get files ready for 0.8.0 release

git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1358 ef36b2f9-881f-0410-afb5-c4e39611909c
author: Arthur de Jong <arthur@arthurdejong.org> 2010-12-30 21:28:29 +0000
committer: Arthur de Jong <arthur@arthurdejong.org> 2010-12-30 21:28:29 +0000
commit: ba243579c4f745f11e6aceb6487b501a4495bd4f (patch)
tree: 690ab2cd605c7bb93530cb3084aa6d424ef09331
parent: 0920660606c468abd00b7c249b734c66774ec425 (diff)
8 files changed, 698 insertions, 17 deletions
diff --git a/ChangeLog b/ChangeLog
index 0acb30d..58f6536 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,545 @@
+2010-12-30 16:43  arthur
+
+	* [r1357] README, debian/copyright: update copyright information
+
+2010-12-30 16:26  arthur
+
+	* [r1356] debian/po/ca.po, debian/po/cs.po, debian/po/da.po,
+	  debian/po/de.po, debian/po/es.po, debian/po/fi.po,
+	  debian/po/fr.po, debian/po/gl.po, debian/po/it.po,
+	  debian/po/ja.po, debian/po/nb.po, debian/po/nl.po,
+	  debian/po/pt.po, debian/po/pt_BR.po, debian/po/ru.po,
+	  debian/po/sv.po, debian/po/templates.pot, debian/po/vi.po,
+	  debian/po/zh_CN.po: run debconf-updatepo (new and updated
+	  templates)
+
+2010-12-30 16:25  arthur
+
+	* [r1355] debian/po/ca.po, debian/po/cs.po, debian/po/da.po,
+	  debian/po/de.po, debian/po/es.po, debian/po/fi.po,
+	  debian/po/fr.po, debian/po/gl.po, debian/po/it.po,
+	  debian/po/ja.po, debian/po/nb.po, debian/po/nl.po,
+	  debian/po/pt.po, debian/po/pt_BR.po, debian/po/ru.po,
+	  debian/po/sv.po, debian/po/vi.po, debian/po/zh_CN.po: put headers
+	  of .po files in a consistent format
+
+2010-12-30 13:13  arthur
+
+	* [r1354] ., AUTHORS, HACKING, README, configure.ac,
+	  debian/copyright, nss/Makefile.am, nss/common.h, nss/ethers.c,
+	  nss/exports.solaris, nss/group.c, nss/hosts.c, nss/netgroup.c,
+	  nss/networks.c, nss/passwd.c, nss/protocols.c, nss/prototypes.h,
+	  nss/rpc.c, nss/services.c, nss/shadow.c, nss/solnss.c: integrate
+	  Solaris support developed by Ted C. Cheng of Symas Corporation
+	  that was developed on the -solaris branch
+
+2010-12-29 22:20  arthur
+
+	* [r1348] Makefile.am, pam/Makefile.am: fix distcheck by passing
+	  --with-pam-seclib-dir to configure and remove unneeded slashes
+
+2010-12-29 21:50  arthur
+
+	* [r1347] Makefile.am, configure.ac, py-compile, pynslcd,
+	  pynslcd/Makefile.am, pynslcd/alias.py, pynslcd/cfg.py,
+	  pynslcd/common.py, pynslcd/config.py.in, pynslcd/debugio.py,
+	  pynslcd/ether.py, pynslcd/group.py, pynslcd/mypidfile.py,
+	  pynslcd/pam.py, pynslcd/passwd.py, pynslcd/pynslcd.py,
+	  pynslcd/shadow.py, pynslcd/tio.py: add an experimental (currently
+	  partial) Python implementation of nslcd to see if we can get the
+	  same features with easier to maintain code
+
+2010-12-28 22:52  arthur
+
+	* [r1346] man/nslcd.conf.5.xml, nslcd/attmap.c, nslcd/common.c,
+	  nslcd/common.h, nslcd/group.c, nslcd/passwd.c, nslcd/shadow.c:
+	  allow attribute mapping with an expression for the userPassword
+	  attribute for passwd, group and shadow entries and by default map
+	  it to the unmatchable password ("*") to avoid accidentally
+	  leaking password information
+
+2010-12-26 17:09  arthur
+
+	* [r1345] nslcd/common.h, nslcd/myldap.c, nslcd/myldap.h,
+	  nslcd/pam.c, nslcd/shadow.c: try to update the shadowLastChange
+	  attribute of a user on password change (the update is only tried
+	  if the attribute is present to begin with)
+
+2010-12-26 15:00  arthur
+
+	* [r1344] common/tio.c: return connection reset when connection was
+	  closed by the other end
+
+2010-12-26 14:56  arthur
+
+	* [r1343] tests/nslcd-test.conf: paging isn't supported by OpenLDAP
+	  when chasing referrals
+
