/[mwsec]/trunk/lcmaps/NEWS
ViewVC logotype

Contents of /trunk/lcmaps/NEWS

Parent Directory Parent Directory | Revision Log Revision Log


Revision 18382 - (show annotations) (download)
Wed Apr 22 15:18:04 2015 UTC (3 years, 10 months ago) by msalle
File size: 12031 byte(s)
Update version

1 Version 1.6.7
2 -------------
3 Improvements:
4 - Fix warnings from cppcheck, mainly cleanup dead code, also prevent memleak
5 when realloc fails.
6
7 Version 1.6.6
8 -------------
9 Improvements:
10 - Extend API with two new calls
11 void lcmaps_set_voms_verification_time(time_t time, int flags)
12 int lcmaps_get_voms_verification_time(time_t *time, int *flags)
13 which provide setting the verification time for checking the AC. In case
14 flags is set to 0, the time is UNIX time, in case it is 1 the time is
15 relative to the notBefore time of the leaf proxy, in case it is 2 relative
16 to the notAfter time of the leaf proxy. This call uses the
17 VOMS_SetVerificationTime() call of the VOMS API.
18 Bug fixes:
19 - Few minor fixes including a memory leak.
20
21 Version 1.6.5
22 -------------
23 Bug fixes:
24 - https://bugzilla.nikhef.nl/show_bug.cgi?id=21
25 LCMAPS did not initialize the logs correctly in cases when it should open
26 the log itself (in most scenarios it uses an externally opened logfile
27 pointer).
28 Improvements:
29 - Extend API with two new functions:
30 void lcmaps_set_voms_attributes_verification (unsigned int verify_flags)
31 unsigned int lcmaps_get_voms_attributes_verification (void)
32 which provide more fine-grained setting of the VOMS verification:
33 verify_flags should be a combination of the flags as specified in
34 voms_apic.h.
35 The old functions still work and behave as follows:
36 lcmaps_enable_voms_attributes_verification -> sets VERIFY_FULL
37 lcmaps_disable_voms_attributes_verification -> sets VERIFY_NONE
38 lcmaps_is_set_to_verify_voms_attributes -> returns whether all *known*
39 flags are set.
40
41 Version 1.6.4
42 -------------
43 Improvements:
44 - General code cleanup.
45
46 Version 1.6.3
47 -------------
48 Bug fixes:
49 - Invalid memcpy and malloc when we concatenate two string.
50 - Protect a number of mallocs against out-of-memory.
51 - Provide prototype of yylex when needed.
52 - Properly cleanup flex and bison memory
53 - When compiling older lex output with std=c99 we could get a missing
54 prototype for strdup leading to a segfault.
55
56 Version 1.6.2
57 -------------
58 Bug fixes (for Fedora compliance):
59 - Update pc files to use Requires.private and Libs.private instead of Requires
60 and Libs
61 - Only link library against its own dependencies.
62 - Remove arch dependent path= from example DB file.
63 - Fix segv due to a sprintf (last one)
64 Improvements:
65 - Provide header file lcmaps_plugin_prototypes.h with plugin prototypes. To be
66 included by each plugin.
67 - General code cleanup: compiler warnings, includes etc. Logging from too long
68 entries is cleanly truncated. No logging of error to stderr.
69 - Update example lcmaps.db.ex
70
71 Version 1.6.1
72 -------------
73 - Improve testing on using the same plugin twice:
74 * test that the actual library handle is different instead of the absolute
75 pathname, this extends the error checking in case of symlinks or hardlinks
76 to different names (which still don't work).
77 * fix the error message, to print the two shortnames.
78
79 Version 1.6.0
80 -------------
81 - Support input of a 'desired identity' for lcmaps_run_and_return_username()
82 interface. LCMAPS will make this available to the plugins, which can use it
83 to support grid-mapfile entries of the form
84 "/DN" user1,user2
85 or
86 "/FQAN" user1,user2
87 Typical use is for gsissh via the lcas-lcmaps-gt4-interface, version 0.2.7
88 or higher.
89 - Revamped VOMS error messages because they are sometimes cryptic. They now
90 also provide useful debugging hints for the admins.
91
92 Version 1.5.7
93 -------------
94 Bug fixes:
95 - When LCMAPS fails at initialization, yacc/flex related resources have to be
96 freed, otherwise certain systems show a segfault.
97
98 Version 1.5.6
99 -------------
100 Bug fixes:
101 - running on Fedora Core 16 results in a 'undefined symbol: yywrap'.
