2.2.21 (2009/02/03)
- nuauth: fix bind to IPv6 address only
- nuauth: add nuauth_user_check_ip_equality be able to relax constraint
on source address of authentified packets.
- TLS: strict CRL handling
- nuauth: suppress not needed g_assert() (fix a crash)
- nuauth: fix light memory leak in tls_connect()
- nutcpc: display NuFW gateway IP address when starting
2.2.20 (2008/12/10)
- nufw: Fix potential race condition in nufw tls_connect
- nufw: Fix bug where packet with ID 0 was rejected
- Remove debian directory which is not maintained here anymore
- nuauth: Add mark display in packet printing
- libnuclient: Improve API to export string error message to clients
- nuauth_command: User disconnection can now be done via a regexp
2.2.19 (2008/11/26)
- nuauth: fix memory leak that appear when system_suppress_prefixed_domain
is set to 1.
- Implement "refresh crl" command in nuauth_command and nuauth.
- nuauth: SIGHUP also reloads the CRL file.
- nutcpc: SIGHUP now triggers reconnection to nuauth.
- nutcpc: Add -R option to specify crl.
- nutcpc: ask client to confirm connection if no CA is present
- nufw: SIGHUP now triggers reconnection to nuauth.
- nufw: Try to start TLS session to nuauth at start and not at first packet.
- nufw: fix some error case handling in gnutls record
- nufw: Display understandable error message when nuauth can not be reached.
- nufw: Add -N option to disable fqdn check during TLS negotiation
- libnuclient: CRL reload at reconnect
- libnuclient: new function nu_client_set_crlfile() can be used to specify crl
file
- nuauth: fix memory leak in connection tracking logging
- nuauth: fix memleak and avoid useless allocation in iface related code.
- nutcpc: now uses local user name as default for nuauth connection
- ldap module: update code to 'new' ldap API
- ldap module: fix double request and memory leak
- pam_nufw: respect nuclient.conf
- pam_nufw: severe bugfix
2.2.18 (2008/11/03)
- general: strict TLS mode enabled by default on all components
- nuauth: increase some timer value to avoid problem on some virtual
machines
- nuauth: issue some warnings if clients certificates will not be
checked
- nuauth: display explicit error message if TLS handshake failed
- nuauth: fix check of private key file permissions
- documentation improvement
- nuauth: add option to limit the size of the logging queue
- nuauth: fix ACL order in the plaintext module
- nuauth: fix reject method when no group can be fetch after authentication
- libnuclient: fix some error treatment of the gnutls_record_recv() function
- libnuclient: fix threads model in POLL mode (avoid useless threads)
2.2.17 (2008/09/24)
- nuauth: add "reload periods" to nuauth_command
- nuauth: drop packet if asked period is unavailable
- nuauth, ldap, plaintext: per-interface filtering
- tests system: per-interface filtering tests
- nuauth: fix sasl_dispose related bug
- nuauth, nuctpc: kerberos authentication is working
2.2.16 (2008/08/25)
- nuauth: fix destruction of some entries in client hash
- nuauth: fix decoding of some packet in 64bits mode
- nuauth: fix application name decoding error check
- nuauth: fix ldap reconnection code
- nutcpc: add '-c' option (test if a client is already running)
- tests: add ldap module functionnal tests
- authtype: new module for adding condition of user connection
- nuaclgen: fix regexp
- libnuclient: fix some memory leak
- ldap: improve AppName check
- ldap: misc fixes
2.2.15 (2008/04/14)
- nuauth: fix acl cache
- nuauth: optimize some hash function
- plaintext: optimize acl check
- nuauth: clean some messages
2.2.14 (2008/04/04)
- mysql: set decision to 'U' in oob_prefix (instead of 'D', drop) for
unauthenticated drop
- NuFW: fix usage of inline causing build failure on many architecture
- log_mysql: fix standard logging mode
- nuauth: add information about which file failed to be read during
tls initiation phase
- nufw: don't put nufw in conntrack debug mode by default
- log_nuprelude: prevent string format attacks (code cleaning)
- NuFW: can now use "make dist" to make archive
2.2.13 (2008/03/27)
- mysql: log_prefix can now be used by nulog2 link to nuface
- ldap: fix connection problem
2.2.12 (2008/03/25)
- nuauth: allow syntaxe "[ipv6]:port" for options
nuauth_client_listen_addr and nuauth_nufw_listen_addr
- libnuclient and nutcpc compilation fix for FreeBSD 7.0RC1
- FreeBSD: fix some endian problem
- nuauth: add a flag to be able to disable log on a per-rule basis
- nuauth: don't whine if the CA is not configured
- nuauth: optimize certificate revocation list refresh
- nuauth: fix nufw reference counter
- ldap: Reconnect to ldap when connection has failed
- nutcpc: Fix problem with 'nutcpc -k' which did not manage to kill
nutcpc if a previous nutcpc has been kill violently.
