source: openpam/trunk/HISTORY @ 637

Last change on this file since 637 was 637, checked in by Dag-Erling Smørgrav, 8 years ago

Start preparing for the next release.

  • Property svn:keywords set to Id
File size: 15.5 KB
Line 
1OpenPAM ??????????                                              2013-??-??
2
3 - FEATURE: Add a pam_oath module that implements RFC 4226 (HOTP) and
4   RFC 6238 (TOTP).
5
6 - BUGFIX: When openpam_readword(3) encountered an opening quote, it
7   would set the first byte in the buffer to '\0', discarding all
8   existing text and, unless the buffer was empty to begin with, all
9   subsequent text as well.  This went unnoticed because none of the
10   unit tests for quoted strings had any text preceding the opening
11   quote.
12
13 - ENHANCE: Allow openpam_straddch(3) to be called without a character
14   so it can be used to preallocate a string.
15
16 - ENHANCE: Improve portability by adding simple asprintf(3) and
17   vasprintf(3) implementations for platforms that don't have them.
18============================================================================
19OpenPAM Micrampelis                                             2012-05-26
20
21 - FEATURE: Add an openpam_readword(3) function which reads the next
22   word from an input stream, applying shell quoting and escaping
23   rules.  Add numerous unit tests for openpam_readword(3).
24
25 - FEATURE: Add an openpam_readlinev(3) function which uses the
26   openpam_readword(3) function to read words from an input stream one
27   at a time until it reaches an unquoted, unescaped newline, and
28   returns an array of those words.  Add several unit tests for
29   openpam_readlinev(3).
30
31 - FEATURE: Add a PAM_HOST item which pam_start(3) initializes to the
32   machine's hostname.  This was implemented in Lycopsida but
33   inadvertantly left out of the release notes.
34
35 - FEATURE: In pam_get_authtok(3), if neither the application nor the
36   module have specified a prompt and PAM_HOST and PAM_RHOST are both
37   defined but not equal, use a different default prompt that includes
38   PAM_USER and PAM_HOST.
39
40 - ENHANCE: Rewrite the policy parser to used openpam_readlinev(),
41   which greatly simplifies the code.
42
43 - ENHANCE: The previous implementation of the policy parser relied on
44   the openpam_readline(3) function, which (by design) munges
45   whitespace and understands neither quotes nor backslash escapes.
46   As a result of the aforementioned rewrite, whitespace, quotes and
47   backslash escapes in policy files are now handled in a consistent
48   and predictable manner.
49
50 - ENHANCE: On platforms that have it, use fdlopen(3) to load modules.
51   This closes the race between the ownership / permission check and
52   the dlopen(3) call.
53
54 - ENHANCE: Reduce the amount of pointless error messages generated
55   while searching for a module.
56
57 - ENHANCE: Numerous documentation improvements, both in content and
58   formatting.
59
60 - BUGFIX: A patch incorporated in Lycopsida inadvertantly changed
61   OpenPAM's behavior when several policies exist for the same
62   service, from ignoring all but the first to concatenating them all.
63   Revert to the original behavior.
64
65 - BUGFIX: Plug a memory leak in the policy parser.
66============================================================================
67OpenPAM Lycopsida                                               2011-12-18
68
69 - ENHANCE: removed static build autodetection, which didn't work
70   anyway.  Use an explicit, user-specified preprocessor variable
71   instead.
72
73 - ENHANCE: cleaned up the documentation a bit.
74
75 - ENHANCE: added openpam_subst(3), allowing certain PAM items to be
76   embedded in strings such as prompts.  Apply it to the prompts used
77   by pam_get_user(3) and pam_get_authtok(3).
78
79 - ENHANCE: added support for the user_prompt, authtok_prompt and
80   oldauthtok_prompt module options, which override the prompts passed
81   by the module to pam_set_user(3) and pam_get_authtok(3).
82
83 - ENHANCE: rewrote the policy parser to support quoted option values.
84
85 - ENHANCE: added pamtest(1), a tool for testing modules and policies.
86
87 - ENHANCE: added code to check the ownership and permissions of a
88   module before loading it.
89
90 - ENHANCE: added / improved input validation in many cases, including
91   the policy file and some function arguments.
92============================================================================
93OpenPAM Hydrangea                                               2007-12-21
94
95 - ENHANCE: when compiling with GCC, mark up API functions with GCC
96   attributes where appropriate.
