basebuilder_pel7x64builder0
6 years ago
18 changed files with 1348 additions and 0 deletions
@ -0,0 +1,86 @@ |
|||||||
|
#!/bin/sh |
||||||
|
# |
||||||
|
# chkconfig: - 12 88 |
||||||
|
# description: Provides naming services using a directory server. |
||||||
|
# processname: /usr/sbin/nslcd |
||||||
|
# config: /etc/nslcd.conf |
||||||
|
# pidfile: /var/run/nslcd/nslcd.pid |
||||||
|
# |
||||||
|
|
||||||
|
### BEGIN INIT INFO |
||||||
|
# Provides: nslcd |
||||||
|
# Required-Start: $network |
||||||
|
# Required-Stop: |
||||||
|
# Default-Start: |
||||||
|
# Default-Stop: |
||||||
|
# Short-Description: naming services LDAP client daemon |
||||||
|
# Description: Provides naming services using a directory server. |
||||||
|
### END INIT INFO |
||||||
|
|
||||||
|
program=/usr/sbin/nslcd |
||||||
|
prog=${program##*/} |
||||||
|
pidfile=/var/run/nslcd/nslcd.pid |
||||||
|
|
||||||
|
if [ -f /etc/rc.d/init.d/functions ]; then |
||||||
|
. /etc/rc.d/init.d/functions |
||||||
|
fi |
||||||
|
|
||||||
|
RETVAL=0 |
||||||
|
|
||||||
|
start() { |
||||||
|
echo -n $"Starting $prog: " |
||||||
|
daemon $program |
||||||
|
RETVAL=$? |
||||||
|
echo |
||||||
|
[ $RETVAL -eq 0 ] && touch /var/lock/subsys/$prog |
||||||
|
return $RETVAL |
||||||
|
} |
||||||
|
|
||||||
|
stop() { |
||||||
|
echo -n $"Stopping $prog: " |
||||||
|
killproc $program |
||||||
|
RETVAL=$? |
||||||
|
echo |
||||||
|
if [ $RETVAL -eq 0 ]; then |
||||||
|
rm -f /var/lock/subsys/$prog |
||||||
|
fi |
||||||
|
} |
||||||
|
|
||||||
|
restart() { |
||||||
|
stop |
||||||
|
start |
||||||
|
} |
||||||
|
|
||||||
|
# See how we were called. |
||||||
|
case "$1" in |
||||||
|
start) |
||||||
|
[ -f /var/lock/subsys/$prog ] && exit 0 |
||||||
|
$1 |
||||||
|
;; |
||||||
|
stop) |
||||||
|
[ -f /var/lock/subsys/$prog ] || exit 0 |
||||||
|
$1 |
||||||
|
;; |
||||||
|
restart) |
||||||
|
$1 |
||||||
|
;; |
||||||
|
status) |
||||||
|
status -p $pidfile $program |
||||||
|
RETVAL=$? |
||||||
|
;; |
||||||
|
condrestart|try-restart) |
||||||
|
[ -f /var/lock/subsys/$prog ] && restart || : |
||||||
|
;; |
||||||
|
reload) |
||||||
|
echo "can't reload configuration, you have to restart it" |
||||||
|
RETVAL=3 |
||||||
|
;; |
||||||
|
force-reload) |
||||||
|
restart |
||||||
|
;; |
||||||
|
*) |
||||||
|
echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload}" |
||||||
|
exit 1 |
||||||
|
;; |
||||||
|
esac |
||||||
|
exit $RETVAL |
@ -0,0 +1,14 @@ |
|||||||
|
[Unit] |
||||||
|
Description=Naming services LDAP client daemon. |
||||||
|
After=syslog.target network.target named.service dirsrv.target slapd.service |
||||||
|
Documentation=man:nslcd(8) man:nslcd.conf(5) |
||||||
|
|
||||||
|
[Service] |
||||||
|
Type=forking |
||||||
|
PIDFile=/var/run/nslcd/nslcd.pid |
||||||
|
ExecStart=/usr/sbin/nslcd |
||||||
|
RestartSec=10s |
||||||
|
Restart=on-failure |
||||||
|
|
||||||
|
[Install] |
||||||
|
WantedBy=multi-user.target |
@ -0,0 +1,2 @@ |
|||||||
|
# nslcd needs a directory in /var/run to store its pid file and socket |
||||||
|
d /var/run/nslcd 0755 nslcd root |
@ -0,0 +1,30 @@ |
|||||||
|
From ec2ac2cc7eaa945f3d07d2528ddd4b8d9b8d38e1 Mon Sep 17 00:00:00 2001 |
||||||
|
From: Arthur de Jong <arthur@arthurdejong.org> |
||||||
|
Date: Sun, 6 Oct 2013 14:14:39 +0000 |
||||||
|
Subject: [PATCH 3/3] in nslcd, log EPIPE only on debug level (4897033 from |
||||||
|
0.9) |
||||||
|
|
||||||
|
git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd-0.8@2032 ef36b2f9-881f-0410-afb5-c4e39611909c |
||||||
|
--- |
||||||
|
nslcd/common.h | 5 ++++- |
||||||
|
1 file changed, 4 insertions(+), 1 deletion(-) |
||||||
|
|
||||||
|
diff --git a/nslcd/common.h b/nslcd/common.h |
||||||
|
index 736d7c09c9cd6d333fc4caa0a15144cc83eb9ecd..c48decb58df5262f459e0862f677960c31e20df7 100644 |
||||||
|
--- a/nslcd/common.h |
||||||
|
+++ b/nslcd/common.h |
||||||
|
@@ -43,7 +43,10 @@ |
||||||
|
stream */ |
||||||
|
|
||||||
|
#define ERROR_OUT_WRITEERROR(fp) \ |
||||||
|
- log_log(LOG_WARNING,"error writing to client: %s",strerror(errno)); \ |
||||||
|
+ if (errno==EPIPE) \ |
||||||
|
+ log_log(LOG_DEBUG, "error writing to client: %s", strerror(errno)); \ |
||||||
|
+ else \ |
||||||
|
+ log_log(LOG_WARNING, "error writing to client: %s", strerror(errno)); \ |
||||||
|
return -1; |
||||||
|
|
||||||
|
#define ERROR_OUT_READERROR(fp) \ |
||||||
|
-- |
||||||
|
1.8.3.1 |
||||||
|
|
@ -0,0 +1,111 @@ |
|||||||
|
From 335f7e085b45556276d2c1f224648a7eed28e4fd Mon Sep 17 00:00:00 2001 |
||||||
|
From: Arthur de Jong <arthur@arthurdejong.org> |
||||||
|
Date: Sun, 6 Oct 2013 14:11:51 +0000 |
||||||
|
Subject: [PATCH 2/3] use a timeout when skipping remaining result data |
||||||
|
(c9e2f97 from 0.9) |
||||||
|
|
||||||
|
git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd-0.8@2031 ef36b2f9-881f-0410-afb5-c4e39611909c |
||||||
|
--- |
||||||
|
common/tio.c | 6 +++--- |
||||||
|
common/tio.h | 4 ++-- |
||||||
|
nss/common.h | 10 +++++++--- |
||||||
|
3 files changed, 12 insertions(+), 8 deletions(-) |
||||||
|
|
||||||
|
diff --git a/common/tio.c b/common/tio.c |
||||||
|
index 9aef80ca91faedad8f75e09b9070d22ed4a0878d..780ea38f175482dfed5e1c754ef75e93ffd83768 100644 |
||||||
|
--- a/common/tio.c |
||||||
|
+++ b/common/tio.c |
||||||
|
@@ -2,7 +2,7 @@ |
||||||
|
tio.c - timed io functions |
||||||
|
This file is part of the nss-pam-ldapd library. |
||||||
|
|
||||||
|
- Copyright (C) 2007, 2008, 2010, 2011, 2012 Arthur de Jong |
||||||
|
+ Copyright (C) 2007, 2008, 2010, 2011, 2012, 2013 Arthur de Jong |
||||||
|
|
||||||
|
This library is free software; you can redistribute it and/or |
||||||
|
modify it under the terms of the GNU Lesser General Public |
||||||
|
@@ -298,7 +298,7 @@ int tio_skip(TFILE *fp, size_t count) |
||||||
|
} |
||||||
|
|
||||||
|
/* Read all available data from the stream and empty the read buffer. */ |
||||||
|
-int tio_skipall(TFILE *fp) |
||||||
|
+int tio_skipall(TFILE *fp,int skiptimeout) |
||||||
|
{ |
||||||
|
struct pollfd fds[1]; |
||||||
|
int rv; |
||||||
|
@@ -318,7 +318,7 @@ int tio_skipall(TFILE *fp) |
||||||
|
/* see if any data is available */ |
||||||
|
fds[0].fd=fp->fd; |
||||||
|
fds[0].events=POLLIN; |
||||||
|
- rv=poll(fds,1,0); |
||||||
|
+ rv=poll(fds,1,skiptimeout); |
||||||
|
/* check the poll() result */ |
||||||
|
if (rv==0) |
||||||
|
return 0; /* no file descriptor ready */ |
||||||
|
diff --git a/common/tio.h b/common/tio.h |
||||||
|
index cd3f370732e4c54815187bb8012fd5a5ff8972af..b38d458aedd660ff95ff2e57f9df790ffd51ff6d 100644 |
||||||
|
--- a/common/tio.h |
||||||
|
+++ b/common/tio.h |
||||||
|
@@ -2,7 +2,7 @@ |
||||||
|
tio.h - timed io functions |
||||||
|
This file is part of the nss-pam-ldapd library. |
||||||
|
|
||||||
|
- Copyright (C) 2007, 2008, 2010, 2012 Arthur de Jong |
||||||
|
+ Copyright (C) 2007, 2008, 2010, 2012, 2013 Arthur de Jong |
||||||
|
|
||||||
|
This library is free software; you can redistribute it and/or |
||||||
|
modify it under the terms of the GNU Lesser General Public |
||||||
|
@@ -59,7 +59,7 @@ int tio_read(TFILE *fp,void *buf,size_t count); |
||||||
|
int tio_skip(TFILE *fp,size_t count); |
||||||
|
|
||||||
|
/* Read all available data from the stream and empty the read buffer. */ |
||||||
|
-int tio_skipall(TFILE *fp); |
||||||
|
+int tio_skipall(TFILE *fp,int skiptimeout); |
||||||
|
|
||||||
|
/* Write the specified buffer to the stream. */ |
||||||
|
int tio_write(TFILE *fp,const void *buf,size_t count); |
||||||
|
diff --git a/nss/common.h b/nss/common.h |
||||||
|
index e8d8e0526499c252f69a558384ddae8504009d26..3f93a4fb4704092dd5b1a41b024d33abf59cba60 100644 |