- nutcpc: detect probable authentification problem and report them
accordingly
- log_nuprelude: finalize module (IDMEF alert format, severity of
alert)
2.2.11 (2008/01/08)
- libnuclient: don't leave when default cafile is not found
- factorize IPv6 code, especially IPv6 formatting (display IPv4 as
IPv4 and not "::ffff:a.b.c.d")
- plaintext: simplify ACL description, most parameters are now
optional
- plaintext: fix netmask parser
- libnuclient: fix function to stop check thread for Mac OS X
- fix command line parser: option '-p' was limited to 3 characters
- ldap: fix and document ldaps connection
- nufw: add -S option to do strict checking during TLS negotiation
- nuauth: be nicer with TLS client when it rejects them because
certificate is invalid
- nufw: warn when TLS session is closed by nauth
- nuauth: add username when printing connections
- NuFW: fix a file descriptor leak in client and nufw
- NuFW: improve TLS subsystem
2.2.10 (2007/12/04)
- log_mysql: fix log prefix (avoid double ":" when used with nuface)
- nuauth: fix crash when nufw is misconfigured and sends improper packet
- improved BSD compatibility
2.2.9 (2007/11/26)
- nuauth: leave when a module fails to load
- nuauth: correctly fills headers of messages to nufw
- plaintext module: parse needed files at start
- nufw: ignore return of nfq_unbind_pf() due to change in linux 2.6.23.
- nuauth: introduce nuauth_proto_wait_delay to get around a nasty
connection problem on laggy network.
2.2.8 (2007/11/07)
- libnuclient, nuauth: fix protocol 2.2 on big endian.
- log_mysql: add documentation file and add a IPv4 and an IPv6 dump
- build system: improve autoconf compliance
- nufw: fix infinite loop when nufw has no support for conntrack but
when nuauth try to kill connection
2.2.7 (2007/10/29)
- nuaclgen: add support for userid based ACLs.
- nuauth: fix SASL rare crash on client authentication failure (sasl_dispose)
- nuauth: fix command line parser: -p and -l were limited to 3 characters
- nuauth: fix a buffer overflow (3 bytes) in base64 encoding function
- nuauth: improve certificate file error handling
- nuauth: leaver if socket command file is unavailable
- pam_nufw: fix memset usage
2.2.6 (2007/10/09)
- nuauth: fix rare bug causing infinite loop
- Add auth_mysql module : authentication and ip authentication against
a MySQL database
- nuauth: introduces nuauth_single_user_client_limit and nuauth_single_ip_client_limit
- nuauth: add capability to bind on multiple addresses
- nuauth: can now have user-id based acls
2.2.5 (2007/09/10)
- fix clients' Makefile for compatibility with automake 1.10
- bugfix: disallow change of ipauth option on reload to avoid a crash
- fix race condition (multi-threading) in system module (PAM)
2.2.4 (2007/08/20)
- plaintext: fix parsing of IPv4 address
- log_syslog: log with IPv4 address and not IPv4 in IPv6
- nuauth: don't log packet appended to a connection
- nuauth: improve some debug areas settings
- nuauth: fix period handling
- log_mysql, log_pgsql: fix a rare crash related to improper format
string for 64 bits counters
2.2.3 (2007/08/01)
- libnuclient: fix compilation when used in external client.
- nufw: ask kernel to drop packet when nuauth can't be reached.
- nuauth: add some check when dealing with certificate expiration.
- NuFW: recover ICMP reject functionnality.
- log_mysql: handle reconnect as mysql default as changed with 5.0.
- Test system: add test of ICMP reject functionnality.
