HISTORY revision 147455
1147455SdesOpenPAM Figwort 2005-06-16 2147455Sdes 3147455Sdes - BUGFIX: Correct several small signedness and initialization bugs 4147455Sdes discovered during review by the NetBSD team. 5147455Sdes 6147455Sdes - BUGFIX: Modify gendoc.pl to sort cross-references in dictionary 7147455Sdes order within each section. 8147455Sdes 9147455Sdes - ENHANCE: if a policy specifies a relative module path, prepend the 10147455Sdes module directory so we never call dlopen(3) with a relative path. 11147455Sdes 12147455Sdes - ENHANCE: add a pam.conf(5) manual page. 13147455Sdes============================================================================ 14141098SdesOpenPAM Feterita 2005-02-01 15141098Sdes 16141098Sdes - BUGFIX: Correct numerous markup errors, invalid cross-references, 17141098Sdes and other issues in the manual pages, with kind assistance from 18141098Sdes Ruslan Ermilov <ru@freebsd.org>. 19141098Sdes 20141098Sdes - BUGFIX: Avoid multiple evaluation of macro arguments in ENTERX() 21141098Sdes and RETURNX() macros. 22141098Sdes 23141098Sdes - BUGFIX: Remove an unnecessary and non-portable pointer cast in 24141098Sdes pam_get_data(3). 25141098Sdes 26141098Sdes - BUGFIX: Fix identical typos in PAM_ACCT_EXPIRED case in 27141098Sdes pam_strerror(3) and gendoc.pl. 28141098Sdes 29141098Sdes - ENHANCE: Minor overhaul of the autoconf / build system. 30141098Sdes 31141098Sdes - ENHANCE: Add openpam_free_envlist(3). 32141098Sdes============================================================================ 33125647SdesOpenPAM Eelgrass 2004-02-10 34125647Sdes 35125647Sdes - BUGFIX: Correct array handling bugs in conversation code. 36125647Sdes 37125647Sdes - BUGFIX: In openpam_ttyconv(3), don't strip trailing linear 38125647Sdes whitespace from the user's response. 39125647Sdes 40125647Sdes - BUGFIX: Many constness issues addressed. 41125647Sdes============================================================================ 42117610SdesOpenPAM Dogwood 2003-07-15 43117610Sdes 44117610Sdes - ENHANCE: Use the GNU autotools. 45117610Sdes 46117610Sdes - ENHANCE: Constify the msg field in struct pam_message. 47117610Sdes 48117610Sdes - BUGFIX: Remove left-over debugging output 49117610Sdes 50117610Sdes - BUGFIX: Avoid side effects in arguments to the FREE() macro 51117610Sdes 52117610Sdes - ENHANCE: Make openpam_ttyconv(3) use read(2) rather than fgets(3). 53117610Sdes 54117610Sdes - BUGFIX: Staticize some variables which shouldn't be global. 55117610Sdes 56117610Sdes - BUGFIX: Correcly anticipate a NULL user in pam_get_user(3). 57117610Sdes 58117610Sdes - ENHANCE: Various minor documentation improvements. 59117610Sdes 60117610SdesThanks to Dmitry V. Levin <ldv@altlinux.org> for considerable 61117610Sdesassistance with this release. 62117610Sdes============================================================================ 63115619SdesOpenPAM Digitalis 2003-06-01 64115619Sdes 65115619Sdes - ENHANCE: Completely rewrite the configuration parser and add 66115619Sdes support for the "include" control flag. 67115619Sdes 68115619Sdes - ENHANCE: Improve portability to NetBSD, OpenBSD and Linux. 69115619Sdes 70115619Sdes - ENHANCE: Lots of additional paranoia. 71115619Sdes 72115619Sdes - BUGFIX: The sample su(1) application dropped privileges before 73115619Sdes forking instead of after. 74115619Sdes 75115619Sdes - ENHANCE: Document openpam_log(3). 76115619Sdes 77115619Sdes - ENHANCE: Other minor documentation fixes. 78115619Sdes 79115619SdesThanks to Dmitry V. Levin <ldv@altlinux.org> for considerable 80115619Sdesassistance with this release. 