source: openpam/trunk/HISTORY @ 455

Last change on this file since 455 was 455, checked in by Dag-Erling Smørgrav, 8 years ago

Add a new API function, openpam_subst(3), which replaces substitution
codes in a string with the values of selected PAM items. Use it for
prompts.

Furthermore, modify pam_get_user(3) and pam_get_authtok(3) to look for
module options named {user,authtok,oldauthtok}_prompt, as appropriate.
If found, these options take precedence over both the caller's prompt
and the PAM_{USER,AUTHTOK,OLDAUTHTOK}_PROMPT items. The usefulness of
these options is somewhat limited by the fact that the policy file
parser does not support quoted strings; that's next on the todo list.

  • Property svn:keywords set to Id
File size: 12.3 KB
Line 
1OpenPAM Lycopsida                                               2011-??-??
2
3 - ENHANCE: removed static build autodetection, which didn't work anyway.
4   Use an explicit, user-specified preprocessor variable instead.
5
6 - ENHANCE: cleaned up the documentation a bit.
7
8 - ENHANCE: added openpam_subst(3), allowing certain PAM items to be
9   embedded in strings such as prompts.  Apply it to the prompts used
10   by pam_get_user(3) and pam_get_authtok(3).
11
12 - ENHANCE: add support for the user_prompt, authtok_prompt and
13   oldauthtok_prompt module options, which override the prompts passed
14   by the module to pam_set_user(3) and pam_get_authtok(3).
15============================================================================
16OpenPAM Hydrangea                                               2007-12-21
17
18 - ENHANCE: when compiling with GCC, mark up API functions with GCC
19   attributes where appropriate.
20
21 - BUGFIX: fixed numerous warnings uncovered by GCC 4.
22
23 - ENHANCE: building the documentation is now optional.
24
25 - ENHANCE: corrected a number of mistakes and style issues in the
26   build system.
27
28 - ENHANCE: API function arguments are now const where appropriate, to
29   match corresponding changes in the Solaris PAM and Linux-PAM APIs.
30
31 - ENHANCE: corrected a number of C namespace violations.
32
33 - ENHANCE: the module cache has been removed, allowing long-lived
34   applications to pick up module changes.  This also allows multiple
35   threads to use PAM simultaneously (as long as they use separate PAM
36   contexts), since the module cache was the only part of OpenPAM that
37   was not thread-safe.
38============================================================================
39OpenPAM Figwort                                                 2005-06-16
40
41 - BUGFIX: Correct several small signedness and initialization bugs
42   discovered during review by the NetBSD team.
43
44 - BUGFIX: Modify gendoc.pl to sort cross-references in dictionary
45   order within each section.
46
47 - ENHANCE: if a policy specifies a relative module path, prepend the
48   module directory so we never call dlopen(3) with a relative path.
49
50 - ENHANCE: add a pam.conf(5) manual page.
51============================================================================
52OpenPAM Feterita                                                2005-02-01
53
54 - BUGFIX: Correct numerous markup errors, invalid cross-references,
55   and other issues in the manual pages, with kind assistance from
56   Ruslan Ermilov <ru@freebsd.org>.
57
58 - BUGFIX: Avoid multiple evaluation of macro arguments in ENTERX()
59   and RETURNX() macros.
60
61 - BUGFIX: Remove an unnecessary and non-portable pointer cast in
62   pam_get_data(3).
63
64 - BUGFIX: Fix identical typos in PAM_ACCT_EXPIRED case in
65   pam_strerror(3) and gendoc.pl.
66
67 - ENHANCE: Minor overhaul of the autoconf / build system.
68
69 - ENHANCE: Add openpam_free_envlist(3).
70============================================================================
71OpenPAM Eelgrass                                                2004-02-10
72
73 - BUGFIX: Correct array handling bugs in conversation code.
74
75 - BUGFIX: In openpam_ttyconv(3), don't strip trailing linear
76   whitespace from the user's response.
77
78 - BUGFIX: Many constness issues addressed.
79============================================================================
80OpenPAM Dogwood                                                 2003-07-15
81
82 - ENHANCE: Use the GNU autotools.
83
84 - ENHANCE: Constify the msg field in struct pam_message.
85
86 - BUGFIX: Remove left-over debugging output
87
88 - BUGFIX: Avoid side effects in arguments to the FREE() macro
89
90 - ENHANCE: Make openpam_ttyconv(3) use read(2) rather than fgets(3).
91
92 - BUGFIX: Staticize some variables which shouldn't be global.
93
94 - BUGFIX: Correcly anticipate a NULL user in pam_get_user(3).
95
96 - ENHANCE: Various minor documentation improvements.
97
98Thanks to Dmitry V. Levin <ldv@altlinux.org> for considerable
99assistance with this release.
100============================================================================
101OpenPAM Digitalis                                               2003-06-01
102
103 - ENHANCE: Completely rewrite the configuration parser and add
104   support for the "include" control flag.