97
98 - BUGFIX: fixed numerous warnings uncovered by GCC 4.
99
100 - ENHANCE: building the documentation is now optional.
101
102 - ENHANCE: corrected a number of mistakes and style issues in the
103   build system.
104
105 - ENHANCE: API function arguments are now const where appropriate, to
106   match corresponding changes in the Solaris PAM and Linux-PAM APIs.
107
108 - ENHANCE: corrected a number of C namespace violations.
109
110 - ENHANCE: the module cache has been removed, allowing long-lived
111   applications to pick up module changes.  This also allows multiple
112   threads to use PAM simultaneously (as long as they use separate PAM
113   contexts), since the module cache was the only part of OpenPAM that
114   was not thread-safe.
115============================================================================
116OpenPAM Figwort                                                 2005-06-16
117
118 - BUGFIX: Correct several small signedness and initialization bugs
119   discovered during review by the NetBSD team.
120
121 - BUGFIX: Modify gendoc.pl to sort cross-references in dictionary
122   order within each section.
123
124 - ENHANCE: if a policy specifies a relative module path, prepend the
125   module directory so we never call dlopen(3) with a relative path.
126
127 - ENHANCE: add a pam.conf(5) manual page.
128============================================================================
129OpenPAM Feterita                                                2005-02-01
130
131 - BUGFIX: Correct numerous markup errors, invalid cross-references,
132   and other issues in the manual pages, with kind assistance from
133   Ruslan Ermilov <ru@freebsd.org>.
134
135 - BUGFIX: Avoid multiple evaluation of macro arguments in ENTERX()
136   and RETURNX() macros.
137
138 - BUGFIX: Remove an unnecessary and non-portable pointer cast in
139   pam_get_data(3).
140
141 - BUGFIX: Fix identical typos in PAM_ACCT_EXPIRED case in
142   pam_strerror(3) and gendoc.pl.
143
144 - ENHANCE: Minor overhaul of the autoconf / build system.
145
146 - ENHANCE: Add openpam_free_envlist(3).
147============================================================================
148OpenPAM Eelgrass                                                2004-02-10
149
150 - BUGFIX: Correct array handling bugs in conversation code.
151
152 - BUGFIX: In openpam_ttyconv(3), don't strip trailing linear
153   whitespace from the user's response.
154
155 - BUGFIX: Many constness issues addressed.
156============================================================================
157OpenPAM Dogwood                                                 2003-07-15
158
159 - ENHANCE: Use the GNU autotools.
160
161 - ENHANCE: Constify the msg field in struct pam_message.
162
163 - BUGFIX: Remove left-over debugging output
164
165 - BUGFIX: Avoid side effects in arguments to the FREE() macro
166
167 - ENHANCE: Make openpam_ttyconv(3) use read(2) rather than fgets(3).
168
169 - BUGFIX: Staticize some variables which shouldn't be global.
170
171 - BUGFIX: Correcly anticipate a NULL user in pam_get_user(3).
172
173 - ENHANCE: Various minor documentation improvements.
174
175Thanks to Dmitry V. Levin <ldv@altlinux.org> for considerable
176assistance with this release.
177============================================================================
178OpenPAM Digitalis                                               2003-06-01
179
180 - ENHANCE: Completely rewrite the configuration parser and add
181   support for the "include" control flag.
182
183 - ENHANCE: Improve portability to NetBSD, OpenBSD and Linux.
184
185 - ENHANCE: Lots of additional paranoia.
186
187 - BUGFIX: The sample su(1) application dropped privileges before
188   forking instead of after.
189
190 - ENHANCE: Document openpam_log(3).
191
192 - ENHANCE: Other minor documentation fixes.
193
194Thanks to Dmitry V. Levin <ldv@altlinux.org> for considerable
195assistance with this release.
196============================================================================
197OpenPAM Dianthus                                                2003-05-02
198
199 - BUGFIX: Initialize some potentially uninitialized variables.
200
201 - BUGFIX: Silence some warnings emitted by gcc -std=iso9899:1999.
202
203 - BUGFIX: In pam_getenv(), return a pointer to the stored variable
204   instead of a freshly allocated copy.
205
206 - ENHANCE: Detect recursion in openpam_borrow_cred()
207
208 - ENHANCE: Make borrowing one's own credentials a no-op.
