2004-01-11 Blake Matheny * src/plugins/ldap/ld.c: Fix FreeBSD SIGABRT due to wrong ldap_msgfree * src/plugins/ldap/commandline.c: Make sure Shadow variables are respected, first as environment variables and then by the configuration file. If the operation is a usermod, and a lock or an unlock is requested, also use these values. 2004-01-10 Blake Matheny * src/plugins/ldap/user.c: Patch from John Dalbec * src/plugins/ldap/commandline.c: Issue warning if old configuration variables are found in config file 2003-12-31 Blake Matheny * src/plugins/ldap/ld.c: Added the ability to override the configuration file MIN/MAX_UID/GIDNUMBER by setting the environmental options. 2003-12-30 Blake Matheny * src/plugins/ldap/user.c: Fix SIGSEGV in ldapUserCheck * doc/man/cpu-ldap.8: Fixed documentation * doc/man/cpu{-ldap.8,.conf.5}: Added -X option documentation * src/plugins/ldap/commandline.c: Added -X support * configure.ac: Rewrote configure * src/plugins/ldap/*: Fixed bug that wouldn't allow users to be added as a memberUid * src/util/cgetpwent.c: Fixed bug that wasn't allowing -F option to work properly. * src/plugins/ldap/user.c: Fixed SIGSEGV due to == instead of = 2003-10-22 Blake Matheny * src/plugins/ldap/*: Changes to fix Solaris issues * src/util/*: Changes to fix solaris issues 2003-10-12 Blake Matheny * src/plugins/ldap/ldap_errors.c: More error entries * src/plugins/ldap/ldap/ld.c: Changed searches for new gid and new uid to be asynchronous. The speed increase was about 200%. The speed increase between 1.4.1 and 1.4.2 is about 780%. 2003-10-11 Blake Matheny * src/main/cpu.c: Change error message, change status codes from 1 to EXIT_FAILRE and from 0 to EXIT_SUCCESS * src/plugins/ldap/ld.c: Change ldap_open() to ldap_init() so we don't die giving odd error messages when a connection cannot be opened * src/plugins/ldap/ldap_errors.c: New error reporting function gives users useful feedback on both the problem and possible solutions. * src/plugins/ldap/*: change ldap_perror to CPU_ldapPerror 2003-09-26 Blake Matheny * src/util/hash.c, src/include/util/util.h: Implemented CPU_getpass which replicates the functionality of getpass but doesn't use a static buffer * src/plugins/ldap/commandline.c: Use CPU_getpass instead of getpass 2003-09-24 Blake Matheny * src/util/bitvector.c, src/include/util/bitvector.h: Bitvector routines written by Mike Swieton added. * src/plugins/ldap/ld.c: If RANDOM is set to false in cpu.conf, we grab all UIDS/GIDS from the ldap directory. We then create a bitvector of size MAX_ID - MIN_ID and for every ID < MAX and > MIN we set the bit. We then run through the bitvector and find the first unuset bit, i, and know that id i + min_id is unused. This represents up to a 500% increase in speed for populated directories. If random is true, a random unused id is found. This is generally just a bit faster then linear id's, but then id's are random :-) 2003-09-19 Blake Matheny * src/plugins/ldap/*.c: If -g is not set for a useradd, there are two new configuration file variables that control the behavior of cpu. See cpu.conf.doc for information. The new behavior models the debian behavior: if USERGROUPS is set to yes, a new group is added which becomes the users primary group. If no, the users primary group is USERS_GID * src/include/plugins/ldap/ldap.h: The above changed required a change to the buildDn function in src/plugins/ldap/commandline.c 2003-09-18 Blake Matheny * src/plguins/ldap/{ld,user}.c: Make sure we don't add or modify users whose supplementary groups (or supplied primary groups) do not exist * src/plugins/ldap/*: Completely changed the way that user operations work with respect to groups. When a user is deleted they are now removed from any secondary groups they were in. When a users secondary groups are modified they are removed from old secondary groups and added to new secondary groups. When a users primary group is changed they are no longer added to that group via a memberUid. This is the exact behavior of the shadow utils. * src/plugins/ldap/*: When a group is deleted we check to make sure it is no users primary group, and disallow if it is. This matches the behavior of groupdel from the shadow utils. We do not do this for a groupmod, but this is the behavior (possibly _wrong_ behavior) of groupmod from the shadowutils. * src/plugins/ldap*,src/util/*: Fixed some gcc 3.3 compiler warnings 2003-09-17 Blake Matheny * src/plugins/ldap/{group,user}.c: Fixed problem with ldif file having multiple attributes * Added ability to violate POSIX naming conventions (for use with samba), user must specify -o switch to enable 2003-09-16 Blake Matheny * doc/Makefile.am: Do not overwrite cpu.conf if it exists * src/plugins/ldap/*: Make sure GROUP_CN_STRING and USER_CN_STRING are respected * Fixed segfault due to improper argument for groupmod 2003-09-06 Blake Matheny * configure.ac: Fixed several things that caused compilation problems on other platforms * src/include/plugins/ldap/ldap.h: Be sure to include lber.h before ldap.h * src/plugins/ldap/commandline.c: Now uses USER_CN_STRING and GROUP_CN_STRING * Version 1.4.0a released 2003-09-05 Blake Matheny * src/plugins/ldap/commandline.c: Account {Un}Locking, specify with -2 the version of LDAP to use. Defaults to LDAPv3 * src/plugins/ldap/user.c: Account {Un}Locking * src/plugins/ldap/ld.c: LDAP Version * doc/man/cpu-ldap.8: Update man page to reflect new changes * configure.ac: No longer require explicit --with-ldap * Version 1.4.0 released 2003-05-17 Blake Matheny * src/plugins/ldap/commandline.c (parseCommand, initGlobals, populateGlobals, printHelp): Changed userbase to -b and lastname to -E so that we can use -L and -U for lock and unlock, respectivly * src/plugins/ldap/user.c (ldapUserCheck): fixed bug that would have caused segfault 'strlen(NULL)' and started adding code for lock/unlock 2003-04-24 Jeff Clark * src/include/plugins/ldap/ldap.h: TLS Support * src/plugins/ldap/commandline.c: TLS Support * src/plugins/ldap/ld.c: TLS Support * src/include/plugins/passwd/passwd.h: remove duplicate typedef 2003-04-29 Blake Matheny * src/plugins/ldap/commandline.c (parseCommand): Make sure POSIX group and user names are supported 2003-03-24 Blake Matheny * src/util/hash.c: Make sure getHashType returns H_UNKNOWN when appropriate * src/include/conf.h: Get rid of some warnings * src/include/util/hash.h: Add H_UNKNOWN to enum * src/plugins/ldap/commandline.c: Support for unknown hash types with clear text passwords. If you now specify with ldap -H \{SOMEPREFIX\} and -pSomePassword, userPassword will be {SOMEPREFIX}SomePassword 2003-03-09 Blake Matheny * src/util/parser.c: Added a generic parser to util so that people who need to add attributes not handled by CPU can do so * src/plugins/ldap: Added support for LDAP plugin to take advantage of parser * doc/man/cpu-ldap.8: Modified man page to reflect new -a option which allows you to specify the file with additional attributes * src/plugins/ldap/ld.c: Users can now specify the group name instead of the group id when adding users. CPU will search the LDAP directory for that group and if found set the users gidNumber to the gidNumber of the said group 2003-02-16 Blake Matheny * src/util/hash.c (genPass): Added a random password generator * src/plugins/ldap/commandline.c (parseCommand): Option for random passwords * src/plugins/ldap: Finished all group and user functionality * src/util/fileaction.c: Finished all file functionality (copying, removing, etc) * doc/cpu.conf.doc: Documented some of the config file options * src/plugins/ldap: Can now take passwords and user attributes from regular unix style password and shadow files * src/util/hash.c (getHash): Added cracklib functionality * src/plugins/passwd: Started writing flat file passwd support * src/util/cgetpwent.c (cgetpwent): Chop off new lines 2003-02-09 Blake Matheny * Rewrote entire thing from scratch. See TODO for what is different * Version 1.3.99 Released 2002-03-23 Blake Matheny * Version 1.3.13 released * Added -j option to groupadd/del to add or delete a user from an existing group. (JC) * Fixed some skel_dir discrepencies * Fixed source to respect sysconfdir * Fixed ldap_user_mod() for when base is not defined at command line * New default_gid option in config file, an integer to be used by default if not specified at command line * Updated configure for -with-ldap= for specifying the base location of ldap files * Added cat function, displays rfc2307 users in an /etc/passwd style format * Fixes from JC and Me, check the cvs logs * Changed behaviour of home_directory and the -d command line switch, check man pages. -d now explicitly sets the users home directory, if -d is not set, the users home directory is home_directory/username * cpu now checks to make sure that no users (memberUid) exist in a group before it is deleted. You must specify -y at the command line to answer this question non-interactivly. * group_base_dn changed to group_base in config file * Debian packages available from http://www.ecology.uni-kiel.de/~karsten/debian/cpu.html * user_base_dn changed to user_base in config file 2002-03-10 Blake Matheny * Version 1.3.12 released * Fixed bug in do_ldap_init() (JC) * Added get_next_uidnum() function to get the next available uidnumber out of the ldap server. Default range is min_uidnumber to max_uidnumber in config file. Default range is 1000-6000 (JC) * get_next_uidnum() is allowed id_max_passes (in config file) to find a new uid, otherwise fails. Default is 500 (JC) * Updates to config file and man pages (JC) * Changes to JC's code * Added get_next_gidnum() function to get the next available gidnumber out of the ldap server. Default range is min_gidnumber to max_gidnumber in config file. Default range is 1000-6000 * get_next_gidnum() is allowed id_max_passes in config file to find a new gid, otherwise fails. Default is 500. * Added ability