102 - few of the macros in the new interface are missing in the case of direct
103 linking (i.e. not LCMAPS_USE_DLOPEN)
104
105 Version 1.5.5
106 -------------
107 Bug fixes:
108 - Out-of-source builds failed for NOGSI, i.e. ../configure --disable-gsi-mode
109 resulted in a missing include file.
110
111 Version 1.5.4
112 -------------
113 Bug fixes:
114 - Unbalanced quotes triggered an 'out of memory' error instead of an
115 'unbalanced quotes'.
116
117 Version 1.5.3
118 -------------
119 - Replace unprintable characters in logging strings with a '?'
120
121 Bug fixes:
122 - Fix a SEGV or ABRT in some interfaces due to incorrect storing of DN, which
123 leads to freeing stack memory. Triggered in the lcmaps-without-gsi
124 interface.
125 - Fix numerous unsafe constructions in logging, also fixes a SEGV
126
127 Version 1.5.2
128 -------------
129 Added a compile option in the Makefile.am to scope the externals of the
130 library. This feature is mandatory for Debian.
131
132
133 Version 1.5.1
134 -------------
135 - Log messages that are sent to Syslog with the priority equal to LOG_EMERG,
136 LOG_ALERT or LOG_CRIT will be downplayed as LOG_ERR. Old LCMAPS plug-ins
137 used a numerical range of 0-5 and this basically means that they are able
138 to cast an error message of type LOG_EMERG, while universally the LOG_ERR
139 is meant of even less significant then a LOG_ERR.
140 A warning will be written at LOG_WARNING to upgrade your plug-ins.
141
142
143 Version 1.5.0
144 -------------
145 - Changing all log messages to match the logging method used in Syslog
146 and especially the log priority/levels.
147 - Fixed a problem when the "poolindex" was requested. It triggered a
148 segmentation fault in two of the LCMAPS interface:
149 -- lcmaps_run_and_return_poolindex
150 -- lcmaps_run_with_pem_and_return_account
151 - Harmonized logging via the lcmaps_log(), lcmaps_log_debug(),
152 lcmaps_log_time(), lcmaps_log_a_string() and
153 lcmaps_log_a_string_debug() functions for both log file writing and
154 syslog writing.
155 - Changed #define name DEBUG_LEVEL to CONF_LCMAPS_DEBUG_LEVEL
156 - Changed the default value for CONF_LCMAPS_DEBUG_LEVEL from 0 (LOG_ERR)
157 to 4 (LOG_INFO).
158 - Harmonized the log line writing cut-off feature of log message between
159 Syslog logging and logging to a file. This is based on the build in
160 default and the LCMAPS_DEBUG_LEVEL environment variable value. Message
161 that are cut-off are not even offered to Syslog anymore which speeds up
162 the LCMAPS execution when the Syslog demon is hammered with info.
163 - The log line output is changed to show the environment value of
164 LCMAPS_LOG_IDENT in each line. The LCMAPS_LOG_IDENT value is meant to
165 be set by programs like gLExec to indicate that they are running
166 LCMAPS. This is default in Syslog, but missing in logging to file.
167 - Log lines that log to file are prepended by the Syslog priority name.
168 This allows easy filtering when needed.
169 - Harmonized the credential handling for all the external LCMAPS interfaces.
170 The small functional differences between the different credential input
171 differences are now gone. Interfaces used by gLExec (PEM based), GT4/5
172 GSI-Authz based, X.509 based and even string input handling are now
173 equalized. This reenabled the verify-proxy plug-in to work from a GT4/GT5
174 service and enabled the Xrootd interface to work with more easier
175 interfaces, and the PEM string interface from gLExec will now regain its
176 full potential for VOMS handling.
177 Example: {input credential} -> {stored to use by plugins}
178
179 Globus gss_cred_id_t object in -> X.509 stuff(*) + VOMS structs + DN
180 PEM string -> X.509 stuff + VOMS structs(**) + DN
181 X.509 -> VOMS struct(**) + DN
182 Other string based input -> string based input stored
183
184 (*) is new.
185 (**) differed in a detailed usage pattern.
186 - When the VOMS verification was disabled, either at run-time or after the
187 build-in default is changed, i.e. --enabled-osg, the VOMS Generic
188 Attributes were not successfully extracted. This is now fixed and plug-ins
189 can use them also when the VOMS AC verification is disabled.
190
191
192 Version 1.4.34
193 --------------