||||||
|
--- a/nss/common.h |
||||||
|
+++ b/nss/common.h |
||||||
|
@@ -2,7 +2,7 @@ |
||||||
|
common.h - common functions for NSS lookups |
||||||
|
|
||||||
|
Copyright (C) 2006 West Consulting |
||||||
|
- Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011, 2012 Arthur de Jong |
||||||
|
+ Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013 Arthur de Jong |
||||||
|
|
||||||
|
This library is free software; you can redistribute it and/or |
||||||
|
modify it under the terms of the GNU Lesser General Public |
||||||
|
@@ -35,6 +35,10 @@ |
||||||
|
#include "solnss.h" |
||||||
|
#endif /* NSS_FLAVOUR_SOLARIS */ |
||||||
|
|
||||||
|
+/* skip timeout determines the maximum time to wait when closing the |
||||||
|
+ connection and reading whatever data that is available */ |
||||||
|
+#define SKIP_TIMEOUT 500 |
||||||
|
+ |
||||||
|
/* These are macros for handling read and write problems, they are |
||||||
|
NSS specific due to the return code so are defined here. They |
||||||
|
genrally close the open file, set an error code and return with |
||||||
|
@@ -127,7 +131,7 @@ |
||||||
|
/* close socket and we're done */ \ |
||||||
|
if ((retv==NSS_STATUS_SUCCESS)||(retv==NSS_STATUS_TRYAGAIN)) \ |
||||||
|
{ \ |
||||||
|
- (void)tio_skipall(fp); \ |
||||||
|
+ (void)tio_skipall(fp,SKIP_TIMEOUT); \ |
||||||
|
(void)tio_close(fp); \ |
||||||
|
} \ |
||||||
|
return retv; |
||||||
|
@@ -203,7 +207,7 @@ |
||||||
|
NSS_AVAILCHECK; \ |
||||||
|
if (fp!=NULL) \ |
||||||
|
{ \ |
||||||
|
- (void)tio_skipall(fp); \ |
||||||
|
+ (void)tio_skipall(fp,SKIP_TIMEOUT); \ |
||||||
|
(void)tio_close(fp); \ |
||||||
|
fp=NULL; \ |
||||||
|
} \ |
||||||
|
-- |
||||||
|
1.8.3.1 |
||||||
|
|
@ -0,0 +1,39 @@ |
|||||||
|
From 841dd859360ff07d705e869d2a402f6b181a14f9 Mon Sep 17 00:00:00 2001 |
||||||
|
From: Arthur de Jong <arthur@arthurdejong.org> |
||||||
|
Date: Sun, 1 Sep 2013 09:47:18 +0000 |
||||||
|
Subject: [PATCH 1/3] fix buffer overflow on interrupted read (thanks John |
||||||
|
Sullivan) (07a8170 from 0.9) |
||||||
|
|
||||||
|
git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd-0.8@2029 ef36b2f9-881f-0410-afb5-c4e39611909c |
||||||
|
--- |
||||||
|
AUTHORS | 1 + |
||||||
|
common/tio.c | 4 ++-- |
||||||
|
2 files changed, 3 insertions(+), 2 deletions(-) |
||||||
|
|
||||||
|
diff --git a/AUTHORS b/AUTHORS |
||||||
|
index 5debe5f7c2a059e67f47098df8647c66eab85c13..65ee0789cb8c300c59f7b00b75e80b5b51d96ac9 100644 |
||||||
|
--- a/AUTHORS |
||||||
|
+++ b/AUTHORS |
||||||
|
@@ -119,3 +119,4 @@ Maxim Vetrov <muxas@mail.ru> |
||||||
|
Matthew L. Dailey <matthew.l.dailey@dartmouth.edu> |
||||||
|
Chris Hiestand <chiestand@salk.edu> |
||||||
|
Jon Severinsson <jon@severinsson.net> |
||||||
|
+John Sullivan <jsrhbz@kanargh.force9.co.uk> |
||||||
|
diff --git a/common/tio.c b/common/tio.c |
||||||
|
index 4456198fe84ea72966edb06700c0fff751dd3451..9aef80ca91faedad8f75e09b9070d22ed4a0878d 100644 |
||||||
|
--- a/common/tio.c |
||||||
|
+++ b/common/tio.c |
||||||
|
@@ -283,8 +283,8 @@ int tio_read(TFILE *fp, void *buf, size_t count) |
||||||
|
} |
||||||
|
else if ((rv<0)&&(errno!=EINTR)&&(errno!=EAGAIN)) |
||||||
|
return -1; /* something went wrong with the read */ |
||||||
|
- /* skip the read part in the buffer */ |
||||||
|
- fp->readbuffer.len=rv; |
||||||
|
+ else if (rv>0) |
||||||
|
+ fp->readbuffer.len=rv; /* skip the read part in the buffer */ |
||||||
|
#ifdef DEBUG_TIO_STATS |
||||||
|
fp->bytesread+=rv; |
||||||
|
#endif /* DEBUG_TIO_STATS */ |
||||||
|
-- |
||||||
|
1.8.3.1 |
||||||
|
|
@ -0,0 +1,12 @@ |
|||||||
|
diff -up nss-pam-ldapd-0.8.13/nslcd/pam.c.str_cmp nss-pam-ldapd-0.8.13/nslcd/pam.c |
||||||
|
--- nss-pam-ldapd-0.8.13/nslcd/pam.c.str_cmp 2017-10-23 21:18:19.867943857 +0200 |
||||||
|
+++ nss-pam-ldapd-0.8.13/nslcd/pam.c 2017-10-23 21:18:35.935986527 +0200 |
||||||
|
@@ -133,7 +133,7 @@ static void update_username(MYLDAP_ENTRY |
||||||
|
return; |
||||||
|
} |
||||||
|
/* check if the username is different and update it if needed */ |
||||||
|
- if (strcmp(username,value)!=0) |
||||||
|
+ if (STR_CMP(username,value)!=0) |
||||||
|
{ |
||||||
|
log_log(LOG_INFO,"username changed from \"%s\" to \"%s\"",username,value); |
||||||
|
strcpy(username,value); |
@ -0,0 +1,77 @@ |
|||||||
|
Always use a function that we know will catch out-of-range values for UIDs and |
||||||
|
GIDs, which are currently unsigned 32-bit numbers everywhere, and which won't |
||||||
|
produce a result that'll silently be truncated if we store the result in a |
||||||
|
uid_t or gid_t. |
||||||
|
--- nss-pam-ldapd/nslcd/common.c |
||||||
|
+++ nss-pam-ldapd/nslcd/common.c |
||||||
|
@@ -273,19 +273,23 @@ long int binsid2id(const char *binsid) |
||||||
|
((((long int)binsid[i+2])&0xff)<<16)|((((long int)binsid[i+3])&0xff)<<24); |
||||||
|
} |
||||||
|
|
||||||
|
-#ifdef WANT_STRTOUI |
||||||
|
-/* provide a strtoui() implementation, similar to strtoul() but returning |
||||||
|
+/* provide a strtoid() implementation, similar to strtoul() but returning |
||||||
|
an range-checked unsigned int instead */ |
||||||
|
-unsigned int strtoui(const char *nptr,char **endptr,int base) |
||||||
|
+unsigned int strtoid(const char *nptr,char **endptr,int base) |
||||||
|
{ |
||||||
|
- unsigned long val; |
||||||
|
- val=strtoul(nptr,endptr,base); |
||||||
|
- if (val>UINT_MAX) |
||||||
|
+ long long val; |
||||||
|
+ /* use the fact that long long is 64-bit, even on 32-bit systems */ |
||||||
|
+ val=strtoll(nptr,endptr,base); |
||||||
|
+ if (val>UINT32_MAX) |
||||||
|
{ |
||||||
|
errno=ERANGE; |
||||||
|
- return UINT_MAX; |
||||||
|
+ return UINT32_MAX; |
||||||
|
} |
||||||
|
- /* If errno was set by strtoul, we'll pass it back as-is */ |
||||||
|
- return (unsigned int)val; |
||||||
|
+ else if (val < 0) |
||||||
|
+ { |
||||||
|
+ errno=EINVAL; |
||||||
|
+ return UINT32_MAX; |
||||||
|
+ } |
||||||
|
+ /* If errno was set, we'll pass it back as-is */ |
||||||
|
+ return (uint32_t)val; |
||||||
|
} |
||||||
|
-#endif /* WANT_STRTOUI */ |
||||||
|
--- nss-pam-ldapd/nslcd/common.h |
||||||
|
+++ nss-pam-ldapd/nslcd/common.h |
||||||
|
@@ -139,31 +139,9 @@ int nsswitch_db_uses_ldap(const char *fi |
||||||
|
#endif /* _POSIX_HOST_NAME_MAX */ |
||||||
|
#endif /* not HOST_NAME_MAX */ |
||||||
|
|
||||||
|
-/* provide strtouid() function alias */ |
||||||
|
-#if SIZEOF_UID_T == SIZEOF_UNSIGNED_LONG_INT |
||||||
|
-#define strtouid (uid_t)strtoul |
||||||
|
-#elif SIZEOF_UID_T == SIZEOF_UNSIGNED_LONG_LONG_INT |
||||||
|
-#define strtouid (uid_t)strtoull |
||||||
|
-#elif SIZEOF_UID_T == SIZEOF_UNSIGNED_INT |
||||||
|
-#define WANT_STRTOUI 1 |
||||||
|
-#define strtouid (uid_t)strtoui |
||||||
|
-#else |
||||||
|
-#error unable to find implementation for strtouid() |
||||||
|
-#endif |
||||||
|
- |
||||||
|
-/* provide strtouid() function alias */ |
||||||
|
-#if SIZEOF_GID_T == SIZEOF_UNSIGNED_LONG_INT |
||||||
|
-#define strtogid (gid_t)strtoul |
||||||
|
-#elif SIZEOF_GID_T == SIZEOF_UNSIGNED_LONG_LONG_INT |
||||||
|
-#define strtogid (gid_t)strtoull |
||||||
|
-#elif SIZEOF_GID_T == SIZEOF_UNSIGNED_INT |
||||||
|
-#ifndef WANT_STRTOUI |
||||||
|
-#define WANT_STRTOUI 1 |
||||||
|
-#endif |
||||||
|
-#define strtogid (uid_t)strtoui |
||||||
|
-#else |
||||||
|
-#error unable to find implementation for strtogid() |
||||||
|
-#endif |
||||||
|
+uint32_t strtoid(const char *nptr,char **endptr,int base); |
||||||
|
+#define strtouid (uid_t)strtoid |
||||||
|
+#define strtogid (gid_t)strtoid |
||||||
|
|
||||||
|
#ifdef WANT_STRTOUI |
||||||
|
/* provide a strtoui() if it is needed */ |
