Contents of /trunk/lcas-lcmaps-gt4-interface/NEWS

Version 0.3.2:
-   Update structs for OpenSSL1.1 fixes in GT6
-   Protect against NULL service name

Version 0.3.1:
-   General code cleanup and cleanup of gt4-interface-install:
    Previous README file is now manpage for gt4-interface-install which is
    renamed from gt4-interface-install.sh and updated for flavor-less globus.
    Previous outdated examples are either removed or updated.
-   Implement support for the 'sharing' service: when the service name is
    'sharing' the callout receives an additional argument (a PEM-string),
    which contains the credential on which the mapping should be based.
-   Bug fix: setting LLGT_ENABLE_DEBUG should also work for logging to file.
-   Bug fix: certain log entries are missing the last character.

Version 0.3.0:
-   When a 'desired_identity' is passed in from the Globus framework (e.g.
    gsissh), then this is passed to LCMAPS, iff the LCMAPS version >=1.6.0.
    LCMAPS makes this available to its plugins, to provide support for
        "/DN" user1,user2
    or
        "/FQAN" user1,user2
    syntax in the grid-mapfile for the (voms)localaccount plugin.
-   Bug fix: when callout runs twice with a logfile, it could cause a segfault.

Version 0.2.6:
-   LCAS is terminated and dlclose()ed after LCMAPS. This prevents a segfault
    appearing when VOMS is re-initialized after it is unloaded due to a dlclose
    on RH5 based systems in a globus setup.
-   Add env var LLGT_DLCLOSE_LCAS, when set to no, disable or disabled, do NOT
    call dlclose() on lcas. This might further aid with the RH5
    OpenSSL/VOMS/Globus dlclose bug.

Version 0.2.5:
-   The result of LCMAPS mapping is stored. When a non-NULL 'desired identity'
    is presented, a previous result is available, and the two results match,
    LCMAPS is not run a second time.
    This behaviour can be disabled by setting the new environment variable
    LLGT_CACHE_CALLOUT to no, disable or disabled.
-   Do not call globus_module_deactivate() since this might corrupt e.g. the
    OpenSSL library, it should be called from the calling program.
-   Add env var LLGT_DLCLOSE_LCMAPS, when set to no, disable or disabled, do NOT
    call dlclose() on lcmaps. This is a workaround for a RH5-based bug relating
    to gsisshd, which (could) run the callout twice.
-   Include a manpage for the install script.
-   Improve logging:
    -   When LLGT_LOG_FILE is provided and it can be opened, llgt internal
        logging goes to this file. In that case LCAS_LOG_FILE and
        LCMAPS_LOG_FILE when unset, will be set to the same file.
-   In case of syslog, openlog() is only called when either the log facility or
    the log ident is overridden (LLGT_LOG_FACILITY or LLGT_LOG_IDENT).

Version 0.2.4:
-   Fix a bug with closing the log file.

Version 0.2.3:
-   Sync headers with those specified in globus_internal.h headers in LCMAPS
-   Fix remaining renaming of globus_internal.h into llgt_globus_internal.h
-   Explicitly prefix globus_internal.h with llgt_ and insert macro to enforce
    single inclusion.
-   When an LCAS_LOG_FILE=<file> or LCMAPS_LOG_FILE=<file> is provided to the
    LLGT, it opened a FILE handle (for each of the environments).
    Now it also closes them.
-   Prefix all files with llgt_. Rename configure options file into
    llgt_config.h Add missing llgt_config.h header to all c and h files.
-   Cleanup of code: splitup lcas and lcmaps dependent code in separate .c and
    .h files, which are prefixed with llgt_ to prevent confusion with the
    framework files. Further removal of dead code.
-   Cleanup dead code: comment-out functions and their prototypes if they are
    not being used. Also remove unused header files.
-   Cleanup code to limit the handling of internal globus structs. All these
    structs are now defined in globus_internal.h. The need for this arises
    because there is no public way of obtaining a gss_cred_id_t from a
    gss_ctx_id_t.
-   Fix proper handling of --disable-lcas:
    -   use of AM_CONDITIONAL in configure.ac 
    -   use of AC_DEFINE and #if(n)def to skip LCAS code
    -   don't compile lcas.c (not even as empty file) Add some comments on globus
        modules.
-   Fix use of LCMAPS_POLICY_NAME, it wasn't used by llgt4 since it called
    lcmaps_run_and_return_username with policies==NULL meaning parse all
    policies.  The LCMAPS_POLICY_NAME is now split into an array of policy
    names using new function llgt4_policy_tokenize() similar to lcmaps_tokenize
-   fix two memory leaks: liblcmaps_path (in lcmaps.c) and client name (in
    lcmaps_gt4_front.c). At the same time client name is only determined once
    from context.
-   fix typos: lcas instead of lcmaps (in lcmaps.c)


