xref: /freebsd/contrib/openpam/HISTORY (revision 7aa383846770374466b1dcb2cefd71bde9acf463)
1OpenPAM Hydrangea						2007-12-21
2
3 - ENHANCE: when compiling with GCC, mark up API functions with GCC
4   attributes where appropriate.
5
6 - BUGFIX: fixed numerous warnings uncovered by GCC 4.
7
8 - ENHANCE: building the documentation is now optional.
9
10 - ENHANCE: corrected a number of mistakes and style issues in the
11   build system.
12
13 - ENHANCE: API function arguments are now const where appropriate, to
14   match corresponding changes in the Solaris PAM and Linux-PAM APIs.
15
16 - ENHANCE: corrected a number of C namespace violations.
17
18 - ENHANCE: the module cache has been removed, allowing long-lived
19   applications to pick up module changes.  This also allows multiple
20   threads to use PAM simultaneously (as long as they use separate PAM
21   contexts), since the module cache was the only part of OpenPAM that
22   was not thread-safe.
23============================================================================
24OpenPAM Figwort 2005-06-16
25
26 - BUGFIX: Correct several small signedness and initialization bugs
27   discovered during review by the NetBSD team.
28
29 - BUGFIX: Modify gendoc.pl to sort cross-references in dictionary
30   order within each section.
31
32 - ENHANCE: if a policy specifies a relative module path, prepend the
33   module directory so we never call dlopen(3) with a relative path.
34
35 - ENHANCE: add a pam.conf(5) manual page.
36============================================================================
37OpenPAM Feterita						2005-02-01
38
39 - BUGFIX: Correct numerous markup errors, invalid cross-references,
40   and other issues in the manual pages, with kind assistance from
41   Ruslan Ermilov <ru@freebsd.org>.
42
43 - BUGFIX: Avoid multiple evaluation of macro arguments in ENTERX()
44   and RETURNX() macros.
45
46 - BUGFIX: Remove an unnecessary and non-portable pointer cast in
47   pam_get_data(3).
48
49 - BUGFIX: Fix identical typos in PAM_ACCT_EXPIRED case in
50   pam_strerror(3) and gendoc.pl.
51
52 - ENHANCE: Minor overhaul of the autoconf / build system.
53
54 - ENHANCE: Add openpam_free_envlist(3).
55============================================================================
56OpenPAM Eelgrass						2004-02-10
57
58 - BUGFIX: Correct array handling bugs in conversation code.
59
60 - BUGFIX: In openpam_ttyconv(3), don't strip trailing linear
61   whitespace from the user's response.
62
63 - BUGFIX: Many constness issues addressed.
64============================================================================
65OpenPAM Dogwood							2003-07-15
66
67 - ENHANCE: Use the GNU autotools.
68
69 - ENHANCE: Constify the msg field in struct pam_message.
70
71 - BUGFIX: Remove left-over debugging output
72
73 - BUGFIX: Avoid side effects in arguments to the FREE() macro
74
75 - ENHANCE: Make openpam_ttyconv(3) use read(2) rather than fgets(3).
76
77 - BUGFIX: Staticize some variables which shouldn't be global.
78
79 - BUGFIX: Correcly anticipate a NULL user in pam_get_user(3).
80
81 - ENHANCE: Various minor documentation improvements.
82
83Thanks to Dmitry V. Levin <ldv@altlinux.org> for considerable
84assistance with this release.
85============================================================================
86OpenPAM Digitalis						2003-06-01
87
88 - ENHANCE: Completely rewrite the configuration parser and add
89   support for the "include" control flag.
90
91 - ENHANCE: Improve portability to NetBSD, OpenBSD and Linux.
92
93 - ENHANCE: Lots of additional paranoia.
94
95 - BUGFIX: The sample su(1) application dropped privileges before
96   forking instead of after.
97
98 - ENHANCE: Document openpam_log(3).
99
100 - ENHANCE: Other minor documentation fixes.
101
102Thanks to Dmitry V. Levin <ldv@altlinux.org> for considerable
103assistance with this release.
104============================================================================
105OpenPAM Dianthus						2003-05-02
106
107 - BUGFIX: Initialize some potentially uninitialized variables.
108
109 - BUGFIX: Silence some warnings emitted by gcc -std=iso9899:1999.
110
111 - BUGFIX: In pam_getenv(), return a pointer to the stored variable
112   instead of a freshly allocated copy.
