILD_ROOT/%{_unitdir}/ |
||||
%endif |
||||
|
||||
%if 0%{?fedora} > 13 || 0%{?rhel} > 5 |
||||
%if %{separate_usr} |
||||
# Follow glibc's convention and provide a .so symlink so that people who know |
||||
# what to expect can link directly with the module. |
||||
if test %{_libdir} != /%{_lib} ; then |
||||
touch $RPM_BUILD_ROOT/rootfile |
||||
relroot=.. |
||||
while ! test -r $RPM_BUILD_ROOT/%{_libdir}/$relroot/rootfile ; do |
||||
relroot=../$relroot |
||||
done |
||||
ln -s $relroot/%{_lib}/libnss_ldap.so.2 \ |
||||
$RPM_BUILD_ROOT/%{_libdir}/libnss_ldap.so |
||||
rm $RPM_BUILD_ROOT/rootfile |
||||
fi |
||||
%else |
||||
ln -s libnss_ldap.so.2 $RPM_BUILD_ROOT/%{nssdir}/libnss_ldap.so |
||||
%endif |
||||
%endif |
||||
|
||||
sed -i -e 's,^uid.*,uid nslcd,g' -e 's,^gid.*,gid ldap,g' \ |
||||
$RPM_BUILD_ROOT/%{_sysconfdir}/nslcd.conf |
||||
touch -r nslcd.conf $RPM_BUILD_ROOT/%{_sysconfdir}/nslcd.conf |
||||
mkdir -p -m 0755 $RPM_BUILD_ROOT/var/run/nslcd |
||||
%if %{tmpfiles} |
||||
mkdir -p -m 0755 $RPM_BUILD_ROOT/%{_tmpfilesdir} |
||||
install -p -m 0644 %{SOURCE3} $RPM_BUILD_ROOT/%{_tmpfilesdir}/%{name}.conf |
||||
%endif |
||||
|
||||
%clean |
||||
rm -rf $RPM_BUILD_ROOT |
||||
|
||||
%files |
||||
%defattr(-,root,root) |
||||
%doc AUTHORS ChangeLog COPYING HACKING NEWS README TODO |
||||
%{_sbindir}/* |
||||
%{nssdir}/*.so.* |
||||
%if %{build_pam_ldap} |
||||
%{pamdir}/pam_ldap.so |
||||
%endif |
||||
%{_mandir}/*/* |
||||
%attr(0600,root,root) %config(noreplace) %verify(not md5 size mtime) /etc/nslcd.conf |
||||
%if %{tmpfiles} |
||||
%attr(0644,root,root) %config(noreplace) %{_tmpfilesdir}/%{name}.conf |
||||
%endif |
||||
%if %{sysvinit} |
||||
%attr(0755,root,root) %{_initddir}/nslcd |
||||
%endif |
||||
%if %{systemd} |
||||
%config(noreplace) %{_unitdir}/* |
||||
%endif |
||||
%attr(0755,nslcd,root) /var/run/nslcd |
||||
%if 0%{?fedora} > 13 || 0%{?rhel} > 5 |
||||
# This would be the only thing in the -devel subpackage, so we include it. It |
||||
# will conflict with nss_ldap, so only include it for releases where pam_ldap is |
||||
# its own package. |
||||
/%{_libdir}/*.so |
||||
%endif |
||||
|
||||
%pre |
||||
getent group ldap > /dev/null || \ |
||||
/usr/sbin/groupadd -r -g 55 ldap |
||||
getent passwd nslcd > /dev/null || \ |
||||
/usr/sbin/useradd -r -g ldap -c 'LDAP Client User' \ |
||||
-u 65 -d / -s /sbin/nologin nslcd 2> /dev/null || : |
||||
|
||||
%post |
||||
# The usual stuff. |
||||
%if %{sysvinit} |
||||
/sbin/chkconfig --add nslcd |
||||
%endif |
||||
%if %{systemd} |
||||
%if %{systemd_macros} |
||||
%systemd_post nslcd.service |
||||
%else |
||||
/bin/systemctl daemon-reload >/dev/null 2>&1 || : |
||||
%endif |
||||
%endif |
||||
/sbin/ldconfig |
||||
# Import important non-default settings from nss_ldap or pam_ldap configuration |
||||
# files, but only the first time this package is installed. |
||||
comment="This comment prevents repeated auto-migration of settings." |
||||
if test -s /etc/nss-ldapd.conf ; then |
||||
source=/etc/nss-ldapd.conf |
||||
