Ganymede userKit Release 1.0.5
October 11, 2001
CHANGES
---------------------------------------------

-------------------- Changes from 1.04 to 1.0.5 -------------------

RELEASE DATE: October 11, 2001

1. [NPASSWD] Fixed up the npasswd support code some

The userCustom code that interacts with the npasswd-based external
validator and saver now uses temp files to retrieve results.  This
avoids significant race conditions / leaks in Java's process execution
code.

Fixed the npasswd interfacing code in userCustom to actually use the
right schema configuration fields for the npasswd validator and saver,
and to use them rather than our hard-coded /opt/bin paths.

Tweaked the schema.xml file to define a field in the schema
configuration object to allow setting where the temp directory for the
npasswd temp files should be.  If not set, userCustom will default to
"/tmp".

2. [DOCUMENTATION] Fixed a bash syntax error in README

It's

  bin/runServer > server.log 2>&1 &

not

  bin/runServer > server.log 2>1 &

Reported by Steve.Lemons@arrisi.com.

3. [SOURCE] Made builder tasks log phase 2 execution

Unlike the builder tasks we use at ARL, the userKit's builder tasks
were not logging the start and completion of phase 2 external script
execution.

Now it should be clearly logged when the external builder scripts
are run and stopped.

4. [SCRIPTS] Simplified directory setting in build scripts

The unixBuild, bsdBuild, and ntSambaBuild scripts now use a very
simple cd command to change directory to the proper directory, rather
than the complex script location determination code that was there
before.

This is just to help simplify things in case problems arise with
the builder scripts.

-------------------- Changes from 1.03 to 1.0.4 -------------------

RELEASE DATE: July 27, 2001

1. [SCRIPT] Fixed loader.pl to specify proper permissions

When I was working on Ganymede 1.0.5, I realized that the permissions
system had an inappropriate hole, in which end users (who by fiat own
their own user objects, and can edit them with whatever privileges are
granted by the default role's "Objects Owned" permission matrix) were
allowed to edit the Owner List, Notes, Expiration Date, and Removal
Date fields.

This happened because the Ganymede server was not tracking permissions
for the "built-in" fields separately from that of the object itself.
End users who could edit their user object (to change their password,
say) were able to edit these fields, which should not have happened.

Ganymede 1.0.5 now allows permissions for these fields to be manually
edited in the permissions editor when editing Role objects.

The change to userKit here was to make loader.pl set the default
permissions for these four sensitive "built-in" fields so that end
users will not have permission to edit these fields.

If you are already running userKit 1.03, this upgrade is not needed.
Just upgrade the server and clients to Ganymede 1.0.5 and go in and
edit the Default Role's Objects Owned permission matrix and clear out
privileges for editing the Owner List, Notes, Expiration Date, and
Removal Date fields.

-------------------- Changes from 1.0 to 1.03 -------------------

RELEASE DATE: June 22, 2001

1. [SCHEMA] Fixed schema.xml to define proper label field for persona

The schema.xml file specified the wrong label field for the admin
persona class, resulting in problems when trying to login with
newly created admin personae.

Reported by Miklos Muller, mmuller@lbcons.net.

2. [SCRIPT] Fixed loader.pl to set reasonable default admin privileges in 'GroupAdmin'

The loader.pl script was emitting permissions for the 'GroupAdmin'
role that didn't allow for the creation of new objects due to a lack
of permission to add objects to owned 'Owner Group' objects.

Reported by Miklos Muller, mmuller@lbcons.net.

-----------------------------------------------------------------