105
106 - ENHANCE: Improve portability to NetBSD, OpenBSD and Linux.
107
108 - ENHANCE: Lots of additional paranoia.
109
110 - BUGFIX: The sample su(1) application dropped privileges before
111   forking instead of after.
112
113 - ENHANCE: Document openpam_log(3).
114
115 - ENHANCE: Other minor documentation fixes.
116
117Thanks to Dmitry V. Levin <ldv@altlinux.org> for considerable
118assistance with this release.
119============================================================================
120OpenPAM Dianthus                                                2003-05-02
121
122 - BUGFIX: Initialize some potentially uninitialized variables.
123
124 - BUGFIX: Silence some warnings emitted by gcc -std=iso9899:1999.
125
126 - BUGFIX: In pam_getenv(), return a pointer to the stored variable
127   instead of a freshly allocated copy.
128
129 - ENHANCE: Detect recursion in openpam_borrow_cred()
130
131 - ENHANCE: Make borrowing one's own credentials a no-op.
132
133 - ENHANCE: Further improve debugging support.
134
135 - ENHANCE: Clean up some variable names.
136============================================================================
137OpenPAM Daffodil                                                2003-01-06
138
139 - ENHANCE: Document dependency on <sys/types.h> (for size_t)
140
141 - ENHANCE: Slightly improve error detection in openpam_ttyconv().
142
143 - BUGFIX: Fix several typos in debugging macros.
144============================================================================
145OpenPAM Cyclamen                                                2002-12-12
146
147 - ENHANCE: Improve recursion detection in openpam_dispatch().
148
149 - ENHANCE: Add debugging messages at entry and exit points of most
150   functions.
151
152 - ENHANCE: Fix some minor style issues.
153
154 - BUGFIX: Add default cases to the switches in openpam_log.c.
155
156 - ENHANCE: Add /usr/local/etc/pam.conf to policy search path.
157
158 - BUGFIX: In openpam_ttyconv(3), print the prompt to stdout rather
159   than stderr.
160============================================================================
161OpenPAM Citronella                                              2002-06-30
162
163 - ENHANCE: Add the "binding" control flag (from Solaris 9).
164
165 - ENHANCE: Define struct pam_repository and PAM_REPOSITORY (from
166   Solaris 9).
167
168 - ENHANCE: Flesh out the pam(3) man page.
169
170 - ENHANCE: Add an openpam(3) page with cross-references to all the
171   documented OpenPAM API extensions.
172
173 - ENHANCE: Add a pam_conv(3) man page describing the conversation
174   system.
175
176 - ENHANCE: Improved sample application.
177
178 - ENHANCE: Added sample pam_unix module.
179
180 - BUGFIX: Various documentation nits.
181============================================================================
182OpenPAM Cinquefoil                                              2002-05-24
183
184 - BUGFIX: Various warnings uncovered by gcc 3.1.
185
186 - ENHANCE: Add a null conversation function, openpam_nullconv(3).
187
188 - BUGFIX: Initialize the "other" chain to all zeroes.
189
190 - ENHANCE: Document openpam_ttyconv(3).
191============================================================================
192OpenPAM Cinnamon                                                2002-05-02
193
194 - ENHANCE: Add a null conversation function, openpam_nullconv().
195
196 - BUGFIX: Various markup bugs in the documentation.
197
198 - BUGFIX: Document <security/openpam.h>.
199
200 - BUGFIX: Duplicate expansion of openpam_log() macro arguments.
201
202 - ENHANCE: Restructure the policy-loading code and align our use of
203   the "other" policy with Solaris and Linux-PAM.
204
205 - ENHANCE: Log dlopen() and dlsym() failures.
206
207 - ENHANCE: In openpam_ttyconv(), emit a newline after error and info
208   messages unless the message contains one already.
209
210 - BUGFIX: In pam_vprompt(), initialize the response pointer to NULL
211   so we can detect whether the conversation function touched it.
212============================================================================
213OpenPAM Cineraria                                               2002-04-14
214
215 - BUGFIX: Fix confusion between token and prompt in
216   pam_get_authtok(3).
217
218 - ENHANCE: Improved documentation.
219
220 - ENHANCE: Adopt the same preprocessor tricks that were used in
221   FreeBSD's version of Linux-PAM to simplify static linking without
222   requiring dummy primitives.
223
224 - ENHANCE: Move the policy-loading code out of pam_start.c.
225
226 - BUGFIX: Fix typo in one of the versions of the openpam_log macro.
227
228 - ENHANCE: Add versioning macros.
229============================================================================
230OpenPAM Cinchona                                                2002-04-08
231
232 - ENHANCE: Improved documentation for several API functions.
233
234 - BUGFIX: Fix bug in pam_set_data() that would result in corruption
235   of the module data list.
