1OpenPAM Dogwood 2003-07-15 2 3 - ENHANCE: Use the GNU autotools. 4 5 - ENHANCE: Constify the msg field in struct pam_message. 6 7 - BUGFIX: Remove left-over debugging output 8 9 - BUGFIX: Avoid side effects in arguments to the FREE() macro 10 11 - ENHANCE: Make openpam_ttyconv(3) use read(2) rather than fgets(3). 12 13 - BUGFIX: Staticize some variables which shouldn't be global. 14 15 - BUGFIX: Correcly anticipate a NULL user in pam_get_user(3). 16 17 - ENHANCE: Various minor documentation improvements. 18 19Thanks to Dmitry V. Levin <ldv@altlinux.org> for considerable 20assistance with this release. 21============================================================================ 22OpenPAM Digitalis 2003-06-01 23 24 - ENHANCE: Completely rewrite the configuration parser and add 25 support for the "include" control flag. 26 27 - ENHANCE: Improve portability to NetBSD, OpenBSD and Linux. 28 29 - ENHANCE: Lots of additional paranoia. 30 31 - BUGFIX: The sample su(1) application dropped privileges before 32 forking instead of after. 33 34 - ENHANCE: Document openpam_log(3). 35 36 - ENHANCE: Other minor documentation fixes. 37 38Thanks to Dmitry V. Levin <ldv@altlinux.org> for considerable 39assistance with this release. 40============================================================================ 41OpenPAM Dianthus 2003-05-02 42 43 - BUGFIX: Initialize some potentially uninitialized variables. 44 45 - BUGFIX: Silence some warnings emitted by gcc -std=iso9899:1999. 46 47 - BUGFIX: In pam_getenv(), return a pointer to the stored variable 48 instead of a freshly allocated copy. 49 50 - ENHANCE: Detect recursion in openpam_borrow_cred() 51 52 - ENHANCE: Make borrowing one's own credentials a no-op. 53 54 - ENHANCE: Further improve debugging support. 55 56 - ENHANCE: Clean up some variable names. 57============================================================================ 58OpenPAM Daffodil 2003-01-06 59 60 - ENHANCE: Document dependency on <sys/types.h> (for size_t) 61 62 - ENHANCE: Slightly improve error detection in openpam_ttyconv(). 63 64 - BUGFIX: Fix several typos in debugging macros. 65============================================================================ 66OpenPAM Cyclamen 2002-12-12 67 68 - ENHANCE: Improve recursion detection in openpam_dispatch(). 69 70 - ENHANCE: Add debugging messages at entry and exit points of most 71 functions. 72 73 - ENHANCE: Fix some minor style issues. 74 75 - BUGFIX: Add default cases to the switches in openpam_log.c. 76 77 - ENHANCE: Add /usr/local/etc/pam.conf to policy search path. 78 79 - BUGFIX: In openpam_ttyconv(3), print the prompt to stdout rather 80 than stderr. 81============================================================================ 82OpenPAM Citronella 2002-06-30 83 84 - ENHANCE: Add the "binding" control flag (from Solaris 9). 85 86 - ENHANCE: Define struct pam_repository and PAM_REPOSITORY (from 87 Solaris 9). 88 89 - ENHANCE: Flesh out the pam(3) man page. 90 91 - ENHANCE: Add an openpam(3) page with cross-references to all the 92 documented OpenPAM API extensions. 93 94 - ENHANCE: Add a pam_conv(3) man page describing the conversation 95 system. 96 97 - ENHANCE: Improved sample application. 98 99 - ENHANCE: Added sample pam_unix module. 100 101 - BUGFIX: Various documentation nits. 102============================================================================ 103OpenPAM Cinquefoil 2002-05-24 104 105 - BUGFIX: Various warnings uncovered by gcc 3.1. 106 107 - ENHANCE: Add a null conversation function, openpam_nullconv(3). 108 109 - BUGFIX: Initialize the "other" chain to all zeroes. 110 111 - ENHANCE: Document openpam_ttyconv(3). 112============================================================================ 113OpenPAM Cinnamon 2002-05-02 114 115 - ENHANCE: Add a null conversation function, openpam_nullconv(). 116 117 - BUGFIX: Various markup bugs in the documentation. 118 119 - BUGFIX: Document <security/openpam.h>. 120 121 - BUGFIX: Duplicate expansion of openpam_log() macro arguments. 122 123 - ENHANCE: Restructure the policy-loading code and align our use of 124 the "other" policy with Solaris and Linux-PAM. 125 126 - ENHANCE: Log dlopen() and dlsym() failures. 127 128 - ENHANCE: In openpam_ttyconv(), emit a newline after error and info 129 messages unless the message contains one already. 130 131 - BUGFIX: In pam_vprompt(), initialize the response pointer to NULL 132 so we can detect whether the conversation function touched it. 133============================================================================ 134OpenPAM Cineraria 2002-04-14 135 136 - BUGFIX: Fix confusion between token and prompt in 137 pam_get_authtok(3). 138 139 - ENHANCE: Improved documentation. 140 141 - ENHANCE: Adopt the same preprocessor tricks that were used in 142 FreeBSD's version of Linux-PAM to simplify static linking without 143 requiring dummy primitives. 144 145 - ENHANCE: Move the policy-loading code out of pam_start.c. 146 147 - BUGFIX: Fix typo in one of the versions of the openpam_log macro. 