+2010-12-26 11:05  arthur
+
+	* [r1342] nslcd/cfg.c: also support the tls_cacert option as an
+	  alias for tls_cacertfile
+
+2010-12-26 11:04  arthur
+
+	* [r1341] man/nslcd.conf.5.xml: add notes on ignored options when
+	  using GnuTLS (based on #513270 which was reported against the
+	  openldap package by Peter Palfrader)
+
+2010-12-24 14:32  arthur
+
+	* [r1340] nslcd/common.c: also support tilde (~) in user and group
+	  names, except as first character
+
+2010-12-24 14:31  arthur
+
+	* [r1339] nslcd/common.c: make logic of character tests easier to
+	  read
+
+2010-12-20 10:18  arthur
+
+	* [r1338] man/nslcd.conf.5.xml, nslcd/cfg.c, nslcd/cfg.h,
+	  nslcd/group.c, nslcd/passwd.c: implement a nss_min_uid option to
+	  filter user entries returned by LDAP
+
+2010-12-18 17:39  arthur
+
+	* [r1337] tests/test_nsscmds.sh: sort group members by alphabet to
+	  not be dependant on the order of attributes returned and the
+	  internal softing of the set
+
+2010-12-18 17:35  arthur
+
+	* [r1336] tests/README, tests/test.ldif.gz, tests/test_nsscmds.sh:
+	  update tests with current test set-up (with chasing a referral
+	  and some other minor changes)
+
+2010-12-12 22:32  arthur
+
+	* [r1328] nslcd/myldap.c: pass the ld to do_bind() instead of the
+	  session to use the correct ld from do_rebind()
+
+2010-12-12 22:24  arthur
+
+	* [r1327] nslcd/pam.c: always return a positive authorisation
+	  result during authentication because we don't do any
+	  authorisation checks during authentication and this may confuse
+	  the PAM module if it's only used for authorisation
+
+2010-12-12 22:22  arthur
+
+	* [r1326] pam/pam.c: fallback to standard PAM error message if one
+	  wasn't returned by nslcd
+
+2010-12-12 22:15  arthur
+
+	* [r1325] nslcd/myldap.c: fix comment
+
+2010-12-11 21:40  arthur
+
+	* [r1322] tests/test_myldap.c: include extra assertion checks
+
+2010-12-08 22:54  arthur
+
+	* [r1319] nslcd/myldap.c, nslcd/myldap.h, nslcd/nslcd.c: in each
+	  worker wake up once in a while to check whether any existing LDAP
+	  connections should be closed
+
+2010-12-03 16:16  arthur
+
+	* [r1318] nslcd/pam.c: in try_bind(), perform the search ourselves
+	  instead of using lookup_dn2uid() to also be able to match
+	  administrator DNs (thanks to Thaddeus J. Kollar for spotting
+	  this)
+
+2010-12-03 16:03  arthur
+
+	* [r1317] nslcd/pam.c: fix handling of try_bind() result code in
+	  nslcd_pam_authc() (patch by Thaddeus J. Kollar)
+
+2010-11-26 11:39  arthur
+
+	* [r1316] nslcd/nslcd.c: close all open file descriptors on start
+
+2010-11-17 20:08  arthur
+
+	* [r1315] nslcd/common.h, nslcd/pam.c, nslcd/passwd.c: return
+	  correct PAM status code for when LDAP server is unavailable
+	  (based on a patch by Pierre Gambarotto)
+
+2010-11-17 19:55  arthur
+
+	* [r1314] nslcd/pam.c: switch all internal functions to return an
+	  LDAP status code
+
+2010-11-17 19:41  arthur
+
+	* [r1313] nslcd/pam.c: return correct kind of error code from
+	  try_pwmod() (bug)
+
+2010-11-10 21:12  arthur
+
+	* [r1312] debian/nslcd.config, debian/nslcd.postinst,
+	  debian/nslcd.templates: implement configuring SASL authentication
+	  using Debconf, based on a patch by Daniel Dehennin
+
+2010-11-10 20:05  arthur
+
+	* [r1311] debian/nslcd.config: fix for problem with undefined
+	  values in read_config() function
+
+2010-11-07 22:13  arthur
+
+	* [r1310] debian/nslcd.config: split reading values from a
+	  configfile into a separate function and also ensure that
+	  tls_reqcert is correctly read
+
+2010-11-07 22:05  arthur
+
+	* [r1309] debian/nslcd.postinst: add comment describing function
+
+2010-11-07 20:04  arthur
+
