1OpenPAM Hydrangea 2007-12-21 2 3 - ENHANCE: when compiling with GCC, mark up API functions with GCC 4 attributes where appropriate. 5 6 - BUGFIX: fixed numerous warnings uncovered by GCC 4. 7 8 - ENHANCE: building the documentation is now optional. 9 10 - ENHANCE: corrected a number of mistakes and style issues in the 11 build system. 12 13 - ENHANCE: API function arguments are now const where appropriate, to 14 match corresponding changes in the Solaris PAM and Linux-PAM APIs. 15 16 - ENHANCE: corrected a number of C namespace violations. 17 18 - ENHANCE: the module cache has been removed, allowing long-lived 19 applications to pick up module changes. This also allows multiple 20 threads to use PAM simultaneously (as long as they use separate PAM 21 contexts), since the module cache was the only part of OpenPAM that 22 was not thread-safe. 23============================================================================ 24OpenPAM Figwort 2005-06-16 25 26 - BUGFIX: Correct several small signedness and initialization bugs 27 discovered during review by the NetBSD team. 28 29 - BUGFIX: Modify gendoc.pl to sort cross-references in dictionary 30 order within each section. 31 32 - ENHANCE: if a policy specifies a relative module path, prepend the 33 module directory so we never call dlopen(3) with a relative path. 34 35 - ENHANCE: add a pam.conf(5) manual page. 36============================================================================ 37OpenPAM Feterita 2005-02-01 38 39 - BUGFIX: Correct numerous markup errors, invalid cross-references, 40 and other issues in the manual pages, with kind assistance from 41 Ruslan Ermilov <ru@freebsd.org>. 42 43 - BUGFIX: Avoid multiple evaluation of macro arguments in ENTERX() 44 and RETURNX() macros. 45 46 - BUGFIX: Remove an unnecessary and non-portable pointer cast in 47 pam_get_data(3). 48 49 - BUGFIX: Fix identical typos in PAM_ACCT_EXPIRED case in 50 pam_strerror(3) and gendoc.pl. 51 52 - ENHANCE: Minor overhaul of the autoconf / build system. 53 54 - ENHANCE: Add openpam_free_envlist(3). 55============================================================================ 56OpenPAM Eelgrass 2004-02-10 57 58 - BUGFIX: Correct array handling bugs in conversation code. 59 60 - BUGFIX: In openpam_ttyconv(3), don't strip trailing linear 61 whitespace from the user's response. 62 63 - BUGFIX: Many constness issues addressed. 64============================================================================ 65OpenPAM Dogwood 2003-07-15 66 67 - ENHANCE: Use the GNU autotools. 68 69 - ENHANCE: Constify the msg field in struct pam_message. 70 71 - BUGFIX: Remove left-over debugging output 72 73 - BUGFIX: Avoid side effects in arguments to the FREE() macro 74 75 - ENHANCE: Make openpam_ttyconv(3) use read(2) rather than fgets(3). 76 77 - BUGFIX: Staticize some variables which shouldn't be global. 78 79 - BUGFIX: Correcly anticipate a NULL user in pam_get_user(3). 80 81 - ENHANCE: Various minor documentation improvements. 82 83Thanks to Dmitry V. Levin <ldv@altlinux.org> for considerable 84assistance with this release. 85============================================================================ 86OpenPAM Digitalis 2003-06-01 87 88 - ENHANCE: Completely rewrite the configuration parser and add 89 support for the "include" control flag. 90 91 - ENHANCE: Improve portability to NetBSD, OpenBSD and Linux. 92 93 - ENHANCE: Lots of additional paranoia. 94 95 - BUGFIX: The sample su(1) application dropped privileges before 96 forking instead of after. 97 98 - ENHANCE: Document openpam_log(3). 99 100 - ENHANCE: Other minor documentation fixes. 101 102Thanks to Dmitry V. Levin <ldv@altlinux.org> for considerable 103assistance with this release. 104============================================================================ 105OpenPAM Dianthus 2003-05-02 106 107 - BUGFIX: Initialize some potentially uninitialized variables. 108 109 - BUGFIX: Silence some warnings emitted by gcc -std=iso9899:1999. 110 111 - BUGFIX: In pam_getenv(), return a pointer to the stored variable 112 instead of a freshly allocated copy. 113 114 - ENHANCE: Detect recursion in openpam_borrow_cred() 115 116 - ENHANCE: Make borrowing one's own credentials a no-op. 117 118 - ENHANCE: Further improve debugging support. 