HISTORY revision 228692
1210311SjmallettOpenPAM Lycopsida 2011-12-18 2210311Sjmallett 3210311Sjmallett - ENHANCE: removed static build autodetection, which didn't work 4210311Sjmallett anyway. Use an explicit, user-specified preprocessor variable 5210311Sjmallett instead. 6210311Sjmallett 7210311Sjmallett - ENHANCE: cleaned up the documentation a bit. 8210311Sjmallett 9210311Sjmallett - ENHANCE: added openpam_subst(3), allowing certain PAM items to be 10210311Sjmallett embedded in strings such as prompts. Apply it to the prompts used 11210311Sjmallett by pam_get_user(3) and pam_get_authtok(3). 12210311Sjmallett 13210311Sjmallett - ENHANCE: added support for the user_prompt, authtok_prompt and 14210311Sjmallett oldauthtok_prompt module options, which override the prompts passed 15210311Sjmallett by the module to pam_set_user(3) and pam_get_authtok(3). 16210311Sjmallett 17210311Sjmallett - ENHANCE: rewrote the policy parser to support quoted option values. 18210311Sjmallett 19210311Sjmallett - ENHANCE: added pamtest(1), a tool for testing modules and policies. 20210311Sjmallett 21210311Sjmallett - ENHANCE: added code to check the ownership and permissions of a 22210311Sjmallett module before loading it. 23210311Sjmallett 24210311Sjmallett - ENHANCE: added / improved input validation in many cases, including 25210311Sjmallett the policy file and some function arguments. 26210311Sjmallett============================================================================ 27210311SjmallettOpenPAM Hydrangea 2007-12-21 28210311Sjmallett 29210311Sjmallett - ENHANCE: when compiling with GCC, mark up API functions with GCC 30210311Sjmallett attributes where appropriate. 31215974Sjmallett 32215974Sjmallett - BUGFIX: fixed numerous warnings uncovered by GCC 4. 33215974Sjmallett 34210311Sjmallett - ENHANCE: building the documentation is now optional. 35210311Sjmallett 36210311Sjmallett - ENHANCE: corrected a number of mistakes and style issues in the 37210311Sjmallett build system. 38210311Sjmallett 39210311Sjmallett - ENHANCE: API function arguments are now const where appropriate, to 40231987Sgonzo match corresponding changes in the Solaris PAM and Linux-PAM APIs. 41210311Sjmallett 42210311Sjmallett - ENHANCE: corrected a number of C namespace violations. 43219695Sjmallett 44210311Sjmallett - ENHANCE: the module cache has been removed, allowing long-lived 45210311Sjmallett applications to pick up module changes. This also allows multiple 46210311Sjmallett threads to use PAM simultaneously (as long as they use separate PAM 47210311Sjmallett contexts), since the module cache was the only part of OpenPAM that 48210311Sjmallett was not thread-safe. 49210311Sjmallett============================================================================ 50210311SjmallettOpenPAM Figwort 2005-06-16 51210311Sjmallett 52210311Sjmallett - BUGFIX: Correct several small signedness and initialization bugs 53210311Sjmallett discovered during review by the NetBSD team. 54210311Sjmallett 55219706Sjmallett - BUGFIX: Modify gendoc.pl to sort cross-references in dictionary 56 order within each section. 57 58 - ENHANCE: if a policy specifies a relative module path, prepend the 59 module directory so we never call dlopen(3) with a relative path. 60 61 - ENHANCE: add a pam.conf(5) manual page. 62============================================================================ 63OpenPAM Feterita 2005-02-01 64 65 - BUGFIX: Correct numerous markup errors, invalid cross-references, 66 and other issues in the manual pages, with kind assistance from 67 Ruslan Ermilov <ru@freebsd.org>. 68 69 - BUGFIX: Avoid multiple evaluation of macro arguments in ENTERX() 70 and RETURNX() macros. 71 72 - BUGFIX: Remove an unnecessary and non-portable pointer cast in 73 pam_get_data(3). 74 75 - BUGFIX: Fix identical typos in PAM_ACCT_EXPIRED case in 76 pam_strerror(3) and gendoc.pl. 77 78 - ENHANCE: Minor overhaul of the autoconf / build system. 79 80 - ENHANCE: Add openpam_free_envlist(3). 81============================================================================ 82OpenPAM Eelgrass 2004-02-10 83 84 - BUGFIX: Correct array handling bugs in conversation code. 85 86 - BUGFIX: In openpam_ttyconv(3), don't strip trailing linear 87 whitespace from the user's response. 88 89 - BUGFIX: Many constness issues addressed. 90============================================================================ 91OpenPAM Dogwood 2003-07-15 92 93 - ENHANCE: Use the GNU autotools. 94 95 - ENHANCE: Constify the msg field in struct pam_message. 96 97 - BUGFIX: Remove left-over debugging output 98 99 - BUGFIX: Avoid side effects in arguments to the FREE() macro 100 101 - ENHANCE: Make openpam_ttyconv(3) use read(2) rather than fgets(3). 102 103 - BUGFIX: Staticize some variables which shouldn't be global. 104 105 - BUGFIX: Correcly anticipate a NULL user in pam_get_user(3). 