209
210 - ENHANCE: Further improve debugging support.
211
212 - ENHANCE: Clean up some variable names.
213============================================================================
214OpenPAM Daffodil                                                2003-01-06
215
216 - ENHANCE: Document dependency on <sys/types.h> (for size_t)
217
218 - ENHANCE: Slightly improve error detection in openpam_ttyconv().
219
220 - BUGFIX: Fix several typos in debugging macros.
221============================================================================
222OpenPAM Cyclamen                                                2002-12-12
223
224 - ENHANCE: Improve recursion detection in openpam_dispatch().
225
226 - ENHANCE: Add debugging messages at entry and exit points of most
227   functions.
228
229 - ENHANCE: Fix some minor style issues.
230
231 - BUGFIX: Add default cases to the switches in openpam_log.c.
232
233 - ENHANCE: Add /usr/local/etc/pam.conf to policy search path.
234
235 - BUGFIX: In openpam_ttyconv(3), print the prompt to stdout rather
236   than stderr.
237============================================================================
238OpenPAM Citronella                                              2002-06-30
239
240 - ENHANCE: Add the "binding" control flag (from Solaris 9).
241
242 - ENHANCE: Define struct pam_repository and PAM_REPOSITORY (from
243   Solaris 9).
244
245 - ENHANCE: Flesh out the pam(3) man page.
246
247 - ENHANCE: Add an openpam(3) page with cross-references to all the
248   documented OpenPAM API extensions.
249
250 - ENHANCE: Add a pam_conv(3) man page describing the conversation
251   system.
252
253 - ENHANCE: Improved sample application.
254
255 - ENHANCE: Added sample pam_unix module.
256
257 - BUGFIX: Various documentation nits.
258============================================================================
259OpenPAM Cinquefoil                                              2002-05-24
260
261 - BUGFIX: Various warnings uncovered by gcc 3.1.
262
263 - ENHANCE: Add a null conversation function, openpam_nullconv(3).
264
265 - BUGFIX: Initialize the "other" chain to all zeroes.
266
267 - ENHANCE: Document openpam_ttyconv(3).
268============================================================================
269OpenPAM Cinnamon                                                2002-05-02
270
271 - ENHANCE: Add a null conversation function, openpam_nullconv().
272
273 - BUGFIX: Various markup bugs in the documentation.
274
275 - BUGFIX: Document <security/openpam.h>.
276
277 - BUGFIX: Duplicate expansion of openpam_log() macro arguments.
278
279 - ENHANCE: Restructure the policy-loading code and align our use of
280   the "other" policy with Solaris and Linux-PAM.
281
282 - ENHANCE: Log dlopen() and dlsym() failures.
283
284 - ENHANCE: In openpam_ttyconv(), emit a newline after error and info
285   messages unless the message contains one already.
286
287 - BUGFIX: In pam_vprompt(), initialize the response pointer to NULL
288   so we can detect whether the conversation function touched it.
289============================================================================
290OpenPAM Cineraria                                               2002-04-14
291
292 - BUGFIX: Fix confusion between token and prompt in
293   pam_get_authtok(3).
294
295 - ENHANCE: Improved documentation.
296
297 - ENHANCE: Adopt the same preprocessor tricks that were used in
298   FreeBSD's version of Linux-PAM to simplify static linking without
299   requiring dummy primitives.
300
301 - ENHANCE: Move the policy-loading code out of pam_start.c.
302
303 - BUGFIX: Fix typo in one of the versions of the openpam_log macro.
304
305 - ENHANCE: Add versioning macros.
306============================================================================
307OpenPAM Cinchona                                                2002-04-08
308
309 - ENHANCE: Improved documentation for several API functions.
310
311 - BUGFIX: Fix bug in pam_set_data() that would result in corruption
312   of the module data list.
313
314 - BUGFIX: Allocate the correct amount of memory for the environment
315   list in pam_putenv().
316
317 - ENHANCE: Change pam_get_authtok()'s prototype so the caller can
318   specify what token it wants.  Also introduce PAM_OLDAUTHTOK_PROMPT.
319
320 - BUGFIX: Plug memory leak in pam_get_user() / pam_get_authtok(), and
321   reduce differences between these very similar functions.
322
323 - ENHANCE: Check flags carefully in pam_authenticate() and
324   pam_chauthtok().