+	* [r1308] debian/nslcd.postinst: split updating configuration file
+	  based on debconf value to separate function and make config
+	  option renaming consistent
+
+2010-11-07 19:45  arthur
+
+	* [r1307] pam/Makefile.am: fix installation directory for PAM
+	  module (was broken in r1239)
+
+2010-11-07 17:08  arthur
+
+	* [r1306] debian/nslcd.postinst: move special casing of handling
+	  bindpw removal to cfg_disable() function
+
+2010-11-07 17:06  arthur
+
+	* [r1305] debian/nslcd.config, debian/nslcd.postinst: handle
+	  tls_reqcert option consistently with other options
+
+2010-11-07 16:38  arthur
+
+	* [r1304] debian/nslcd.config: remove extra slash character
+
+2010-11-07 13:55  arthur
+
+	* [r1303] configure.ac: guess NSS SONAME on freebsd
+
+2010-11-07 13:54  arthur
+
+	* [r1302] configure.ac: use NSS flavour to determine which exports
+	  file to use
+
+2010-11-07 13:13  arthur
+
+	* [r1301] nslcd/alias.c, nslcd/common.h, nslcd/ether.c,
+	  nslcd/group.c, nslcd/host.c, nslcd/log.c, nslcd/log.h,
+	  nslcd/netgroup.c, nslcd/network.c, nslcd/pam.c, nslcd/passwd.c,
+	  nslcd/protocol.c, nslcd/rpc.c, nslcd/service.c, nslcd/shadow.c:
+	  log the request with any logged messages
+
+2010-11-07 13:08  arthur
+
+	* [r1300] compat/ldap_compat.h: SASL compatibility definition
+
+2010-11-04 20:45  arthur
+
+	* [r1298] nslcd/nslcd.c: move acceptconnection() function body
+	  inside the worker() so we can more easily break out of the
+	  connection handling thread, close the server socket inside the
+	  signal handler to cause all threads waiting on accept() to fail
+	  and ensure that signals are handled in the main thread by
+	  blocking them in the worker threads (r1290 from -solaris branch)
+
+2010-11-04 20:36  arthur
+
+	* [r1297] nslcd/common.h, nslcd/pam.c, nslcd/passwd.c: avoid
+	  unneeded strdup()s by using a passed buffer to lookup_dn2uid()
+	  and using strcmp() in dn2uid() to see if the existing cached
+	  value is ok
+
+2010-11-04 20:35  arthur
+
+	* [r1296] nslcd/passwd.c: fix race condition that could cause a
+	  memory leak
+
+2010-11-04 20:31  arthur
+
+	* [r1295] common/nslcd-prot.c, nslcd/nslcd.c: pass the actual size
+	  of the address family and the path length to bind() and connect()
+	  for named sockets
+
+2010-11-03 20:55  arthur
+
+	* [r1294] nslcd/myldap.c: call myldap_session_check() before adding
+	  a new search to the session so the connection actually gets
+	  closed on timeout (the connection isn't closed when there are
+	  active searches)
+
+2010-10-16 21:30  arthur
+
+	* [r1288] configure.ac: chage test for compiling with gcc to be
+	  simpler and not use deprecated ac_cv_prog_gcc
+
+2010-10-16 20:20  arthur
+
+	* [r1287] nslcd/nslcd.c: fix log message
+
+2010-10-16 11:34  arthur
+
+	* [r1286] nslcd/cfg.h: remove obsolete note
+
+2010-10-15 10:31  arthur
+
+	* [r1279] common/dict.c, common/dict.h, common/set.c, common/set.h,
+	  tests/test_set.c: implement dict_getany() and set_pop() functions
+	  to be able to pick and remove entries
+
+2010-10-15 10:21  arthur
+
+	* [r1278] common/dict.c, common/dict.h, common/set.h,
+	  tests/test_dict.c, tests/test_set.c: make DICTs and SETs
+	  case-sensitive
+
+2010-10-15 09:22  arthur
+
+	* [r1277] nss/common.h: split out checking of NSS module
+	  availability and buffer correctness to separate macros (taken
+	  from the -solaris branch)
+
+2010-10-15 09:05  arthur
+
+	* [r1276] nslcd/myldap.c: set a longer socket timout for the normal
+	  connection (just in case mostly) and a short one to use when
+	  shutting down the connection (also see
+	  http://www.openldap.org/its/index.cgi?selectid=6673)
+
+2010-10-14 19:05  arthur
+