106 107 - ENHANCE: Various minor documentation improvements. 108 109Thanks to Dmitry V. Levin <ldv@altlinux.org> for considerable 110assistance with this release. 111============================================================================ 112OpenPAM Digitalis 2003-06-01 113 114 - ENHANCE: Completely rewrite the configuration parser and add 115 support for the "include" control flag. 116 117 - ENHANCE: Improve portability to NetBSD, OpenBSD and Linux. 118 119 - ENHANCE: Lots of additional paranoia. 120 121 - BUGFIX: The sample su(1) application dropped privileges before 122 forking instead of after. 123 124 - ENHANCE: Document openpam_log(3). 125 126 - ENHANCE: Other minor documentation fixes. 127 128Thanks to Dmitry V. Levin <ldv@altlinux.org> for considerable 129assistance with this release. 130============================================================================ 131OpenPAM Dianthus 2003-05-02 132 133 - BUGFIX: Initialize some potentially uninitialized variables. 134 135 - BUGFIX: Silence some warnings emitted by gcc -std=iso9899:1999. 136 137 - BUGFIX: In pam_getenv(), return a pointer to the stored variable 138 instead of a freshly allocated copy. 139 140 - ENHANCE: Detect recursion in openpam_borrow_cred() 141 142 - ENHANCE: Make borrowing one's own credentials a no-op. 143 144 - ENHANCE: Further improve debugging support. 145 146 - ENHANCE: Clean up some variable names. 147============================================================================ 148OpenPAM Daffodil 2003-01-06 149 150 - ENHANCE: Document dependency on <sys/types.h> (for size_t) 151 152 - ENHANCE: Slightly improve error detection in openpam_ttyconv(). 153 154 - BUGFIX: Fix several typos in debugging macros. 155============================================================================ 156OpenPAM Cyclamen 2002-12-12 157 158 - ENHANCE: Improve recursion detection in openpam_dispatch(). 159 160 - ENHANCE: Add debugging messages at entry and exit points of most 161 functions. 162 163 - ENHANCE: Fix some minor style issues. 164 165 - BUGFIX: Add default cases to the switches in openpam_log.c. 166 167 - ENHANCE: Add /usr/local/etc/pam.conf to policy search path. 168 169 - BUGFIX: In openpam_ttyconv(3), print the prompt to stdout rather 170 than stderr. 171============================================================================ 172OpenPAM Citronella 2002-06-30 173 174 - ENHANCE: Add the "binding" control flag (from Solaris 9). 175 176 - ENHANCE: Define struct pam_repository and PAM_REPOSITORY (from 177 Solaris 9). 178 179 - ENHANCE: Flesh out the pam(3) man page. 180 181 - ENHANCE: Add an openpam(3) page with cross-references to all the 182 documented OpenPAM API extensions. 183 184 - ENHANCE: Add a pam_conv(3) man page describing the conversation 185 system. 186 187 - ENHANCE: Improved sample application. 188 189 - ENHANCE: Added sample pam_unix module. 190 191 - BUGFIX: Various documentation nits. 192============================================================================ 193OpenPAM Cinquefoil 2002-05-24 194 195 - BUGFIX: Various warnings uncovered by gcc 3.1. 196 197 - ENHANCE: Add a null conversation function, openpam_nullconv(3). 198 199 - BUGFIX: Initialize the "other" chain to all zeroes. 200 201 - ENHANCE: Document openpam_ttyconv(3). 202============================================================================ 203OpenPAM Cinnamon 2002-05-02 204 205 - ENHANCE: Add a null conversation function, openpam_nullconv(). 206 207 - BUGFIX: Various markup bugs in the documentation. 208 209 - BUGFIX: Document <security/openpam.h>. 210 211 - BUGFIX: Duplicate expansion of openpam_log() macro arguments. 212 213 - ENHANCE: Restructure the policy-loading code and align our use of 214 the "other" policy with Solaris and Linux-PAM. 215 216 - ENHANCE: Log dlopen() and dlsym() failures. 217 218 - ENHANCE: In openpam_ttyconv(), emit a newline after error and info 219 messages unless the message contains one already. 220 221 - BUGFIX: In pam_vprompt(), initialize the response pointer to NULL 222 so we can detect whether the conversation function touched it. 223============================================================================ 224OpenPAM Cineraria 2002-04-14 225 226 - BUGFIX: Fix confusion between token and prompt in 227 pam_get_authtok(3). 228 229 - ENHANCE: Improved documentation. 230 231 - ENHANCE: Adopt the same preprocessor tricks that were used in 232 FreeBSD's version of Linux-PAM to simplify static linking without 233 requiring dummy primitives. 234 235 - ENHANCE: Move the policy-loading code out of pam_start.c. 236 237 - BUGFIX: Fix typo in one of the versions of the openpam_log macro. 238 239 - ENHANCE: Add versioning macros. 240============================================================================ 241OpenPAM Cinchona 2002-04-08 242 243 - ENHANCE: Improved documentation for several API functions. 