-------------------------------------------------------------------
Wed May 22 14:28:10 UTC 2024 - david.mulder@suse.com

- Update to version 0.4.0+git.2.7b57f5e:
  * Always normalize idmap upn inputs

-------------------------------------------------------------------
Mon May 20 19:23:30 UTC 2024 - david.mulder@suse.com

- Update to version 0.4.0+git.0.69b64fe:
  * Add github workflows for the 0.4.x branch
  * Do not append to pam_allow_groups automatically
  * Pam Allow Groups must be specified by Object ID
  * Request the correct resource and permissions
  * Improve error output on group lookup failure
  * When faking a uuid for NSS, use a random uuid
  * Fix clippy warning about inefficient use of clone()
  * Remove the initial uid hack, use name mapping
  * Don't stop an MR based on a clippy warning
  * Update Kanidm tracking
  * Modify CI workflows to handle idmap build
  * Add CI job for cargo test
  * Test the new and legacy idmapping
  * Ensure duplicate providers are not started
  * Use the SSSD Idmap code in Himmelblau
  * Specify in conf that pam_allow_groups is required
  * Remove code duplication in Hello PIN auth
  * Fix Device authentication failed after enrollment
  * Update the base64urlsafedata version
  * Update README.md with Matrix contact info
  * Version 0.4.0

-------------------------------------------------------------------
Wed May 15 15:19:43 UTC 2024 - david.mulder@suse.com

- Update to version 0.3.4+git.0.01d099f:
  * Version 0.3.4
  * Only remove cached user if it doesn't exist
  * Use existing user token at refresh
  * Always use the spn of the user for nss requests
  * Generate a fake user token to please SSH
  * Fix aad-tool to handle MFA
  * Fix lib_crypto version
  * Fix user dropping from NSS

-------------------------------------------------------------------
Fri May 10 18:59:23 UTC 2024 - david.mulder@suse.com

- Himmelblau requires libopenssl-3 for PRT messages.

-------------------------------------------------------------------
Thu May 09 19:34:59 UTC 2024 - david.mulder@suse.com

- Update to version 0.3.3+git.0.c2197d7:
  * Correct the debug messages for Hello skip
  * Version 0.3.3
  * Allow disabling Hello PIN auth for enrolled users
  * Add an option for disabling Windows Hello
  * Remove the TODO doc from stable branch
  * config: Remove comments about experimental policy enforement

-------------------------------------------------------------------
Tue May 07 18:19:29 UTC 2024 - david.mulder@suse.com

- Update to version 0.3.2+git.0.de9f5b5:
  * Version 0.3.2
  * Fix Hello PIN Authentication error, no nonce

-------------------------------------------------------------------
Mon Apr 29 19:43:17 UTC 2024 - david.mulder@suse.com

- Update to version 0.3.1+git.0.359a8d0:
  * Add github workflows for the 0.3.x branch
  * Fallback to SFA first if MFA fails Browse files
  * deps(rust): update libnss requirement from 0.6.0 to 0.7.0
  * deps(rust): update webauthn-rs-proto requirement from 0.4.8 to 0.5.0
  * Fix deadlock caused by client write lock
  * Add rid idmapping (replacing existing idmap)
  * Additional debug for Hello auth
  * Make proto Cargo.toml a physical file
  * Push the clippy arg count limit a little higher
  * Version 0.3.0
  * Windows Hello PIN implementation
  * deps(rust): update hostname requirement from ^0.3.1 to ^0.4.0
  * Enable actions on stable branches
  * Prevent dependabot from updating opentelemetry
  * Revert "deps(rust): update opentelemetry requirement from 0.20.0 to 0.22.0 (#93)"
  * deps(rust): update reqwest requirement from ^0.11.18 to ^0.12.2 (#95)
  * deps(rust): update lru requirement from ^0.8.0 to ^0.12.3 (#94)
  * deps(rust): update opentelemetry requirement from 0.20.0 to 0.22.0 (#93)
  * deps(rust): update num_enum requirement from ^0.5.11 to ^0.7.2 (#92)
  * deps(rust): update tonic requirement from 0.10.2 to 0.11.0 (#91)
  * Use the Kanidm MFA patches
  * deps(rust): update libnss requirement from 0.5.0 to 0.6.0 (#90)
  * deps(rust): update tracing-opentelemetry requirement (#89)
  * deps(rust): update rusqlite requirement from ^0.28.0 to ^0.31.0 (#88)
  * deps(rust): update clap requirement from ^3.2 to ^4.5 (#87)
  * deps(rust): update kanidm-hsm-crypto requirement from ^0.1.6 to ^0.2.0 (#86)
  * Update dependabot.yml
  * Add missing db dependency on sketching
  * Set the workspace resolver version to 2
  * Init the kanidm submodule during workflows
  * Ignore clippy blocks_in_conditions warning in daemon
  * Add build/clippy/dependabot_automerge workflows
  * deps(rust): update opentelemetry-otlp requirement from 0.13.0 to 0.15.0
  * deps(rust): update opentelemetry_sdk requirement from 0.20.0 to 0.22.1
  * deps(rust): update base64 requirement from ^0.21.5 to ^0.22.0
  * deps(rust): update notify-debouncer-full requirement from 0.1 to 0.3
  * deps(rust): update systemd-journal-logger requirement
  * Create dependabot.yml
  * Add MFA capabilities
  * Update to the latest Kanidm reqs
  * Always force MFA when enrolling the device
  * Update to latest msal