- nuauth: fix closing of user session in database logging modules.
2.2.2 (2006/06/26)
- log_mysql: fix logging of connection closing
- NuFW: fix incompatibility between i386 and x86_64 due to alignement
problem. This break compatibility with previous NuFW 2.2.
- nufw: for TCP connection, only send message when session switch to
ESTABLISHED and get destroyed.
- nuauth: change criticity of some debug message to ease detection of
protocol mistakes.
- NuFW: separate version number of client and nufw protocols
- NuFW: switch protocol number to v22_2 to be able to warn about
incompatibility probem.
- nuauth: log IP in IPv4 format when they are IPv4
- log_syslog: log authentication failures
- nuauth: fix crash when nufw sends non SYN packet
2.2.1 (2007/06/17)
- port change: IANA has assigned 4128 and 4129 to nufw and nuauth
- x509_std: code cleaning and fix potential crash
- NuFW: fix compilation on some distribution (for AMD64 architecture)
- client manager: close the client socket even if shutdown fails
- pam_nufw: fix free(home) in _get_runpid()
- nutcpc: fix creation of .nufw directory
- nuauth: fix memory leak in debug messages
2.2.0 (2007/05/29)
- log_mysql: fix prefix setting in a sub case.
- nuauth: improve doxygen documentation.
2.2.0-rc3 (2007/05/23)
- By default, do not compile pam_nufw anymore.
- nutcpc does now check presence of certificate authority.
- Complete rewrite of debian packaging.
- log_nuprelude: Add user info to idmef message when there is
authentication failure.
- nuauth: implement acl ordering (prio_to_nok=2)
- mark_flag: new module used to modify packet mark using acl
indication
2.2.0-rc2 (2007/04/27)
- nuauth: add declaration of thread_pool_push
- ldap: optimize filter
- NuFW is now compatible with automake1.10
- nufw: fix problem for host with libnetfilter_queue
but without the latest iface related modifications.
- nutcpc: add option -a to specify nuauth DN in certificate.
- log_mysql: set protocol information in compatibility mode
- libnuclient: restore some interesting features of 2.0 API
- NuFW: fix certificate authentication
- tests: new system for doing unitary tests on NuFW
- log_mysql: add mysql_admin_bofh option to destroy user connections
when session finished
- mark_field: set mark on packet with glob matching on packet fields
- nuauth: fix possible problem on nufw disconnect on busy systems
- nuauth: can now have mandatory per-certificate authentication
- ldap module: add new option ldap_use_ipv4_schema to have compatibility with
IPv4 tools
- nuauth: fix crash when nufw send concatenated requests
- nuauth: improve debugging messages
- nuauth: fix bug when user packet comes first (nufw disconnection).
2.2.0-rc1 (2007/03/08)
- log_mysql: add option to log by default in SQL
database with IPV4 schema
- libnuclient: add nu_get_home_dir function which is not
dependant of HOME environment variable
- nufw: fix compilation in ipq mode (workaround ipq.h problem)
- nufw: modify interface name fetching code
- NuFW: Port of 2.0 modifications (from r2715 to r2728)
- implement globbing matching in application filtering
- add support for flags on acl
- implement async logging following flag setting
- cache is now resetted during reload
- nuauth: command mode through a unix socket and a python script
is given as exemple
- nuauth: modify thread pools system (better handling of signals)
- nufw: add -A to set debug areas and adjust areas in code
2.1.1 (2007/01/03)
- suppress ldap authentication code
- add support for log prefix
- add support for guest group
- mark_group: new module dedicated to packet marking
- NuFW: doxygen documentation improvement
- NuFW: support for interface name transmission from kernel to nuauth
2.1.0 (2006/09/01)
- fix period handling (user OR and and AND between period item of a
period)
- fix memory leak in ldap module
- IPv6 support:
- clients, nufw and nuauth are able to communicate using IPv4 or IPv6
- nuauth store all addresses in IPv6 structure, IPv4 use format
"::ffff:[ipv4]"
- MySQL store IP address in BINARY(16) instead of INTEGER field
- Prelude, MySQL, PostgreSQL, etc. modules support IPv6 addresses
- Plaintext module is able to parse IPv4 and IPv6 addresses
- Rejectting a packet can send ICMP(v4) or ICMPv6 (depending on source
IP address type)
- support ICMPv6 protocol
- new client API, main changes:
- don't use callback to get username, password and tls password anymore:
directly send the strings
- don't delete the session when loosing connection: just delete old TLS
session (and socket) using a "reset" function
- keep same Diffie Hellman parameters for the session (don't regenerate
them on each reconnection): that's good because it looks to use lot of
CPU (and maybe /dev/random)
- the client send username and password in UTF-8
