1 |
Version 1.6.7 |
2 |
------------- |
3 |
Improvements: |
4 |
- Fix warnings from cppcheck, mainly cleanup dead code, also prevent memleak |
5 |
when realloc fails. |
6 |
|
7 |
Version 1.6.6 |
8 |
------------- |
9 |
Improvements: |
10 |
- Extend API with two new calls |
11 |
void lcmaps_set_voms_verification_time(time_t time, int flags) |
12 |
int lcmaps_get_voms_verification_time(time_t *time, int *flags) |
13 |
which provide setting the verification time for checking the AC. In case |
14 |
flags is set to 0, the time is UNIX time, in case it is 1 the time is |
15 |
relative to the notBefore time of the leaf proxy, in case it is 2 relative |
16 |
to the notAfter time of the leaf proxy. This call uses the |
17 |
VOMS_SetVerificationTime() call of the VOMS API. |
18 |
Bug fixes: |
19 |
- Few minor fixes including a memory leak. |
20 |
|
21 |
Version 1.6.5 |
22 |
------------- |
23 |
Bug fixes: |
24 |
- https://bugzilla.nikhef.nl/show_bug.cgi?id=21 |
25 |
LCMAPS did not initialize the logs correctly in cases when it should open |
26 |
the log itself (in most scenarios it uses an externally opened logfile |
27 |
pointer). |
28 |
Improvements: |
29 |
- Extend API with two new functions: |
30 |
void lcmaps_set_voms_attributes_verification (unsigned int verify_flags) |
31 |
unsigned int lcmaps_get_voms_attributes_verification (void) |
32 |
which provide more fine-grained setting of the VOMS verification: |
33 |
verify_flags should be a combination of the flags as specified in |
34 |
voms_apic.h. |
35 |
The old functions still work and behave as follows: |
36 |
lcmaps_enable_voms_attributes_verification -> sets VERIFY_FULL |
37 |
lcmaps_disable_voms_attributes_verification -> sets VERIFY_NONE |
38 |
lcmaps_is_set_to_verify_voms_attributes -> returns whether all *known* |
39 |
flags are set. |
40 |
|
41 |
Version 1.6.4 |
42 |
------------- |
43 |
Improvements: |
44 |
- General code cleanup. |
45 |
|
46 |
Version 1.6.3 |
47 |
------------- |
48 |
Bug fixes: |
49 |
- Invalid memcpy and malloc when we concatenate two string. |
50 |
- Protect a number of mallocs against out-of-memory. |
51 |
- Provide prototype of yylex when needed. |
52 |
- Properly cleanup flex and bison memory |
53 |
- When compiling older lex output with std=c99 we could get a missing |
54 |
prototype for strdup leading to a segfault. |
55 |
|
56 |
Version 1.6.2 |
57 |
------------- |
58 |
Bug fixes (for Fedora compliance): |
59 |
- Update pc files to use Requires.private and Libs.private instead of Requires |
60 |
and Libs |
61 |
- Only link library against its own dependencies. |
62 |
- Remove arch dependent path= from example DB file. |
63 |
- Fix segv due to a sprintf (last one) |
64 |
Improvements: |
65 |
- Provide header file lcmaps_plugin_prototypes.h with plugin prototypes. To be |
66 |
included by each plugin. |
67 |
- General code cleanup: compiler warnings, includes etc. Logging from too long |
68 |
entries is cleanly truncated. No logging of error to stderr. |
69 |
- Update example lcmaps.db.ex |
70 |
|
71 |
Version 1.6.1 |
72 |
------------- |
73 |
- Improve testing on using the same plugin twice: |
74 |
* test that the actual library handle is different instead of the absolute |
75 |
pathname, this extends the error checking in case of symlinks or hardlinks |
76 |
to different names (which still don't work). |
77 |
* fix the error message, to print the two shortnames. |
78 |
|
79 |
Version 1.6.0 |
80 |
------------- |
81 |
- Support input of a 'desired identity' for lcmaps_run_and_return_username() |
82 |
interface. LCMAPS will make this available to the plugins, which can use it |
83 |
to support grid-mapfile entries of the form |
84 |
"/DN" user1,user2 |
85 |
or |
86 |
"/FQAN" user1,user2 |
87 |
Typical use is for gsissh via the lcas-lcmaps-gt4-interface, version 0.2.7 |
88 |
or higher. |
89 |
- Revamped VOMS error messages because they are sometimes cryptic. They now |
90 |
also provide useful debugging hints for the admins. |
91 |
|
92 |
Version 1.5.7 |
93 |
------------- |
94 |
Bug fixes: |
95 |
- When LCMAPS fails at initialization, yacc/flex related resources have to be |
96 |
freed, otherwise certain systems show a segfault. |
97 |
|
98 |
Version 1.5.6 |
99 |
------------- |
100 |
Bug fixes: |
101 |
- running on Fedora Core 16 results in a 'undefined symbol: yywrap'. |
102 |
- few of the macros in the new interface are missing in the case of direct |
103 |
linking (i.e. not LCMAPS_USE_DLOPEN) |