119 120 - ENHANCE: Clean up some variable names. 121============================================================================ 122OpenPAM Daffodil 2003-01-06 123 124 - ENHANCE: Document dependency on <sys/types.h> (for size_t) 125 126 - ENHANCE: Slightly improve error detection in openpam_ttyconv(). 127 128 - BUGFIX: Fix several typos in debugging macros. 129============================================================================ 130OpenPAM Cyclamen 2002-12-12 131 132 - ENHANCE: Improve recursion detection in openpam_dispatch(). 133 134 - ENHANCE: Add debugging messages at entry and exit points of most 135 functions. 136 137 - ENHANCE: Fix some minor style issues. 138 139 - BUGFIX: Add default cases to the switches in openpam_log.c. 140 141 - ENHANCE: Add /usr/local/etc/pam.conf to policy search path. 142 143 - BUGFIX: In openpam_ttyconv(3), print the prompt to stdout rather 144 than stderr. 145============================================================================ 146OpenPAM Citronella 2002-06-30 147 148 - ENHANCE: Add the "binding" control flag (from Solaris 9). 149 150 - ENHANCE: Define struct pam_repository and PAM_REPOSITORY (from 151 Solaris 9). 152 153 - ENHANCE: Flesh out the pam(3) man page. 154 155 - ENHANCE: Add an openpam(3) page with cross-references to all the 156 documented OpenPAM API extensions. 157 158 - ENHANCE: Add a pam_conv(3) man page describing the conversation 159 system. 160 161 - ENHANCE: Improved sample application. 162 163 - ENHANCE: Added sample pam_unix module. 164 165 - BUGFIX: Various documentation nits. 166============================================================================ 167OpenPAM Cinquefoil 2002-05-24 168 169 - BUGFIX: Various warnings uncovered by gcc 3.1. 170 171 - ENHANCE: Add a null conversation function, openpam_nullconv(3). 172 173 - BUGFIX: Initialize the "other" chain to all zeroes. 174 175 - ENHANCE: Document openpam_ttyconv(3). 176============================================================================ 177OpenPAM Cinnamon 2002-05-02 178 179 - ENHANCE: Add a null conversation function, openpam_nullconv(). 180 181 - BUGFIX: Various markup bugs in the documentation. 182 183 - BUGFIX: Document <security/openpam.h>. 184 185 - BUGFIX: Duplicate expansion of openpam_log() macro arguments. 186 187 - ENHANCE: Restructure the policy-loading code and align our use of 188 the "other" policy with Solaris and Linux-PAM. 189 190 - ENHANCE: Log dlopen() and dlsym() failures. 191 192 - ENHANCE: In openpam_ttyconv(), emit a newline after error and info 193 messages unless the message contains one already. 194 195 - BUGFIX: In pam_vprompt(), initialize the response pointer to NULL 196 so we can detect whether the conversation function touched it. 197============================================================================ 198OpenPAM Cineraria 2002-04-14 199 200 - BUGFIX: Fix confusion between token and prompt in 201 pam_get_authtok(3). 202 203 - ENHANCE: Improved documentation. 204 205 - ENHANCE: Adopt the same preprocessor tricks that were used in 206 FreeBSD's version of Linux-PAM to simplify static linking without 207 requiring dummy primitives. 208 209 - ENHANCE: Move the policy-loading code out of pam_start.c. 210 211 - BUGFIX: Fix typo in one of the versions of the openpam_log macro. 212 213 - ENHANCE: Add versioning macros. 214============================================================================ 215OpenPAM Cinchona 2002-04-08 216 217 - ENHANCE: Improved documentation for several API functions. 218 219 - BUGFIX: Fix bug in pam_set_data() that would result in corruption 220 of the module data list. 221 222 - BUGFIX: Allocate the correct amount of memory for the environment 223 list in pam_putenv(). 224 225 - ENHANCE: Change pam_get_authtok()'s prototype so the caller can 226 specify what token it wants. Also introduce PAM_OLDAUTHTOK_PROMPT. 227 228 - BUGFIX: Plug memory leak in pam_get_user() / pam_get_authtok(), and 229 reduce differences between these very similar functions. 230 231 - ENHANCE: Check flags carefully in pam_authenticate() and 232 pam_chauthtok(). 