113
114 - ENHANCE: Detect recursion in openpam_borrow_cred()
115
116 - ENHANCE: Make borrowing one's own credentials a no-op.
117
118 - ENHANCE: Further improve debugging support.
119
120 - ENHANCE: Clean up some variable names.
121============================================================================
122OpenPAM Daffodil						2003-01-06
123
124 - ENHANCE: Document dependency on <sys/types.h> (for size_t)
125
126 - ENHANCE: Slightly improve error detection in openpam_ttyconv().
127
128 - BUGFIX: Fix several typos in debugging macros.
129============================================================================
130OpenPAM Cyclamen						2002-12-12
131
132 - ENHANCE: Improve recursion detection in openpam_dispatch().
133
134 - ENHANCE: Add debugging messages at entry and exit points of most
135   functions.
136
137 - ENHANCE: Fix some minor style issues.
138
139 - BUGFIX: Add default cases to the switches in openpam_log.c.
140
141 - ENHANCE: Add /usr/local/etc/pam.conf to policy search path.
142
143 - BUGFIX: In openpam_ttyconv(3), print the prompt to stdout rather
144   than stderr.
145============================================================================
146OpenPAM Citronella						2002-06-30
147
148 - ENHANCE: Add the "binding" control flag (from Solaris 9).
149
150 - ENHANCE: Define struct pam_repository and PAM_REPOSITORY (from
151   Solaris 9).
152
153 - ENHANCE: Flesh out the pam(3) man page.
154
155 - ENHANCE: Add an openpam(3) page with cross-references to all the
156   documented OpenPAM API extensions.
157
158 - ENHANCE: Add a pam_conv(3) man page describing the conversation
159   system.
160
161 - ENHANCE: Improved sample application.
162
163 - ENHANCE: Added sample pam_unix module.
164
165 - BUGFIX: Various documentation nits.
166============================================================================
167OpenPAM Cinquefoil						2002-05-24
168
169 - BUGFIX: Various warnings uncovered by gcc 3.1.
170
171 - ENHANCE: Add a null conversation function, openpam_nullconv(3).
172
173 - BUGFIX: Initialize the "other" chain to all zeroes.
174
175 - ENHANCE: Document openpam_ttyconv(3).
176============================================================================
177OpenPAM Cinnamon						2002-05-02
178
179 - ENHANCE: Add a null conversation function, openpam_nullconv().
180
181 - BUGFIX: Various markup bugs in the documentation.
182
183 - BUGFIX: Document <security/openpam.h>.
184
185 - BUGFIX: Duplicate expansion of openpam_log() macro arguments.
186
187 - ENHANCE: Restructure the policy-loading code and align our use of
188   the "other" policy with Solaris and Linux-PAM.
189
190 - ENHANCE: Log dlopen() and dlsym() failures.
191
192 - ENHANCE: In openpam_ttyconv(), emit a newline after error and info
193   messages unless the message contains one already.
194
195 - BUGFIX: In pam_vprompt(), initialize the response pointer to NULL
196   so we can detect whether the conversation function touched it.
197============================================================================
198OpenPAM Cineraria						2002-04-14
199
200 - BUGFIX: Fix confusion between token and prompt in
201   pam_get_authtok(3).
202
203 - ENHANCE: Improved documentation.
204
205 - ENHANCE: Adopt the same preprocessor tricks that were used in
206   FreeBSD's version of Linux-PAM to simplify static linking without
207   requiring dummy primitives.
208
209 - ENHANCE: Move the policy-loading code out of pam_start.c.
210
211 - BUGFIX: Fix typo in one of the versions of the openpam_log macro.
212
213 - ENHANCE: Add versioning macros.
214============================================================================
215OpenPAM Cinchona						2002-04-08
216
217 - ENHANCE: Improved documentation for several API functions.
218
219 - BUGFIX: Fix bug in pam_set_data() that would result in corruption
220   of the module data list.
221
222 - BUGFIX: Allocate the correct amount of memory for the environment
223   list in pam_putenv().
224
225 - ENHANCE: Change pam_get_authtok()'s prototype so the caller can
226   specify what token it wants.  Also introduce PAM_OLDAUTHTOK_PROMPT.
227
228 - BUGFIX: Plug memory leak in pam_get_user() / pam_get_authtok(), and
229   reduce differences between these very similar functions.