@ -0,0 +1,36 @@ |
|||||||
|
Defaults changed to allow opening and closing parentheses everywhere. Defaults |
||||||
|
changed again to make characters after the first optional, and again to go back |
||||||
|
to disallowing names which end with "\". |
||||||
|
--- man/nslcd.conf.5.xml |
||||||
|
+++ man/nslcd.conf.5.xml |
||||||
|
@@ -712,7 +712,7 @@ |
||||||
|
characters and the 'i' flag may be appended at the end to indicate |
||||||
|
that the match should be case-insensetive. |
||||||
|
The default value is |
||||||
|
- <literal>/^[a-z0-9._@$][a-z0-9._@$ \\~-]*[a-z0-9._@$~-]$/i</literal> |
||||||
|
+ <literal>/^[a-z0-9._@$()]([a-z0-9._@$() \\~-]*[a-z0-9._@$()~-])?$/i</literal> |
||||||
|
</para> |
||||||
|
</listitem> |
||||||
|
</varlistentry> |
||||||
|
--- nslcd/cfg.c |
||||||
|
+++ nslcd/cfg.c |
||||||
|
@@ -134,7 +134,7 @@ static void cfg_defaults(struct ldap_con |
||||||
|
cfg->ldc_pam_authz_search[i]=NULL; |
||||||
|
cfg->ldc_nss_min_uid=0; |
||||||
|
parse_validnames_statement(__FILE__,__LINE__,"", |
||||||
|
- "/^[a-z0-9._@$][a-z0-9._@$ \\~-]*[a-z0-9._@$~-]$/i",cfg); |
||||||
|
+ "/^[a-z0-9._@$()]([a-z0-9._@$() \\~-]*[a-z0-9._@$()~-])?$/i",cfg); |
||||||
|
cfg->pam_password_prohibit_message=NULL; |
||||||
|
} |
||||||
|
|
||||||
|
--- tests/test_common.c |
||||||
|
+++ tests/test_common.c |
||||||
|
@@ -39,6 +39,8 @@ static void test_isvalidname(void) |
||||||
|
assert(!isvalidname("\\foo\\bar")); |
||||||
|
assert(!isvalidname("foo\\bar\\")); |
||||||
|
assert(isvalidname("me")); /* try short name */ |
||||||
|
+ assert(isvalidname("f")); |
||||||
|
+ assert(isvalidname("(foo bar)")); |
||||||
|
} |
||||||
|
|
||||||
|
/* the main program... */ |
@ -0,0 +1,46 @@ |
|||||||
|
From e34fccc883e1fb6e7c0e1663e11ff9f96191971f Mon Sep 17 00:00:00 2001 |
||||||
|
From: Lukas Slebodnik <lslebodn@redhat.com> |
||||||
|
Date: Mon, 27 Jan 2014 17:04:32 +0100 |
||||||
|
Subject: [PATCH 1/2] Fix use after free in read_hostent and read_netent. |
||||||
|
|
||||||
|
if NSS_STATUS_TRYAGAIN is returned from read_one_hostent or |
||||||
|
read_one_netent function tio_skipall will be called with NULL pointer |
||||||
|
It could happend in functions: |
||||||
|
_nss_ldap_getnetbyname_r |
||||||
|
_nss_ldap_getnetbyaddr_r |
||||||
|
_nss_ldap_gethostbyname2_r |
||||||
|
_nss_ldap_gethostbyaddr_r |
||||||
|
--- |
||||||
|
nss/hosts.c | 2 -- |
||||||
|
nss/networks.c | 2 -- |
||||||
|
2 files changed, 4 deletions(-) |
||||||
|
|
||||||
|
diff --git a/nss/hosts.c b/nss/hosts.c |
||||||
|
index 86b6a77..0e7027e 100644 |
||||||
|
--- a/nss/hosts.c |
||||||
|
+++ b/nss/hosts.c |
||||||
|
@@ -51,8 +51,6 @@ |
||||||
|
|
||||||
|
#undef ERROR_OUT_BUFERROR |
||||||
|
#define ERROR_OUT_BUFERROR(fp) \ |
||||||
|
- (void)tio_close(fp); \ |
||||||
|
- fp=NULL; \ |
||||||
|
*errnop=ERANGE; \ |
||||||
|
*h_errnop=TRY_AGAIN; \ |
||||||
|
return NSS_STATUS_TRYAGAIN; |
||||||
|
diff --git a/nss/networks.c b/nss/networks.c |
||||||
|
index 859ef0e..1403b45 100644 |
||||||
|
--- a/nss/networks.c |
||||||
|
+++ b/nss/networks.c |
||||||
|
@@ -51,8 +51,6 @@ |
||||||
|
|
||||||
|
#undef ERROR_OUT_BUFERROR |
||||||
|
#define ERROR_OUT_BUFERROR(fp) \ |
||||||
|
- (void)tio_close(fp); \ |
||||||
|
- fp=NULL; \ |
||||||
|
*errnop=ERANGE; \ |
||||||
|
*h_errnop=TRY_AGAIN; \ |
||||||
|
return NSS_STATUS_TRYAGAIN; |
||||||
|
-- |
||||||
|
1.8.5.3 |
||||||
|
|
@ -0,0 +1,41 @@ |
|||||||
|
From ec86b3d715ae9583288b12686a0552586caa6270 Mon Sep 17 00:00:00 2001 |
||||||
|
From: Lukas Slebodnik <lslebodn@redhat.com> |
||||||
|
Date: Mon, 27 Jan 2014 17:17:33 +0100 |
||||||
|
Subject: [PATCH 2/2] Use right h_errnop for retrying with larger buffer. |
||||||
|
|
||||||
|
The libc nsswitch code expects h_errno to be set to NETDB_INTERNAL when |
||||||
|
it needs to try again with a larger buffer. |
||||||
|
--- |
||||||
|
nss/hosts.c | 2 +- |
||||||
|
nss/networks.c | 2 +- |
||||||
|
2 files changed, 2 insertions(+), 2 deletions(-) |
||||||
|
|
||||||
|
diff --git a/nss/hosts.c b/nss/hosts.c |
||||||
|
index 0e7027e..2bf4c86 100644 |
||||||
|
--- a/nss/hosts.c |
||||||
|
+++ b/nss/hosts.c |
||||||
|
@@ -52,7 +52,7 @@ |
||||||
|
#undef ERROR_OUT_BUFERROR |
||||||
|
#define ERROR_OUT_BUFERROR(fp) \ |
||||||
|
*errnop=ERANGE; \ |
||||||
|
- *h_errnop=TRY_AGAIN; \ |
||||||
|
+ *h_errnop=NETDB_INTERNAL; \ |
||||||
|
return NSS_STATUS_TRYAGAIN; |
||||||
|
|
||||||
|
#undef ERROR_OUT_WRITEERROR |
||||||
|
diff --git a/nss/networks.c b/nss/networks.c |
||||||
|
index 1403b45..f3cb269 100644 |
||||||
|
--- a/nss/networks.c |
||||||
|
+++ b/nss/networks.c |
||||||
|
@@ -52,7 +52,7 @@ |
||||||
|
#undef ERROR_OUT_BUFERROR |
||||||
|
#define ERROR_OUT_BUFERROR(fp) \ |
||||||
|
*errnop=ERANGE; \ |
||||||
|
- *h_errnop=TRY_AGAIN; \ |
||||||
|
+ *h_errnop=NETDB_INTERNAL; \ |
||||||
|
return NSS_STATUS_TRYAGAIN; |
||||||
|
|
||||||
|
#undef ERROR_OUT_WRITEERROR |
||||||
|
-- |
||||||
|
1.8.5.3 |
||||||
|
|
@ -0,0 +1,17 @@ |
|||||||
|
diff -up nss-pam-ldapd-0.8.13/nslcd/myldap.c.avoid_lockout_on_bad_password nss-pam-ldapd-0.8.13/nslcd/myldap.c |
||||||
|
--- nss-pam-ldapd-0.8.13/nslcd/myldap.c.avoid_lockout_on_bad_password 2017-10-24 12:04:22.275105596 +0200 |
||||||
|
+++ nss-pam-ldapd-0.8.13/nslcd/myldap.c 2017-10-24 12:04:39.355175121 +0200 |
||||||
|
@@ -967,6 +967,13 @@ static int do_retry_search(MYLDAP_SEARCH |
||||||
|
/* try to start the search */ |
||||||
|
pthread_mutex_unlock(&uris_mutex); |
||||||
|
rc=do_try_search(search); |
||||||
|
+ /* if we are authenticating a user and get an error regarding failed |
||||||
|
+ password we should error out instead of trying all servers */ |
||||||
|
+ if ((search->session->binddn[0] != '\0') && (rc == LDAP_INVALID_CREDENTIALS)) |
||||||
|
+ { |
||||||
|
+ do_close(search->session); |
||||||
|
+ return rc; |
||||||
|
+ } |
||||||
|
if (rc==LDAP_SUCCESS) |
||||||
|
{ |
||||||
|
pthread_mutex_lock(&uris_mutex); |
@ -0,0 +1,35 @@ |
|||||||
|
diff -up nss-pam-ldapd-0.8.13/nslcd/myldap.c.long_password nss-pam-ldapd-0.8.13/nslcd/myldap.c |
||||||
|
--- nss-pam-ldapd-0.8.13/nslcd/myldap.c.long_password 2017-10-24 12:38:29.315411416 +0200 |
||||||
|
+++ nss-pam-ldapd-0.8.13/nslcd/myldap.c 2017-10-24 12:38:52.727517587 +0200 |
||||||
|
@@ -88,7 +88,7 @@ struct ldap_session |
||||||
|
/* the username to bind with */ |
||||||
|
char binddn[256]; |
||||||
|
/* the password to bind with if any */ |
||||||
|
- char bindpw[64]; |
||||||
|
+ char bindpw[128]; |
||||||
|
/* timestamp of last activity */ |
||||||
|
time_t lastactivity; |
||||||
|
/* index into ldc_uris: currently connected LDAP uri */ |
||||||
|
diff -up nss-pam-ldapd-0.8.13/nslcd/pam.c.long_password nss-pam-ldapd-0.8.13/nslcd/pam.c |
||||||
|
--- nss-pam-ldapd-0.8.13/nslcd/pam.c.long_password 2017-10-24 12:39:50.761780765 +0200 |
||||||
|
+++ nss-pam-ldapd-0.8.13/nslcd/pam.c 2017-10-24 12:41:15.083163153 +0200 |
||||||
|
@@ -246,7 +246,7 @@ int nslcd_pam_authc(TFILE *fp,MYLDAP_SES |
||||||
|
int rc; |
||||||
|
char username[256]; |
||||||
|
char servicename[64]; |
||||||
|
- char password[64]; |
||||||
|
+ char password[128]; |
||||||
|
const char *userdn; |
||||||
|
MYLDAP_ENTRY *entry; |
||||||
|
int authzrc=NSLCD_PAM_SUCCESS; |
||||||
|
@@ -617,8 +617,8 @@ int nslcd_pam_pwmod(TFILE *fp,MYLDAP_SES |
||||||
|
char userdn[256]; |
||||||
|
int asroot; |
||||||
|
char servicename[64]; |
||||||
|
- char oldpassword[64]; |
||||||
|
- char newpassword[64]; |
||||||
|
+ char oldpassword[128]; |
||||||
|
+ char newpassword[128]; |
||||||
|
const char *binddn=NULL; /* the user performing the modification */ |
||||||
|
MYLDAP_ENTRY *entry; |
||||||
|