elif test -s /etc/nss_ldap.conf ; then |
||||
source=/etc/nss_ldap.conf |
||||
elif test -s /etc/pam_ldap.conf ; then |
||||
source=/etc/pam_ldap.conf |
||||
else |
||||
source=/etc/ldap.conf |
||||
fi |
||||
target=/etc/nslcd.conf |
||||
if test "$1" -eq "1" && ! grep -q -F "# $comment" $target 2> /dev/null ; then |
||||
# Try to make sure we only do this the first time. |
||||
echo "# $comment" >> $target |
||||
if grep -E -q '^uri[[:blank:]]' $source 2> /dev/null ; then |
||||
# Comment out the packaged default host/uri and replace it... |
||||
sed -i -r -e 's,^((host|uri)[[:blank:]].*),# \1,g' $target |
||||
# ... with the uri. |
||||
grep -E '^uri[[:blank:]]' $source >> $target |
||||
elif grep -E -q '^host[[:blank:]]' $source 2> /dev/null ; then |
||||
# Comment out the packaged default host/uri and replace it... |
||||
sed -i -r -e 's,^((host|uri)[[:blank:]].*),# \1,g' $target |
||||
# ... with the "host" reformatted as a URI. |
||||
scheme=ldap |
||||
# check for 'ssl on', which means we want to use ldaps:// |
||||
if grep -E -q '^ssl[[:blank:]]+on$' $source 2> /dev/null ; then |
||||
scheme=ldaps |
||||
fi |
||||
grep -E '^host[[:blank:]]' $source |\ |
||||
sed -r -e "s,^host[[:blank:]](.*),uri ${scheme}://\1/,g" >> $target |
||||
fi |
||||
# Base doesn't require any special logic. |
||||
if grep -E -q '^base[[:blank:]]' $source 2> /dev/null ; then |
||||
# Comment out the packaged default base and replace it. |
||||
sed -i -r -e 's,^(base[[:blank:]].*),# \1,g' $target |
||||
grep -E '^base[[:blank:]]' $source >> $target |
||||
fi |
||||
# Pull in these settings, if they're set, directly. |
||||
grep -E '^(binddn|bindpw|port|scope|ssl|pagesize)[[:blank:]]' $source 2> /dev/null >> $target |
||||
grep -E '^(tls_)' $source 2> /dev/null >> $target |
||||
grep -E '^(timelimit|bind_timelimit|idle_timelimit)[[:blank:]]' $source 2> /dev/null >> $target |
||||
fi |
||||
# If this is the first time we're being installed, and the system is already |
||||
# configured to use LDAP as a naming service, enable the daemon, but don't |
||||
# start it since we can never know if that's a safe thing to do. If this |
||||
# is an upgrade, leave the user's runlevel selections alone. |
||||
if [ "$1" -eq "1" ]; then |
||||
if grep -E -q '^USELDAP=yes$' /etc/sysconfig/authconfig 2> /dev/null ; then |
||||
%if %{sysvinit} |
||||
/sbin/chkconfig nslcd on |
||||
%endif |
||||
%if %{systemd} |
||||
/bin/systemctl --no-reload enable nslcd.service >/dev/null 2>&1 ||: |
||||
%endif |
||||
fi |
||||
fi |
||||
# Earlier versions of 0.7.6 of this package would have included both 'gid |
||||
# nslcd' (a group which doesn't exist) and 'gid ldap' (which we ensure exists). |
||||
# If we detect both, fix the configuration. |
||||
if grep -q '^gid nslcd' $target ; then |
||||
if grep -q '^gid ldap' $target ; then |
||||
sed -i -e 's,^gid nslcd$,# gid nslcd,g' $target |
||||
fi |
||||
fi |
||||
# In 0.8.4, the name of the attribute which was expected to contain the DNs of |
||||
# a group's members changed from "uniqueMember" to "member". Change any |
||||