104 |
|
105 |
Version 1.5.5 |
106 |
------------- |
107 |
Bug fixes: |
108 |
- Out-of-source builds failed for NOGSI, i.e. ../configure --disable-gsi-mode |
109 |
resulted in a missing include file. |
110 |
|
111 |
Version 1.5.4 |
112 |
------------- |
113 |
Bug fixes: |
114 |
- Unbalanced quotes triggered an 'out of memory' error instead of an |
115 |
'unbalanced quotes'. |
116 |
|
117 |
Version 1.5.3 |
118 |
------------- |
119 |
- Replace unprintable characters in logging strings with a '?' |
120 |
|
121 |
Bug fixes: |
122 |
- Fix a SEGV or ABRT in some interfaces due to incorrect storing of DN, which |
123 |
leads to freeing stack memory. Triggered in the lcmaps-without-gsi |
124 |
interface. |
125 |
- Fix numerous unsafe constructions in logging, also fixes a SEGV |
126 |
|
127 |
Version 1.5.2 |
128 |
------------- |
129 |
Added a compile option in the Makefile.am to scope the externals of the |
130 |
library. This feature is mandatory for Debian. |
131 |
|
132 |
|
133 |
Version 1.5.1 |
134 |
------------- |
135 |
- Log messages that are sent to Syslog with the priority equal to LOG_EMERG, |
136 |
LOG_ALERT or LOG_CRIT will be downplayed as LOG_ERR. Old LCMAPS plug-ins |
137 |
used a numerical range of 0-5 and this basically means that they are able |
138 |
to cast an error message of type LOG_EMERG, while universally the LOG_ERR |
139 |
is meant of even less significant then a LOG_ERR. |
140 |
A warning will be written at LOG_WARNING to upgrade your plug-ins. |
141 |
|
142 |
|
143 |
Version 1.5.0 |
144 |
------------- |
145 |
- Changing all log messages to match the logging method used in Syslog |
146 |
and especially the log priority/levels. |
147 |
- Fixed a problem when the "poolindex" was requested. It triggered a |
148 |
segmentation fault in two of the LCMAPS interface: |
149 |
-- lcmaps_run_and_return_poolindex |
150 |
-- lcmaps_run_with_pem_and_return_account |
151 |
- Harmonized logging via the lcmaps_log(), lcmaps_log_debug(), |
152 |
lcmaps_log_time(), lcmaps_log_a_string() and |
153 |
lcmaps_log_a_string_debug() functions for both log file writing and |
154 |
syslog writing. |
155 |
- Changed #define name DEBUG_LEVEL to CONF_LCMAPS_DEBUG_LEVEL |
156 |
- Changed the default value for CONF_LCMAPS_DEBUG_LEVEL from 0 (LOG_ERR) |
157 |
to 4 (LOG_INFO). |
158 |
- Harmonized the log line writing cut-off feature of log message between |
159 |
Syslog logging and logging to a file. This is based on the build in |
160 |
default and the LCMAPS_DEBUG_LEVEL environment variable value. Message |
161 |
that are cut-off are not even offered to Syslog anymore which speeds up |
162 |
the LCMAPS execution when the Syslog demon is hammered with info. |
163 |
- The log line output is changed to show the environment value of |
164 |
LCMAPS_LOG_IDENT in each line. The LCMAPS_LOG_IDENT value is meant to |
165 |
be set by programs like gLExec to indicate that they are running |
166 |
LCMAPS. This is default in Syslog, but missing in logging to file. |
167 |
- Log lines that log to file are prepended by the Syslog priority name. |
168 |
This allows easy filtering when needed. |
169 |
- Harmonized the credential handling for all the external LCMAPS interfaces. |
170 |
The small functional differences between the different credential input |
171 |
differences are now gone. Interfaces used by gLExec (PEM based), GT4/5 |
172 |
GSI-Authz based, X.509 based and even string input handling are now |
173 |
equalized. This reenabled the verify-proxy plug-in to work from a GT4/GT5 |
174 |
service and enabled the Xrootd interface to work with more easier |
175 |
interfaces, and the PEM string interface from gLExec will now regain its |
176 |
full potential for VOMS handling. |
177 |
Example: {input credential} -> {stored to use by plugins} |
178 |
|
179 |
Globus gss_cred_id_t object in -> X.509 stuff(*) + VOMS structs + DN |
180 |
PEM string -> X.509 stuff + VOMS structs(**) + DN |
181 |
X.509 -> VOMS struct(**) + DN |
182 |
Other string based input -> string based input stored |
183 |
|
184 |
(*) is new. |
185 |
(**) differed in a detailed usage pattern. |
186 |
- When the VOMS verification was disabled, either at run-time or after the |
187 |
build-in default is changed, i.e. --enabled-osg, the VOMS Generic |
188 |
Attributes were not successfully extracted. This is now fixed and plug-ins |
189 |
can use them also when the VOMS AC verification is disabled. |
190 |
|
191 |
|
192 |