to use syslog for a logging faciltiy. LOG_USER is the facility used, and LOG_INFO is the level used. Specify with syslog::y in the config file. 2002-02-15 Blake Matheny * Version 1.3.11 released * added groupadd, groupdel, groupmod functions to cpu * Changed object_class config file option to user_object_class * Added group_object_class to config file * Changed ldopts.object_class to ldopts.user_object_class * Added ldopts.group_object_class * Changed some exit()s at errors to returns so that the process successfully unbinds from the ldap server before exiting. * Added group_base_dn to config file * Added -l option to change dn of user * Added -n option to change dn of group 2002-02-10 Blake Matheny * Version 1.3.10 released * Added recursive functionality for adding and deleting files in home directories. Now will span multiple levels in a file system directory tree for deleting or making a users home directory * Fixes to allow for FreeBSD compilation. Yes, FreeBSD now works * Code clean up * Removed def_file_perm from config file. File permissions are now just taken from a stat() of the file * Other fixes and improvements 2002-02-06 Blake Matheny * Version 1.3.9 released * Added -b command line switch to specify base to add user to * Added -F and -L switches for specifying first (givenname) and last (sn) names. These names are combined to create a cn (common name) * Added -M switch for mail address * The following attributes now are also added: mail, cn, description, roomnumber, givenname, sn. These should be the last of the schema additions. * Added usermod for mail(-M), sn(-L), and givenname(-F) attributes * Cleaned up ldap_add() code * Fixed build bug * Made change to man pages to reflect changes to command line switches 2002-02-05 Blake Matheny * Lots of code clean up * Unreleased, broken 2002-02-04 Blake Matheny * Version 1.3.7 released * Added SSHA and SMD5 hashes * Added -H for command line usage to specify hash * Made hashes in config file and at command line case insensitive * Man pages for cpu(8) and cpu.cfg(5) * Implemented seperate salt generation for crypt since aparently some crypt() functions do not allow $1$ to be at the start of the salt 2002-02-03 Blake Matheny * Version 1.3.6 released * Added usermod function. You now have the ability to modify a users password, uidnumber (not 0 though), gidnumber, gecos entry, and login shell. * Fixed spelling problem. gcos in all old config files is now gecos. Please update. * Added homePhone attribute as config file option, since it is required by posixAccount * Added shadowMin as config file option, since it is allowed by shadowAccount * Added shadowInactive as config file option, since it is allowd by shadowAccount * Rebuilt build system and restructured directories * Changed configure.in to also check for the resolv lib, since on some systems the ldap and lber will not compile binaries without it * Fixed a small gecos logic bug 2002-01-24 Blake Matheny * Version 1.3.5 released * Added platform independant version of getopt() to fix command line parsing on WACK operating systems with funny libc's (cough, solaris) * If gecos comment is not specified with -c, we take it from file specified by password_file in config file. If -c is not given and password_file is undefined we use def_gcos from config file. Otherwise we default to "LDAP User" * Added shadow_file to configuration file. This allows you to take only the hashed password from this file when using the -S option. You can still get entries from password_file at the same time, allowing you to very easily migrate existing users (including passwords) to an LDAP directory 2002-01-23 Blake Matheny * Version 1.3.2 released * Added -S option, to allow people to take the shadow entry from an existing password file as specified by password_file in the configuration file 2002-01-21 Blake Matheny * Version 1.3.1 released * Added platform independant version of strsep to support platforms such as solaris * Removed scandir() and implemented opendir/closedir/etc to support platforms such as solaris * Implemented file system calls as open/close/read/write to support binary files * Several changes to makefile.in and configure.in to allow for proper OS defines 2002-01-05 Blake Matheny * Version 1.3. released * Added MD5 as optional password hash * Added SHA1 as optional password hash * Permissions were not being properly added to files (fixed) * Permissions were not being properly added to dirs (fixed) * Fixed chown() problem * Updated Makefile/configure 2001-12-13 Blake Matheny * Version 1.2.1 released * Bug fixed with uid/gid of entry being added * Don't require libbconf anymore, now included with CPU 2001-12-04 Blake Matheny * Version 1.2 released * Now home directories are created and files copied from skel_dir, only ascii files though 2001-11-28 Blake Matheny * Version 1.1 released * Rewritten in C 2001-11-02 Blake Matheny * Version 1.0 released * Initial Release