char authzmsg[1024]; |
@ -0,0 +1,98 @@ |
|||||||
|
diff -up nss-pam-ldapd-0.8.13/nslcd/group.c.uid_formatting nss-pam-ldapd-0.8.13/nslcd/group.c |
||||||
|
--- nss-pam-ldapd-0.8.13/nslcd/group.c.uid_formatting 2013-02-23 22:24:00.000000000 +0100 |
||||||
|
+++ nss-pam-ldapd-0.8.13/nslcd/group.c 2017-10-24 14:17:27.489696761 +0200 |
||||||
|
@@ -109,10 +109,8 @@ static int mkfilter_group_bygid(gid_t gi |
||||||
|
} |
||||||
|
else |
||||||
|
{ |
||||||
|
- return mysnprintf(buffer,buflen, |
||||||
|
- "(&%s(%s=%d))", |
||||||
|
- group_filter, |
||||||
|
- attmap_group_gidNumber,(int)gid); |
||||||
|
+ return mysnprintf(buffer,buflen,"(&%s(%s=%lu))", |
||||||
|
+ group_filter,attmap_group_gidNumber,(unsigned long int)gid); |
||||||
|
} |
||||||
|
} |
||||||
|
|
||||||
|
diff -up nss-pam-ldapd-0.8.13/nslcd/nslcd.c.uid_formatting nss-pam-ldapd-0.8.13/nslcd/nslcd.c |
||||||
|
--- nss-pam-ldapd-0.8.13/nslcd/nslcd.c.uid_formatting 2017-10-24 14:17:05.117590857 +0200 |
||||||
|
+++ nss-pam-ldapd-0.8.13/nslcd/nslcd.c 2017-10-24 14:17:27.490696766 +0200 |
||||||
|
@@ -402,8 +402,8 @@ static void handleconnection(int sock,MY |
||||||
|
if (getpeercred(sock,&uid,&gid,&pid)) |
||||||
|
log_log(LOG_DEBUG,"connection from unknown client: %s",strerror(errno)); |
||||||
|
else |
||||||
|
- log_log(LOG_DEBUG,"connection from pid=%d uid=%d gid=%d", |
||||||
|
- (int)pid,(int)uid,(int)gid); |
||||||
|
+ log_log(LOG_DEBUG,"connection from pid=%lu uid=%lu gid=%lu", |
||||||
|
+ (unsigned long int)pid,(unsigned long int)uid,(unsigned long int)gid); |
||||||
|
/* create a stream object */ |
||||||
|
if ((fp=tio_fdopen(sock,READ_TIMEOUT,WRITE_TIMEOUT, |
||||||
|
READBUFFER_MINSIZE,READBUFFER_MAXSIZE, |
||||||
|
@@ -519,7 +519,7 @@ static void create_pidfile(const char *f |
||||||
|
log_log(LOG_ERR,"cannot truncate pid file (%s): %s",filename,strerror(errno)); |
||||||
|
exit(EXIT_FAILURE); |
||||||
|
} |
||||||
|
- mysnprintf(buffer,sizeof(buffer),"%d\n",(int)getpid()); |
||||||
|
+ mysnprintf(buffer,sizeof(buffer),"%lu\n",(unsigned long int)getpid()); |
||||||
|
if (write(fd,buffer,strlen(buffer))!=(int)strlen(buffer)) |
||||||
|
{ |
||||||
|
log_log(LOG_ERR,"error writing pid file (%s): %s",filename,strerror(errno)); |
||||||
|
@@ -755,11 +755,11 @@ int main(int argc,char *argv[]) |
||||||
|
#ifdef HAVE_INITGROUPS |
||||||
|
/* load supplementary groups */ |
||||||
|
if (initgroups(nslcd_cfg->ldc_uidname,nslcd_cfg->ldc_gid)<0) |
||||||
|
- log_log(LOG_WARNING,"cannot initgroups(\"%s\",%d) (ignored): %s", |
||||||
|
- nslcd_cfg->ldc_uidname,(int)nslcd_cfg->ldc_gid,strerror(errno)); |
||||||
|
+ log_log(LOG_WARNING,"cannot initgroups(\"%s\",%lu) (ignored): %s", |
||||||
|
+ nslcd_cfg->ldc_uidname,(unsigned long int)nslcd_cfg->ldc_gid,strerror(errno)); |
||||||
|
else |
||||||
|
- log_log(LOG_DEBUG,"initgroups(\"%s\",%d) done", |
||||||
|
- nslcd_cfg->ldc_uidname,(int)nslcd_cfg->ldc_gid); |
||||||
|
+ log_log(LOG_DEBUG,"initgroups(\"%s\",%lu) done", |
||||||
|
+ nslcd_cfg->ldc_uidname,(unsigned long int)nslcd_cfg->ldc_gid); |
||||||
|
#else /* not HAVE_INITGROUPS */ |
||||||
|
#ifdef HAVE_SETGROUPS |
||||||
|
/* just drop all supplemental groups */ |
||||||
|
@@ -777,20 +777,22 @@ int main(int argc,char *argv[]) |
||||||
|
{ |
||||||
|
if (setgid(nslcd_cfg->ldc_gid)!=0) |
||||||
|
{ |
||||||
|
- log_log(LOG_ERR,"cannot setgid(%d): %s",(int)nslcd_cfg->ldc_gid,strerror(errno)); |
||||||
|
+ log_log(LOG_ERR,"cannot setgid(%lu): %s", |
||||||
|
+ (unsigned long int)nslcd_cfg->ldc_gid,strerror(errno)); |
||||||
|
exit(EXIT_FAILURE); |
||||||
|
} |
||||||
|
- log_log(LOG_DEBUG,"setgid(%d) done",(int)nslcd_cfg->ldc_gid); |
||||||
|
+ log_log(LOG_DEBUG,"setgid(%lu) done",(unsigned long int)nslcd_cfg->ldc_gid); |
||||||
|
} |
||||||
|
/* change to nslcd uid */ |
||||||
|
if (nslcd_cfg->ldc_uid!=NOUID) |
||||||
|
{ |
||||||
|
if (setuid(nslcd_cfg->ldc_uid)!=0) |
||||||
|
{ |
||||||
|
- log_log(LOG_ERR,"cannot setuid(%d): %s",(int)nslcd_cfg->ldc_uid,strerror(errno)); |
||||||
|
+ log_log(LOG_ERR,"cannot setuid(%lu): %s", |
||||||
|
+ (unsigned long int)nslcd_cfg->ldc_uid,strerror(errno)); |
||||||
|
exit(EXIT_FAILURE); |
||||||
|
} |
||||||
|
- log_log(LOG_DEBUG,"setuid(%d) done",(int)nslcd_cfg->ldc_uid); |
||||||
|
+ log_log(LOG_DEBUG,"setuid(%lu) done",(unsigned long int)nslcd_cfg->ldc_uid); |
||||||
|
} |
||||||
|
/* block all these signals so our worker threads won't handle them */ |
||||||
|
sigemptyset(&signalmask); |
||||||
|
diff -up nss-pam-ldapd-0.8.13/nslcd/passwd.c.uid_formatting nss-pam-ldapd-0.8.13/nslcd/passwd.c |
||||||
|
--- nss-pam-ldapd-0.8.13/nslcd/passwd.c.uid_formatting 2013-02-23 22:24:00.000000000 +0100 |
||||||
|
+++ nss-pam-ldapd-0.8.13/nslcd/passwd.c 2017-10-24 14:17:27.490696766 +0200 |
||||||
|
@@ -115,10 +115,8 @@ static int mkfilter_passwd_byuid(uid_t u |
||||||
|
} |
||||||
|
else |
||||||
|
{ |
||||||
|
- return mysnprintf(buffer,buflen, |
||||||
|
- "(&%s(%s=%d))", |
||||||
|
- passwd_filter, |
||||||
|
- attmap_passwd_uidNumber,(int)uid); |
||||||
|
+ return mysnprintf(buffer,buflen, "(&%s(%s=%lu))", |
||||||
|
+ passwd_filter,attmap_passwd_uidNumber,(unsigned long int)uid); |
||||||
|
} |
||||||
|
} |
||||||
|
|
@ -0,0 +1,24 @@ |
|||||||
|
diff -up nss-pam-ldapd-0.8.13/man/nslcd.conf.5.uri_list nss-pam-ldapd-0.8.13/man/nslcd.conf.5 |
||||||
|
--- nss-pam-ldapd-0.8.13/man/nslcd.conf.5.uri_list 2017-10-24 14:08:54.429271306 +0200 |
||||||
|
+++ nss-pam-ldapd-0.8.13/man/nslcd.conf.5 2017-10-24 14:09:31.691444445 +0200 |
||||||
|
@@ -46,7 +46,7 @@ Note that you should use values that don |
||||||
|
to resolve. |
||||||
|
.SS "GENERAL CONNECTION OPTIONS" |
||||||
|
.TP |
||||||
|
-\*(T<\fBuri\fR\*(T> \fIURI\fR |
||||||
|
+\*(T<\fBuri\fR\*(T> \fIURI\fR ... |
||||||
|
Specifies the LDAP URI of the |
||||||
|
server to connect to. |
||||||
|
The URI scheme may be \*(T<ldap\*(T>, |
||||||
|
@@ -66,8 +66,9 @@ When using the ldapi scheme, %2f should |
||||||
|
(e.g. ldapi://%2fvar%2frun%2fslapd%2fldapi/), although most of the |
||||||
|
time this should not be needed. |
||||||
|
|
||||||
|
-This option may be specified multiple times. Normally, only the first |
||||||
|
-server will be used with the following servers as fall-back (see |
||||||
|
+This option may be specified multiple times and/or with more URIs on the |
||||||
|
+line, separated by space. Normally, only the first server will be used |
||||||
|
+with the following servers as fall-back (see |
||||||
|
\*(T<\fBbind_timelimit\fR\*(T> below). |
||||||
|
|
||||||
|
If LDAP lookups are used for host name resolution, |
@ -0,0 +1,10 @@ |
|||||||
|
diff -up nss-pam-ldapd-0.8.14/nslcd/nslcd.c.retcode nss-pam-ldapd-0.8.14/nslcd/nslcd.c |
||||||
|
--- nss-pam-ldapd-0.8.14/nslcd/nslcd.c.retcode 2017-02-08 09:52:39.687834074 +0100 |
||||||
|
+++ nss-pam-ldapd-0.8.14/nslcd/nslcd.c 2017-02-08 09:52:54.630891580 +0100 |
||||||
|
@@ -866,5 +866,5 @@ int main(int argc,char *argv[]) |
||||||
|
log_log(LOG_ERR,"thread %d is still running, shutting down anyway",i); |
||||||
|
} |
||||||
|
/* we're done */ |
||||||
|
- return EXIT_FAILURE; |
||||||
|
+ return EXIT_SUCCESS; |
||||||
|
} |
@ -0,0 +1,30 @@ |
|||||||
|
diff -up nss-pam-ldapd-0.8.13/tests/test_pamcmds.expect.rh_test_msgs nss-pam-ldapd-0.8.13/tests/test_pamcmds.expect |
||||||
|
--- nss-pam-ldapd-0.8.13/tests/test_pamcmds.expect.rh_test_msgs 2014-01-20 15:32:33.253018468 +0100 |
||||||
|
+++ nss-pam-ldapd-0.8.13/tests/test_pamcmds.expect 2014-01-20 15:38:00.452957296 +0100 |
||||||
|
@@ -40,7 +40,7 @@ proc reset_password {} { |
||||||
|
expect { |
||||||
|
"LDAP administrator password" { send "test\r"; exp_continue } |