325
326 - BUGFIX: Fix bugs in portability code; libpam now builds on NetBSD.
327
328 - ENHANCE: In pam_get_authtok(), if PAM_OLDAUTHTOK is set, we're
329   asked for PAM_AUTHTOK, and we have to prompt the user, prompt her
330   twice and compare the responses.
331
332 - ENHANCE: Add openpam_{borrow,restore}_cred(), for temporarily
333   switching to user credentials.
334
335 - ENHANCE: Add openpam_free_data(), a generic cleanup function for
336   pam_set_data() consumers.
337============================================================================
338OpenPAM Centaury                                                2002-03-14
339
340 - BUGFIX: Add missing #include <string.h> to openpam_log.c.
341
342 - BUGFIX: s/PAM_REINITIALISE_CRED/PAM_REINITIALIZE_CRED/.  XSSO uses
343   the former, but Solaris and Linux-PAM use the latter.
344
345 - BUGFIX: The dynamic loader and the module cache contained a number
346   of bugs which would cause a segmentation fault if pam_start(3) was
347   called again after pam_end(3), as happens in login(1), xdm(1) etc.
348   after a failed login.
349
350 - BUGFIX: Refer to a module by the name used in the policy file, even
351   if the module that was actually loaded was versioned.
352
353 - ENHANCE: Suppress debugging logs, unless compiled with -DDEBUG.
354============================================================================
355OpenPAM Celandine                                               2002-03-05
356
357 - BUGFIX: PAM_TRY_AGAIN is a valid return value for pam_chauthtok().
358
359 - BUGFIX: Run passwd chain twice, first with the PAM_PRELIM_CHECK
360   flag set, then with the PAM_UPDATE_AUTHTOK flag set.
361
362 - BUGFIX: Failure of a "sufficient" module should not terminate the
363   passwd chain if the PAM_PRELIM_CHECK flag is set.
364
365 - BUGFIX: Clear PAM_AUTHTOK after running the service modules.
366
367 - ENHANCE: Prevent applications from specifying the PAM_PRELIM_CHECK
368   or PAM_UPDATE_AUTHTOK flags themselves.
369
370 - BUGFIX: openpam_set_option() did not support changing the value of
371   an existing option.
372
373 - ENHANCE: Add support for module versioning.  OpenPAM will prefer a
374   module with the same version number as the library itself to one
375   with no version number at all.
376============================================================================
377OpenPAM Cantaloupe                                              2002-02-22
378
379 - BUGFIX: The proper use of PAM_SYMBOL_ERR is to indicate an invalid
380   argument to pam_[gs]et_item(3), not to indicate dlsym(3) failures.
381
382 - ENHANCE: Add in-line documentation in most source files, and a Perl
383   script that generates mdoc code from that.
384
385 - BUGFIX: The environment list was not properly NULL-terminated.
386
387 - ENHANCE: Allow the PAM_AUTHTOK_PROMPT item to override the prompt
388   specified by the module.
389
390 - BUGFIX: PAM_NUM_ITEMS was set too low.  It has been moved to
391   pam_constants.h to avoid it going stale again.
392
393 - ENHANCE: Move all code related to static modules into a separate
394   file.
395
396 - ENHANCE: openpam_ttyconv() now masks most signals while prompting the
397   user, and supports setting a timeout (which defaults to off).
398
399 - BUGFIX: Some manual pages referenced XSSO even though they
400   documented OpenPAM-specific functions.
401
402 - ENHANCE: Added openpam_get_option() and openpam_set_option().
403
404 - ENHANCE: openpam_get_authtok() now respects the echo_pass,
405   try_first_pass, and use_first_pass options.
406============================================================================
407OpenPAM Caliopsis                                               2002-02-13
408
409Fixed a number of bugs in the previous release, including:
410  - a number of bugs in and related to pam_[gs]et_item(3)
411  - off-by-one bug in pam_start.c would trim last character off certain
412    configuration lines
413  - incorrect ordering of an array in openpam_load.c would cause service
414    module functions to get mixed up
415  - missing 'continue' in openpam_dispatch.c caused successes to be
416    counted as failures
417============================================================================
418OpenPAM Calamite                                                2002-02-09
419
420First (beta) release.
421============================================================================
422$Id: HISTORY 637 2013-03-03 23:28:04Z des $
Note: See TracBrowser for help on using the repository browser.