Version 0.2.0:
-   Changed the copyright to The Initiative for Globus in Europe project.
-   Moved the default logging facility from LOG_LOCAL1 to LOG_DAEMON.
-   Change the default logging facility with the $LLGT_LOG_FACILITY environment
    variable. Use the name of (standard syslog) facility names. Example:
    LOG_DAEMON, LOG_LOCAL1, etcetera
-   The $LLGT_LOG_IDENT can (optionally) be set as the Syslog ident value. This
    will be the identifying string in Syslog for the current process. Not using
    this option will let Syslog (or one of the GT services) to set these
    options.  By default the Syslog ident will be set to the executable name.
-   Changed the default LCAS_DEBUG_LEVEL value to the build in number 4. Which
    equal to a cut off at the LOG_INFO Syslog priority. Setting it on 5 will
    let it run with LOG_DEBUG enabled.
-   Switched internal time from localtime() to gmtime() to generate a
    JOB_REPOSITORY_ID and GATEKEEPER_JM_ID.
-   Set the environment variable $LLGT_RUN_LCAS to "no", "disabled" or
    "disable" to avoid LCAS to run prior to the LCMAPS.
-   There is a matching ./configure option "--enable-lcas" which can be used to
    change the default behaviour to run LCAS or not. The $LLGT_RUN_LCAS
    environment variable can still influence the LCAS run.
-   Added ./configure options similar gLExec to manipulate LCAS and LCMAPS
    usage, e.g.  --with-lcas-db=FILE, --with-lcas-moduledir-sfx=path,
    --with-lcas-moduledir=path, --with-lcmaps-db=FILE,
    --with-lcmaps-moduledir-sfx=path, --with-lcmaps-moduledir=path
-   When the variable LLGT_LIFT_PRIVILEGED_PROTECTION is set the post-LCMAPS
    mapping to the 'root' user and group check is disabled. This check is
    implicitly enable to prevent erroneous configuration to silently result
    into a root-account mapping in services that don't have preventions for
    this of themselves.  This setting is NEEDED in services that:
    1.) don't user switch, and run as root.
    2.) services that expect only a username to be returned and perform the
        user switch themselves, e.g. the Globus GSI-OpenSSHd.
-   Depreciated: $LLGT_NO_CHANGE_USER in favor of $LLGT_LIFT_PRIVILEGED_PROTECTION. 
                (Depreciation does not mean non-functional anymore)
-   Depreciated: $LLGT4_NO_CHANGE_USER in favor of $LLGT_LIFT_PRIVILEGED_PROTECTION. 
                (Depreciation does not mean non-functional anymore)
-   Set the environment variable $LLGT_VOMS_DISABLE_CREDENTIAL_CHECK to disable
    the VOMS verification at run-time in LCMAPS, provided that LCMAPS has the
    feature to select it at run-time.
-   Set the environment variable $LLGT_VOMS_ENABLE_CREDENTIAL_CHECK explicitly
    enable the VOMS attribute verification. It will override the LCMAPS
    build-in default, which could be disabled with certain build flags.
-   Support for a CFLAGS setting for LCAS_LIBDIR to open the liblcas.so library
    from an alternative location at build-time to override it's default.
    Example: export CFLAGS='-DLCAS_LIBDIR=\"/usr/local/lib/\"'
-   Support for an alternative LCAS_LIBDIR as a run-time setting by exporting
    $LLGT_LCAS_LIBDIR="/usr/local/lib/liblcas.so"
-   Support for a CFLAGS setting for LCMAPS_LIBDIR to open the liblcmaps.so library
    from an alternative location at build-time to override it's default.
    Example: export CFLAGS='-DLCMAPS_LIBDIR=\"/usr/local/lib/\"'
-   Support for an alternative LCMAPS_LIBDIR as a run-time setting by exporting
    $LLGT_LCMAPS_LIBDIR="/usr/local/lib/liblcmaps.so"
-   If the $LLGT_ENABLE_DEBUG environment variable is set, then the debugging
    message logged at level LOG_DEBUG are passed to the log. The scope of this
    setting is only within the LCAS-LCMAPS-GT-interface