- don't make core dump on fatal errors (in nuauth, nutcpc and pam_nufw)
- libnuclient: use gcrypt_malloc_secure() to disallow username and
password to be moved to the swap
- protocol v3 compatibility (for client and nufw server)
- Introduce two new modules type:
- user_session_modify : called when auth is successfull this module
can modify all params (usefull to set expire or something else)
- finalise_packet: modify packet content just before decision (useful
to set mark and/or expire according to advanced policy)
- Accounting capabilities: conntrack is now dumping accounting
information
2.0 (2005/05/22)
- nuauth : fix period handling
- libnuclient : fix crash when specified hostname is unvalid
- nutcpc : do not try to reconnect if password has changed, this will
avoid to block user account after multiple retries
- pam_nufw : initial release
2.0-rc2 (2006/05/15)
- nuauth : add sanity check on type of field contained in a packet
- libnuclient : fix MacOSX port
- nuauth SQL user session logging : close opened user session when leaving or when starting
- nuauth modules : systematic use of static declared function to avoid conflict
2.0-rc1 (2006/05/04)
- nufw : fix possible problem with connection fixed timeout and NAT
- nufw : add -M option to use mark to select conntrack event to be sent to
nuauth
- NuFW : fix hello mode authentication
- doxygen documentation improvement
- nuauth : add antispoofing test to hello mode authentication
2.0-beta2 (2006/06/27)
- nuauth : fix period reloading
- nuauth : fix logging as UNAUTHENTICATED DROP of established packet
- nuauth: fix bug in policy test
2.0-beta1 (2006/04/24)
- nuauth : bugfix on the PostGreSQL log module thanks to Julian Reich
- nuauth :fix bug in max client number test
- nuauth|nufw : really close socket in all cases now
- nuauth : certificate checking improvement
- nuauth : separate sasl and tls code
- nufw: cleaning of tls end of session
- linuclient : introduce nu_client_global_init to avoid multiple
global initialisation of gnutls and sasl
- define protocol version 3 : protocol version 2 with a fix on
endianess
- nuauth : fix crash when multiple logging modules are used (if one of
them is mysql)
- libnuclient : free connection table
- libnuclient : fix multithreaded code
- nuauth: store user identifiers in 32 bits (and not 16), but still send
user id. in 16 bits to nufw (with a warning)
- new configure option: --with-perf-display, display benchmark of user
authentification
- nuauth: fixes about buffer underflow, check that received packet are big
enough before casting them to structure
- nufw and nuauth: fix buffer overflow caused: replace strncpy with the
new macro SECURE_STRNCPY which always write '\0' on last position, and
replace call like sscanf(..., "%10s", ...) with SECURE_STRNCPY
- nufw: whole code is documented using doxygen syntax
- nufw and nuauth: use shorter syntax to display debug messages
- nufw and nuauth: fixes to make them compile in strict ANSI mode
with gcc (using -ansi option)
- nufw and nuauth: fix memory leaks, some of them detected with the great
tool Valgrind
- nuauth: reorganize source code, split big function in small
sub-functions and move some functions in new files
- nufw and nuauth: remove dead code and unused variable/macro
- nufw and nuauth: use more explicit names for variables and structures,
rename for example 'c' to 'socket'
- nuauth, module script: fix a security bug, quote script arguments
- small changes to make flawfinder and rats tools happy
- replace obsolete usleep() with nanosleep()
- Introduce lock in tls code because gnuTLS is NOT really threadsafe (does
NOT support thread sending on the same TLS session)
- stronger security in mysql and postgresql modules: use secure_sprintf()
instead of classic sprintf() and quote all user strings
- stronger security in script module: quote all arguments
- fix some minor bugs detected by Valgrind
- check inet_ntop() and inet_addr() errors
- small changes to make nufw and nuauth source code ANSI C compliant
- fix gcc compilation flags: use -O0 in bug mode instead of -02, and
detect all warnings with -Wextra (or -W for gcc < 4.0)
- use pointer and not object during logging
- bugfix:nuauth: don't crash anymore if configuration file doesn't exist
- nuauth: fix gnutls problem (multithread writing and reading)
- nuauth: multiple modules with separate conf
- nuauth: stop threads (and thread pools) before exiting NuAuth. Use a
mutex to ask a thread to stop. Each thread use timeout of one second,
and don't use any blocking function anymore (use function with timeout
instead: eg. use g_async_queue_timed_pop() instead of g_async_queue_pop())
- nuauth: port of system_convert_username_to_lowercase option (from 1.0)
- NuFW : ICMP reject via decision 3.