-------------------------------------------------------------------
Thu Feb 29 20:14:08 UTC 2024 - dmulder@suse.com

- Himmelblau provides the features found in aad-auth packages from
  other distros.

-------------------------------------------------------------------
Tue Feb 20 21:07:56 UTC 2024 - dmulder@suse.com

- Update to version 0.2.0+git.4.904b915:
  * Update to latest msal
  * Version 0.2.0
  * Himmelblau now authenticates only to configured domains
  * Remove reference to python-msal dep in README
  * Use the external MSAL crate for auth
  * Rename msal in prep for external msal crate
  * msal: Remove python msal bindings
  * msal: Rust msal
  * Point Cargo.toml to new project home
  * config: Write domain join to server specific config
  * idprovider: Invalidate cached user if PRT req fails
  * idprovider: Pass the keystore to the auth function
  * Update daemon from kanidm
  * test: Add a pause to ensure tasks daemon sees himmelblau
  * Update kanidm submodule
  * config: Include domain sections in configured domains
  * msal: Add acquire_token_by_refresh_token
  * enrollment: Authentication fixes
  * tests: Create the hsm-pin directory
  * idprovider: Add domain join debug
  * cargo: Use relative paths and remove most symlinks
  * idprovider: Allow group search when device is authenticated
  * msal: Move the application reqs from misc to msal::application
  * msal: Move user reqs from misc to msal::user
  * Remove duplicates from allow_groups during enrollment
  * Remove device enrollment from TODO
  * Implement Device enrollment
  * enrollment: Add the nonce service request
  * enrollment: Add enrollment service discovery
  * Implement ConfidentialClientApplication for enrollment
  * daemon: Fix inverted logic on cache dir check
  * nss: Use upstream nss package
  * idprovider: Provider auth needs to point to just the host
  * config: Consistently use the config file provided to the daemon
  * cargo: Use relative paths and remove most symlinks
  * clippy: Add kanidm's clippy config
  * config: Only check for tenant_id, authority, graph if necessary
  * Update README.md
  * Update version to 0.1.2
  * config: Fix typos in the config file
  * Make most params to acquire_token_interactive optional
  * Config can take defaults
  * cli: Add missing cli opt file
  * cli: Improve aad-tool options and interface
  * Update README.md
  * tests: Fix tasks daemon name typo
  * Remove MFA from TODO

-------------------------------------------------------------------
Fri Dec 22 18:07:18 UTC 2023 - dmulder@suse.com

- Update to version 0.1.1+git.10.4aa76b7:
  * daemon: Fix inverted logic on cache dir check
  * nss: Use upstream nss package
  * idprovider: Provider auth needs to point to just the host
  * config: Consistently use the config file provided to the daemon
  * cargo: Use relative paths and remove most symlinks
  * clippy: Add kanidm's clippy config
  * config: Only check for tenant_id, authority, graph if necessary
  * Correct the cargo version

-------------------------------------------------------------------
Mon Nov 13 19:12:05 UTC 2023 - dmulder@suse.com