Version 0.1.5:
Applying Brian Bockelman's patch for the services that can handle an account
change itself. For instance, GSISSH and Condor.

The scenario is as follows: LCMAPS resolves an account and typically enforced
it into the process by changing to the resolved account. The enforcement step
can be disabled by simply not running the posix_enf plug-in. In effect the
process is still running as root after the LCMAPS account resolvement and the
LCAS LCMAPS GT4/GT5 Callout kicks to throw an error on the (effective) user ID
or (effective) group ID being root.

The patch allows for an exception to this safety measure when the environment
variable "LLGT4_NO_CHANGE_USER" is set. The final check in the GT4/GT5 call-out
is bypassed and continues to pass the Username to the GT4/GT5 Call-out
framework of the service.

With some more time and concideration the need for this environment variable
might disappear as I currently think that these checks in the GT4/GT5 Call-out
could be safely regarded as pedantic.


Version 0.1.4:
Fix to use the GSS interface to LCAS again. LCMAPS was changed to use it, but
LCAS wasn't yet.  This is now fixed and the services work reliably again.
Error appeared in the logs indicating that LCAS couldn't read the credentials
as input.
1	Version 0.3.2:
2	- Update structs for OpenSSL1.1 fixes in GT6
3	- Protect against NULL service name
4
5	Version 0.3.1:
6	- General code cleanup and cleanup of gt4-interface-install:
7	Previous README file is now manpage for gt4-interface-install which is
8	renamed from gt4-interface-install.sh and updated for flavor-less globus.
9	Previous outdated examples are either removed or updated.
10	- Implement support for the 'sharing' service: when the service name is
11	'sharing' the callout receives an additional argument (a PEM-string),
12	which contains the credential on which the mapping should be based.
13	- Bug fix: setting LLGT_ENABLE_DEBUG should also work for logging to file.
14	- Bug fix: certain log entries are missing the last character.
15
16	Version 0.3.0:
17	- When a 'desired_identity' is passed in from the Globus framework (e.g.
18	gsissh), then this is passed to LCMAPS, iff the LCMAPS version >=1.6.0.
19	LCMAPS makes this available to its plugins, to provide support for
20	"/DN" user1,user2
21	or
22	"/FQAN" user1,user2
23	syntax in the grid-mapfile for the (voms)localaccount plugin.
24	- Bug fix: when callout runs twice with a logfile, it could cause a segfault.
25
26	Version 0.2.6:
27	- LCAS is terminated and dlclose()ed after LCMAPS. This prevents a segfault
28	appearing when VOMS is re-initialized after it is unloaded due to a dlclose
29	on RH5 based systems in a globus setup.
30	- Add env var LLGT_DLCLOSE_LCAS, when set to no, disable or disabled, do NOT
31	call dlclose() on lcas. This might further aid with the RH5
32	OpenSSL/VOMS/Globus dlclose bug.
33
34	Version 0.2.5:
35	- The result of LCMAPS mapping is stored. When a non-NULL 'desired identity'
36	is presented, a previous result is available, and the two results match,
37	LCMAPS is not run a second time.
38	This behaviour can be disabled by setting the new environment variable
39	LLGT_CACHE_CALLOUT to no, disable or disabled.
40	- Do not call globus_module_deactivate() since this might corrupt e.g. the
41	OpenSSL library, it should be called from the calling program.
42	- Add env var LLGT_DLCLOSE_LCMAPS, when set to no, disable or disabled, do NOT
43	call dlclose() on lcmaps. This is a workaround for a RH5-based bug relating
44	to gsisshd, which (could) run the callout twice.
45	- Include a manpage for the install script.
46	- Improve logging:
47	- When LLGT_LOG_FILE is provided and it can be opened, llgt internal