- xml_defs : new module for periods definition
- nuauth : add nuauth_module_certificate_check and
nuauth_module_certificate_to_uid configuration variables (work
sponsorised by EOLE)
- x509_std : new module with standard check and function for
nuauth_module_certificate_check and nuauth_module_certificate_to_uid
- nuauth : modify config file parsing to avoid memory leak
- nuauth : add option nuauth_debug_area to be able to specify logging area
- nuauth: add Prelude IDS module which can log packet events and user
session.
- nuauth : nuauth_reject_authenticated_drop option is now here to
choose if we drop or reject ACL that match IPV4 header but when user
is not in the group.
- nuauth : period checking is now done in main code (not in module
anymore) to avoid problem with cache.
- move conffile.h from src/nuauth/include to src/nuauth and suppress
src/nuauth/include
1.1.3 (2006/01/25)
- nutrackd : PostGreSQL support
- Fixes in the PostGreSQL log module (removed the useless server_port
variable, fixed a very stupid strlen bug on port)
- nufw|nuauth : expiration of connection is now possible
- nufw : new switch -C to handle conntrack destroy event by sending a
message to nuauth. This is mandatory for connection expiration
system.
- nuauth : handle nufw destroy message
- nufw : restore compilation of nufw in libipq mode
- nuauth : introduce a ppol of thread for user session logging
- nuauth : fix a stupid but critical bug on module reloading
- nuauth : introduce nuauth_number_session_loggers to specify the
number of threads in the user session logging pool
- nuauth : change type of limited_connection_handler to suppress
compilation warning
- nuauth : new hook for time period definition
- plaintext : add period check
- plaintext : add example for time period creation (define '5x8' period)
- nutcpc : working on freebsd :-) (but mono user for the moment)
- nutcpc : working on Mac OS X :-) (but mono user for the moment)
- nuauth : user connect policy (see config file for detail)
- libnuclient : fix typo that could cause a hang
- nuauth : a user session duration can now be set
1.1.2 (2005/12/22)
- nufw : new threads architecture
- libnuclient : fix potential problem with new thread architecture
- nuauth : modules reloading
- nuauth : config reloading (partial)
- nutrackd : config file option added and an example conf is now
provided
1.1.1 (2005/12/14)
- new session logging module system (hook at user connection and
disconnection)
- libscript : new session logging module
- log_mysql module : now able to log connection event to a dedicated
table
- libnuclient : new threads organisation, it should now be thread-safe
1.1.0 (2005/12/06)
- full "a posteriori" IP authentication for mono user system via hello message system
- nufw : port to libnetfilter_queue
- NuFW : many small fixes in the debian/ subdir : start in correct runlevels,
have smoother init scripts.
- nutcpc : add -l option to disable use of lock
- NuFW : all exchanges between clients and nuauth are now done in
UTF-8 by default. Use --with-utf8 at configure time to select this
behaviour on client side.
- plaintext module : cleaning and icmp support
- increase internal message usage instead of sending directly
structure to queue.
- nufw : get rid of old UDP protocol
- nuauth : fix double free problem linked with string_escape function
- libnuclient : new algo in push mode
- libnuclient : UDP support, need recent kernel
- nuauth : multi modules support
- nutrackd : brand new connection tracking system based on
libconntrack
1.0.11 (2005/07/26)
- NuFW : port to big endian architecture. It has been tested on a
powerpc.
