Import version 1.0.4-cl5.1.0u11 from Cumulus Linux

7 files changed, 86 insertions, 22 deletions

diff --git a/debian/changelog b/debian/changelog
index b24ac24..61aee24 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,16 +1,71 @@
-libnss-tacplus (1.0.3-2) unstable; urgency=low
+libnss-tacplus (1.0.4-cl5.1.0u11) RELEASED; urgency=medium
+
+  * new build for 5.1.0 from original hash
+    cf2f734609a59da41248ed45e95807998a4a75f3
+
+ -- root <root@3da22e72fb7c>  Fri, 11 Feb 2022 20:25:59 +0000
+
+libnss-tacplus (1.0.4-cl4u1) RELEASED; urgency=medium
+
+   * First 4.0 release
+   * Implemented the nss group entry points, so sudoers plugin no longer
+     needed
+
+ -- dev-support <dev-support@cumulusnetworks.com>  Tue, 22 Oct 2019 08:18:08 -0700
+
+libnss-tacplus (1.0.4-cl3u3) RELEASED; urgency=low
+  * Fixed problem with fallback to local authorization when
+    all TACACS servers are down
+
+ -- dev-support <dev-support@cumulusnetworks.com>  Tue, 21 Aug 2018 16:14:31 -0700
+
+libnss-tacplus (1.0.4-cl3u2) RELEASED; urgency=low
+  * Optimized attempts to connect to server that has previously not responded
+  * Added tacplus_nss.conf man page
+
+ -- dev-support <dev-support@cumulusnetworks.com>  Fri, 29 Jun 2018 13:43:12 -0700
+
+libnss-tacplus (1.0.4-cl3u1) RELEASED; urgency=low
+  * New: Enabled - added the ability to set the source IP address via
+    the source_ip config variable.
+
+ -- dev-support <dev-support@cumulusnetworks.com>  Tue, 03 Jul 2018 17:10:17 -0700
+
+libnss-tacplus (1.0.3-cl3u4) RELEASED; urgency=low
+  * Added man, snmp, daemon, nobody, cron, radius users and frr to
+    exclude_users to prevent tacacs lookup on these system accounts.
+
+ -- dev-support <dev-support@cumulusnetworks.com>  Wed, 14 Feb 2018 14:14:00 -0800
+
+libnss-tacplus (1.0.3-cl3u3) RELEASED; urgency=low
+  * do not log message about acct_all unknown config variable
+
+ -- dev-support <dev-support@cumulusnetworks.com>  Thu, 28 Sep 2017 14:47:10 -0700
+
+libnss-tacplus (1.0.3-cl3u2) RELEASED; urgency=low
   * Fixed package remove to clean up plugin entries in nsswitch.conf
+
+ -- dev-support <dev-support@cumulusnetworks.com>  Fri, 30 Jun 2017 13:34:20 -0700
+
+libnss-tacplus (1.0.3-cl3u1) RELEASED; urgency=low
   * New Disabled: added user_homedir config variable to allow per-user
     home directories (unless per-command authorization is enabled)
-  * Fixed configuration files should automatically be reparsed
+  * Closes: CM-16082: configuration files should automatically be reparsed
     if they change, for long-lived programs and daemons that use NSS.
 
- -- Dave Olson <olson@cumulusnetworks.com>  Fri, 30 Jun 2017 13:34:20 -0700
+ -- dev-support <dev-support@cumulusnetworks.com>  Fri, 12 May 2017 14:51:23 -0700
+
+libnss-tacplus (1.0.2-cl3u1) RELEASED; urgency=low
+  * New Enabled: added vrf config variable, so NSS lookups work 
+    for normal ssh use (rather than ssh@mgmt)
+  * Closes: CM-15481: During login, send remote add IP address in AUTH request
+
+ -- dev-support <dev-support@cumulusnetworks.com>  Tue, 07 Mar 2017 14:54:34 -0800
 