||||||
|
-regexp "(New|Retype new) password:" { send "test\r"; exp_continue } |
||||||
|
- "password updated successfully" {} |
||||||
|
+ "passwd: all authentication tokens updated successfully" {} |
||||||
|
"Invalid credentials" abort |
||||||
|
"Authentication token manipulation error" abort |
||||||
|
default abort |
||||||
|
@@ -114,7 +114,7 @@ proc test_login_unknown {uid passwd} { |
||||||
|
expect { |
||||||
|
"Password:" { send "$passwd\r"; exp_continue } |
||||||
|
"Unknown id" {} |
||||||
|
- "No passwd entry for user" {} |
||||||
|
+ "su: user $uid does not exist" {} |
||||||
|
"\$ " abort |
||||||
|
default abort |
||||||
|
} |
||||||
|
@@ -156,7 +156,7 @@ expect { |
||||||
|
} |
||||||
|
expect { |
||||||
|
-regexp "(New|Retype new) password:" { send "newpassword\r"; exp_continue } |
||||||
|
- "password updated successfully" {} |
||||||
|
+ "passwd: all authentication tokens updated successfully" {} |
||||||
|
"Invalid credentials" abort |
||||||
|
"Authentication token manipulation error" abort |
||||||
|
"\$ " abort |
@ -0,0 +1,640 @@ |
|||||||
|
%if 0%{?fedora} > 15 || 0%{?rhel} > 6 |
||||||
|
%global systemd 1 |
||||||
|
%global sysvinit 0 |
||||||
|
%else |
||||||
|
%global systemd 0 |
||||||
|
%global sysvinit 1 |
||||||
|
%endif |
||||||
|
|
||||||
|
# Fedora had these in F18, but we didn't cut over to use them until after F18 |
||||||
|
# was frozen, so pretend it didn't happen until F19. |
||||||
|
%if 0%{?fedora} > 18 || 0%{?rhel} > 6 |
||||||
|
%global systemd_macros 1 |
||||||
|
%else |
||||||
|
%global systemd_macros 0 |
||||||
|
%endif |
||||||
|
|
||||||
|
%if 0%{?fedora} > 14 || 0%{?rhel} > 6 |
||||||
|
%global tmpfiles 1 |
||||||
|
%else |
||||||
|
%global tmpfiles 0 |
||||||
|
%endif |
||||||
|
|
||||||
|
# Fedora had it in F17, but moving things around in already-released versions |
||||||
|
# is a bad idea, so pretend it didn't happen until F19. |
||||||
|
%if 0%{?fedora} > 18 || 0%{?rhel} > 6 |
||||||
|
%global separate_usr 0 |
||||||
|
%global nssdir %{_libdir} |
||||||
|
%global pamdir %{_libdir}/security |
||||||
|
%else |
||||||
|
%global separate_usr 1 |
||||||
|
%global nssdir /%{_lib} |
||||||
|
%global pamdir /%{_lib}/security |
||||||
|
%endif |
||||||
|
|
||||||
|
# For distributions that support it, build with RELRO |
||||||
|
%if (0%{?fedora} > 15 || 0%{?rhel} >= 7) |
||||||
|
%define _hardened_build 1 |
||||||
|
%endif |
||||||
|
|
||||||
|
Name: nss-pam-ldapd |
||||||
|
Version: 0.8.13 |
||||||
|
Release: 16%{?dist} |
||||||
|
Summary: An nsswitch module which uses directory servers |
||||||
|
Group: System Environment/Base |
||||||
|
License: LGPLv2+ |
||||||
|
URL: http://arthurdejong.org/nss-pam-ldapd/ |
||||||
|
Source0: http://arthurdejong.org/nss-pam-ldapd/nss-pam-ldapd-%{version}.tar.gz |
||||||
|
Source1: http://arthurdejong.org/nss-pam-ldapd/nss-pam-ldapd-%{version}.tar.gz.sig |
||||||
|
Source2: nslcd.init |
||||||
|
Source3: nslcd.tmpfiles |
||||||
|
Source4: nslcd.service |
||||||
|
Patch1: nss-pam-ldapd-0.8.12-validname.patch |
||||||
|
Patch2: nss-pam-ldapd-0.8.12-In-nslcd-log-EPIPE-only-on-debug-level.patch |
||||||
|
Patch3: nss-pam-ldapd-0.8.12-uid-overflow.patch |
||||||
|
Patch4: nss-pam-ldapd-0.8.12-Use-a-timeout-when-skipping-remaining-result-data.patch |
||||||
|
Patch5: nss-pam-ldapd-0.8.12-fix-buffer-overflow-on-interrupted-read-thanks-John-.patch |
||||||
|
Patch6: nss-pam-ldapd-rh-msgs-in-tests.patch |
||||||
|
Patch7: nss-pam-ldapd-0.8.13-Fix-use-after-free-in-read_hostent-and-read_netent.patch |
||||||
|
Patch8: nss-pam-ldapd-0.8.13-Use-right-h_errnop-for-retrying-with-larger-buffer.patch |
||||||
|
Patch9: nss-pam-ldapd-exitcode.patch |
||||||
|
Patch10: nss-pam-ldapd-0.8.12-str-cmp.patch |
||||||
|
Patch11: nss-pam-ldapd-0.8.13-avoid-lockout-on-bad-password.patch |
||||||
|
Patch12: nss-pam-ldapd-0.8.13-password-longer-than-64-chars.patch |
||||||
|
Patch13: nss-pam-ldapd-0.8.13-uri-man-fix.patch |
||||||
|
Patch14: nss-pam-ldapd-0.8.13-uid_formatting.patch |
||||||
|
|
||||||
|
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) |
||||||
|
BuildRequires: openldap-devel, krb5-devel |
||||||
|
BuildRequires: autoconf, automake |
||||||
|
BuildRequires: pam-devel |
||||||
|
Obsoletes: nss-ldapd < 0.7 |
||||||
|
Provides: nss-ldapd = %{version}-%{release} |
||||||
|
|
||||||
|
# Obsolete PADL's nss_ldap |
||||||
|
Provides: nss_ldap = 265-12 |
||||||
|
Obsoletes: nss_ldap < 265-11 |
||||||
|
|
||||||
|
%if 0%{?fedora} > 18 || 0%{?rhel} > 6 |
||||||
|
# Obsolete PADL's pam_ldap |
||||||
|
Provides: pam_ldap = 185-15 |
||||||
|
Obsoletes: pam_ldap < 185-15 |
||||||
|
%global build_pam_ldap 1 |
||||||
|
%else |
||||||
|
# Pull in the pam_ldap module, which is its own package in F14 and later, to |
||||||
|
# keep upgrades from removing the module. We used to disable nss-pam-ldapd's |
||||||
|
# own pam_ldap.so when it wasn't mature enough. |
||||||
|
Requires: pam_ldap%{?_isa} |
||||||
|
%global build_pam_ldap 0 |
||||||
|
%endif |
||||||
|
|
||||||
|
# Pull in nscd, which is recommended. |
||||||
|
Requires: nscd |
||||||
|
%if %{sysvinit} |
||||||
|
Requires(post): /sbin/ldconfig, chkconfig, grep, sed |
||||||
|
Requires(preun): chkconfig, initscripts |
||||||
|
Requires(postun): /sbin/ldconfig, initscripts |
||||||
|
%endif |
||||||
|
%if %{systemd} |
||||||
|
BuildRequires: systemd-units |
||||||
|
Requires(post): systemd-units |
||||||
|
Requires(preun): systemd-units |
||||||
|
Requires(postun): systemd-units |
||||||
|
Requires(post): systemd-sysv |
||||||
|
%endif |
||||||
|
|
||||||
|
%description |
||||||
|
The nss-pam-ldapd daemon, nslcd, uses a directory server to look up name |
||||||
|
service information (users, groups, etc.) on behalf of a lightweight |
||||||
|
nsswitch module. |
||||||
|
|
||||||
|
%prep |
||||||
|
%setup -q |
||||||
|
%patch1 -p0 -b .validname |
||||||
|
%patch2 -p1 -b .epipe |
||||||
|
%patch3 -p1 -b .overflow |
||||||
|
%patch4 -p1 -b .skiptimeout |
||||||
|
%patch5 -p1 -b .readall |
||||||
|
%patch6 -p1 -b .test_msgs |
||||||
|
%patch7 -p1 -b .use_after_free |
||||||
|
%patch8 -p1 -b .errnop_val |
||||||
|
%patch9 -p1 -b .exit_code |
||||||
|
%patch10 -p1 -b .str_cmp |
||||||
|
%patch11 -p1 -b .avoid_lockout_on_bad_password |
||||||
|
%patch12 -p1 -b .long_password |
||||||
|
%patch13 -p1 -b .uri_list |
||||||
|
%patch14 -p1 -b .uid_formatting |
||||||
|
autoreconf -f -i |
||||||
|
|
||||||
|
%build |
||||||
|
CFLAGS="$RPM_OPT_FLAGS -fPIC" ; export CFLAGS |
||||||
|
%configure --libdir=%{nssdir} \ |
||||||
|
%if %{build_pam_ldap} |
||||||
|
--with-pam-seclib-dir=%{pamdir} |
||||||
|
%else |
||||||
|
--disable-pam |
||||||
|
%endif |
||||||
|
make %{?_smp_mflags} |
||||||
|
|
||||||
|
%check |
||||||
|
make check |
||||||
|
|
||||||
|
%install |
||||||
|
rm -rf $RPM_BUILD_ROOT |
||||||
|
make install DESTDIR=$RPM_BUILD_ROOT |
||||||
|
mkdir -p $RPM_BUILD_ROOT/{%{_initddir},%{_libdir},%{_unitdir}} |
||||||
|
%if %{sysvinit} |
||||||
|
install -p -m755 %{SOURCE2} $RPM_BUILD_ROOT/%{_initddir}/nslcd |
||||||
|
%endif |
||||||
|
%if %{systemd} |
||||||
|
install -p -m644 %{SOURCE4} $RPM_BUILD_ROOT/%{_unitdir}/ |
||||||
|
%endif |
||||||
|
|
||||||
|
%if 0%{?fedora} > 13 || 0%{?rhel} > 5 |
||||||
|
%if %{separate_usr} |
||||||
|
# Follow glibc's convention and provide a .so symlink so that people who know |
||||||
|
# what to expect can link directly with the module. |
||||||
|
if test %{_libdir} != /%{_lib} ; then |
||||||
|
touch $RPM_BUILD_ROOT/rootfile |
||||||
|
relroot=.. |
||||||
|
while ! test -r $RPM_BUILD_ROOT/%{_libdir}/$relroot/rootfile ; do |