236
237 - BUGFIX: Allocate the correct amount of memory for the environment
238   list in pam_putenv().
239
240 - ENHANCE: Change pam_get_authtok()'s prototype so the caller can
241   specify what token it wants.  Also introduce PAM_OLDAUTHTOK_PROMPT.
242
243 - BUGFIX: Plug memory leak in pam_get_user() / pam_get_authtok(), and
244   reduce differences between these very similar functions.
245
246 - ENHANCE: Check flags carefully in pam_authenticate() and
247   pam_chauthtok().
248
249 - BUGFIX: Fix bugs in portability code; libpam now builds on NetBSD.
250
251 - ENHANCE: In pam_get_authtok(), if PAM_OLDAUTHTOK is set, we're
252   asked for PAM_AUTHTOK, and we have to prompt the user, prompt her
253   twice and compare the responses.
254
255 - ENHANCE: Add openpam_{borrow,restore}_cred(), for temporarily
256   switching to user credentials.
257
258 - ENHANCE: Add openpam_free_data(), a generic cleanup function for
259   pam_set_data() consumers.
260============================================================================
261OpenPAM Centaury                                                2002-03-14
262
263 - BUGFIX: Add missing #include <string.h> to openpam_log.c.
264
265 - BUGFIX: s/PAM_REINITIALISE_CRED/PAM_REINITIALIZE_CRED/.  XSSO uses
266   the former, but Solaris and Linux-PAM use the latter.
267
268 - BUGFIX: The dynamic loader and the module cache contained a number
269   of bugs which would cause a segmentation fault if pam_start(3) was
270   called again after pam_end(3), as happens in login(1), xdm(1) etc.
271   after a failed login.
272
273 - BUGFIX: Refer to a module by the name used in the policy file, even
274   if the module that was actually loaded was versioned.
275
276 - ENHANCE: Suppress debugging logs, unless compiled with -DDEBUG.
277============================================================================
278OpenPAM Celandine                                               2002-03-05
279
280 - BUGFIX: PAM_TRY_AGAIN is a valid return value for pam_chauthtok().
281
282 - BUGFIX: Run passwd chain twice, first with the PAM_PRELIM_CHECK
283   flag set, then with the PAM_UPDATE_AUTHTOK flag set.
284
285 - BUGFIX: Failure of a "sufficient" module should not terminate the
286   passwd chain if the PAM_PRELIM_CHECK flag is set.
287
288 - BUGFIX: Clear PAM_AUTHTOK after running the service modules.
289
290 - ENHANCE: Prevent applications from specifying the PAM_PRELIM_CHECK
291   or PAM_UPDATE_AUTHTOK flags themselves.
292
293 - BUGFIX: openpam_set_option() did not support changing the value of
294   an existing option.
295
296 - ENHANCE: Add support for module versioning.  OpenPAM will prefer a
297   module with the same version number as the library itself to one
298   with no version number at all.
299============================================================================
300OpenPAM Cantaloupe                                              2002-02-22
301
302 - BUGFIX: The proper use of PAM_SYMBOL_ERR is to indicate an invalid
303   argument to pam_[gs]et_item(3), not to indicate dlsym(3) failures.
304
305 - ENHANCE: Add in-line documentation in most source files, and a Perl
306   script that generates mdoc code from that.
307
308 - BUGFIX: The environment list was not properly NULL-terminated.
309
310 - ENHANCE: Allow the PAM_AUTHTOK_PROMPT item to override the prompt
311   specified by the module.
312
313 - BUGFIX: PAM_NUM_ITEMS was set too low.  It has been moved to
314   pam_constants.h to avoid it going stale again.
315
316 - ENHANCE: Move all code related to static modules into a separate
317   file.
318
319 - ENHANCE: openpam_ttyconv() now masks most signals while prompting the
320   user, and supports setting a timeout (which defaults to off).
321
322 - BUGFIX: Some manual pages referenced XSSO even though they
323   documented OpenPAM-specific functions.
324
325 - ENHANCE: Added openpam_get_option() and openpam_set_option().
326
327 - ENHANCE: openpam_get_authtok() now respects the echo_pass,
328   try_first_pass, and use_first_pass options.
329============================================================================
330OpenPAM Caliopsis                                               2002-02-13
331
332Fixed a number of bugs in the previous release, including:
333  - a number of bugs in and related to pam_[gs]et_item(3)
334  - off-by-one bug in pam_start.c would trim last character off certain
335    configuration lines
336  - incorrect ordering of an array in openpam_load.c would cause service
337    module functions to get mixed up
338  - missing 'continue' in openpam_dispatch.c caused successes to be
339    counted as failures
340============================================================================
341OpenPAM Calamite                                                2002-02-09
342
343First (beta) release.
344============================================================================
345$Id: HISTORY 455 2011-10-29 18:31:11Z des $
Note: See TracBrowser for help on using the repository browser.