- nuauth : fix a bug that causes nuauth to crash when launched with an
empty nuauth.conf
- nufw : better handling of non-IP packet
- nufw : added option -n to permit a strict match of the nuauth
certificat
- nuauth : client certificat check is stricter
- nuauth : better handling on incorrect user OS announce
1.0.10, "Michel Rocard" release (2005/07/13)
- libnuclient : ignore SIGPIPE to avoid crash when HELLO packet can
not be sent
1.0.9 (2005/07/04)
- NuFW : added a USER_HELLO message to be able to detect broken
connnection really fast.
- NuFW : Documentation update
- nuauth : user packet decoding code cleanup
1.0.8 (2005/06/10)
- nutcpc : suppress useless opening of /dev/random in nu_client_init2
1.0.7 (2005/06/07)
- nuauth : remove a double free in postgresql module
1.0.6 (2005/06/02)
- libnuclient : add copyright in nuclient.h
- libnuclient : add code for integration of libnuclient in C++ project
- nutcpc : add -V flag to print version
- nuauth : build fixes for gcc 3.4 (was checking for the return of some
void functions)
- nuauth : solve problem whith pgsql log module in
nuauth_log_users_strict mode
- libnuclient : add TCP_KEEPALIVE option on socket
- nutcpc : add -k option to kill current nutcpc
1.0.5 (2005/05/16)
- added nuauth_log_users_without_realm : remove realm from username
before logging
- libnuclient : now authenticate packet which are SYN retransmit
1.0.4 (2005/05/09)
- tls_sasl_worker number of threads is set from a variable now.
- timeout on authentication negotiation can now be set with
nuauth_auth_nego_timeout option
- nufw : tls session ending and restart is now treaded correctly
- libnuclient : handle an error case as it should be
1.0.3 (2005/04/29)
- cleanly get out of sasl negotiation
- suppress useless debug messages
- client lib now does not require certificates when nu_client_init is
called (nuapplet case)
- add a check of mysql ssl function existence in configure
- clean tls and sasl related code
- add mutex in pam module because pam_winbind is not thread safe
- correct MySQL and Pgsql log modules to log unauthenticated drop
- solve restart problem by setting option SO_REUSEADDR on socket
- add KEEPALIVE on connection socket to detect dead connections
- add system_convert_username_to_uppercase option to have username convert
automatically to uppercase if needed
- should fix an endianess problem on PPC (for client lib)
1.0.2 (2005/03/29)
- add nuauth_number_loggers in config file
- nufw can now verify nuauth server certificates (specify ca file with -a
to do so)
- structure.h is now in the nufw directory as it is only used by it
- nuauth certificat check is now more strict
- libnuclient does not require a certificate and a key, this is now
optional
- fix crash of nufw in debug mode 7 and over (when running as daemon)
- plaintext module fix : now correctly answer when an acl with no
group is found
1.0.1 (2005/03/16)
- log strict was not implemented strictly, this is now really strict
- small patch applied to cleanly compile on mipsel (thanks to Florian
Fainelli)
1.0.0 (2005/03/08)
- add tags DEBUG_ENABLE to speed up things
- add configure option --with-debug
- suppress some compilation warnings
- remove useless AC_DEFUN in configure.ac
- nuaclgen display modified for equality filter
1.0.0-rc2 (2005/03/01)
- works on autoconf to solve excessive linking
- nufw answer correctly to -V and -h
- nufw compilation is not done if libipq is not present
- authentication by certs now fallback to password based
authentication to support generic certs
- nuauth tls server for nufw now correctly handles violent disconnect
- nuauth tls server for client handles better network problem
1.0.0-rc1 (2005/02/16)
- get around bug link with g_message
- initial 64bit port
- code cleaning
- nutcpc : support renegociation
- logging : restore user numeric support
- pam compilation is now optional
- plaintext : 64 bit port
- logging : finish app and os logging
- nuauth : add support for multiusers client
- libnuclient : correct packet generation code
- rework cache code and make it optionnal
0.9.6 (2004/12/14)
- mysql and postgresql log module updates : added username where
missing, now supporting the client_os and client_app SQL fields. See
doc/MIGRATING-TO-0.9.6 for upgrade instructions.