244 245 - BUGFIX: Fix bug in pam_set_data() that would result in corruption 246 of the module data list. 247 248 - BUGFIX: Allocate the correct amount of memory for the environment 249 list in pam_putenv(). 250 251 - ENHANCE: Change pam_get_authtok()'s prototype so the caller can 252 specify what token it wants. Also introduce PAM_OLDAUTHTOK_PROMPT. 253 254 - BUGFIX: Plug memory leak in pam_get_user() / pam_get_authtok(), and 255 reduce differences between these very similar functions. 256 257 - ENHANCE: Check flags carefully in pam_authenticate() and 258 pam_chauthtok(). 259 260 - BUGFIX: Fix bugs in portability code; libpam now builds on NetBSD. 261 262 - ENHANCE: In pam_get_authtok(), if PAM_OLDAUTHTOK is set, we're 263 asked for PAM_AUTHTOK, and we have to prompt the user, prompt her 264 twice and compare the responses. 265 266 - ENHANCE: Add openpam_{borrow,restore}_cred(), for temporarily 267 switching to user credentials. 268 269 - ENHANCE: Add openpam_free_data(), a generic cleanup function for 270 pam_set_data() consumers. 271============================================================================ 272OpenPAM Centaury 2002-03-14 273 274 - BUGFIX: Add missing #include <string.h> to openpam_log.c. 275 276 - BUGFIX: s/PAM_REINITIALISE_CRED/PAM_REINITIALIZE_CRED/. XSSO uses 277 the former, but Solaris and Linux-PAM use the latter. 278 279 - BUGFIX: The dynamic loader and the module cache contained a number 280 of bugs which would cause a segmentation fault if pam_start(3) was 281 called again after pam_end(3), as happens in login(1), xdm(1) etc. 282 after a failed login. 283 284 - BUGFIX: Refer to a module by the name used in the policy file, even 285 if the module that was actually loaded was versioned. 286 287 - ENHANCE: Suppress debugging logs, unless compiled with -DDEBUG. 288============================================================================ 289OpenPAM Celandine 2002-03-05 290 291 - BUGFIX: PAM_TRY_AGAIN is a valid return value for pam_chauthtok(). 292 293 - BUGFIX: Run passwd chain twice, first with the PAM_PRELIM_CHECK 294 flag set, then with the PAM_UPDATE_AUTHTOK flag set. 295 296 - BUGFIX: Failure of a "sufficient" module should not terminate the 297 passwd chain if the PAM_PRELIM_CHECK flag is set. 298 299 - BUGFIX: Clear PAM_AUTHTOK after running the service modules. 300 301 - ENHANCE: Prevent applications from specifying the PAM_PRELIM_CHECK 302 or PAM_UPDATE_AUTHTOK flags themselves. 303 304 - BUGFIX: openpam_set_option() did not support changing the value of 305 an existing option. 306 307 - ENHANCE: Add support for module versioning. OpenPAM will prefer a 308 module with the same version number as the library itself to one 309 with no version number at all. 310============================================================================ 311OpenPAM Cantaloupe 2002-02-22 312 313 - BUGFIX: The proper use of PAM_SYMBOL_ERR is to indicate an invalid 314 argument to pam_[gs]et_item(3), not to indicate dlsym(3) failures. 315 316 - ENHANCE: Add in-line documentation in most source files, and a Perl 317 script that generates mdoc code from that. 318 319 - BUGFIX: The environment list was not properly NULL-terminated. 320 321 - ENHANCE: Allow the PAM_AUTHTOK_PROMPT item to override the prompt 322 specified by the module. 323 324 - BUGFIX: PAM_NUM_ITEMS was set too low. It has been moved to 325 pam_constants.h to avoid it going stale again. 326 327 - ENHANCE: Move all code related to static modules into a separate 328 file. 329 330 - ENHANCE: openpam_ttyconv() now masks most signals while prompting the 331 user, and supports setting a timeout (which defaults to off). 332 333 - BUGFIX: Some manual pages referenced XSSO even though they 334 documented OpenPAM-specific functions. 335 336 - ENHANCE: Added openpam_get_option() and openpam_set_option(). 337 338 - ENHANCE: openpam_get_authtok() now respects the echo_pass, 339 try_first_pass, and use_first_pass options. 340============================================================================ 341OpenPAM Caliopsis 2002-02-13 342 343Fixed a number of bugs in the previous release, including: 344 - a number of bugs in and related to pam_[gs]et_item(3) 345 - off-by-one bug in pam_start.c would trim last character off certain 346 configuration lines 347 - incorrect ordering of an array in openpam_load.c would cause service 348 module functions to get mixed up 349 - missing 'continue' in openpam_dispatch.c caused successes to be 350 counted as failures 351============================================================================ 352OpenPAM Calamite 2002-02-09 353 354First (beta) release. 355============================================================================ 356$Id: HISTORY 504 2011-12-18 14:11:12Z des $ 357