+	* [r1274] configure.ac: set {nss,pam}_ldap_so_LINK from configure
+	  to allow custom linker properties for Solaris (r1261 and r1263
+	  from -solaris branch)
+
+2010-10-14 19:03  arthur
+
+	* [r1273] configure.ac: also include sys/types.h for
+	  ethernet-related tests (same as in compat/ether.h) (r1259 from
+	  -solaris branch)
+
+2010-10-14 19:00  arthur
+
+	* [r1272] nss/group.c: move _nss_ldap_initgroups_dyn() definition
+	  to the end to have more logical order
+
+2010-10-14 18:39  arthur
+
+	* [r1271] nslcd/myldap.c: simplify SASL includes
+
+2010-10-13 21:20  arthur
+
+	* [r1270] nss/Makefile.am: link local modules before .a files from
+	  common directory to pick symbols up in correct order
+
+2010-10-13 21:01  arthur
+
+	* [r1269] configure.ac: move ethernet function checks outside
+	  nslcd-specific tests to also compile without warnings when only
+	  compiling NSS module
+
+2010-10-13 19:58  arthur
+
+	* [r1267] nslcd/pam.c: make buffer sizes for PAM requests
+	  consistent (and large enough for most situations)
+
+2010-10-13 19:42  arthur
+
+	* [r1266] configure.ac: rename --with-nss-ldap-maps to
+	  --with-nss-maps
+
+2010-10-13 19:25  arthur
+
+	* [r1265] compat/ldap_passwd_s.c: small fix
+
+2010-10-12 20:30  arthur
+
+	* [r1264] nslcd/myldap.c: set timeout options on LDAP socket to
+	  avoid problems when the LDAP library hangs on a read() (e.g. at
+	  ldap_unbind())
+
+2010-10-10 19:57  arthur
+
+	* [r1256] nslcd/myldap.c, nss/netgroup.c, pam/pam.c: make use of
+	  UNUSED() consistent throughout the code
+
+2010-10-10 19:53  arthur
+
+	* [r1255] nss/rpc.c: correctly name shared file handle
+
+2010-10-10 19:46  arthur
+
+	* [r1254] ChangeLog: undo changes to ChangeLog accidentally checked
+	  in in r1253)
+
+2010-10-10 19:45  arthur
+
+	* [r1253] ChangeLog, configure.ac, nss/Makefile.am,
+	  nss/exports.glibc, nss/exports.solaris, nss/nss_ldap.map,
+	  pam/Makefile.am: put all logic on how to run linker for NSS and
+	  PAM components in configure script (remove stuff from
+	  Makefile.ams) and add Solaris version script (renaming version
+	  scripts as needed) (r1250 from -solaris branch)
+
+2010-10-10 19:32  arthur
+
+	* [r1252] compat/ether.c, compat/ether.h: move missing declarations
+	  of ether_ntoa() and ether_aton() to header file so they are
+	  available for other sources also (r1243 from -solaris branch)
+
+2010-10-10 19:31  arthur
+
+	* [r1251] configure.ac: fix test of returnlen struct member check
+	  (r1244 from -solaris branch)
+
+2010-10-08 11:24  arthur
+
+	* [r1245] nss/services.c: correctly name shared file handle
+
+2010-10-04 19:37  arthur
+
+	* [r1240] nss/Makefile.am, nss/aliases.c, nss/ethers.c,
+	  nss/group.c, nss/hosts.c, nss/netgroup.c, nss/networks.c,
+	  nss/passwd.c, nss/protocols.c, nss/rpc.c, nss/services.c,
+	  nss/shadow.c, pam/Makefile.am: improve consistency of code layout
+
+2010-10-04 19:35  arthur
+
+	* [r1239] compat/nss_compat.h, configure.ac, nss/Makefile.am,
+	  nss/common.h, nss/hosts.c, nss/networks.c, nss/prototypes.h,
+	  pam/Makefile.am: merge some of the changes for Solaris
+	  portability to ease merging, adding --with-pam-seclib-dir,
+	  --with-pam-ldap-soname and --with-nss-flavour options and having
+	  some auto-detection for SONAMEs and NSS flavour
+
+2010-10-02 19:19  arthur
+
+	* [r1235] .: ignore configure.lineno
+
+2010-10-01 08:11  arthur
+
+	* [r1233] compat/ether.c, compat/ldap_passwd_s.c, configure.ac: use
+	  AC_CHECK_DECLS to check for definitions of functions we provide a
+	  replacement definition for
+
+2010-09-30 19:09  arthur
+
+	* [r1229] debian/po/vi.po: updated Vietnamese (vi) translation of
+	  debconf templates by Clytie Siddall
+
+2010-09-30 18:20  arthur