- ident module fix
- ldap module : schema change and appname and osname
- nuaclgen : switch to use equality schema by default
- SQL logging : application name and osname support
- TLS : certificat verification support
- TLS : complete option management
- certificate authentication (SASL EXTERNAL mechanism)
- system authentication module (pam+system)
- nu_client_init2 : use callbacks with sasl and tls
0.9.5 (2004/10/20)
- infrastructure for ip authentication
- ident module for ip authentication (experimental, does not work when
nuauth is in daemon mode)
- ipq.h problem with redhat solved
- fix bugs related to acl check when ready
- configure.ac modification for module support
- user check module now receive user@domain
- plaintext module : use lists of ports (or ports ranges) in the plaintext ACLs
- plaintext module : Add multiple IP addresses (or subnet) in a same rule.
0.9.4 (2004/10/04)
- new push system : after having received packet, nuauth warns clients
on a concerned computer that they need to check if they have emit a packet.
- use private datas in queue system for cache answer
0.9.3 (2004/09/23)
- libnuclient : reconnect is automatic
- libnuclient : better error handling via errno
- nufw : signal handling for verbosity
- nuauth : application filtering support (modules : plaintext)
- nuauth : OS filtering support (modules : plaintext)
0.9.2 (2004/09/08)
- change unused field id_gw to a packet_length field in nufw->nuauth
packet.
- libnuclient works correctly now (nuapplet and nutcpc are ok)
- nufw_gw_addr is now a list : first entry is udp server AND all
entries are authorized nufw servers
- more strict on cache usage accounting (atomic operation)
- intercept sigpipe on nufw
0.9.1 (2004/09/02)
- nuauth : now outputs some information (through g_message) when receiving signal POLL
- nuauth : signal USR1 increases log level, USR2 decreases it.
- client datas are now stored in a hash (this solve a bug on connect)
- include necessary Makefile.am in the doc directory
- TLS exchange between nufw and nuauth
- multiple nufws per nuauth
0.9.0 (2004/08/26)
- protocol 2
- use TLS+SASL
- cache system for acl
- per connection datas for user
0.8.2 (2004/07/30)
- user logging level is finally taken into account
- connectio hash code optimisation
- some man pages and docs
0.8.1b (2004/07/20)
- correct nuclient.h header
0.8.1 (2004/07/14)
- client library
- little code and packaging cleaning
0.8 (2004/07/02)
- username logging in SQL database when log sync is enable
- security fix on nufw
0.7.1 (2004/06/14)
- add option for SSO feature : log before granted packet
- major code cleaning
0.7 (2004/03/31)
- SSL encryption between client and server
- correct handle of a limit case on reemission
- optimisation of ldap module
0.6.5 (2004/03/11)
- correct problem with bad packets
- optimisation of hash related code
- warning suppression
- LDAP and mysql with SSL support
- nutcpc improved
0.6.4 (2004/01/09)
- correct locking problems
- don't exit on socket read problem
0.6.3 (2004/01/07)
- change syslog log module output for established packet
- give a nutop.conf example
0.6.2 (2004/01/05)
- correct bug on user packet parsing
- "clean" rewrite of search_and_fill function
- packet timeout is checked now
0.6.1 (2003/12/09) :
- Correct bug on acl DROP
- Clean lock system
- NuFW send Control message when needed
0.6.0 (2003/12/02):
- Mysql and PostgreSQL users activity logging fully functionnal and
tested
- Updated Config file so it suits all possible features
- Debugged some problems on ACL checking
0.5.4 (2003/11/19)
- nuauth conntrack modification
- config file stuffs
0.5.3 (2003/10/29)
- nuauth conntrack modification
0.5.2 (2003/10/20)
- added capability to mark packet with userid
0.5.1 (2003/10/02)
- new GDBM user check modules
- external modules structure fixed
- mutex and memory leak problem solved
0.5 (2003/09/29)
- configuration file for nuauth
- external auth modules for nuauth
- using syslog
0.4 (2003/09/17)
- code cleaning
- improvement in protocol security
0.3 (2003/09/01)
- first complete release
0.1a (2003/07/04)
- use of autoconf
- a miniserver is provided
distrib
>
Mandriva
>
2010.0
>
i586
>
media
>
contrib-release
>
by-pkgid
>
e168fe4c6ea70290c7dbbe71a46c8502
>
files
>
7