233 234 - BUGFIX: Fix bugs in portability code; libpam now builds on NetBSD. 235 236 - ENHANCE: In pam_get_authtok(), if PAM_OLDAUTHTOK is set, we're 237 asked for PAM_AUTHTOK, and we have to prompt the user, prompt her 238 twice and compare the responses. 239 240 - ENHANCE: Add openpam_{borrow,restore}_cred(), for temporarily 241 switching to user credentials. 242 243 - ENHANCE: Add openpam_free_data(), a generic cleanup function for 244 pam_set_data() consumers. 245============================================================================ 246OpenPAM Centaury 2002-03-14 247 248 - BUGFIX: Add missing #include <string.h> to openpam_log.c. 249 250 - BUGFIX: s/PAM_REINITIALISE_CRED/PAM_REINITIALIZE_CRED/. XSSO uses 251 the former, but Solaris and Linux-PAM use the latter. 252 253 - BUGFIX: The dynamic loader and the module cache contained a number 254 of bugs which would cause a segmentation fault if pam_start(3) was 255 called again after pam_end(3), as happens in login(1), xdm(1) etc. 256 after a failed login. 257 258 - BUGFIX: Refer to a module by the name used in the policy file, even 259 if the module that was actually loaded was versioned. 260 261 - ENHANCE: Suppress debugging logs, unless compiled with -DDEBUG. 262============================================================================ 263OpenPAM Celandine 2002-03-05 264 265 - BUGFIX: PAM_TRY_AGAIN is a valid return value for pam_chauthtok(). 266 267 - BUGFIX: Run passwd chain twice, first with the PAM_PRELIM_CHECK 268 flag set, then with the PAM_UPDATE_AUTHTOK flag set. 269 270 - BUGFIX: Failure of a "sufficient" module should not terminate the 271 passwd chain if the PAM_PRELIM_CHECK flag is set. 272 273 - BUGFIX: Clear PAM_AUTHTOK after running the service modules. 274 275 - ENHANCE: Prevent applications from specifying the PAM_PRELIM_CHECK 276 or PAM_UPDATE_AUTHTOK flags themselves. 277 278 - BUGFIX: openpam_set_option() did not support changing the value of 279 an existing option. 280 281 - ENHANCE: Add support for module versioning. OpenPAM will prefer a 282 module with the same version number as the library itself to one 283 with no version number at all. 284============================================================================ 285OpenPAM Cantaloupe 2002-02-22 286 287 - BUGFIX: The proper use of PAM_SYMBOL_ERR is to indicate an invalid 288 argument to pam_[gs]et_item(3), not to indicate dlsym(3) failures. 289 290 - ENHANCE: Add in-line documentation in most source files, and a Perl 291 script that generates mdoc code from that. 292 293 - BUGFIX: The environment list was not properly NULL-terminated. 294 295 - ENHANCE: Allow the PAM_AUTHTOK_PROMPT item to override the prompt 296 specified by the module. 297 298 - BUGFIX: PAM_NUM_ITEMS was set too low. It has been moved to 299 pam_constants.h to avoid it going stale again. 300 301 - ENHANCE: Move all code related to static modules into a separate 302 file. 303 304 - ENHANCE: openpam_ttyconv() now masks most signals while prompting the 305 user, and supports setting a timeout (which defaults to off). 306 307 - BUGFIX: Some manual pages referenced XSSO even though they 308 documented OpenPAM-specific functions. 309 310 - ENHANCE: Added openpam_get_option() and openpam_set_option(). 311 312 - ENHANCE: openpam_get_authtok() now respects the echo_pass, 313 try_first_pass, and use_first_pass options. 314============================================================================ 315OpenPAM Caliopsis 2002-02-13 316 317Fixed a number of bugs in the previous release, including: 318 - a number of bugs in and related to pam_[gs]et_item(3) 319 - off-by-one bug in pam_start.c would trim last character off certain 320 configuration lines 321 - incorrect ordering of an array in openpam_load.c would cause service 322 module functions to get mixed up 323 - missing 'continue' in openpam_dispatch.c caused successes to be 324 counted as failures 325============================================================================ 326OpenPAM Calamite 2002-02-09 327 328First (beta) release. 329============================================================================ 330$Id: HISTORY 409 2007-12-21 11:38:50Z des $ 331