# instances of "map group uniqueMember ..." to "map group member ...", unless |
||||
# "member" is already being mapped, in which case attempting this would |
||||
# probably just confuse things further. |
||||
if grep -E -q "^[[:blank:]]*map[[:blank:]]+group[[:blank:]]+uniqueMember[[:blank:]]" $target ; then |
||||
if ! grep -E -q "^[[:blank:]]*map[[:blank:]]+group[[:blank:]]+member[[:blank:]]" $target ; then |
||||
sed -i -r -e "s,^[[:blank:]]*map[[:blank:]]+group[[:blank:]]+uniqueMember[[:blank:]](.*),map group member \1,g" $target |
||||
fi |
||||
fi |
||||
# Create the daemon's /var/run directory if it isn't there. |
||||
if ! test -d /var/run/nslcd ; then |
||||
mkdir -p -m 0755 /var/run/nslcd |
||||
fi |
||||
exit 0 |
||||
|
||||
%preun |
||||
if [ "$1" -eq "0" ]; then |
||||
%if %{sysvinit} |
||||
/sbin/service nslcd stop >/dev/null 2>&1 |
||||
/sbin/chkconfig --del nslcd |
||||
%endif |
||||
%if %{systemd} |
||||
%if %{systemd_macros} |
||||
%systemd_preun nslcd.service |
||||
%else |
||||
/bin/systemctl --no-reload disable nslcd.service > /dev/null 2>&1 || : |
||||
/bin/systemctl stop nslcd.service > /dev/null 2>&1 || : |
||||
%endif |
||||
%endif |
||||
fi |
||||
exit 0 |
||||
|
||||
%postun |
||||
/sbin/ldconfig |
||||
%if %{sysvinit} |
||||
if [ "$1" -ge "1" ]; then |
||||
/etc/rc.d/init.d/nslcd condrestart >/dev/null 2>&1 |
||||
fi |
||||
%endif |
||||
%if %{systemd} |
||||
%if %{systemd_macros} |
||||
%systemd_postun_with_restart nslcd.service |
||||
%else |
||||
/bin/systemctl daemon-reload >/dev/null 2>&1 || : |
||||
if [ "$1" -ge "1" ]; then |
||||
/bin/systemctl try-restart nslcd.service >/dev/null 2>&1 |
||||
fi |
||||
%endif |
||||
%endif |
||||
exit 0 |
||||
|
||||
%if %{systemd} |
||||
%triggerun -- nss-pam-ldapd < 0.7.13-6 |
||||
# Save the current service runlevel info, in case the user wants to apply |
||||
# the enabled status manually later, by running |
||||
# "systemd-sysv-convert --apply nslcd". |
||||
%{_bindir}/systemd-sysv-convert --save nslcd >/dev/null 2>&1 ||: |
||||
# Do this because the old package's %%postun doesn't know we need to do it. |
||||
/sbin/chkconfig --del nslcd >/dev/null 2>&1 || : |
||||
# Do this because the old package's %%postun wouldn't have tried. |
||||
/bin/systemctl try-restart nslcd.service >/dev/null 2>&1 || : |
||||
exit 0 |
||||
%endif |
||||
|
||||
%changelog |
||||
* Tue Oct 24 2017 Jakub Hrozek <jhrozek@redhat.com> - 0.8.13-16 |
||||
- Resolves: rhbz#1151675 - NSLCD WRAPS LDAP USER UIDNUMBER > 2^31 SO UID |
||||
IS WRONG (AND A NEGATIVE NUMBER) |
||||
|
||||
* Tue Oct 24 2017 Jakub Hrozek <jhrozek@redhat.com> - 0.8.13-15 |
||||
- Resolves: rhbz#1204202 - fix doc to describe actual uri format in |
||||
nslcd.conf |
||||
|
||||
* Tue Oct 24 2017 Jakub Hrozek <jhrozek@redhat.com> - 0.8.13-14 |
||||
- Resolves: rhbz#1288429 - /etc/tmpfiles.d/nss-pam-ldapd.conf shipped when |
||||
/etc/tmpfiles.d is reserved for the local |
||||
administrator |
||||
|
||||
* Tue Oct 24 2017 Jakub Hrozek <jhrozek@redhat.com> - 0.8.13-13 |