- Update to version 0.1.1+git.0.6d2f645:
  * config: Remove comments about experimental policy enforement
  * config: Fix typos in the config file

-------------------------------------------------------------------
Tue Sep 26 13:22:40 UTC 2023 - Jan Engelhardt <jengelh@inai.de>

- Reduce size of expanded scriptlets by reducing %service_* calls
- Wrap descriptions

-------------------------------------------------------------------
Thu Sep 14 17:16:34 UTC 2023 - david.mulder@suse.com

- Update to version 0.1.0+git.2.2391ac0:
  * Update version to 0.1.0
  * Update the README
  * idprovider: Fix mixed case auth failure
  * daemon: Port daemon changes from kanidm
  * provider: Skip provider init on silent auth and offline
  * daemon: Run himmelblaud as non-root dynamic user

-------------------------------------------------------------------
Tue Sep 12 21:12:46 UTC 2023 - david.mulder@suse.com

- Update to version 0.0.4+git.50.112df77:
  * Always match DAG where present
  * Prohibit authentication with changing IDs

-------------------------------------------------------------------
Fri Sep 08 14:16:20 UTC 2023 - david.mulder@suse.com

- Update to version 0.0.4+git.42.d641c8b:
  * Run cargo fmt and cargo clippy
  * Implement DeviceAuthorizationGrant for MFA
  * test: Initialize the pam_allow_groups with users
  * Use new pam state machine in himmelblau
  * Remove the non-functional device enrollment
  * TODO: New details regarding MS auth cache
  * daemon: Implement pam allow groups
  * Code rearrangement

-------------------------------------------------------------------
Thu Aug 10 14:55:54 UTC 2023 - dmulder@suse.com

- Update to version 0.0.4+git.30.26c26e7:
  * aad-tool: Disable enrollment by default
  * provider: Fetch GECOS from old token on silent acquire
  * msal: Add bindings for device auth flow
  * Add debug for local user ignore
  * provider: Only retry auth if we're sure group read was requested
  * provider: Provide user token refresh
  * provider: Cause unix_group_get to respond with BadRequest
  * provider: Implement provider_authenticate

-------------------------------------------------------------------
Tue Aug 08 19:29:40 UTC 2023 - dmulder@suse.com

- Update to version 0.0.4+git.9.a7c5ac2:
  * osc breaks with workspace errors using symlinks
  * gp: Disable MDM policies by default

-------------------------------------------------------------------
Mon Aug 07 20:31:52 UTC 2023 - dmulder@suse.com

- Update to version 0.0.4+git.3.b500f1f:
  * Update serde version
  * Update version to 0.0.4
  * Only build necessary bits of kanidm proto
  * Add cache operations to daemon and aad-tool
  * tests: Include local cache of rust deps
  * cache: Use the kanidm cache backend

-------------------------------------------------------------------
Mon Jul 31 21:16:59 UTC 2023 - dmulder@suse.com

- Update to version 0.0.3+git.10.761b4d2:
  * gp: Apply chromium policies
  * gp: Implement Group Policy object listing
  * test: Fix build test failure
  * tests: Return the correct error code from tests
  * test: Separate project build from docker build
  * tests: Deploy config when testing

-------------------------------------------------------------------
Tue Jul 18 18:54:07 UTC 2023 - dmulder@suse.com

- Update to version 0.0.3+git.3.f0883b1:
  * nss: Fix misaligned pointer dereference errors
  * Fix code links

-------------------------------------------------------------------
Mon Jul 17 19:43:26 UTC 2023 - dmulder@suse.com

- Update to version 0.0.3+git.1.e6847eb:
  * Revert "nss: Use kanidm nss code"
  * Update lib versions to match package version
  * Shallow clone kanidm for pam/nss
  * tests: Fix tar recursion

-------------------------------------------------------------------
Fri Jul 14 17:23:46 UTC 2023 - dmulder@suse.com

- Update to version 0.0.2+git.22.1c3ce4b:
  * Remove symlinks and just point to kanidm sources
  * nss: Use kanidm nss code
  * Add submodule commands to main Makefile
  * pam: Use kanidm pam code, glue into himmelblau
  * TODO: Only auth to configured domains

-------------------------------------------------------------------
Mon Jul 10 21:19:19 UTC 2023 - dmulder@suse.com

