<feed xmlns='http://www.w3.org/2005/Atom'>
<title>libnss-mapuser.git/map_common.h, branch rolling</title>
<subtitle>Package for mapping radius users to local users (mirror of https://github.com/vyos/libnss-mapuser.git)
</subtitle>
<id>https://git.amelek.net/vyos/libnss-mapuser.git/atom?h=rolling</id>
<link rel='self' href='https://git.amelek.net/vyos/libnss-mapuser.git/atom?h=rolling'/>
<link rel='alternate' type='text/html' href='https://git.amelek.net/vyos/libnss-mapuser.git/'/>
<updated>2018-04-10T19:33:12+00:00</updated>
<entry>
<title>Add VSA shell:priv-lvl support for privileged radius user logins</title>
<updated>2018-04-10T19:33:12+00:00</updated>
<author>
<name>Dave Olson</name>
<email>olson@cumulusnetworks.com</email>
</author>
<published>2018-04-02T18:01:09+00:00</published>
<link rel='alternate' type='text/html' href='https://git.amelek.net/vyos/libnss-mapuser.git/commit/?id=5630f132b8898fa1ec3236a0ad796755127881c9'/>
<id>urn:sha1:5630f132b8898fa1ec3236a0ad796755127881c9</id>
<content type='text'>
Ticket: CM-19457
Reviewed By: roopa
Testing Done: lots of variations of login, su, sudo, automated radius tests

Now we always read the map files.  If session is set, we try that
file first, so that a user always sees their name, same as tacplus.
If that's the wrong file, read through all of the map files, look
for the correct match based on either name+session or auid+session,
depending on getpwnam or getpwuid entry point

Ignore same set of users as tacacs, including new radius_priv_user
account for the privileged RADIUS user.

create and delete the mapuser files from libpam-radius-auth now;
we need to have the mapping file written early enough for the pam
interfaces to get the correct info.

Using the pam_script is too limiting, and since we are creating the
database in libpam-radius-auth now, we'll delete it there as well
to keep things symmetric, so delete the script and the references to
the scripts

A significant part of this effort was adding getgrent, getgrgid, and
getgrnam support, so that the radius users are put into the netshow
(unprivileged) and netedit and sudo (privileged) groups at login.

A lot of restructuring went in as part of that, and cleaned up some
longstanding bugs, including return values for the getpw* routines.
Also cleaned up some whitespace issues.

Also renamed some globals (debug, min_uid, init_common()) that might
collide with other programs, so that when I build unstripped and
normal visibility shared libs, they won't collide with programs
calling the functions (saw this with "debug" and bgpd, for example).
</content>
</entry>
<entry>
<title>Cleanup whitespace by running 'indent -linux' on all the files</title>
<updated>2018-04-10T19:33:12+00:00</updated>
<author>
<name>Dave Olson</name>
<email>olson@cumulusnetworks.com</email>
</author>
<published>2018-04-02T17:50:18+00:00</published>
<link rel='alternate' type='text/html' href='https://git.amelek.net/vyos/libnss-mapuser.git/commit/?id=7f2e226bde6e6cd5cc7b29f7385a8c14a9b8b66f'/>
<id>urn:sha1:7f2e226bde6e6cd5cc7b29f7385a8c14a9b8b66f</id>
<content type='text'>
There were no code changes, just the indent whitespace and formatting
changes.
</content>
</entry>
<entry>
<title>Fixed exclude_users to work, added more users, alway skip tacacs[0-9]*</title>
<updated>2018-04-10T19:33:12+00:00</updated>
<author>
<name>Dave Olson</name>
<email>olson@cumulusnetworks.com</email>
</author>
<published>2018-02-26T17:52:09+00:00</published>
<link rel='alternate' type='text/html' href='https://git.amelek.net/vyos/libnss-mapuser.git/commit/?id=a8740bec7979f1060ab6759808e9f02dce184e46'/>
<id>urn:sha1:a8740bec7979f1060ab6759808e9f02dce184e46</id>
<content type='text'>
Ticket: CM-19886
Reviewed By:  nobody
Testing Done:

Somehow exclude_users wasn't implemented (or got deleted somewhere
along the line).

Make list match tacplus_client, except exclude our own mapped users
by matching config items, and also skip any user starting with
tacacs[0-9] inline instead of listing all 16 in exclude_users field
in config file.

Implemened for mapped_priv_user too, since that work is ongoing.
Listed change in debian/changelog

If debug is set to 2 or higher, print that the name lookup was skipped
due to exclusion.
</content>
</entry>
<entry>
<title>Initial version of libnss-mapuser package</title>
<updated>2017-06-16T02:48:50+00:00</updated>
<author>
<name>Dave Olson</name>
<email>olson@cumulusnetworks.com</email>
</author>
<published>2017-06-15T19:47:29+00:00</published>
<link rel='alternate' type='text/html' href='https://git.amelek.net/vyos/libnss-mapuser.git/commit/?id=e3408e0814517e6ad898c525125cf62aad40d60b'/>
<id>urn:sha1:e3408e0814517e6ad898c525125cf62aad40d60b</id>
<content type='text'>
See README for details
</content>
</entry>
</feed>