81115619Sdes============================================================================ 82114536SdesOpenPAM Dianthus 2003-05-02 83114536Sdes 84114536Sdes - BUGFIX: Initialize some potentially uninitialized variables. 85114536Sdes 86114536Sdes - BUGFIX: Silence some warnings emitted by gcc -std=iso9899:1999. 87114536Sdes 88114536Sdes - BUGFIX: In pam_getenv(), return a pointer to the stored variable 89114536Sdes instead of a freshly allocated copy. 90114536Sdes 91114536Sdes - ENHANCE: Detect recursion in openpam_borrow_cred() 92114536Sdes 93114536Sdes - ENHANCE: Make borrowing one's own credentials a no-op. 94114536Sdes 95114536Sdes - ENHANCE: Further improve debugging support. 96114536Sdes 97114536Sdes - ENHANCE: Clean up some variable names. 98114536Sdes============================================================================ 99108794SdesOpenPAM Daffodil 2003-01-06 100108794Sdes 101108794Sdes - ENHANCE: Document dependency on <sys/types.h> (for size_t) 102108794Sdes 103108794Sdes - ENHANCE: Slightly improve error detection in openpam_ttyconv(). 104108794Sdes 105108794Sdes - BUGFIX: Fix several typos in debugging macros. 106108794Sdes============================================================================ 107107937SdesOpenPAM Cyclamen 2002-12-12 108107937Sdes 109107937Sdes - ENHANCE: Improve recursion detection in openpam_dispatch(). 110107937Sdes 111107937Sdes - ENHANCE: Add debugging messages at entry and exit points of most 112107937Sdes functions. 113107937Sdes 114107937Sdes - ENHANCE: Fix some minor style issues. 115107937Sdes 116107937Sdes - BUGFIX: Add default cases to the switches in openpam_log.c. 117107937Sdes 118107937Sdes - ENHANCE: Add /usr/local/etc/pam.conf to policy search path. 119107937Sdes 120107937Sdes - BUGFIX: In openpam_ttyconv(3), print the prompt to stdout rather 121107937Sdes than stderr. 12291094Sdes============================================================================ 12399158SdesOpenPAM Citronella 2002-06-30 12499158Sdes 12599158Sdes - ENHANCE: Add the "binding" control flag (from Solaris 9). 12699158Sdes 12799158Sdes - ENHANCE: Define struct pam_repository and PAM_REPOSITORY (from 12899158Sdes Solaris 9). 12999158Sdes 130107937Sdes - ENHANCE: Flesh out the pam(3) man page. 13199158Sdes 13299158Sdes - ENHANCE: Add an openpam(3) page with cross-references to all the 13399158Sdes documented OpenPAM API extensions. 13499158Sdes 13599158Sdes - ENHANCE: Add a pam_conv(3) man page describing the conversation 13699158Sdes system. 13799158Sdes 13899158Sdes - ENHANCE: Improved sample application. 13999158Sdes 14099158Sdes - ENHANCE: Added sample pam_unix module. 14199158Sdes 14299158Sdes - BUGFIX: Various documentation nits. 14399158Sdes============================================================================ 14497241SdesOpenPAM Cinquefoil 2002-05-24 14597241Sdes 14697241Sdes - BUGFIX: Various warnings uncovered by gcc 3.1. 14797241Sdes 14897241Sdes - ENHANCE: Add a null conversation function, openpam_nullconv(3). 14997241Sdes 15097241Sdes - BUGFIX: Initialize the "other" chain to all zeroes. 15197241Sdes 15297241Sdes - ENHANCE: Document openpam_ttyconv(3). 15397241Sdes============================================================================ 15495908SdesOpenPAM Cinnamon 2002-05-02 15595908Sdes 15695908Sdes - ENHANCE: Add a null conversation function, openpam_nullconv(). 15795908Sdes 15895908Sdes - BUGFIX: Various markup bugs in the documentation. 15995908Sdes 16095908Sdes - BUGFIX: Document <security/openpam.h>. 16195908Sdes 16295908Sdes - BUGFIX: Duplicate expansion of openpam_log() macro arguments. 