||||
- Resolves: rhbz#1312297 - nslcd.service does not restart on failure |
||||
|
||||
* Tue Oct 24 2017 Jakub Hrozek <jhrozek@redhat.com> - 0.8.13-12 |
||||
- Resolves: rhbz#1425790 - Unable to authenticate with 64 character password |
||||
using nss-pam-ldapd |
||||
|
||||
* Tue Oct 24 2017 Jakub Hrozek <jhrozek@redhat.com> - 0.8.13-11 |
||||
- Resolves: rhbz#1497761 - Incorrect password tries to bind to all domain |
||||
controllers and locks user out |
||||
|
||||
* Mon Oct 23 2017 Jakub Hrozek <jhrozek@redhat.com> - 0.8.13-10 |
||||
- Resolves: rhbz#1357493 - In RHEL 7, authentication failing when using |
||||
nslcd + pam_ldap where user has different in |
||||
nis/passwd and ldap. |
||||
|
||||
* Mon Oct 23 2017 Jakub Hrozek <jhrozek@redhat.com> - 0.8.13-9 |
||||
- Resolves: rhbz#1420576 - 'systemctl status nslcd' always returns FAILURE |
||||
status even though the service is stopped with |
||||
'systemctl stop nslcd |
||||
|
||||
* Wed Jan 29 2014 Jakub Hrozek <jhrozek@redhat.com> 0.8.13-8 |
||||
- Fix a potential use-after-free in nsswitch module |
||||
- Resolves: rhbz#1036030 - New defect found in nss-pam-ldapd-0.8.13-4.el7 |
||||
|
||||
* Fri Jan 24 2014 Daniel Mach <dmach@redhat.com> - 0.8.13-7 |
||||
- Mass rebuild 2014-01-24 |
||||
|
||||
* Mon Jan 20 2014 Jakub Hrozek <jhrozek@redhat.com> 0.8.13-6 |
||||
- Change the error messages the tests expect to those printed on RH based |
||||
systems |
||||
- Resolves: rhbz#1044482 |
||||
|
||||
* Fri Dec 27 2013 Daniel Mach <dmach@redhat.com> - 0.8.13-5 |
||||
- Mass rebuild 2013-12-27 |
||||
|
||||
* Fri Oct 18 2013 Nalin Dahyabhai <nalin@redhat.com> 0.8.13-4 |
||||
- compile nslcd/log.c with -fPIC instead of the current hardened-build default |
||||
of -fPIE, which doesn't seem to avoid relocations for its thread-local |
||||
variables on s390x (#1002834) |
||||
|
||||
* Sat Oct 05 2013 Jakub Hrozek <jhrozek@redhat.com> 0.8.13-3 |
||||
- Suppress Broken Pipe messages when requesting a large groupo |
||||
- Resolves: rhbz#1002829 |
||||
|
||||
* Wed Jul 31 2013 Jakub Hrozek <jhrozek@redhat.com> 0.8.13-2 |
||||
- Build with _hardened_build macro |
||||
|
||||
* Mon May 6 2013 Nalin Dahyabhai <nalin@redhat.com> 0.8.13-1 |
||||
- update to 0.8.13 |
||||
- correct a syntax error in the fix that was added for #832706 |
||||
|
||||
* Tue Apr 30 2013 Nalin Dahyabhai <nalin@redhat.com> 0.8.12-4 |
||||
- in %%post, attempt to rewrite any instances of "map group uniqueMember ..." |
||||
to be "map group member ..." in nslcd.conf, as the attribute name changed |
||||
in 0.8.4 (via freeipa ticket #3589) |
||||
|
||||
* Thu Feb 14 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.8.12-3 |
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild |
||||
|
||||
* Fri Jan 18 2013 Nalin Dahyabhai <nalin@redhat.com> 0.8.12-2 |
||||
- drop local patch to make the client flush some more read buffers |
||||
|
||||
* Fri Jan 18 2013 Nalin Dahyabhai <nalin@redhat.com> 0.8.12-1 |
||||
- update to 0.8.12 (#846793) |
||||
- make building pam_ldap conditional on the targeted release |