+
+	* [r1228] configure.ac: fix test quoting
+
+2010-09-29 19:37  arthur
+
+	* [r1227] compat/ether.c, configure.ac: only provide definitions
+	  for ether_aton() and ether_ntoa() for platforms missing a
+	  definition
+
+2010-09-29 19:01  arthur
+
+	* [r1226] compat/ether.c: fix definitions of ether_aton() and
+	  ether_ntoa()
+
+2010-09-28 21:04  arthur
+
+	* [r1225] compat/nss_compat.h, compat/pam_get_authtok.c,
+	  configure.ac: begin merging some of the compatibility
+	  improvements from Ted C. Cheng of Symas Corporation
+
+2010-09-28 19:39  arthur
+
+	* [r1224] compat/nss_compat.h: no need to provide a enum nss_status
+	  replacement because we don't use it
+
+2010-09-28 19:39  arthur
+
+	* [r1223] tests/test_aliases.c, tests/test_ethers.c,
+	  tests/test_group.c, tests/test_hosts.c, tests/test_netgroup.c,
+	  tests/test_networks.c, tests/test_passwd.c,
+	  tests/test_protocols.c, tests/test_rpc.c, tests/test_services.c,
+	  tests/test_shadow.c: also switch to nss_status_t for test code
+
+2010-09-28 19:35  arthur
+
+	* [r1222] configure.ac: simplify appending OBJEXT sed expression
+
+2010-09-27 21:25  arthur
+
+	* [r1221] nslcd/myldap.c: remove variables which are no longer
+	  necessary due to r1220
+
+2010-09-27 21:19  arthur
+
+	* [r1220] nslcd/myldap.c: remove disabling keepalives since we
+	  handle SIGPIPE anyway
+
+2010-09-26 20:43  arthur
+
+	* [r1219] nslcd/myldap.c: remove ugly empty line
+
+2010-09-26 12:34  arthur
+
+	* [r1218] configure.ac: properly define PACKAGE_URL
+
+2010-09-26 11:19  arthur
+
+	* [r1217] nslcd/group.c: update description of group schema
+	  supported
+
+2010-09-26 11:08  arthur
+
+	* [r1216] Makefile.am: switch to nicer mechanism to specify
+	  subdirectories to build
+
+2010-09-25 21:50  arthur
+
+	* [r1215] configure.ac, nss/Makefile.am: have a way to limit which
+	  NSS maps should be built
+
+2010-09-24 13:04  arthur
+
+	* [r1214] compat/nss_compat.h, nss/aliases.c, nss/common.h,
+	  nss/ethers.c, nss/group.c, nss/hosts.c, nss/netgroup.c,
+	  nss/networks.c, nss/passwd.c, nss/protocols.c, nss/prototypes.h,
+	  nss/rpc.c, nss/services.c, nss/shadow.c: switch to using
+	  nss_status_t throughout the code and provide compatibility code
+	  to use whatever nss_status type is used on the system
+
+2010-09-23 21:21  arthur
+
+	* [r1208] nslcd/myldap.c: add some more error cases which should
+	  trigger a disconnect
+
+2010-09-20 20:41  arthur
+
+	* [r1207] nslcd/myldap.c: handle errors from ldap_result()
+	  consistently and also retry in case it times out
+
+2010-09-05 09:30  arthur
+
+	* [r1206] man/nslcd.conf.5.xml, nslcd/cfg.c, nslcd/cfg.h,
+	  nslcd/common.h, nslcd/nslcd.c, nslcd/pam.c, pam/pam.c: implement
+	  a rootpwmodpw option that allows root users to change user
+	  passwords without a password prompt
+
+2010-08-28 19:46  arthur
+
+	* [r1204] ChangeLog, NEWS, configure.ac, debian/changelog,
+	  man/nslcd.8.xml, man/nslcd.conf.5.xml, man/pam_ldap.8.xml: get
+	  files ready for 0.7.9 release
+
 2010-08-28 19:19  arthur
 
 	* [r1203] debian/po/nl.po: unfuzzy a few Dutch translations and
diff --git a/NEWS b/NEWS
index cb86039..eb79260 100644
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,70 @@
+changes from 0.7.13 to 0.8.0
+----------------------------
+
+* include Solaris support developed by Ted C. Cheng of Symas Corporation
+* include an experimental partial implementation of nslcd in Python (disabled
+  by default, see --enable-pynslcd configure option)
+* implement a nss_min_uid option to filter user entries returned by LDAP
+* implement a rootpwmodpw option that allows the root user to change a user's
+  password without a password prompt