48	logging goes to this file. In that case LCAS_LOG_FILE and
49	LCMAPS_LOG_FILE when unset, will be set to the same file.
50	- In case of syslog, openlog() is only called when either the log facility or
51	the log ident is overridden (LLGT_LOG_FACILITY or LLGT_LOG_IDENT).
52
53	Version 0.2.4:
54	- Fix a bug with closing the log file.
55
56	Version 0.2.3:
57	- Sync headers with those specified in globus_internal.h headers in LCMAPS
58	- Fix remaining renaming of globus_internal.h into llgt_globus_internal.h
59	- Explicitly prefix globus_internal.h with llgt_ and insert macro to enforce
60	single inclusion.
61	- When an LCAS_LOG_FILE=<file> or LCMAPS_LOG_FILE=<file> is provided to the
62	LLGT, it opened a FILE handle (for each of the environments).
63	Now it also closes them.
64	- Prefix all files with llgt_. Rename configure options file into
65	llgt_config.h Add missing llgt_config.h header to all c and h files.
66	- Cleanup of code: splitup lcas and lcmaps dependent code in separate .c and
67	.h files, which are prefixed with llgt_ to prevent confusion with the
68	framework files. Further removal of dead code.
69	- Cleanup dead code: comment-out functions and their prototypes if they are
70	not being used. Also remove unused header files.
71	- Cleanup code to limit the handling of internal globus structs. All these
72	structs are now defined in globus_internal.h. The need for this arises
73	because there is no public way of obtaining a gss_cred_id_t from a
74	gss_ctx_id_t.
75	- Fix proper handling of --disable-lcas:
76	- use of AM_CONDITIONAL in configure.ac
77	- use of AC_DEFINE and #if(n)def to skip LCAS code
78	- don't compile lcas.c (not even as empty file) Add some comments on globus
79	modules.
80	- Fix use of LCMAPS_POLICY_NAME, it wasn't used by llgt4 since it called
81	lcmaps_run_and_return_username with policies==NULL meaning parse all
82	policies. The LCMAPS_POLICY_NAME is now split into an array of policy
83	names using new function llgt4_policy_tokenize() similar to lcmaps_tokenize
84	- fix two memory leaks: liblcmaps_path (in lcmaps.c) and client name (in
85	lcmaps_gt4_front.c). At the same time client name is only determined once
86	from context.
87	- fix typos: lcas instead of lcmaps (in lcmaps.c)
88
89
90
91	Version 0.2.0:
92	- Changed the copyright to The Initiative for Globus in Europe project.
93	- Moved the default logging facility from LOG_LOCAL1 to LOG_DAEMON.
94	- Change the default logging facility with the $LLGT_LOG_FACILITY environment
95	variable. Use the name of (standard syslog) facility names. Example:
96	LOG_DAEMON, LOG_LOCAL1, etcetera
97	- The $LLGT_LOG_IDENT can (optionally) be set as the Syslog ident value. This
98	will be the identifying string in Syslog for the current process. Not using
99	this option will let Syslog (or one of the GT services) to set these
100	options. By default the Syslog ident will be set to the executable name.
101	- Changed the default LCAS_DEBUG_LEVEL value to the build in number 4. Which
102	equal to a cut off at the LOG_INFO Syslog priority. Setting it on 5 will
103	let it run with LOG_DEBUG enabled.
104	- Switched internal time from localtime() to gmtime() to generate a
105	JOB_REPOSITORY_ID and GATEKEEPER_JM_ID.
106	- Set the environment variable $LLGT_RUN_LCAS to "no", "disabled" or
107	"disable" to avoid LCAS to run prior to the LCMAPS.
108	- There is a matching ./configure option "--enable-lcas" which can be used to
109	change the default behaviour to run LCAS or not. The $LLGT_RUN_LCAS
110	environment variable can still influence the LCAS run.
111	- Added ./configure options similar gLExec to manipulate LCAS and LCMAPS
112	usage, e.g. --with-lcas-db=FILE, --with-lcas-moduledir-sfx=path,