||||
- add "After=named.service dirsrv.target slapd.service" to nslcd.service, |
||||
to make sure that nslcd is started after them if they're to be started |
||||
on the local system (#832706) |
||||
- alter the versioned Obsoletes: on pam_ldap to include the F18 package |
||||
- use %%{_unitdir} when deciding where to put systemd configuration, based |
||||
on patch from Václav Pavlín (#850232) |
||||
- use new systemd macros for scriptlet hooks, when available, based on |
||||
patch from Václav Pavlín (#850232) |
||||
|
||||
* Sun Sep 09 2012 Jakub Hrozek <jhrozek@redhat.com> 0.7.17-1 |
||||
- new upstream release 0.7.17 |
||||
|
||||
* Sun Aug 05 2012 Jakub Hrozek <jhrozek@redhat.com> - 0.7.16-5 |
||||
- Obsolete PADL's nss_ldap |
||||
|
||||
* Sat Aug 04 2012 Jakub Hrozek <jhrozek@redhat.com> - 0.7.16-4 |
||||
- Build the PAM module, obsoletes PADL's pam-ldap (#856006) |
||||
|
||||
* Fri Jul 20 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.7.16-3 |
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild |
||||
|
||||
* Mon May 14 2012 Jakub Hrozek <jhrozek@redhat.com> 0.7.16-2 |
||||
- backport upstream revision r1659 related to broken pipe when |
||||
requesting a large group |
||||
- use grep -E instead of egrep to avoid rpmlint warnings |
||||
|
||||
* Sat Apr 28 2012 Jakub Hrozek <jhrozek@redhat.com> 0.7.16-1 |
||||
- new upstream release 0.7.16 |
||||
|
||||
* Thu Mar 15 2012 Jakub Hrozek <jhrozek@redhat.com> 0.7.15-2 |
||||
- Do not print "Broken Pipe" error message when requesting a large group |
||||
|
||||
* Fri Mar 9 2012 Jakub Hrozek <jhrozek@redhat.com> 0.7.15-1 |
||||
- new upstream release 0.7.15 |
||||
|
||||
* Fri Jan 13 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.7.14-3 |
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild |
||||
|
||||
* Fri Dec 16 2011 Jakub Hrozek <jhrozek@redhat.com> 0.7.14-2 |
||||
- Do not overflow large UID/GID values on 32bit architectures |
||||
|
||||
* Mon Nov 28 2011 Nalin Dahyabhai <nalin@redhat.com> |
||||
- use the same conditional test for deciding when to create the .so symlink as |
||||
we do later on for deciding when to include it in the package (#757004) |
||||
|
||||
* Fri Sep 23 2011 Jakub Hrozek <jhrozek@redhat.com> 0.7.14-1 |
||||
- new upstream release 0.7.14 |
||||
- obsoletes nss-pam-ldapd-0.7.x-buffers.patch |
||||
|
||||
* Wed Aug 24 2011 Nalin Dahyabhai <nalin@redhat.com> 0.7.13-8 |
||||
- include backported enhancement to take URIs in the form "dns:DOMAIN" in |
||||
addition to the already-implemented "dns" (#730309) |
||||
|
||||
* Thu Jul 14 2011 Nalin Dahyabhai <nalin@redhat.com> 0.7.13-7 |
||||
- switch to only munging the contents of /etc/nslcd.conf on the very first |
||||
install (#706454) |
||||
- make sure that we have enough space to parse any valid GID value when |
||||
parsing a user's primary GID (#716822) |
||||
- backport support for the "validnames" option from SVN and use it to allow |
||||
parentheses characters by modifying the default setting (#690870), then |
||||