+* try to update the shadowLastChange attribute on password change
+* all log messages now include a description of the request to more easily
+  track problems when not running in debug mode
+* allow attribute mapping expressions for the userPassword attribute for
+  passwd, group and shadow entries and by default map it to the unmatchable
+  password ("*") to avoid accidentally leaking password information
+* numerous compatibility improvements
+* add --with-pam-seclib-dir and --with-pam-ldap-soname configure options to
+  allow more control of hot to install the PAM module
+* add --with-nss-flavour and --with-nss-maps configure options to support
+  other C libraries and limit which NSS modules to install
+* allow tilde (~) in user and group names
+* improvements to the timeout mechanism (connections are now actively timed
+  out using the idle_timelimit option)
+* set socket timeouts on the LDAP connection to disconnect regardless of LDAP
+  and possibly TLS handling of connection
+* better disconnect/reconnect handling of error conditions
+* some code improvements and cleanups and several smaller bug fixes
+* all internal string comparisons are now also case sensitive (e.g. for
+  providing DN to username lookups, etc)
+* signal handling in the daemon was changed to behave more reliable across
+  different threading implementations
+* nslcd will now always return a positive authorisation result during
+  authentication to avoid confusing the PAM module when it is only used for
+  authorisation
+* Debian packaging improvement: implement configuring SASL authentication
+  using Debconf, based on a patch by Daniel Dehennin
+
+
+changes from 0.7.12 to 0.7.13
+-----------------------------
+
+* fix handling of idle_timelimit option
+* fix error code for problem while doing password modification
+
+
+changes from 0.7.11 to 0.7.12
+-----------------------------
+
+* set a short socket timeout when shutting down the connection to the LDAP
+  server to avoid disconnect problems when using TLS
+
+
+changes from 0.7.10 to 0.7.11
+-----------------------------
+
+* grow the buffer for the PAM ruser to not reject logins for users with
+  a ruser including a domain part
+* Debian packaging improvements
+
+
+changes from 0.7.9 to 0.7.10
+----------------------------
+
+* handle errors from ldap_result() better and disconnect (and reconnect)
+  in more cases
+
+
 changes from 0.7.8 to 0.7.9
 ---------------------------
 
diff --git a/TODO b/TODO
index 60f63e8..5399a5c 100644
--- a/TODO
+++ b/TODO
@@ -1,15 +1,10 @@
-* test reachability problems with LDAP server more
 * write more unit tests
-* maybe implement a connection object in the myldap module that is shared
-  by different sessions (sessions need to be cleaned up)
 * add sanity checking code (e.g. not too large buffer allocation and checking
   that host, user, etc do not contain funky characters) in all server modules
 * log some statistics: "passwd=100 shadow=10 host=20 rpc=10" (10 req/minute)
 * in the server: once the request is done pass the flushing of the buffers to
   a separate thread so our workers are available to handle new requests
   (test whether this actually improves performace)
-* split out idle checking into separate function so we may be able to call it
-  periodically from elsewhere (e.g. the main loop)
 * add an option to create an extra socket somewhere (so it may be used in
   chroot jails)
 * make I/O timeout between NSS lib and daemon configurable with configure
@@ -17,15 +12,23 @@
   address and return it as an alternative entry (investigate whether this is
   sane)
 * protocols/rpc: the description attribute should be used as an alias?
