File: NEWS

package info (click to toggle)
lcmaps 1.6.6-2
  • links: PTS, VCS
  • area: main
  • in suites: buster
  • size: 4,016 kB
  • ctags: 1,428
  • sloc: sh: 11,191; ansic: 9,519; makefile: 530; lex: 184; perl: 92; yacc: 60
file content (248 lines) | stat: -rw-r--r-- 11,885 bytes parent folder | download | duplicates (2)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
Version 1.6.6
-------------
Improvements:
-   Extend API with two new calls
     void lcmaps_set_voms_verification_time(time_t time, int flags)
     int lcmaps_get_voms_verification_time(time_t *time, int *flags)
    which provide setting the verification time for checking the AC. In case
    flags is set to 0, the time is UNIX time, in case it is 1 the time is
    relative to the notBefore time of the leaf proxy, in case it is 2 relative
    to the notAfter time of the leaf proxy. This call uses the
    VOMS_SetVerificationTime() call of the VOMS API.
Bug fixes:
-   Few minor fixes including a memory leak.

Version 1.6.5
-------------
Bug fixes:
-   https://bugzilla.nikhef.nl/show_bug.cgi?id=21
    LCMAPS did not initialize the logs correctly in cases when it should open
    the log itself (in most scenarios it uses an externally opened logfile
    pointer).
Improvements:
-   Extend API with two new functions:
     void lcmaps_set_voms_attributes_verification (unsigned int verify_flags)
     unsigned int lcmaps_get_voms_attributes_verification (void)
    which provide more fine-grained setting of the VOMS verification:
    verify_flags should be a combination of the flags as specified in
    voms_apic.h.
    The old functions still work and behave as follows:
     lcmaps_enable_voms_attributes_verification -> sets VERIFY_FULL
     lcmaps_disable_voms_attributes_verification -> sets VERIFY_NONE
     lcmaps_is_set_to_verify_voms_attributes -> returns whether all *known*
    flags are set.

Version 1.6.4
-------------
Improvements:
-   General code cleanup.

Version 1.6.3
-------------
Bug fixes:
-   Invalid memcpy and malloc when we concatenate two string.
-   Protect a number of mallocs against out-of-memory.
-   Provide prototype of yylex when needed.
-   Properly cleanup flex and bison memory
-   When compiling older lex output with std=c99 we could get a missing
    prototype for strdup leading to a segfault.

Version 1.6.2
-------------
Bug fixes (for Fedora compliance):
-   Update pc files to use Requires.private and Libs.private instead of Requires
    and Libs
-   Only link library against its own dependencies.
-   Remove arch dependent path= from example DB file.
-   Fix segv due to a sprintf (last one)
Improvements:
-   Provide header file lcmaps_plugin_prototypes.h with plugin prototypes. To be
    included by each plugin.
-   General code cleanup: compiler warnings, includes etc. Logging from too long
    entries is cleanly truncated. No logging of error to stderr.
-   Update example lcmaps.db.ex

Version 1.6.1
-------------
-   Improve testing on using the same plugin twice:
    * test that the actual library handle is different instead of the absolute
      pathname, this extends the error checking in case of symlinks or hardlinks
      to different names (which still don't work).
    * fix the error message, to print the two shortnames.

Version 1.6.0
-------------
-   Support input of a 'desired identity' for lcmaps_run_and_return_username()
    interface. LCMAPS will make this available to the plugins, which can use it
    to support grid-mapfile entries of the form
	"/DN" user1,user2
    or
	"/FQAN" user1,user2
    Typical use is for gsissh via the lcas-lcmaps-gt4-interface, version 0.2.7
    or higher.
-   Revamped VOMS error messages because they are sometimes cryptic. They now
    also provide useful debugging hints for the admins.

Version 1.5.7
-------------
Bug fixes:
-   When LCMAPS fails at initialization, yacc/flex related resources have to be
    freed, otherwise certain systems show a segfault.

