HISTORY revision 107937
1OpenPAM Cyclamen 2002-12-12 2 3 - ENHANCE: Improve recursion detection in openpam_dispatch(). 4 5 - ENHANCE: Add debugging messages at entry and exit points of most 6 functions. 7 8 - ENHANCE: Fix some minor style issues. 9 10 - BUGFIX: Add default cases to the switches in openpam_log.c. 11 12 - ENHANCE: Add /usr/local/etc/pam.conf to policy search path. 13 14 - BUGFIX: In openpam_ttyconv(3), print the prompt to stdout rather 15 than stderr. 16============================================================================ 17OpenPAM Citronella 2002-06-30 18 19 - ENHANCE: Add the "binding" control flag (from Solaris 9). 20 21 - ENHANCE: Define struct pam_repository and PAM_REPOSITORY (from 22 Solaris 9). 23 24 - ENHANCE: Flesh out the pam(3) man page. 25 26 - ENHANCE: Add an openpam(3) page with cross-references to all the 27 documented OpenPAM API extensions. 28 29 - ENHANCE: Add a pam_conv(3) man page describing the conversation 30 system. 31 32 - ENHANCE: Improved sample application. 33 34 - ENHANCE: Added sample pam_unix module. 35 36 - BUGFIX: Various documentation nits. 37============================================================================ 38OpenPAM Cinquefoil 2002-05-24 39 40 - BUGFIX: Various warnings uncovered by gcc 3.1. 41 42 - ENHANCE: Add a null conversation function, openpam_nullconv(3). 43 44 - BUGFIX: Initialize the "other" chain to all zeroes. 45 46 - ENHANCE: Document openpam_ttyconv(3). 47============================================================================ 48OpenPAM Cinnamon 2002-05-02 49 50 - ENHANCE: Add a null conversation function, openpam_nullconv(). 51 52 - BUGFIX: Various markup bugs in the documentation. 53 54 - BUGFIX: Document <security/openpam.h>. 55 56 - BUGFIX: Duplicate expansion of openpam_log() macro arguments. 57 58 - ENHANCE: Restructure the policy-loading code and align our use of 59 the "other" policy with Solaris and Linux-PAM. 60 61 - ENHANCE: Log dlopen() and dlsym() failures. 62 63 - ENHANCE: In openpam_ttyconv(), emit a newline after error and info 64 messages unless the message contains one already. 65 66 - BUGFIX: In pam_vprompt(), initialize the response pointer to NULL 67 so we can detect whether the conversation function touched it. 68============================================================================ 69OpenPAM Cineraria 2002-04-14 70 71 - BUGFIX: Fix confusion between token and prompt in 72 pam_get_authtok(3). 73 74 - ENHANCE: Improved documentation. 75 76 - ENHANCE: Adopt the same preprocessor tricks that were used in 77 FreeBSD's version of Linux-PAM to simplify static linking without 78 requiring dummy primitives. 79 80 - ENHANCE: Move the policy-loading code out of pam_start.c. 81 82 - BUGFIX: Fix typo in one of the versions of the openpam_log macro. 83 84 - ENHANCE: Add versioning macros. 85============================================================================ 86OpenPAM Cinchona 2002-04-08 87 88 - ENHANCE: Improved documentation for several API functions. 89 90 - BUGFIX: Fix bug in pam_set_data() that would result in corruption 91 of the module data list. 92 93 - BUGFIX: Allocate the correct amount of memory for the environment 94 list in pam_putenv(). 95 96 - ENHANCE: Change pam_get_authtok()'s prototype so the caller can 97 specify what token it wants. Also introduce PAM_OLDAUTHTOK_PROMPT. 98 99 - BUGFIX: Plug memory leak in pam_get_user() / pam_get_authtok(), and 100 reduce differences between these very similar functions. 101 102 - ENHANCE: Check flags carefully in pam_authenticate() and 103 pam_chauthtok(). 104 105 - BUGFIX: Fix bugs in portability code; libpam now builds on NetBSD. 106 107 - ENHANCE: In pam_get_authtok(), if PAM_OLDAUTHTOK is set, we're 108 asked for PAM_AUTHTOK, and we have to prompt the user, prompt her 109 twice and compare the responses. 