-* do more checks with failing LDAP connections (e.g. killing connections)
-* maybe make myldap code thread-safe (use locking)
 * review changes in nss_ldap and merge any useful changes
 * maybe rate-limit LDAP entry warnings
-* only parse nslcd.conf options if they are available on the platform
-* maybe support memberOf attribute in passwd entries that map to groups
 * setnetgrent() may need to return an error if the netgroup is undefined
 * handle repeated calls to getent() better (see http://bugzilla.padl.com/show_bug.cgi?id=376)
 * make it possible to start nslcd real early in the boot process and have
   it become available when it determines it can (other timeout/retry mechanism
   on startup)
 * write a simple PAM test application
+* make user/group name filtering configurable (with regular expression)
+  (perhaps even extend the filtering to other data)
+* implement requesting and handling password policy information when binding
+  as a user
+* integrate the FreeBSD code
+* implement nested groups
+* implement other services in nslcd: sudo and autofs are candidates
+* restart unscd on postinst, just like nscd (or perhaps do nscd -i <MAP>)
+* instead of library symbol, use environment variable to disable NSS module
+* properly test Solaris support
+* fix buffer handling in read_**string() functions (Solaris support)
+* complete pynslcd implementation
diff --git a/configure.ac b/configure.ac
index 6e94574..79e67cf 100644
--- a/configure.ac
+++ b/configure.ac
@@ -33,10 +33,10 @@ configure.ac file for more details.])
 
 # initialize and set version and bugreport address
 AC_INIT([nss-pam-ldapd],
-        [0.7.9],
+        [0.8.0],
         [nss-pam-ldapd-users@lists.arthurdejong.org],,
         [http://arthurdejong.org/nss-pam-ldapd/])
-RELEASE_MONTH="Aug 2010"
+RELEASE_MONTH="Dec 2010"
 AC_SUBST(RELEASE_MONTH)
 AC_CONFIG_SRCDIR([nslcd.h])
 
diff --git a/debian/changelog b/debian/changelog
index d68edea..0e5dcf3 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,72 @@
+nss-pam-ldapd (0.8.0) experimental; urgency=low
+
+  * include Solaris support developed by Ted C. Cheng of Symas Corporation
+  * include an experimental partial implementation of nslcd in Python
+    (disabled by default, see --enable-pynslcd configure option)
+  * implement a nss_min_uid option to filter user entries returned by LDAP
+  * implement a rootpwmodpw option that allows the root user to change a
+    user's password without a password prompt
+  * try to update the shadowLastChange attribute on password change
+  * all log messages now include a description of the request to more easily
+    track problems when not running in debug mode
+  * allow attribute mapping expressions for the userPassword attribute for
+    passwd, group and shadow entries and by default map it to the unmatchable
+    password ("*") to avoid accidentally leaking password information
+  * numerous compatibility improvements
+  * add --with-pam-seclib-dir and --with-pam-ldap-soname configure options to
+    allow more control of hot to install the PAM module
+  * add --with-nss-flavour and --with-nss-maps configure options to support
+    other C libraries and limit which NSS modules to install
+  * allow tilde (~) in user and group names (closes: #607640)
+  * improvements to the timeout mechanism (connections are now actively timed
+    out using the idle_timelimit option)
+  * set socket timeouts on the LDAP connection to disconnect regardless of
+    LDAP and possibly TLS handling of connection
+  * better disconnect/reconnect handling of error conditions
+  * some code improvements and cleanups and several smaller bug fixes
+  * all internal string comparisons are now also case sensitive (e.g. for
+    providing DN to username lookups, etc)