16395908Sdes 16495908Sdes - ENHANCE: Restructure the policy-loading code and align our use of 16595908Sdes the "other" policy with Solaris and Linux-PAM. 16695908Sdes 16795908Sdes - ENHANCE: Log dlopen() and dlsym() failures. 16895908Sdes 16995908Sdes - ENHANCE: In openpam_ttyconv(), emit a newline after error and info 17095908Sdes messages unless the message contains one already. 17195908Sdes 17295908Sdes - BUGFIX: In pam_vprompt(), initialize the response pointer to NULL 17395908Sdes so we can detect whether the conversation function touched it. 17495908Sdes============================================================================ 17594670SdesOpenPAM Cineraria 2002-04-14 17694670Sdes 17795908Sdes - BUGFIX: Fix confusion between token and prompt in 17895908Sdes pam_get_authtok(3). 17995908Sdes 18094670Sdes - ENHANCE: Improved documentation. 18194670Sdes 18294670Sdes - ENHANCE: Adopt the same preprocessor tricks that were used in 18394670Sdes FreeBSD's version of Linux-PAM to simplify static linking without 18494670Sdes requiring dummy primitives. 18594670Sdes 18695908Sdes - ENHANCE: Move the policy-loading code out of pam_start.c. 18794670Sdes 18894670Sdes - BUGFIX: Fix typo in one of the versions of the openpam_log macro. 18994670Sdes 19094670Sdes - ENHANCE: Add versioning macros. 19194670Sdes============================================================================ 19294209SdesOpenPAM Cinchona 2002-04-08 19394209Sdes 19494209Sdes - ENHANCE: Improved documentation for several API functions. 19594209Sdes 19694209Sdes - BUGFIX: Fix bug in pam_set_data() that would result in corruption 19794209Sdes of the module data list. 19894209Sdes 19994209Sdes - BUGFIX: Allocate the correct amount of memory for the environment 20094209Sdes list in pam_putenv(). 20194209Sdes 20294209Sdes - ENHANCE: Change pam_get_authtok()'s prototype so the caller can 20394209Sdes specify what token it wants. Also introduce PAM_OLDAUTHTOK_PROMPT. 20494209Sdes 20594209Sdes - BUGFIX: Plug memory leak in pam_get_user() / pam_get_authtok(), and 20694209Sdes reduce differences between these very similar functions. 20794209Sdes 20894209Sdes - ENHANCE: Check flags carefully in pam_authenticate() and 20994209Sdes pam_chauthtok(). 21094209Sdes 21194209Sdes - BUGFIX: Fix bugs in portability code; libpam now builds on NetBSD. 21294209Sdes 21394209Sdes - ENHANCE: In pam_get_authtok(), if PAM_OLDAUTHTOK is set, we're 21494209Sdes asked for PAM_AUTHTOK, and we have to prompt the user, prompt her 21594209Sdes twice and compare the responses. 21694209Sdes 21794209Sdes - ENHANCE: Add openpam_{borrow,restore}_cred(), for temporarily 21894209Sdes switching to user credentials. 21994209Sdes 22094209Sdes - ENHANCE: Add openpam_free_data(), a generic cleanup function for 22194209Sdes pam_set_data() consumers. 22294209Sdes============================================================================ 22392289SdesOpenPAM Centaury 2002-03-14 22491684Sdes 22592289Sdes - BUGFIX: Add missing #include <string.h> to openpam_log.c. 22692289Sdes 22792289Sdes - BUGFIX: s/PAM_REINITIALISE_CRED/PAM_REINITIALIZE_CRED/. XSSO uses 22892289Sdes the former, but Solaris and Linux-PAM use the latter. 22992289Sdes 23092289Sdes - BUGFIX: The dynamic loader and the module cache contained a number 23192289Sdes of bugs which would cause a segmentation fault if pam_start(3) was 23292289Sdes called again after pam_end(3), as happens in login(1), xdm(1) etc. 23392289Sdes after a failed login. 23492289Sdes 23592289Sdes - BUGFIX: Refer to a module by the name used in the policy file, even 23692289Sdes if the module that was actually loaded was versioned. 