230
231 - ENHANCE: Check flags carefully in pam_authenticate() and
232   pam_chauthtok().
233
234 - BUGFIX: Fix bugs in portability code; libpam now builds on NetBSD.
235
236 - ENHANCE: In pam_get_authtok(), if PAM_OLDAUTHTOK is set, we're
237   asked for PAM_AUTHTOK, and we have to prompt the user, prompt her
238   twice and compare the responses.
239
240 - ENHANCE: Add openpam_{borrow,restore}_cred(), for temporarily
241   switching to user credentials.
242
243 - ENHANCE: Add openpam_free_data(), a generic cleanup function for
244   pam_set_data() consumers.
245============================================================================
246OpenPAM	Centaury						2002-03-14
247
248 - BUGFIX: Add missing #include <string.h> to openpam_log.c.
249
250 - BUGFIX: s/PAM_REINITIALISE_CRED/PAM_REINITIALIZE_CRED/.  XSSO uses
251   the former, but Solaris and Linux-PAM use the latter.
252
253 - BUGFIX: The dynamic loader and the module cache contained a number
254   of bugs which would cause a segmentation fault if pam_start(3) was
255   called again after pam_end(3), as happens in login(1), xdm(1) etc.
256   after a failed login.
257
258 - BUGFIX: Refer to a module by the name used in the policy file, even
259   if the module that was actually loaded was versioned.
260
261 - ENHANCE: Suppress debugging logs, unless compiled with -DDEBUG.
262============================================================================
263OpenPAM Celandine						2002-03-05
264
265 - BUGFIX: PAM_TRY_AGAIN is a valid return value for pam_chauthtok().
266
267 - BUGFIX: Run passwd chain twice, first with the PAM_PRELIM_CHECK
268   flag set, then with the PAM_UPDATE_AUTHTOK flag set.
269
270 - BUGFIX: Failure of a "sufficient" module should not terminate the
271   passwd chain if the PAM_PRELIM_CHECK flag is set.
272
273 - BUGFIX: Clear PAM_AUTHTOK after running the service modules.
274
275 - ENHANCE: Prevent applications from specifying the PAM_PRELIM_CHECK
276   or PAM_UPDATE_AUTHTOK flags themselves.
277
278 - BUGFIX: openpam_set_option() did not support changing the value of
279   an existing option.
280
281 - ENHANCE: Add support for module versioning.  OpenPAM will prefer a
282   module with the same version number as the library itself to one
283   with no version number at all.
284============================================================================
285OpenPAM	Cantaloupe						2002-02-22
286
287 - BUGFIX: The proper use of PAM_SYMBOL_ERR is to indicate an invalid
288   argument to pam_[gs]et_item(3), not to indicate dlsym(3) failures.
289
290 - ENHANCE: Add in-line documentation in most source files, and a Perl
291   script that generates mdoc code from that.
292
293 - BUGFIX: The environment list was not properly NULL-terminated.
294
295 - ENHANCE: Allow the PAM_AUTHTOK_PROMPT item to override the prompt
296   specified by the module.
297
298 - BUGFIX: PAM_NUM_ITEMS was set too low.  It has been moved to
299   pam_constants.h to avoid it going stale again.
300
301 - ENHANCE: Move all code related to static modules into a separate
302   file.
303
304 - ENHANCE: openpam_ttyconv() now masks most signals while prompting the
305   user, and supports setting a timeout (which defaults to off).
306
307 - BUGFIX: Some manual pages referenced XSSO even though they
308   documented OpenPAM-specific functions.
309
310 - ENHANCE: Added openpam_get_option() and openpam_set_option().
311
312 - ENHANCE: openpam_get_authtok() now respects the echo_pass,
313   try_first_pass, and use_first_pass options.
314============================================================================
315OpenPAM	Caliopsis						2002-02-13
316
317Fixed a number of bugs in the previous release, including:
318  - a number of bugs in and related to pam_[gs]et_item(3)
319  - off-by-one bug in pam_start.c would trim last character off certain
320    configuration lines
321  - incorrect ordering of an array in openpam_load.c would cause service
322    module functions to get mixed up
323  - missing 'continue' in openpam_dispatch.c caused successes to be
324    counted as failures
325============================================================================
326OpenPAM	Calamite						2002-02-09
327
328First (beta) release.
329============================================================================
330$Id: HISTORY 409 2007-12-21 11:38:50Z des $
331