+  * signal handling in the daemon was changed to behave more reliable across
+    different threading implementations
+  * nslcd will now always return a positive authorisation result during
+    authentication to avoid confusing the PAM module when it is only used for
+    authorisation (closes: #604147)
+  * implement configuring SASL authentication using Debconf, based on a patch
+    by Daniel Dehennin (closes: #586532) (not called for translations yet
+    because the English text is likely to change)
+
+ -- Arthur de Jong <adejong@debian.org>  Thu, 30 Dec 2010 20:00:00 +0100
+
+nss-pam-ldapd (0.7.13) unstable; urgency=low
+
+  * fix handling of idle_timelimit option
+  * fix error code for problem while doing password modification
+
+ -- Arthur de Jong <adejong@debian.org>  Sat, 11 Dec 2010 22:00:00 +0100
+
+nss-pam-ldapd (0.7.12) unstable; urgency=low
+
+  * set a short socket timeout when shutting down the connection to the LDAP
+    server to avoid disconnect problems when using TLS
+    (addresses part of #596983)
+
+ -- Arthur de Jong <adejong@debian.org>  Fri, 29 Oct 2010 18:00:00 +0200
+
+nss-pam-ldapd (0.7.11) unstable; urgency=low
+
+  * updated Vietnamese debconf translation by Clytie Siddall (closes: #598500)
+  * grow the buffer for the PAM ruser to not reject logins for users with
+    a ruser including a domain part (closes: #600065)
+
+ -- Arthur de Jong <adejong@debian.org>  Fri, 15 Oct 2010 15:30:00 +0200
+
+nss-pam-ldapd (0.7.10) unstable; urgency=low
+
+  * handle errors from ldap_result() better and disconnect (and reconnect)
+    in more cases (closes: #596983)
+
+ -- Arthur de Jong <adejong@debian.org>  Fri, 24 Sep 2010 09:00:00 +0200
+
 nss-pam-ldapd (0.7.9) unstable; urgency=low
 
   * fix for --with-nss-ldap-soname configure option by Julien Cristau
diff --git a/man/nslcd.8.xml b/man/nslcd.8.xml
index ea9a83c..35d932d 100644
--- a/man/nslcd.8.xml
+++ b/man/nslcd.8.xml
@@ -36,9 +36,9 @@
  <refmeta>
   <refentrytitle>nslcd</refentrytitle>
   <manvolnum>8</manvolnum>
-  <refmiscinfo class="version">Version 0.7.9</refmiscinfo>
+  <refmiscinfo class="version">Version 0.8.0</refmiscinfo>
   <refmiscinfo class="manual">System Manager's Manual</refmiscinfo>
-  <refmiscinfo class="date">Aug 2010</refmiscinfo>
+  <refmiscinfo class="date">Dec 2010</refmiscinfo>
  </refmeta>
 
  <refnamediv id="name">
diff --git a/man/nslcd.conf.5.xml b/man/nslcd.conf.5.xml
index 62d249d..4149d67 100644
--- a/man/nslcd.conf.5.xml
+++ b/man/nslcd.conf.5.xml
@@ -36,9 +36,9 @@
  <refmeta>
   <refentrytitle>nslcd.conf</refentrytitle>
   <manvolnum>5</manvolnum>
-  <refmiscinfo class="version">Version 0.7.9</refmiscinfo>
+  <refmiscinfo class="version">Version 0.8.0</refmiscinfo>
   <refmiscinfo class="manual">System Manager's Manual</refmiscinfo>
-  <refmiscinfo class="date">Aug 2010</refmiscinfo>
+  <refmiscinfo class="date">Dec 2010</refmiscinfo>
  </refmeta>
 
  <refnamediv id="name">
diff --git a/man/pam_ldap.8.xml b/man/pam_ldap.8.xml
index e4aa3c9..e07d3f9 100644
--- a/man/pam_ldap.8.xml
+++ b/man/pam_ldap.8.xml
@@ -35,9 +35,9 @@
  <refmeta>
   <refentrytitle>pam_ldap</refentrytitle>
   <manvolnum>8</manvolnum>
-  <refmiscinfo class="version">Version 0.7.9</refmiscinfo>
+  <refmiscinfo class="version">Version 0.8.0</refmiscinfo>
   <refmiscinfo class="manual">System Manager's Manual</refmiscinfo>
-  <refmiscinfo class="date">Aug 2010</refmiscinfo>
+  <refmiscinfo class="date">Dec 2010</refmiscinfo>
  </refmeta>
 
  <refnamediv id="name">
author	Arthur de Jong <arthur@arthurdejong.org>	2010-12-30 21:28:29 +0000
committer	Arthur de Jong <arthur@arthurdejong.org>	2010-12-30 21:28:29 +0000
commit	ba243579c4f745f11e6aceb6487b501a4495bd4f (patch)
tree	690ab2cd605c7bb93530cb3084aa6d424ef09331
parent	0920660606c468abd00b7c249b734c66774ec425 (diff)