Version 1.5.6
-------------
Bug fixes:
-   running on Fedora Core 16 results in a 'undefined symbol: yywrap'.
-   few of the macros in the new interface are missing in the case of direct
    linking (i.e. not LCMAPS_USE_DLOPEN)

Version 1.5.5
-------------
Bug fixes:
-   Out-of-source builds failed for NOGSI, i.e. ../configure --disable-gsi-mode
    resulted in a missing include file.

Version 1.5.4
-------------
Bug fixes:
-   Unbalanced quotes triggered an 'out of memory' error instead of an
    'unbalanced quotes'.

Version 1.5.3
-------------
-   Replace unprintable characters in logging strings with a '?'

Bug fixes:
-   Fix a SEGV or ABRT in some interfaces due to incorrect storing of DN, which
    leads to freeing stack memory. Triggered in the lcmaps-without-gsi
    interface.
-   Fix numerous unsafe constructions in logging, also fixes a SEGV

Version 1.5.2
-------------
Added a compile option in the Makefile.am to scope the externals of the
library. This feature is mandatory for Debian.


Version 1.5.1
-------------
-   Log messages that are sent to Syslog with the priority equal to LOG_EMERG,
    LOG_ALERT or LOG_CRIT will be downplayed as LOG_ERR. Old LCMAPS plug-ins
    used a numerical range of 0-5 and this basically means that they are able
    to cast an error message of type LOG_EMERG, while universally the LOG_ERR
    is meant of even less significant then a LOG_ERR.
    A warning will be written at LOG_WARNING to upgrade your plug-ins.


Version 1.5.0
-------------
-   Changing all log messages to match the logging method used in Syslog
    and especially the log priority/levels.
-   Fixed a problem when the "poolindex" was requested. It triggered a
    segmentation fault in two of the LCMAPS interface:
     -- lcmaps_run_and_return_poolindex
     -- lcmaps_run_with_pem_and_return_account
-   Harmonized logging via the lcmaps_log(), lcmaps_log_debug(),
    lcmaps_log_time(), lcmaps_log_a_string() and
    lcmaps_log_a_string_debug() functions for both log file writing and
    syslog writing.
-   Changed #define name DEBUG_LEVEL to CONF_LCMAPS_DEBUG_LEVEL
-   Changed the default value for CONF_LCMAPS_DEBUG_LEVEL from 0 (LOG_ERR)
    to 4 (LOG_INFO).
-   Harmonized the log line writing cut-off feature of log message between
    Syslog logging and logging to a file. This is based on the build in
    default and the LCMAPS_DEBUG_LEVEL environment variable value.  Message
    that are cut-off are not even offered to Syslog anymore which speeds up
    the LCMAPS execution when the Syslog demon is hammered with info.
-   The log line output is changed to show the environment value of
    LCMAPS_LOG_IDENT in each line. The LCMAPS_LOG_IDENT value is meant to
    be set by programs like gLExec to indicate that they are running
    LCMAPS. This is default in Syslog, but missing in logging to file.
-   Log lines that log to file are prepended by the Syslog priority name.
    This allows easy filtering when needed.
-   Harmonized the credential handling for all the external LCMAPS interfaces.
    The small functional differences between the different credential input
    differences are now gone. Interfaces used by gLExec (PEM based), GT4/5
    GSI-Authz based, X.509 based and even string input handling are now 
    equalized. This reenabled the verify-proxy plug-in to work from a GT4/GT5 
    service and enabled the Xrootd interface to work with more easier 
    interfaces, and the PEM string interface from gLExec will now regain its 
    full potential for VOMS handling.
        Example: {input credential} -> {stored to use by plugins}

        Globus gss_cred_id_t object in -> X.509 stuff(*) + VOMS structs + DN
        PEM string -> X.509 stuff + VOMS structs(**) + DN
        X.509 -> VOMS struct(**) + DN
        Other string based input -> string based input stored

        (*) is new.
        (**) differed in a detailed usage pattern.
-   When the VOMS verification was disabled, either at run-time or after the
    build-in default is changed, i.e. --enabled-osg, the VOMS Generic
    Attributes were not successfully extracted. This is now fixed and plug-ins
    can use them also when the VOMS AC verification is disabled.