- Update to version 0.0.2+git.15.d42b114:
  * aad-tool: Enroll via the daemon
  * config: Add func for requesting configured socket path
  * aad-tool: Improve enroll options

-------------------------------------------------------------------
Mon Jul 10 19:23:50 UTC 2023 - dmulder@suse.com

- Update to version 0.0.2+git.11.91df240:
  * daemon: Add a systemd service
  * daemon: Don't request group read scope if using Intune
  * TODO: Mention the work needed for the cache
  * README: Include homedir creation instructions
  * daemon: If auth fails, indicate the user

-------------------------------------------------------------------
Fri Jul 07 16:18:10 UTC 2023 - dmulder@suse.com

- Update to version 0.0.2+git.6.de1afd6:
  * test: Ensure invalid users aren't cached
  * test: Skip getent group tests failing due to nss issue
  * tests: Add nss tests
  * tests: Test pam auth
  * msal: Allow fetching auth url

-------------------------------------------------------------------
Wed Jun 28 16:55:26 UTC 2023 - dmulder@suse.com

- Update to version 0.0.2+git.0.5bfbedd:
  * cache: Make the cache persistent
  * TODO: Cannot fudge an initial nss request
  * Use tracing for debug instead of log
  * aad-tool: Fix some build warnings
  * aad-tool: Add TODO comments regarding enrollment issues
  * aad-tool: Always use interactive enrollment
  * fix readme
  * aad-tool: Save the device_id after enrollment
  * aad-tool: Cannot enroll in Intune Portal directly
  * aad-tool: Parse the enrollment response
  * aad-tool: Add a enroll command for Azure AD device
  * memcache: Only append existing group member if missing
  * himmelblaud: Fix login when Intune errors on group read
  * memcache: Create a memcache for user and group caching
  * TODO: Group memberships
  * TODO: NSS requests via GET reqs
  * config: Include default for authority_host
  * config: Specify constants for defaults
  * Cleanup the build depencencies
  * TODO: Fix the headings
  * TODO: Add major reqs section
  * Cause the odc provider to supply the authority_host
  * TODO: Use tracing module
  * Include offline logon in todo list
  * Add a TODO list
  * Discover the tenant_id in the same manner as Intune
  * himmelblaud: Debug for unknown user/group
  * himmelblaud: Fix failure to cache user
  * himmelblaud: Pam Allowed and Sessions stubs
  * himmelblaud: Implement NssGroupByGid and NssAccountByUid
  * himmelblaud: Implement group lookups
  * Include the gecos in the mem cache
  * Use config for shell, homedir, uid range, tenant
  * Improve Developer Readme
  * config: Config should not default app_id
  * Remove invalid comment
  * himmelblaud: Return with failure without tenant_id
  * config: Move the config to unix_common module
  * himmelblaud: Make the socket path configurable
  * himmelblaud: Use Intune portal when app_id unset

-------------------------------------------------------------------
Fri Jun 02 21:16:00 UTC 2023 - dmulder@suse.com

- Update to version 0.0.1+git.15.f9a024e:
  * Generate unix uid/gid
  * himmelblaud: Stubs for NssGroupByName and NssGroups
  * himmelblaud: Fix auth failure error message
  * himmelblaud: Open socket with permissions for users to read/write
  * msal: Fix nssaccountbyname lookup
  * himmelblaud: Improve logging
  * Include systemd journal logging
  * msal: Fix failure parsing user token dict
  * Implement simple NssAccountByName
  * Implement basic NssAccounts request
  * pam: Fix unused variable warning
  * himmelblaud: Rewrite the daemon in Rust
  * msal: Add a simple rust binding to python msal
  * Remove the python daemon in favor of Rust

-------------------------------------------------------------------
Fri May 26 20:48:17 UTC 2023 - dmulder@suse.com

- Update to version 0.0.1+git.0.56eb9f0:
  * himmelblaud: Implement nss lookups in the daemon
  * himmelblaud: Allow anyone to r/w the socket
  * himmelblaud: Implement simple nss getpwent name
  * pam: Remove account allowed and being session impl
  * unix_common: UID and GID need not match
  * himmelblaud: Improve the debug output
  * himmelblaud: Remove stdout debug since logging to journald
  * himmelblaud: Log to the systemd journal
  * nss: Add the nss module
  * Improve directory structure