113	--with-lcas-moduledir=path, --with-lcmaps-db=FILE,
114	--with-lcmaps-moduledir-sfx=path, --with-lcmaps-moduledir=path
115	- When the variable LLGT_LIFT_PRIVILEGED_PROTECTION is set the post-LCMAPS
116	mapping to the 'root' user and group check is disabled. This check is
117	implicitly enable to prevent erroneous configuration to silently result
118	into a root-account mapping in services that don't have preventions for
119	this of themselves. This setting is NEEDED in services that:
120	1.) don't user switch, and run as root.
121	2.) services that expect only a username to be returned and perform the
122	user switch themselves, e.g. the Globus GSI-OpenSSHd.
123	- Depreciated: $LLGT_NO_CHANGE_USER in favor of $LLGT_LIFT_PRIVILEGED_PROTECTION.
124	(Depreciation does not mean non-functional anymore)
125	- Depreciated: $LLGT4_NO_CHANGE_USER in favor of $LLGT_LIFT_PRIVILEGED_PROTECTION.
126	(Depreciation does not mean non-functional anymore)
127	- Set the environment variable $LLGT_VOMS_DISABLE_CREDENTIAL_CHECK to disable
128	the VOMS verification at run-time in LCMAPS, provided that LCMAPS has the
129	feature to select it at run-time.
130	- Set the environment variable $LLGT_VOMS_ENABLE_CREDENTIAL_CHECK explicitly
131	enable the VOMS attribute verification. It will override the LCMAPS
132	build-in default, which could be disabled with certain build flags.
133	- Support for a CFLAGS setting for LCAS_LIBDIR to open the liblcas.so library
134	from an alternative location at build-time to override it's default.
135	Example: export CFLAGS='-DLCAS_LIBDIR=\"/usr/local/lib/\"'
136	- Support for an alternative LCAS_LIBDIR as a run-time setting by exporting
137	$LLGT_LCAS_LIBDIR="/usr/local/lib/liblcas.so"
138	- Support for a CFLAGS setting for LCMAPS_LIBDIR to open the liblcmaps.so library
139	from an alternative location at build-time to override it's default.
140	Example: export CFLAGS='-DLCMAPS_LIBDIR=\"/usr/local/lib/\"'
141	- Support for an alternative LCMAPS_LIBDIR as a run-time setting by exporting
142	$LLGT_LCMAPS_LIBDIR="/usr/local/lib/liblcmaps.so"
143	- If the $LLGT_ENABLE_DEBUG environment variable is set, then the debugging
144	message logged at level LOG_DEBUG are passed to the log. The scope of this
145	setting is only within the LCAS-LCMAPS-GT-interface
146
147
148
149	Version 0.1.5:
150	Applying Brian Bockelman's patch for the services that can handle an account
151	change itself. For instance, GSISSH and Condor.
152
153	The scenario is as follows: LCMAPS resolves an account and typically enforced
154	it into the process by changing to the resolved account. The enforcement step
155	can be disabled by simply not running the posix_enf plug-in. In effect the
156	process is still running as root after the LCMAPS account resolvement and the
157	LCAS LCMAPS GT4/GT5 Callout kicks to throw an error on the (effective) user ID
158	or (effective) group ID being root.
159
160	The patch allows for an exception to this safety measure when the environment
161	variable "LLGT4_NO_CHANGE_USER" is set. The final check in the GT4/GT5 call-out
162	is bypassed and continues to pass the Username to the GT4/GT5 Call-out
163	framework of the service.
164
165	With some more time and concideration the need for this environment variable
166	might disappear as I currently think that these checks in the GT4/GT5 Call-out
167	could be safely regarded as pedantic.
168
169
170
171	Version 0.1.4:
172	Fix to use the GSS interface to LCAS again. LCMAPS was changed to use it, but
173	LCAS wasn't yet. This is now fixed and the services work reliably again.
174	Error appeared in the logs indicating that LCAS couldn't read the credentials
175	as input.
grid.support@nikhef.nl	ViewVC Help
Powered by ViewVC 1.1.26