194 Changes in the logging facility:
195 - All syslog() messages are lowered to LOG_CRIT or lower (and can't go below LOG_DEBUG)
196 - Various log functions were logging on a high priority, including the debug messages. This is to be lowered simulating the syslog() messages when writing to file.
197 - Not being able to write to a file descriptor results now in a syslog() message on LOG_CRIT. This was on stderr.
198
199
200 Version 1.4.31
201 --------------
202 Moved a lot more useless debugging output behind the LCMAPS_DEBUG option. Mostly because people who try to debug LCMAPS are not LCMAPS developers.
203
204
205 Version 1.4.30
206 --------------
207 Add the LCMAPS_DEBUG #define to be used to build a developer debugging version of LCMAPS. The released version will not expose the amount of pedantic logging output, even in LCMAPS_DEBUG_LEVEL = 5.
208
209
210 Version 1.4.27
211 --------------
212 LCMAPS framework:
213 - fixed a memory cleanup problem when using VOMS Generic Attributes.
214 - adds a SIGPIPE handler to print the caught signal, especially interesting when the VOMS api, SCAS-Client plugin or another plugin could trigger a SIGPIPE without handling it locally. The SIGPIPE handler will be set at the beginning of each run, and removed after each run, i.e. not in the initialization or terminate sequences.
215 - Fixed signed and unsigned conflicts in parsing routines when fullfilling rules and policys and recursion issues. This problem was hard to exploit, but a bug nontheless (unless somebody went beyond 2^31 plugins and policies)
216 - Fixed the poolindex interface to LCMAPS. A symbol would not have been resolved during run-time as it has been depricated last year. Only used by the Globus DAS/Workspace Service interfacing (to the best of our knowledge).
217 - Fixed a problem in the logging facility during the initialization phase. The value was always overridden by the next call. I've removed the previous overridden call, which might call for bug Savannah bug #61772.
218 - Found a more generic location for the printCredData function to log the credential data that has lead to a particular mapping decision mapping.
219
220 - (almost) all public functions are now prefixed with with "lcmaps_" to avoid symbol clashes
221 - Update for single lcmaps-interface for both lcmaps types.
222 - use enable_gsi_mode directly instead of lcmaps_gsi_mode
223 - Default paths in LCMAPS are set at build time. All hardcoded paths into /opt/glite or (in some places) /opt/edg are removed.
224 - /etc/lcmaps/lcmaps.db will be the new default path to a lcmaps.db file. Use ${LCMAPS_DB_FILE} to override or the ./configure options.
225 - Building lcmaps-without-gsi doesn't require Globus libraries during the build and linking of this LCMAPS flavor.
226 - LCMAPS ./configure new option --with-voms-prefix instead of --with-glite-location, no glite.m4 necessary, it's done using --libdir and system defaults
227
228 - API extentions:
229 Function: int lcmaps_get_major_version (void);
230 Function: int lcmaps_get_minor_version (void);
231 Function: int lcmaps_get_patch_version (void);
232 Function: lcmaps_disable_voms_attributes_verification
233 Description: Disables the verification in the VOMS API
234 Function: lcmaps_enable_voms_attributes_verification
235 Description: Enables the verification in the VOMS API (default)
236 Function: lcmaps_is_set_to_verify_voms_attributes
237 Description: Will return the current setting to enable or disable the
238 verification of the VOMS credentials by the VOMS API
239 Function: lcmaps_run_with_stack_of_x509_and_return_account
240 Description: LCMAPS runs receiving a certificate chain, containing at least
241 an End-Entity Certificate. A list of policies may be provided.
242 The allocated uid, gids and the poolindex will be returned to
243 the calling application.
244
245
246
247 Generic to all components:
248
249 - adjusted to be able to use EPEL, EMI and gLite packages and system native library installations
250 - cleanup of unused files and support for distribution tarball.
251 - provide pkg-config files
252 - All LCMAPS public header files are all in ${includeDir}/lcmaps/*.h
253
254

grid.support@nikhef.nl
ViewVC Help
Powered by ViewVC 1.1.26