110 111 - ENHANCE: Add openpam_{borrow,restore}_cred(), for temporarily 112 switching to user credentials. 113 114 - ENHANCE: Add openpam_free_data(), a generic cleanup function for 115 pam_set_data() consumers. 116============================================================================ 117OpenPAM Centaury 2002-03-14 118 119 - BUGFIX: Add missing #include <string.h> to openpam_log.c. 120 121 - BUGFIX: s/PAM_REINITIALISE_CRED/PAM_REINITIALIZE_CRED/. XSSO uses 122 the former, but Solaris and Linux-PAM use the latter. 123 124 - BUGFIX: The dynamic loader and the module cache contained a number 125 of bugs which would cause a segmentation fault if pam_start(3) was 126 called again after pam_end(3), as happens in login(1), xdm(1) etc. 127 after a failed login. 128 129 - BUGFIX: Refer to a module by the name used in the policy file, even 130 if the module that was actually loaded was versioned. 131 132 - ENHANCE: Suppress debugging logs, unless compiled with -DDEBUG. 133============================================================================ 134OpenPAM Celandine 2002-03-05 135 136 - BUGFIX: PAM_TRY_AGAIN is a valid return value for pam_chauthtok(). 137 138 - BUGFIX: Run passwd chain twice, first with the PAM_PRELIM_CHECK 139 flag set, then with the PAM_UPDATE_AUTHTOK flag set. 140 141 - BUGFIX: Failure of a "sufficient" module should not terminate the 142 passwd chain if the PAM_PRELIM_CHECK flag is set. 143 144 - BUGFIX: Clear PAM_AUTHTOK after running the service modules. 145 146 - ENHANCE: Prevent applications from specifying the PAM_PRELIM_CHECK 147 or PAM_UPDATE_AUTHTOK flags themselves. 148 149 - BUGFIX: openpam_set_option() did not support changing the value of 150 an existing option. 151 152 - ENHANCE: Add support for module versioning. OpenPAM will prefer a 153 module with the same version number as the library itself to one 154 with no version number at all. 155============================================================================ 156OpenPAM Cantaloupe 2002-02-22 157 158 - BUGFIX: The proper use of PAM_SYMBOL_ERR is to indicate an invalid 159 argument to pam_[gs]et_item(3), not to indicate dlsym(3) failures. 160 161 - ENHANCE: Add in-line documentation in most source files, and a Perl 162 script that generates mdoc code from that. 163 164 - BUGFIX: The environment list was not properly NULL-terminated. 165 166 - ENHANCE: Allow the PAM_AUTHTOK_PROMPT item to override the prompt 167 specified by the module. 168 169 - BUGFIX: PAM_NUM_ITEMS was set too low. It has been moved to 170 pam_constants.h to avoid it going stale again. 171 172 - ENHANCE: Move all code related to static modules into a separate 173 file. 174 175 - ENHANCE: openpam_ttyconv() now masks most signals while prompting the 176 user, and supports setting a timeout (which defaults to off). 177 178 - BUGFIX: Some manual pages referenced XSSO even though they 179 documented OpenPAM-specific functions. 180 181 - ENHANCE: Added openpam_get_option() and openpam_set_option(). 182 183 - ENHANCE: openpam_get_authtok() now respects the echo_pass, 184 try_first_pass, and use_first_pass options. 185============================================================================ 186OpenPAM Caliopsis 2002-02-13 187 188Fixed a number of bugs in the previous release, including: 189 - a number of bugs in and related to pam_[gs]et_item(3) 190 - off-by-one bug in pam_start.c would trim last character off certain 191 configuration lines 192 - incorrect ordering of an array in openpam_load.c would cause service 193 module functions to get mixed up 194 - missing 'continue' in openpam_dispatch.c caused successes to be 195 counted as failures 196============================================================================ 197OpenPAM Calamite 2002-02-09 198 199First (beta) release. 200============================================================================ 201$P4: //depot/projects/openpam/HISTORY#16 $ 202