148 149 - ENHANCE: Add versioning macros. 150============================================================================ 151OpenPAM Cinchona 2002-04-08 152 153 - ENHANCE: Improved documentation for several API functions. 154 155 - BUGFIX: Fix bug in pam_set_data() that would result in corruption 156 of the module data list. 157 158 - BUGFIX: Allocate the correct amount of memory for the environment 159 list in pam_putenv(). 160 161 - ENHANCE: Change pam_get_authtok()'s prototype so the caller can 162 specify what token it wants. Also introduce PAM_OLDAUTHTOK_PROMPT. 163 164 - BUGFIX: Plug memory leak in pam_get_user() / pam_get_authtok(), and 165 reduce differences between these very similar functions. 166 167 - ENHANCE: Check flags carefully in pam_authenticate() and 168 pam_chauthtok(). 169 170 - BUGFIX: Fix bugs in portability code; libpam now builds on NetBSD. 171 172 - ENHANCE: In pam_get_authtok(), if PAM_OLDAUTHTOK is set, we're 173 asked for PAM_AUTHTOK, and we have to prompt the user, prompt her 174 twice and compare the responses. 175 176 - ENHANCE: Add openpam_{borrow,restore}_cred(), for temporarily 177 switching to user credentials. 178 179 - ENHANCE: Add openpam_free_data(), a generic cleanup function for 180 pam_set_data() consumers. 181============================================================================ 182OpenPAM Centaury 2002-03-14 183 184 - BUGFIX: Add missing #include <string.h> to openpam_log.c. 185 186 - BUGFIX: s/PAM_REINITIALISE_CRED/PAM_REINITIALIZE_CRED/. XSSO uses 187 the former, but Solaris and Linux-PAM use the latter. 188 189 - BUGFIX: The dynamic loader and the module cache contained a number 190 of bugs which would cause a segmentation fault if pam_start(3) was 191 called again after pam_end(3), as happens in login(1), xdm(1) etc. 192 after a failed login. 193 194 - BUGFIX: Refer to a module by the name used in the policy file, even 195 if the module that was actually loaded was versioned. 196 197 - ENHANCE: Suppress debugging logs, unless compiled with -DDEBUG. 198============================================================================ 199OpenPAM Celandine 2002-03-05 200 201 - BUGFIX: PAM_TRY_AGAIN is a valid return value for pam_chauthtok(). 202 203 - BUGFIX: Run passwd chain twice, first with the PAM_PRELIM_CHECK 204 flag set, then with the PAM_UPDATE_AUTHTOK flag set. 205 206 - BUGFIX: Failure of a "sufficient" module should not terminate the 207 passwd chain if the PAM_PRELIM_CHECK flag is set. 208 209 - BUGFIX: Clear PAM_AUTHTOK after running the service modules. 210 211 - ENHANCE: Prevent applications from specifying the PAM_PRELIM_CHECK 212 or PAM_UPDATE_AUTHTOK flags themselves. 213 214 - BUGFIX: openpam_set_option() did not support changing the value of 215 an existing option. 216 217 - ENHANCE: Add support for module versioning. OpenPAM will prefer a 218 module with the same version number as the library itself to one 219 with no version number at all. 220============================================================================ 221OpenPAM Cantaloupe 2002-02-22 222 223 - BUGFIX: The proper use of PAM_SYMBOL_ERR is to indicate an invalid 224 argument to pam_[gs]et_item(3), not to indicate dlsym(3) failures. 225 226 - ENHANCE: Add in-line documentation in most source files, and a Perl 227 script that generates mdoc code from that. 228 229 - BUGFIX: The environment list was not properly NULL-terminated. 230 231 - ENHANCE: Allow the PAM_AUTHTOK_PROMPT item to override the prompt 232 specified by the module. 233 234 - BUGFIX: PAM_NUM_ITEMS was set too low. It has been moved to 235 pam_constants.h to avoid it going stale again. 236 237 - ENHANCE: Move all code related to static modules into a separate 238 file. 239 240 - ENHANCE: openpam_ttyconv() now masks most signals while prompting the 241 user, and supports setting a timeout (which defaults to off). 242 243 - BUGFIX: Some manual pages referenced XSSO even though they 244 documented OpenPAM-specific functions. 245 246 - ENHANCE: Added openpam_get_option() and openpam_set_option(). 247 248 - ENHANCE: openpam_get_authtok() now respects the echo_pass, 249 try_first_pass, and use_first_pass options. 250============================================================================ 251OpenPAM Caliopsis 2002-02-13 252 253Fixed a number of bugs in the previous release, including: 254 - a number of bugs in and related to pam_[gs]et_item(3) 255 - off-by-one bug in pam_start.c would trim last character off certain 256 configuration lines 257 - incorrect ordering of an array in openpam_load.c would cause service 258 module functions to get mixed up 259 - missing 'continue' in openpam_dispatch.c caused successes to be 260 counted as failures 261============================================================================ 262OpenPAM Calamite 2002-02-09 263 264First (beta) release. 265============================================================================ 266$P4: //depot/projects/openpam/HISTORY#21 $ 267