-libnss-tacplus (1.0.3-1) unstable; urgency=low
-  * Added config variable "timeout" to limit time attempting to
+libnss-tacplus (1.0.1-cl3u3) RELEASED; urgency=low
+  * New Enabled: added config variable "timeout" to limit time attempting to
     connect to non-responding TACACS server.
-  * Added config variable "exclude_users" in /etc/tacplus_nss
+  * New Enabled: added config variable "exclude_users" in /etc/tacplus_nss
     to avoid looking up "local" user accounts via TACACS servers.  This
     improves overall system performance for local users, and avoids significant
     delays when a TACACS server is unreachable.
@@ -18,16 +73,10 @@ libnss-tacplus (1.0.3-1) unstable; urgency=low
     libraries can connect to a TACACS+ server without being tacacs aware.
   * Improved debugging messages.
   * Minor corrections to Copyright and licensing
-  * Added vrf config variable, so NSS lookups work correctly$
-  * During login, send remote add IP address in AUTH request
-  * Configuration files should automatically be reparsed
-    if they change, for long-lived programs and daemons that use NSS.
-  * Added user_homedir config variable to allow per-user
-    home directories (unless per-command authorization is enabled)
 
- -- Dave Olson <olson@cumulusnetworks.com>  Thu, 23 Mar 2017 22:40:01 -0800
+ -- dev-support <dev-support@cumulusnetworks.com>  Tue, 29 Nov 2016 16:55:16 -0800
 
-libnss-tacplus (1.0.2-1) unstable; urgency=low
+libnss-tacplus (1.0.1-cl3eau2) RELEASED; urgency=low
 
   * Improve debugging on server connections, and always try all
     servers in list until successful response, in case different
@@ -36,13 +85,13 @@ libnss-tacplus (1.0.2-1) unstable; urgency=low
   * Add min_uid and exclude_users config variables to avoid TACACS+
     lookups of local users, for robustness and performance.
 
- -- Dave Olson <olson@cumulusnetworks.com>  Thu, 06 Oct 2016 14:13:43 -0700
+ -- dev-support <dev-support@cumulusnetworks.com>  Fri, 30 Sep 2016 13:56:05 -0700
 
-libnss-tacplus (1.0.1-1) unstable; urgency=low
+libnss-tacplus (1.0.1-cl3eau1) RELEASED; urgency=low
 
   * Initial version with NSS lookups for tacacs users using mapping
     Works with modified libpam-tacplus to authenticate TACACS+ users
     without local passwd entries, mapping them to tacacs0..15 based on
     TACACS privilege level.
 
- -- Dave Olson <olson@cumulusnetworks.com>  Thu, 23 Jun 2016 13:31:01 -0700
+ -- dev-support <dev-support@cumulusnetworks.com>  Thu, 23 Jun 2016 13:31:01 -0700
diff --git a/debian/control b/debian/control
index ea65d0b..2926895 100644
--- a/debian/control
+++ b/debian/control
@@ -1,12 +1,15 @@
 Source: libnss-tacplus
 Priority: optional
-Maintainer: Dave Olson <olson@cumulusnetworks.com>
+Maintainer: dev-support <dev-support@cumulusnetworks.com>
 Build-Depends: debhelper (>= 9), autotools-dev, libtac-dev (>= 1.4.1~),
     libtacplus-map-dev, libaudit-dev, autoconf, libpam-tacplus-dev,
     dpkg-dev (>= 1.16.1), git
 Section: libs
-Standards-Version: 3.9.6
+Standards-Version: 3.9.8
 Homepage: http://www.cumulusnetworks.com
+XS-Build-Source: True
+XS-Cumulus-Valid-Arch: amd64 armel
+XBCS-Vcs-Hash: cf2f734609a59da41248ed45e95807998a4a75f3
 