modify the default again to also allow shorter and shorter names to pass |
||||
muster (#706860) |
||||
|
||||
* Wed Jul 13 2011 Nalin Dahyabhai <nalin@redhat.com> 0.7.13-6 |
||||
- convert to systemd-native startup (#716997) |
||||
|
||||
* Mon Jun 13 2011 Nalin Dahyabhai <nalin@redhat.com> 0.7.13-5 |
||||
- change the file path Requires: we have for pam_ldap into a package name |
||||
Requires: (#601931) |
||||
|
||||
* Wed Mar 30 2011 Nalin Dahyabhai <nalin@redhat.com> 0.7.13-4 |
||||
- tag nslcd.conf with %%verify(not md5 size mtime), since we always tweak |
||||
it in %%post (#692225) |
||||
|
||||
* Tue Mar 1 2011 Nalin Dahyabhai <nalin@redhat.com> 0.7.13-3 |
||||
- add a tmpfiles configuration to ensure that /var/run/nslcd is created when |
||||
/var/run is completely empty at boot (#656643) |
||||
|
||||
* Tue Feb 08 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.7.13-2 |
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild |
||||
|
||||
* Mon Dec 13 2010 Nalin Dahyabhai <nalin@redhat.com> 0.7.13-1 |
||||
- update to 0.7.13 |
||||
|
||||
* Fri Oct 29 2010 Nalin Dahyabhai <nalin@redhat.com> 0.7.12-1 |
||||
- update to 0.7.12 |
||||
|
||||
* Fri Oct 15 2010 Nalin Dahyabhai <nalin@redhat.com> 0.7.11-1 |
||||
- update to 0.7.11 |
||||
|
||||
* Wed Sep 29 2010 jkeating - 0.7.10-2 |
||||
- Rebuilt for gcc bug 634757 |
||||
|
||||
* Fri Sep 24 2010 Nalin Dahyabhai <nalin@redhat.com> 0.7.10-1 |
||||
- update to 0.7.10 |
||||
|
||||
* Thu Sep 23 2010 Nalin Dahyabhai <nalin@redhat.com> 0.7.9-2 |
||||
- when creating /var/run/nslcd in the buildroot, specify that 0755 is a |
||||
permissions value and not another directory name (#636880) |
||||
|
||||
* Mon Aug 30 2010 Nalin Dahyabhai <nalin@redhat.com> 0.7.9-1 |
||||
- update to 0.7.9 |
||||
|
||||
* Wed Aug 18 2010 Nalin Dahyabhai <nalin@redhat.com> 0.7.8-1 |
||||
- update to 0.7.8 |
||||
|
||||
* Wed Jul 7 2010 Nalin Dahyabhai <nalin@redhat.com> 0.7.7-1 |
||||
- update to 0.7.7 |
||||
|
||||
* Mon Jun 28 2010 Nalin Dahyabhai <nalin@redhat.com> 0.7.6-3 |
||||
- don't accidentally set multiple 'gid' settings in nslcd.conf, and try to |
||||
clean up after older versions of this package that did (#608314) |
||||
|
||||
* Thu May 27 2010 Nalin Dahyabhai <nalin@redhat.com> 0.7.6-2 |
||||
- make inclusion of the .so symlink conditional on being on a sufficiently- |
||||
new Fedora where pam_ldap isn't part of the nss_ldap package, so having |
||||
this package conflict with nss_ldap doesn't require that pam_ldap be |
||||
removed (#596691) |
||||
|
||||
* Thu May 27 2010 Nalin Dahyabhai <nalin@redhat.com> 0.7.6-1 |
||||
- update to 0.7.6 |
||||
|
||||
* Mon May 17 2010 Nalin Dahyabhai <nalin@redhat.com> 0.7.5-3 |
||||
- switch to the upstream patch for #592411 |
||||
|
||||
* Fri May 14 2010 Nalin Dahyabhai <nalin@redhat.com> 0.7.5-2 |
||||
- don't return an uninitialized buffer as the value for an optional attribute |
||||
that isn't present in the directory server entry (#592411) |
||||
|
||||
* Fri May 14 2010 Nalin Dahyabhai <nalin@redhat.com> 0.7.5-1 |