||||||
|
relroot=../$relroot |
||||||
|
done |
||||||
|
ln -s $relroot/%{_lib}/libnss_ldap.so.2 \ |
||||||
|
$RPM_BUILD_ROOT/%{_libdir}/libnss_ldap.so |
||||||
|
rm $RPM_BUILD_ROOT/rootfile |
||||||
|
fi |
||||||
|
%else |
||||||
|
ln -s libnss_ldap.so.2 $RPM_BUILD_ROOT/%{nssdir}/libnss_ldap.so |
||||||
|
%endif |
||||||
|
%endif |
||||||
|
|
||||||
|
sed -i -e 's,^uid.*,uid nslcd,g' -e 's,^gid.*,gid ldap,g' \ |
||||||
|
$RPM_BUILD_ROOT/%{_sysconfdir}/nslcd.conf |
||||||
|
touch -r nslcd.conf $RPM_BUILD_ROOT/%{_sysconfdir}/nslcd.conf |
||||||
|
mkdir -p -m 0755 $RPM_BUILD_ROOT/var/run/nslcd |
||||||
|
%if %{tmpfiles} |
||||||
|
mkdir -p -m 0755 $RPM_BUILD_ROOT/%{_tmpfilesdir} |
||||||
|
install -p -m 0644 %{SOURCE3} $RPM_BUILD_ROOT/%{_tmpfilesdir}/%{name}.conf |
||||||
|
%endif |
||||||
|
|
||||||
|
%clean |
||||||
|
rm -rf $RPM_BUILD_ROOT |
||||||
|
|
||||||
|
%files |
||||||
|
%defattr(-,root,root) |
||||||
|
%doc AUTHORS ChangeLog COPYING HACKING NEWS README TODO |
||||||
|
%{_sbindir}/* |
||||||
|
%{nssdir}/*.so.* |
||||||
|
%if %{build_pam_ldap} |
||||||
|
%{pamdir}/pam_ldap.so |
||||||
|
%endif |
||||||
|
%{_mandir}/*/* |
||||||
|
%attr(0600,root,root) %config(noreplace) %verify(not md5 size mtime) /etc/nslcd.conf |
||||||
|
%if %{tmpfiles} |
||||||
|
%attr(0644,root,root) %config(noreplace) %{_tmpfilesdir}/%{name}.conf |
||||||
|
%endif |
||||||
|
%if %{sysvinit} |
||||||
|
%attr(0755,root,root) %{_initddir}/nslcd |
||||||
|
%endif |
||||||
|
%if %{systemd} |
||||||
|
%config(noreplace) %{_unitdir}/* |
||||||
|
%endif |
||||||
|
%attr(0755,nslcd,root) /var/run/nslcd |
||||||
|
%if 0%{?fedora} > 13 || 0%{?rhel} > 5 |
||||||
|
# This would be the only thing in the -devel subpackage, so we include it. It |
||||||
|
# will conflict with nss_ldap, so only include it for releases where pam_ldap is |
||||||
|
# its own package. |
||||||
|
/%{_libdir}/*.so |
||||||
|
%endif |
||||||
|
|
||||||
|
%pre |
||||||
|
getent group ldap > /dev/null || \ |
||||||
|
/usr/sbin/groupadd -r -g 55 ldap |
||||||
|
getent passwd nslcd > /dev/null || \ |
||||||
|
/usr/sbin/useradd -r -g ldap -c 'LDAP Client User' \ |
||||||
|
-u 65 -d / -s /sbin/nologin nslcd 2> /dev/null || : |
||||||
|
|
||||||
|
%post |
||||||
|
# The usual stuff. |
||||||
|
%if %{sysvinit} |
||||||
|
/sbin/chkconfig --add nslcd |
||||||
|
%endif |
||||||
|
%if %{systemd} |
||||||
|
%if %{systemd_macros} |
||||||
|
%systemd_post nslcd.service |
||||||
|
%else |
||||||
|
/bin/systemctl daemon-reload >/dev/null 2>&1 || : |
||||||
|
%endif |
||||||
|
%endif |
||||||
|
/sbin/ldconfig |
||||||
|
# Import important non-default settings from nss_ldap or pam_ldap configuration |
||||||
|
# files, but only the first time this package is installed. |
||||||
|
comment="This comment prevents repeated auto-migration of settings." |
||||||
|
if test -s /etc/nss-ldapd.conf ; then |
||||||
|
source=/etc/nss-ldapd.conf |
||||||
|
elif test -s /etc/nss_ldap.conf ; then |
||||||
|
source=/etc/nss_ldap.conf |
||||||
|
elif test -s /etc/pam_ldap.conf ; then |
||||||
|
source=/etc/pam_ldap.conf |
||||||
|
else |
||||||
|
source=/etc/ldap.conf |
||||||
|
fi |
||||||
|
target=/etc/nslcd.conf |
||||||
|
if test "$1" -eq "1" && ! grep -q -F "# $comment" $target 2> /dev/null ; then |
||||||
|
# Try to make sure we only do this the first time. |
||||||
|
echo "# $comment" >> $target |
||||||
|
if grep -E -q '^uri[[:blank:]]' $source 2> /dev/null ; then |
||||||
|
# Comment out the packaged default host/uri and replace it... |
||||||
|
sed -i -r -e 's,^((host|uri)[[:blank:]].*),# \1,g' $target |
||||||
|
# ... with the uri. |
||||||
|
grep -E '^uri[[:blank:]]' $source >> $target |
||||||
|
elif grep -E -q '^host[[:blank:]]' $source 2> /dev/null ; then |
||||||
|
# Comment out the packaged default host/uri and replace it... |
||||||
|
sed -i -r -e 's,^((host|uri)[[:blank:]].*),# \1,g' $target |
||||||
|
# ... with the "host" reformatted as a URI. |
||||||
|
scheme=ldap |
||||||
|
# check for 'ssl on', which means we want to use ldaps:// |
||||||
|
if grep -E -q '^ssl[[:blank:]]+on$' $source 2> /dev/null ; then |
||||||
|
scheme=ldaps |
||||||
|
fi |
||||||
|
grep -E '^host[[:blank:]]' $source |\ |
||||||
|
sed -r -e "s,^host[[:blank:]](.*),uri ${scheme}://\1/,g" >> $target |
||||||
|
fi |
||||||
|
# Base doesn't require any special logic. |
||||||
|
if grep -E -q '^base[[:blank:]]' $source 2> /dev/null ; then |
||||||
|
# Comment out the packaged default base and replace it. |
||||||
|
sed -i -r -e 's,^(base[[:blank:]].*),# \1,g' $target |
||||||
|
grep -E '^base[[:blank:]]' $source >> $target |
||||||
|
fi |
||||||
|
# Pull in these settings, if they're set, directly. |
||||||
|
grep -E '^(binddn|bindpw|port|scope|ssl|pagesize)[[:blank:]]' $source 2> /dev/null >> $target |
||||||
|
grep -E '^(tls_)' $source 2> /dev/null >> $target |
||||||
|
grep -E '^(timelimit|bind_timelimit|idle_timelimit)[[:blank:]]' $source 2> /dev/null >> $target |
||||||
|
fi |
||||||
|
# If this is the first time we're being installed, and the system is already |
||||||
|
# configured to use LDAP as a naming service, enable the daemon, but don't |
||||||
|
# start it since we can never know if that's a safe thing to do. If this |
||||||
|
# is an upgrade, leave the user's runlevel selections alone. |
||||||
|
if [ "$1" -eq "1" ]; then |
||||||
|
if grep -E -q '^USELDAP=yes$' /etc/sysconfig/authconfig 2> /dev/null ; then |
||||||
|
%if %{sysvinit} |
||||||
|
/sbin/chkconfig nslcd on |
||||||
|
%endif |
||||||
|
%if %{systemd} |
||||||
|
/bin/systemctl --no-reload enable nslcd.service >/dev/null 2>&1 ||: |
||||||
|
%endif |
||||||
|
fi |
||||||
|
fi |
||||||
|
# Earlier versions of 0.7.6 of this package would have included both 'gid |
||||||
|
# nslcd' (a group which doesn't exist) and 'gid ldap' (which we ensure exists). |
||||||
|
# If we detect both, fix the configuration. |
||||||
|
if grep -q '^gid nslcd' $target ; then |
||||||
|
if grep -q '^gid ldap' $target ; then |
||||||
|
sed -i -e 's,^gid nslcd$,# gid nslcd,g' $target |
||||||
|
fi |
||||||
|
fi |
||||||
|
# In 0.8.4, the name of the attribute which was expected to contain the DNs of |
||||||
|
# a group's members changed from "uniqueMember" to "member". Change any |
||||||
|
# instances of "map group uniqueMember ..." to "map group member ...", unless |
||||||
|
# "member" is already being mapped, in which case attempting this would |
||||||
|
# probably just confuse things further. |
||||||
|
if grep -E -q "^[[:blank:]]*map[[:blank:]]+group[[:blank:]]+uniqueMember[[:blank:]]" $target ; then |
||||||
|
if ! grep -E -q "^[[:blank:]]*map[[:blank:]]+group[[:blank:]]+member[[:blank:]]" $target ; then |
||||||
|
sed -i -r -e "s,^[[:blank:]]*map[[:blank:]]+group[[:blank:]]+uniqueMember[[:blank:]](.*),map group member \1,g" $target |
||||||
|
fi |
||||||
|
fi |
||||||
|
# Create the daemon's /var/run directory if it isn't there. |
||||||
|
if ! test -d /var/run/nslcd ; then |
||||||
|
mkdir -p -m 0755 /var/run/nslcd |
||||||
|
fi |
||||||
|
exit 0 |
||||||
|
|
||||||
|
%preun |
||||||
|
if [ "$1" -eq "0" ]; then |
||||||
|
%if %{sysvinit} |
||||||
|
/sbin/service nslcd stop >/dev/null 2>&1 |
||||||
|
/sbin/chkconfig --del nslcd |
||||||
|
%endif |
||||||
|
%if %{systemd} |
||||||
|
%if %{systemd_macros} |
||||||
|
%systemd_preun nslcd.service |
||||||
|
%else |
||||||
|
/bin/systemctl --no-reload disable nslcd.service > /dev/null 2>&1 || : |
||||||
|
/bin/systemctl stop nslcd.service > /dev/null 2>&1 || : |
||||||
|
%endif |
||||||
|
%endif |
||||||
|
fi |
||||||
|
exit 0 |
||||||
|
|
||||||
|
%postun |
||||||
|