Version 1.4.34 |
193 |
-------------- |
194 |
Changes in the logging facility: |
195 |
- All syslog() messages are lowered to LOG_CRIT or lower (and can't go below LOG_DEBUG) |
196 |
- Various log functions were logging on a high priority, including the debug messages. This is to be lowered simulating the syslog() messages when writing to file. |
197 |
- Not being able to write to a file descriptor results now in a syslog() message on LOG_CRIT. This was on stderr. |
198 |
|
199 |
|
200 |
Version 1.4.31 |
201 |
-------------- |
202 |
Moved a lot more useless debugging output behind the LCMAPS_DEBUG option. Mostly because people who try to debug LCMAPS are not LCMAPS developers. |
203 |
|
204 |
|
205 |
Version 1.4.30 |
206 |
-------------- |
207 |
Add the LCMAPS_DEBUG #define to be used to build a developer debugging version of LCMAPS. The released version will not expose the amount of pedantic logging output, even in LCMAPS_DEBUG_LEVEL = 5. |
208 |
|
209 |
|
210 |
Version 1.4.27 |
211 |
-------------- |
212 |
LCMAPS framework: |
213 |
- fixed a memory cleanup problem when using VOMS Generic Attributes. |
214 |
- adds a SIGPIPE handler to print the caught signal, especially interesting when the VOMS api, SCAS-Client plugin or another plugin could trigger a SIGPIPE without handling it locally. The SIGPIPE handler will be set at the beginning of each run, and removed after each run, i.e. not in the initialization or terminate sequences. |
215 |
- Fixed signed and unsigned conflicts in parsing routines when fullfilling rules and policys and recursion issues. This problem was hard to exploit, but a bug nontheless (unless somebody went beyond 2^31 plugins and policies) |
216 |
- Fixed the poolindex interface to LCMAPS. A symbol would not have been resolved during run-time as it has been depricated last year. Only used by the Globus DAS/Workspace Service interfacing (to the best of our knowledge). |
217 |
- Fixed a problem in the logging facility during the initialization phase. The value was always overridden by the next call. I've removed the previous overridden call, which might call for bug Savannah bug #61772. |
218 |
- Found a more generic location for the printCredData function to log the credential data that has lead to a particular mapping decision mapping. |
219 |
|
220 |
- (almost) all public functions are now prefixed with with "lcmaps_" to avoid symbol clashes |
221 |
- Update for single lcmaps-interface for both lcmaps types. |
222 |
- use enable_gsi_mode directly instead of lcmaps_gsi_mode |
223 |
- Default paths in LCMAPS are set at build time. All hardcoded paths into /opt/glite or (in some places) /opt/edg are removed. |
224 |
- /etc/lcmaps/lcmaps.db will be the new default path to a lcmaps.db file. Use ${LCMAPS_DB_FILE} to override or the ./configure options. |
225 |
- Building lcmaps-without-gsi doesn't require Globus libraries during the build and linking of this LCMAPS flavor. |
226 |
- LCMAPS ./configure new option --with-voms-prefix instead of --with-glite-location, no glite.m4 necessary, it's done using --libdir and system defaults |
227 |
|
228 |
- API extentions: |
229 |
Function: int lcmaps_get_major_version (void); |
230 |
Function: int lcmaps_get_minor_version (void); |
231 |
Function: int lcmaps_get_patch_version (void); |
232 |
Function: lcmaps_disable_voms_attributes_verification |
233 |
Description: Disables the verification in the VOMS API |
234 |
Function: lcmaps_enable_voms_attributes_verification |
235 |
Description: Enables the verification in the VOMS API (default) |
236 |
Function: lcmaps_is_set_to_verify_voms_attributes |
237 |
Description: Will return the current setting to enable or disable the |
238 |
verification of the VOMS credentials by the VOMS API |
239 |
Function: lcmaps_run_with_stack_of_x509_and_return_account |
240 |
Description: LCMAPS runs receiving a certificate chain, containing at least |
241 |
an End-Entity Certificate. A list of policies may be provided. |
242 |
The allocated uid, gids and the poolindex will be returned to |
243 |
the calling application. |
244 |
|
245 |
|
246 |
|
247 |
Generic to all components: |
248 |
|
249 |
- adjusted to be able to use EPEL, EMI and gLite packages and system native library installations |
250 |
- cleanup of unused files and support for distribution tarball. |
251 |
- provide pkg-config files |
252 |
- All LCMAPS public header files are all in ${includeDir}/lcmaps/*.h |
253 |
|
254 |
|