Version 1.4.34
--------------
Changes in the logging facility:
- All syslog() messages are lowered to LOG_CRIT or lower (and can't go below LOG_DEBUG)
- Various log functions were logging on a high priority, including the debug messages. This is to be lowered simulating the syslog() messages when writing to file.
- Not being able to write to a file descriptor results now in a syslog() message on LOG_CRIT. This was on stderr.


Version 1.4.31
--------------
Moved a lot more useless debugging output behind the LCMAPS_DEBUG option. Mostly because people who try to debug LCMAPS are not LCMAPS developers.


Version 1.4.30
--------------
Add the LCMAPS_DEBUG #define to be used to build a developer debugging version of LCMAPS. The released version will not expose the amount of pedantic logging output, even in LCMAPS_DEBUG_LEVEL = 5.


Version 1.4.27
--------------
LCMAPS framework:
- fixed a memory cleanup problem when using VOMS Generic Attributes.
- adds a SIGPIPE handler to print the caught signal, especially interesting when the VOMS api, SCAS-Client plugin or another plugin could trigger a SIGPIPE without handling it locally. The SIGPIPE handler will be set at the beginning of each run, and removed after each run, i.e. not in the initialization or terminate sequences.
- Fixed signed and unsigned conflicts in parsing routines when fullfilling rules and policys and recursion issues. This problem was hard to exploit, but a bug nontheless (unless somebody went beyond 2^31 plugins and policies)
- Fixed the poolindex interface to LCMAPS. A symbol would not have been resolved during run-time as it has been depricated last year. Only used by the Globus DAS/Workspace Service interfacing (to the best of our knowledge).
- Fixed a problem in the logging facility during the initialization phase. The value was always overridden by the next call. I've removed the previous overridden call, which might call for bug Savannah bug #61772.
- Found a more generic location for the printCredData function to log the credential data that has lead to a particular mapping decision mapping.

- (almost) all public functions are now prefixed with with "lcmaps_" to avoid symbol clashes
- Update for single lcmaps-interface for both lcmaps types.
- use enable_gsi_mode directly instead of lcmaps_gsi_mode
- Default paths in LCMAPS are set at build time. All hardcoded paths into /opt/glite or (in some places) /opt/edg are removed.
- /etc/lcmaps/lcmaps.db will be the new default path to a lcmaps.db file. Use ${LCMAPS_DB_FILE} to override or the ./configure options. 
- Building lcmaps-without-gsi doesn't require Globus libraries during the build and linking of this LCMAPS flavor.
- LCMAPS ./configure new option --with-voms-prefix instead of --with-glite-location, no glite.m4 necessary, it's done using --libdir and system defaults

- API extentions:
Function:    int lcmaps_get_major_version (void);
Function:    int lcmaps_get_minor_version (void);
Function:    int lcmaps_get_patch_version (void);
Function:    lcmaps_disable_voms_attributes_verification
    Description: Disables the verification in the VOMS API
Function:    lcmaps_enable_voms_attributes_verification
    Description: Enables the verification in the VOMS API (default)
Function:    lcmaps_is_set_to_verify_voms_attributes
    Description: Will return the current setting to enable or disable the
                 verification of the VOMS credentials by the VOMS API
Function:    lcmaps_run_with_stack_of_x509_and_return_account
    Description: LCMAPS runs receiving a certificate chain, containing at least
                  an End-Entity Certificate. A list of policies may be provided. 
                  The allocated uid, gids and the poolindex will be returned to 
                  the calling application.



Generic to all components:

- adjusted to be able to use EPEL, EMI and gLite packages and system native library installations
- cleanup of unused files and support for distribution tarball.
- provide pkg-config files
- All LCMAPS public header files are all in ${includeDir}/lcmaps/*.h