/sbin/ldconfig |
||||||
|
%if %{sysvinit} |
||||||
|
if [ "$1" -ge "1" ]; then |
||||||
|
/etc/rc.d/init.d/nslcd condrestart >/dev/null 2>&1 |
||||||
|
fi |
||||||
|
%endif |
||||||
|
%if %{systemd} |
||||||
|
%if %{systemd_macros} |
||||||
|
%systemd_postun_with_restart nslcd.service |
||||||
|
%else |
||||||
|
/bin/systemctl daemon-reload >/dev/null 2>&1 || : |
||||||
|
if [ "$1" -ge "1" ]; then |
||||||
|
/bin/systemctl try-restart nslcd.service >/dev/null 2>&1 |
||||||
|
fi |
||||||
|
%endif |
||||||
|
%endif |
||||||
|
exit 0 |
||||||
|
|
||||||
|
%if %{systemd} |
||||||
|
%triggerun -- nss-pam-ldapd < 0.7.13-6 |
||||||
|
# Save the current service runlevel info, in case the user wants to apply |
||||||
|
# the enabled status manually later, by running |
||||||
|
# "systemd-sysv-convert --apply nslcd". |
||||||
|
%{_bindir}/systemd-sysv-convert --save nslcd >/dev/null 2>&1 ||: |
||||||
|
# Do this because the old package's %%postun doesn't know we need to do it. |
||||||
|
/sbin/chkconfig --del nslcd >/dev/null 2>&1 || : |
||||||
|
# Do this because the old package's %%postun wouldn't have tried. |
||||||
|
/bin/systemctl try-restart nslcd.service >/dev/null 2>&1 || : |
||||||
|
exit 0 |
||||||
|
%endif |
||||||
|
|
||||||
|
%changelog |
||||||
|
* Tue Oct 24 2017 Jakub Hrozek <jhrozek@redhat.com> - 0.8.13-16 |
||||||
|
- Resolves: rhbz#1151675 - NSLCD WRAPS LDAP USER UIDNUMBER > 2^31 SO UID |
||||||
|
IS WRONG (AND A NEGATIVE NUMBER) |
||||||
|
|
||||||
|
* Tue Oct 24 2017 Jakub Hrozek <jhrozek@redhat.com> - 0.8.13-15 |
||||||
|
- Resolves: rhbz#1204202 - fix doc to describe actual uri format in |
||||||
|
nslcd.conf |
||||||
|
|
||||||
|
* Tue Oct 24 2017 Jakub Hrozek <jhrozek@redhat.com> - 0.8.13-14 |
||||||
|
- Resolves: rhbz#1288429 - /etc/tmpfiles.d/nss-pam-ldapd.conf shipped when |
||||||
|
/etc/tmpfiles.d is reserved for the local |
||||||
|
administrator |
||||||
|
|
||||||
|
* Tue Oct 24 2017 Jakub Hrozek <jhrozek@redhat.com> - 0.8.13-13 |
||||||
|
- Resolves: rhbz#1312297 - nslcd.service does not restart on failure |
||||||
|
|
||||||
|
* Tue Oct 24 2017 Jakub Hrozek <jhrozek@redhat.com> - 0.8.13-12 |
||||||
|
- Resolves: rhbz#1425790 - Unable to authenticate with 64 character password |
||||||
|
using nss-pam-ldapd |
||||||
|
|
||||||
|
* Tue Oct 24 2017 Jakub Hrozek <jhrozek@redhat.com> - 0.8.13-11 |
||||||
|
- Resolves: rhbz#1497761 - Incorrect password tries to bind to all domain |
||||||
|
controllers and locks user out |
||||||
|
|
||||||
|
* Mon Oct 23 2017 Jakub Hrozek <jhrozek@redhat.com> - 0.8.13-10 |
||||||
|
- Resolves: rhbz#1357493 - In RHEL 7, authentication failing when using |
||||||
|
nslcd + pam_ldap where user has different in |
||||||
|
nis/passwd and ldap. |
||||||
|
|
||||||
|
* Mon Oct 23 2017 Jakub Hrozek <jhrozek@redhat.com> - 0.8.13-9 |
||||||
|
- Resolves: rhbz#1420576 - 'systemctl status nslcd' always returns FAILURE |
||||||
|
status even though the service is stopped with |
||||||
|
'systemctl stop nslcd |
||||||
|
|
||||||
|
* Wed Jan 29 2014 Jakub Hrozek <jhrozek@redhat.com> 0.8.13-8 |
||||||
|
- Fix a potential use-after-free in nsswitch module |
||||||
|
- Resolves: rhbz#1036030 - New defect found in nss-pam-ldapd-0.8.13-4.el7 |
||||||
|
|
||||||
|
* Fri Jan 24 2014 Daniel Mach <dmach@redhat.com> - 0.8.13-7 |
||||||
|
- Mass rebuild 2014-01-24 |
||||||
|
|
||||||
|
* Mon Jan 20 2014 Jakub Hrozek <jhrozek@redhat.com> 0.8.13-6 |
||||||
|
- Change the error messages the tests expect to those printed on RH based |
||||||
|
systems |
||||||
|
- Resolves: rhbz#1044482 |
||||||
|
|
||||||
|
* Fri Dec 27 2013 Daniel Mach <dmach@redhat.com> - 0.8.13-5 |
||||||
|
- Mass rebuild 2013-12-27 |
||||||
|
|
||||||
|
* Fri Oct 18 2013 Nalin Dahyabhai <nalin@redhat.com> 0.8.13-4 |
||||||
|
- compile nslcd/log.c with -fPIC instead of the current hardened-build default |
||||||
|
of -fPIE, which doesn't seem to avoid relocations for its thread-local |
||||||
|
variables on s390x (#1002834) |
||||||
|
|
||||||
|
* Sat Oct 05 2013 Jakub Hrozek <jhrozek@redhat.com> 0.8.13-3 |
||||||
|
- Suppress Broken Pipe messages when requesting a large groupo |
||||||
|
- Resolves: rhbz#1002829 |
||||||
|
|
||||||
|
* Wed Jul 31 2013 Jakub Hrozek <jhrozek@redhat.com> 0.8.13-2 |
||||||
|
- Build with _hardened_build macro |
||||||
|
|
||||||
|
* Mon May 6 2013 Nalin Dahyabhai <nalin@redhat.com> 0.8.13-1 |
||||||
|
- update to 0.8.13 |
||||||
|
- correct a syntax error in the fix that was added for #832706 |
||||||
|
|
||||||
|
* Tue Apr 30 2013 Nalin Dahyabhai <nalin@redhat.com> 0.8.12-4 |
||||||
|
- in %%post, attempt to rewrite any instances of "map group uniqueMember ..." |
||||||
|
to be "map group member ..." in nslcd.conf, as the attribute name changed |
||||||
|
in 0.8.4 (via freeipa ticket #3589) |
||||||
|
|
||||||
|
* Thu Feb 14 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.8.12-3 |
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild |
||||||
|
|
||||||
|
* Fri Jan 18 2013 Nalin Dahyabhai <nalin@redhat.com> 0.8.12-2 |
||||||
|
- drop local patch to make the client flush some more read buffers |
||||||
|
|
||||||
|
* Fri Jan 18 2013 Nalin Dahyabhai <nalin@redhat.com> 0.8.12-1 |
||||||
|
- update to 0.8.12 (#846793) |
||||||
|
- make building pam_ldap conditional on the targeted release |
||||||
|
- add "After=named.service dirsrv.target slapd.service" to nslcd.service, |
||||||
|
to make sure that nslcd is started after them if they're to be started |
||||||
|
on the local system (#832706) |
||||||
|
- alter the versioned Obsoletes: on pam_ldap to include the F18 package |
||||||
|
- use %%{_unitdir} when deciding where to put systemd configuration, based |
||||||
|
on patch from Václav Pavlín (#850232) |
||||||
|
- use new systemd macros for scriptlet hooks, when available, based on |
||||||
|
patch from Václav Pavlín (#850232) |
||||||
|
|
||||||
|
* Sun Sep 09 2012 Jakub Hrozek <jhrozek@redhat.com> 0.7.17-1 |
||||||
|
- new upstream release 0.7.17 |
||||||
|
|
||||||
|
* Sun Aug 05 2012 Jakub Hrozek <jhrozek@redhat.com> - 0.7.16-5 |
||||||
|
- Obsolete PADL's nss_ldap |
||||||
|
|
||||||
|
* Sat Aug 04 2012 Jakub Hrozek <jhrozek@redhat.com> - 0.7.16-4 |
||||||
|
- Build the PAM module, obsoletes PADL's pam-ldap (#856006) |
||||||
|
|
||||||
|
* Fri Jul 20 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.7.16-3 |
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild |
||||||
|
|
||||||
|
* Mon May 14 2012 Jakub Hrozek <jhrozek@redhat.com> 0.7.16-2 |
||||||
|
- backport upstream revision r1659 related to broken pipe when |
||||||
|
requesting a large group |
||||||
|
- use grep -E instead of egrep to avoid rpmlint warnings |
||||||
|
|
||||||
|
* Sat Apr 28 2012 Jakub Hrozek <jhrozek@redhat.com> 0.7.16-1 |
||||||
|
- new upstream release 0.7.16 |
||||||
|
|
||||||
|
* Thu Mar 15 2012 Jakub Hrozek <jhrozek@redhat.com> 0.7.15-2 |
||||||
|
- Do not print "Broken Pipe" error message when requesting a large group |
||||||
|
|
||||||
|
* Fri Mar 9 2012 Jakub Hrozek <jhrozek@redhat.com> 0.7.15-1 |
||||||
|
- new upstream release 0.7.15 |
||||||
|
|
||||||
|
* Fri Jan 13 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.7.14-3 |
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild |
||||||
|
|
||||||
|
* Fri Dec 16 2011 Jakub Hrozek <jhrozek@redhat.com> 0.7.14-2 |
||||||
|
- Do not overflow large UID/GID values on 32bit architectures |
||||||
|
|
||||||
|
* Mon Nov 28 2011 Nalin Dahyabhai <nalin@redhat.com> |
||||||
|
- use the same conditional test for deciding when to create the .so symlink as |
||||||
|
