~ubuntu-branches/ubuntu/precise/nss-pam-ldapd/precise-updates

Committer: Bazaar Package Importer
Author(s): Arthur de Jong
Date: 2010-07-03 17:00:00 UTC
Revision ID: james.westby@ubuntu.com-20100703170000-qjnaavp1wx04z4ew

Tags: 0.7.7

http://bugs.debian.org/585968

http://bugs.debian.org/585639

* don't use use_authtok for password modification by default
* fine-tune pam-auth-update configuration after discussion with Steve
  Langasek (see: #583492)
  Note that this currently requires that shadow information is also provided
  by LDAP (in /etc/nsswitch.conf).
* ensure that nslcd is started after hostname lookups are available so
  getting to the LDAP server via DNS will work (patch by Petter
  Reinholdtsen) (closes: #585968)
* start k5start from the init script to keep the Kerberos ticket active if
  nslcd is configured for SASL GSSAPI Kerberos authentication, based on a
  patch by Daniel Dehennin (closes: #585639)
* upgrade to standards-version 3.9.0 (switch to Breaks/Replaces instead of
  Conflicts)
* refactoring and simplification of PAM module which also improves logging
* implement a nullok PAM option and disable empty passwords by default
* portability improvements and other minor code improvements
* the mechanism to disable name lookups through LDAP from within the nslcd
  process has been improved
* the undocumented use_sasl option has been removed (specifying sasl_mech
  now implies use_sasl)
* the sasl_mech, sasl_realm, sasl_authcid, sasl_authzid and sasl_secprops
  configuration options are now documented

files added:
compat/nss_compat.h

debian/libpam-ldapd.manpages

debian/nslcd.conffile

debian/nslcd.default

debian/nslcd.manpages

nss/common.c

nss/nss_ldap.map

pam/pam_ldap.map

files removed:
nss/exports.linux

pam/exports.linux

files modified:
AUTHORS

ChangeLog

Makefile.am

Makefile.in

NEWS

README

TODO

common/Makefile.in

common/dict.h

common/expr.h

common/nslcd-prot.h

common/set.h

common/tio.c

common/tio.h

compat/Makefile.am

compat/Makefile.in

compat/attrs.h

compat/daemon.h

compat/ether.h

compat/getopt_long.h

compat/getpeercred.h

compat/ldap_compat.h

compat/pam_compat.h

compat/pam_get_authtok.c

config.h.in

configure

configure.ac

debian/changelog

debian/control

debian/libnss-ldapd.config

debian/libpam-ldapd.pam-auth-update

debian/nslcd.config

debian/nslcd.init

debian/nslcd.install

man/Makefile.in

man/nslcd.8

man/nslcd.8.xml

man/nslcd.conf.5

man/nslcd.conf.5.xml

man/pam_ldap.8

man/pam_ldap.8.xml

nslcd/Makefile.am

nslcd/Makefile.in

nslcd/attmap.c

nslcd/attmap.h

nslcd/cfg.c

nslcd/cfg.h

nslcd/common.h

nslcd/group.c

nslcd/log.h

nslcd/myldap.c

nslcd/myldap.h

nslcd/network.c

nslcd/nslcd.c

nslcd/pam.c

nss/Makefile.am

nss/Makefile.in

nss/aliases.c

nss/common.h

nss/ethers.c

nss/group.c

nss/hosts.c

nss/netgroup.c

nss/networks.c

nss/passwd.c

nss/protocols.c

nss/prototypes.h

nss/rpc.c

nss/services.c

nss/shadow.c

pam/Makefile.am

pam/Makefile.in

pam/common.h

pam/pam.c

tests/Makefile.am

tests/Makefile.in

Show diffs side-by-side

added added

removed removed

nss/prototypes.h

prototypes.h - all functions exported by the NSS library

This library is free software; you can redistribute it and/or

modify it under the terms of the GNU Lesser General Public

02110-1301 USA

#ifndef _NSS_EXPORTS_H

#define _NSS_EXPORTS_H 1

#include <nss.h>

#ifdef HAVE_ALIASES_H

#include <aliases.h>

#endif

#include <sys/socket.h>

#include <sys/types.h>

#include <grp.h>

#include <netdb.h>

#include <pwd.h>

#ifdef HAVE_SHADOW_H

#include <shadow.h>

#endif /* HAVE_SHADOW_H */

#include "compat/ether.h"

/* We define struct etherent here because it does not seem to

be defined in any publicly available header file exposed

by glibc. This is taken from include/netinet/ether.h

of the glibc (2.3.6) source tarball. */

struct etherent

{

const char *e_name;

struct ether_addr e_addr;

};

/* We also define struct __netgrent because it's definition is

not publically available. This is taken from inet/netgroup.h

of the glibc (2.3.6) source tarball.

The first part of the struct is the only part that is modified

by the getnetgrent() function, all the other fields are not

touched at all. */

struct __netgrent

{

enum { triple_val, group_val } type;

union

{

struct

{

const char *host;

const char *user;

const char *domain;

} triple;

const char *group;

} val;

/* the following stuff is used by some NSS services

but not by ours (it's not completely clear how these

are shared between different services) or is used

by our caller */

char *data;

size_t data_size;

union

{

char *cursor;

unsigned long int position;

} insertedname; /* added name to union to avoid warning */

int first;

struct name_list *known_groups;

struct name_list *needed_groups;

void *nip; /* changed from `service_user *nip' */

};

#ifndef NSS__PROTOTYPES_H

#define NSS__PROTOTYPES_H 1

#include "compat/nss_compat.h"

These are prototypes for functions exported from the ldap NSS module.

http://www.gnu.org/software/libc/manual/html_node/Name-Service-Switch.html

/* flag to gloabally disable lookups (all _nss_ldap_*() functions will return

NSS_STATUS_UNAVAIL */

extern int _nss_ldap_enablelookups;

100

/* aliases - mail aliases */

101

enum nss_status _nss_ldap_getaliasbyname_r(const char *name,struct aliasent *result,char *buffer,size_t buflen,int *errnop);

102

enum nss_status _nss_ldap_setaliasent(void);

172

117

enum nss_status _nss_ldap_getspent_r(struct spwd *result,char *buffer,size_t buflen,int *errnop);

173

118

enum nss_status _nss_ldap_endspent(void);

174

119

175

#endif /* not NSS_EXPORTS */

120

#endif /* not NSS__PROTOTYPES_H */

Older »