 Package: libnss-tacplus
 Architecture: any
@@ -15,3 +18,5 @@ Depends: ${shlibs:Depends}, ${misc:Depends}, libtac2 (>= 1.4.1~),
 Description: NSS module for TACACS+ authentication without local passwd entry
 	Performs getpwname and getpwuid lookups via NSS for users logged in via
 	tacacs authentication, and mapping done with libtacplus_map
+XBCS-Vcs-Hash: cf2f734609a59da41248ed45e95807998a4a75f3
+
diff --git a/debian/copyright b/debian/copyright
index 710851e..f91dfc6 100644
--- a/debian/copyright
+++ b/debian/copyright
@@ -3,7 +3,7 @@ Upstream-Name: libnss-tacplus
 Source: http://www.cumulusnetworks.com
 
 Files: *
-Copyright: 2015, 2016, 2017 Cumulus Networks, Inc.  All rights reserved.,
+Copyright: 2015, 2016, 2017, 2018 Cumulus Networks, Inc.  All rights reserved.,
            2010 Pawel Krawczyk <pawel.krawczyk@hush.com> and
                 Jeroen Nijhof <jeroen@jeroennijhof.nl>
 License: GPL-2+
diff --git a/debian/libnss-tacplus.manpages b/debian/libnss-tacplus.manpages
new file mode 100644
index 0000000..a3f80cf
--- /dev/null
+++ b/debian/libnss-tacplus.manpages
@@ -0,0 +1 @@
+tacplus_nss.conf.5
diff --git a/debian/libnss-tacplus.postinst b/debian/libnss-tacplus.postinst
index 77f16f4..06253d7 100644
--- a/debian/libnss-tacplus.postinst
+++ b/debian/libnss-tacplus.postinst
@@ -11,8 +11,10 @@ case "$1" in
         # for this package, and won't break anything else.  Do nothing
         # if tacplus is already present in the passwd line
         if [ -e "/etc/nsswitch.conf" ]; then
-            sed -i -e '/tacplus\s/b' \
-                -e '/^passwd:/s/compat/tacplus &/' /etc/nsswitch.conf
+            sed -i -E -e '/tacplus\s/b' \
+                -e '/^passwd:/s/(compat|files)/tacplus &/' /etc/nsswitch.conf
+            sed -i -E -e '/tacplus\s/b' \
+                -e '/^group:/s/(compat|files)/tacplus &/' /etc/nsswitch.conf
         fi
     ;;
 
diff --git a/debian/libnss-tacplus.prerm b/debian/libnss-tacplus.prerm
index c47a314..c6f246c 100644
--- a/debian/libnss-tacplus.prerm
+++ b/debian/libnss-tacplus.prerm
@@ -7,6 +7,8 @@ if [ "$1" = remove ]; then
     if [ -e "/etc/nsswitch.conf" ]; then
         sed -i -e '/^passwd:.*tacplus\s/s/tacplus\s//' \
             /etc/nsswitch.conf || true # don't prevent remove on error
+        sed -i -e '/^group:.*tacplus\s/s/tacplus\s//' \
+            /etc/nsswitch.conf || true # don't prevent remove on error
     fi
 fi
 
diff --git a/debian/libnss-tacplus.symbols b/debian/libnss-tacplus.symbols
index 2bf9b88..873bce7 100644
--- a/debian/libnss-tacplus.symbols
+++ b/debian/libnss-tacplus.symbols
@@ -1,3 +1,8 @@
 libnss_tacplus.so.2 libnss-tacplus #MINVER#
  _nss_tacplus_getpwnam_r@Base 1.0.1
  _nss_tacplus_getpwuid_r@Base 1.0.1
+ _nss_tacplus_setgrent@Base 1.0.4-cl4u1
+ _nss_tacplus_endgrent@Base 1.0.4-cl4u1
+ _nss_tacplus_getgrent_r@Base 1.0.4-cl4u1
+ _nss_tacplus_getgrgid_r@Base 1.0.4-cl4u1
+ _nss_tacplus_getgrnam_r@Base 1.0.4-cl4u1