we do later on for deciding when to include it in the package (#757004) |
||||||
|
|
||||||
|
* Fri Sep 23 2011 Jakub Hrozek <jhrozek@redhat.com> 0.7.14-1 |
||||||
|
- new upstream release 0.7.14 |
||||||
|
- obsoletes nss-pam-ldapd-0.7.x-buffers.patch |
||||||
|
|
||||||
|
* Wed Aug 24 2011 Nalin Dahyabhai <nalin@redhat.com> 0.7.13-8 |
||||||
|
- include backported enhancement to take URIs in the form "dns:DOMAIN" in |
||||||
|
addition to the already-implemented "dns" (#730309) |
||||||
|
|
||||||
|
* Thu Jul 14 2011 Nalin Dahyabhai <nalin@redhat.com> 0.7.13-7 |
||||||
|
- switch to only munging the contents of /etc/nslcd.conf on the very first |
||||||
|
install (#706454) |
||||||
|
- make sure that we have enough space to parse any valid GID value when |
||||||
|
parsing a user's primary GID (#716822) |
||||||
|
- backport support for the "validnames" option from SVN and use it to allow |
||||||
|
parentheses characters by modifying the default setting (#690870), then |
||||||
|
modify the default again to also allow shorter and shorter names to pass |
||||||
|
muster (#706860) |
||||||
|
|
||||||
|
* Wed Jul 13 2011 Nalin Dahyabhai <nalin@redhat.com> 0.7.13-6 |
||||||
|
- convert to systemd-native startup (#716997) |
||||||
|
|
||||||
|
* Mon Jun 13 2011 Nalin Dahyabhai <nalin@redhat.com> 0.7.13-5 |
||||||
|
- change the file path Requires: we have for pam_ldap into a package name |
||||||
|
Requires: (#601931) |
||||||
|
|
||||||
|
* Wed Mar 30 2011 Nalin Dahyabhai <nalin@redhat.com> 0.7.13-4 |
||||||
|
- tag nslcd.conf with %%verify(not md5 size mtime), since we always tweak |
||||||
|
it in %%post (#692225) |
||||||
|
|
||||||
|
* Tue Mar 1 2011 Nalin Dahyabhai <nalin@redhat.com> 0.7.13-3 |
||||||
|
- add a tmpfiles configuration to ensure that /var/run/nslcd is created when |
||||||
|
/var/run is completely empty at boot (#656643) |
||||||
|
|
||||||
|
* Tue Feb 08 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.7.13-2 |
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild |
||||||
|
|
||||||
|
* Mon Dec 13 2010 Nalin Dahyabhai <nalin@redhat.com> 0.7.13-1 |
||||||
|
- update to 0.7.13 |
||||||
|
|
||||||
|
* Fri Oct 29 2010 Nalin Dahyabhai <nalin@redhat.com> 0.7.12-1 |
||||||
|
- update to 0.7.12 |
||||||
|
|
||||||
|
* Fri Oct 15 2010 Nalin Dahyabhai <nalin@redhat.com> 0.7.11-1 |
||||||
|
- update to 0.7.11 |
||||||
|
|
||||||
|
* Wed Sep 29 2010 jkeating - 0.7.10-2 |
||||||
|
- Rebuilt for gcc bug 634757 |
||||||
|
|
||||||
|
* Fri Sep 24 2010 Nalin Dahyabhai <nalin@redhat.com> 0.7.10-1 |
||||||
|
- update to 0.7.10 |
||||||
|
|
||||||
|
* Thu Sep 23 2010 Nalin Dahyabhai <nalin@redhat.com> 0.7.9-2 |
||||||
|
- when creating /var/run/nslcd in the buildroot, specify that 0755 is a |
||||||
|
permissions value and not another directory name (#636880) |
||||||
|
|
||||||
|
* Mon Aug 30 2010 Nalin Dahyabhai <nalin@redhat.com> 0.7.9-1 |
||||||
|
- update to 0.7.9 |
||||||
|
|
||||||
|
* Wed Aug 18 2010 Nalin Dahyabhai <nalin@redhat.com> 0.7.8-1 |
||||||
|
- update to 0.7.8 |
||||||
|
|
||||||
|
* Wed Jul 7 2010 Nalin Dahyabhai <nalin@redhat.com> 0.7.7-1 |
||||||
|
- update to 0.7.7 |
||||||
|
|
||||||
|
* Mon Jun 28 2010 Nalin Dahyabhai <nalin@redhat.com> 0.7.6-3 |
||||||
|
- don't accidentally set multiple 'gid' settings in nslcd.conf, and try to |
||||||
|
clean up after older versions of this package that did (#608314) |
||||||
|
|
||||||
|
* Thu May 27 2010 Nalin Dahyabhai <nalin@redhat.com> 0.7.6-2 |
||||||
|
- make inclusion of the .so symlink conditional on being on a sufficiently- |
||||||
|
new Fedora where pam_ldap isn't part of the nss_ldap package, so having |
||||||
|
this package conflict with nss_ldap doesn't require that pam_ldap be |
||||||
|
removed (#596691) |
||||||
|
|
||||||
|
* Thu May 27 2010 Nalin Dahyabhai <nalin@redhat.com> 0.7.6-1 |
||||||
|
- update to 0.7.6 |
||||||
|
|
||||||
|
* Mon May 17 2010 Nalin Dahyabhai <nalin@redhat.com> 0.7.5-3 |
||||||
|
- switch to the upstream patch for #592411 |
||||||
|
|
||||||
|
* Fri May 14 2010 Nalin Dahyabhai <nalin@redhat.com> 0.7.5-2 |
||||||
|
- don't return an uninitialized buffer as the value for an optional attribute |
||||||
|
that isn't present in the directory server entry (#592411) |
||||||
|
|
||||||
|
* Fri May 14 2010 Nalin Dahyabhai <nalin@redhat.com> 0.7.5-1 |
||||||
|
- update to 0.7.5 |
||||||
|
|
||||||
|
* Fri May 14 2010 Nalin Dahyabhai <nalin@redhat.com> 0.7.4-1 |
||||||
|
- update to 0.7.4 |
||||||
|
- stop trying to migrate retry timeout parameters from old ldap.conf files |
||||||
|
- add an explicit requires: on nscd to make sure it's at least available on |
||||||
|
systems that are using nss-pam-ldapd; otherwise it's usually optional |
||||||
|
|
||||||
|
* Tue Mar 23 2010 Nalin Dahyabhai <nalin@redhat.com> 0.7.3-1 |
||||||
|
- update to 0.7.3 |
||||||
|
|
||||||
|
* Thu Feb 25 2010 Nalin Dahyabhai <nalin@redhat.com> 0.7.2-2 |
||||||
|
- bump release for post-review commit |
||||||
|
|
||||||
|
* Thu Feb 25 2010 Nalin Dahyabhai <nalin@redhat.com> 0.7.2-1 |
||||||
|
- add comments about why we have a .so link at all, and not a -devel subpackage |
||||||
|
|
||||||
|
* Wed Jan 13 2010 Nalin Dahyabhai <nalin@redhat.com> |
||||||
|
- obsolete/provides nss-ldapd |
||||||
|
- import configuration from nss-ldapd.conf, too |
||||||
|
|
||||||
|
* Tue Jan 12 2010 Nalin Dahyabhai <nalin@redhat.com> |
||||||
|
- rename to nss-pam-ldapd |
||||||
|
- also check for import settings in /etc/nss_ldap.conf and /etc/pam_ldap.conf |
||||||
|
|
||||||
|
* Thu Sep 24 2009 Nalin Dahyabhai <nalin@redhat.com> 0.6.11-2 |
||||||
|
- rebuild |
||||||
|
|
||||||
|
* Wed Sep 16 2009 Nalin Dahyabhai <nalin@redhat.com> |
||||||
|
- apply Mitchell Berger's patch to clean up the init script, use %%{_initddir}, |
||||||
|
and correct the %%post so that it only thinks about turning on nslcd when |
||||||
|
we're first being installed (#522947) |
||||||
|
- tell status() where the pidfile is when the init script is called for that |
||||||
|
|
||||||
|
* Tue Sep 8 2009 Nalin Dahyabhai <nalin@redhat.com> |
||||||
|
- fix typo in a comment, capitalize the full name for "LDAP Client User" (more |
||||||
|
from #516049) |
||||||
|
|
||||||
|
* Wed Sep 2 2009 Nalin Dahyabhai <nalin@redhat.com> 0.6.11-1 |
||||||
|
- update to 0.6.11 |
||||||
|
|
||||||
|
* Sat Jul 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.6.10-4 |
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild |
||||||
|
|
||||||
|
* Thu Jun 18 2009 Nalin Dahyabhai <nalin@redhat.com> 0.6.10-3 |
||||||
|
- update URL: and Source: |
||||||
|
|
||||||
|
* Mon Jun 15 2009 Nalin Dahyabhai <nalin@redhat.com> 0.6.10-2 |
||||||
|
- add and own /var/run/nslcd |
||||||
|
- convert hosts to uri during migration |
||||||
|
|
||||||
|
* Thu Jun 11 2009 Nalin Dahyabhai <nalin@redhat.com> 0.6.10-1 |
||||||
|
- update to 0.6.10 |
||||||
|
|
||||||
|
* Fri Apr 17 2009 Nalin Dahyabhai <nalin@redhat.com> 0.6.8-1 |
||||||
|
- bump release number to 1 (part of #491767) |
||||||
|
- fix which group we check for during %%pre (part of #491767) |
||||||
|
|
||||||
|
* Tue Mar 24 2009 Nalin Dahyabhai <nalin@redhat.com> |
||||||
|
- require chkconfig by package rather than path (Jussi Lehtola, part of #491767) |
||||||
|
|
||||||
|
* Mon Mar 23 2009 Nalin Dahyabhai <nalin@redhat.com> 0.6.8-0.1 |
||||||
|
- update to 0.6.8 |
||||||
|
|
||||||
|
* Mon Mar 23 2009 Nalin Dahyabhai <nalin@redhat.com> 0.6.7-0.1 |
||||||
|
- start using a dedicated user |
||||||
|
|
||||||
|
* Wed Mar 18 2009 Nalin Dahyabhai <nalin@redhat.com> 0.6.7-0.0 |
||||||
|
- initial package (#445965) |
Loading…
Reference in new issue