23792289Sdes 23892289Sdes - ENHANCE: Suppress debugging logs, unless compiled with -DDEBUG. 23992289Sdes============================================================================ 24094209SdesOpenPAM Celandine 2002-03-05 24192289Sdes 24291684Sdes - BUGFIX: PAM_TRY_AGAIN is a valid return value for pam_chauthtok(). 24391684Sdes 24491684Sdes - BUGFIX: Run passwd chain twice, first with the PAM_PRELIM_CHECK 24591684Sdes flag set, then with the PAM_UPDATE_AUTHTOK flag set. 24691684Sdes 24791684Sdes - BUGFIX: Failure of a "sufficient" module should not terminate the 24891684Sdes passwd chain if the PAM_PRELIM_CHECK flag is set. 24991684Sdes 25091684Sdes - BUGFIX: Clear PAM_AUTHTOK after running the service modules. 25191684Sdes 25291684Sdes - ENHANCE: Prevent applications from specifying the PAM_PRELIM_CHECK 25391684Sdes or PAM_UPDATE_AUTHTOK flags themselves. 25491684Sdes 25591684Sdes - BUGFIX: openpam_set_option() did not support changing the value of 25691684Sdes an existing option. 25791684Sdes 25891684Sdes - ENHANCE: Add support for module versioning. OpenPAM will prefer a 25991684Sdes module with the same version number as the library itself to one 26091684Sdes with no version number at all. 26191684Sdes============================================================================ 26291100SdesOpenPAM Cantaloupe 2002-02-22 26391100Sdes 26491100Sdes - BUGFIX: The proper use of PAM_SYMBOL_ERR is to indicate an invalid 26591100Sdes argument to pam_[gs]et_item(3), not to indicate dlsym(3) failures. 26691100Sdes 26791100Sdes - ENHANCE: Add in-line documentation in most source files, and a Perl 26891100Sdes script that generates mdoc code from that. 26991100Sdes 27091100Sdes - BUGFIX: The environment list was not properly NULL-terminated. 27191100Sdes 27291100Sdes - ENHANCE: Allow the PAM_AUTHTOK_PROMPT item to override the prompt 27391100Sdes specified by the module. 27491100Sdes 27591100Sdes - BUGFIX: PAM_NUM_ITEMS was set too low. It has been moved to 27691100Sdes pam_constants.h to avoid it going stale again. 27791100Sdes 27891100Sdes - ENHANCE: Move all code related to static modules into a separate 27991100Sdes file. 28091100Sdes 28191100Sdes - ENHANCE: openpam_ttyconv() now masks most signals while prompting the 28291100Sdes user, and supports setting a timeout (which defaults to off). 28391100Sdes 28491100Sdes - BUGFIX: Some manual pages referenced XSSO even though they 28591100Sdes documented OpenPAM-specific functions. 28691100Sdes 28791100Sdes - ENHANCE: Added openpam_get_option() and openpam_set_option(). 28891100Sdes 28991100Sdes - ENHANCE: openpam_get_authtok() now respects the echo_pass, 29091100Sdes try_first_pass, and use_first_pass options. 29191100Sdes============================================================================ 29291097SdesOpenPAM Caliopsis 2002-02-13 29391097Sdes 29491097SdesFixed a number of bugs in the previous release, including: 29591097Sdes - a number of bugs in and related to pam_[gs]et_item(3) 29691097Sdes - off-by-one bug in pam_start.c would trim last character off certain 29791097Sdes configuration lines 29891097Sdes - incorrect ordering of an array in openpam_load.c would cause service 29991097Sdes module functions to get mixed up 30091097Sdes - missing 'continue' in openpam_dispatch.c caused successes to be 30191097Sdes counted as failures 30291097Sdes============================================================================ 30391094SdesOpenPAM Calamite 2002-02-09 30491094Sdes 30591094SdesFirst (beta) release. 30691094Sdes============================================================================ 307147455Sdes$P4: //depot/projects/openpam/HISTORY#24 $ 308