||||
- update to 0.7.5 |
||||
|
||||
* Fri May 14 2010 Nalin Dahyabhai <nalin@redhat.com> 0.7.4-1 |
||||
- update to 0.7.4 |
||||
- stop trying to migrate retry timeout parameters from old ldap.conf files |
||||
- add an explicit requires: on nscd to make sure it's at least available on |
||||
systems that are using nss-pam-ldapd; otherwise it's usually optional |
||||
|
||||
* Tue Mar 23 2010 Nalin Dahyabhai <nalin@redhat.com> 0.7.3-1 |
||||
- update to 0.7.3 |
||||
|
||||
* Thu Feb 25 2010 Nalin Dahyabhai <nalin@redhat.com> 0.7.2-2 |
||||
- bump release for post-review commit |
||||
|
||||
* Thu Feb 25 2010 Nalin Dahyabhai <nalin@redhat.com> 0.7.2-1 |
||||
- add comments about why we have a .so link at all, and not a -devel subpackage |
||||
|
||||
* Wed Jan 13 2010 Nalin Dahyabhai <nalin@redhat.com> |
||||
- obsolete/provides nss-ldapd |
||||
- import configuration from nss-ldapd.conf, too |
||||
|
||||
* Tue Jan 12 2010 Nalin Dahyabhai <nalin@redhat.com> |
||||
- rename to nss-pam-ldapd |
||||
- also check for import settings in /etc/nss_ldap.conf and /etc/pam_ldap.conf |
||||
|
||||
* Thu Sep 24 2009 Nalin Dahyabhai <nalin@redhat.com> 0.6.11-2 |
||||
- rebuild |
||||
|
||||
* Wed Sep 16 2009 Nalin Dahyabhai <nalin@redhat.com> |
||||
- apply Mitchell Berger's patch to clean up the init script, use %%{_initddir}, |
||||
and correct the %%post so that it only thinks about turning on nslcd when |
||||
we're first being installed (#522947) |
||||
- tell status() where the pidfile is when the init script is called for that |
||||
|
||||
* Tue Sep 8 2009 Nalin Dahyabhai <nalin@redhat.com> |
||||
- fix typo in a comment, capitalize the full name for "LDAP Client User" (more |
||||
from #516049) |
||||
|
||||
* Wed Sep 2 2009 Nalin Dahyabhai <nalin@redhat.com> 0.6.11-1 |
||||
- update to 0.6.11 |
||||
|
||||
* Sat Jul 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.6.10-4 |
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild |
||||
|
||||
* Thu Jun 18 2009 Nalin Dahyabhai <nalin@redhat.com> 0.6.10-3 |
||||
- update URL: and Source: |
||||
|
||||
* Mon Jun 15 2009 Nalin Dahyabhai <nalin@redhat.com> 0.6.10-2 |
||||
- add and own /var/run/nslcd |
||||
- convert hosts to uri during migration |
||||
|
||||
* Thu Jun 11 2009 Nalin Dahyabhai <nalin@redhat.com> 0.6.10-1 |
||||
- update to 0.6.10 |
||||
|
||||
* Fri Apr 17 2009 Nalin Dahyabhai <nalin@redhat.com> 0.6.8-1 |
||||
- bump release number to 1 (part of #491767) |
||||
- fix which group we check for during %%pre (part of #491767) |
||||
|
||||
* Tue Mar 24 2009 Nalin Dahyabhai <nalin@redhat.com> |
||||
- require chkconfig by package rather than path (Jussi Lehtola, part of #491767) |
||||
|
||||
* Mon Mar 23 2009 Nalin Dahyabhai <nalin@redhat.com> 0.6.8-0.1 |
||||
- update to 0.6.8 |
||||
|
||||
* Mon Mar 23 2009 Nalin Dahyabhai <nalin@redhat.com> 0.6.7-0.1 |
||||
- start using a dedicated user |
||||
|
||||
* Wed Mar 18 2009 Nalin Dahyabhai <nalin@redhat.com> 0.6.7-0.0 |
||||
- initial package (#445965) |
Loading…
Reference in new issue