source: openpam/trunk/HISTORY @ 735

Last change on this file since 735 was 735, checked in by Dag-Erling Smørgrav, 8 years ago

Prepare for OpenPAM Nummularia, which will be released later today from the
nooath branch.

  • Property svn:eol-style set to native
  • Property svn:keywords set to Id
  • Property svn:mime-type set to text/plain
File size: 16.1 KB
Line 
1OpenPAM ??????????                                              2013-??-??
2
3 - FEATURE: Add a pam_oath module that implements RFC 4226 (HOTP) and
4   RFC 6238 (TOTP).
5============================================================================
6OpenPAM Nummularia                                              2013-09-07
7
8 - ENHANCE: Rewrite the dynamic loader to improve readability and
9   reliability.  Modules can now be listed without the ".so" suffix in
10   the policy file; OpenPAM will automatically add it, just like it
11   will automatically add the version number if required.
12
13 - ENHANCE: Allow openpam_straddch(3) to be called without a character
14   so it can be used to preallocate a string.
15
16 - ENHANCE: Improve portability by adding simple asprintf(3) and
17   vasprintf(3) implementations for platforms that don't have them.
18
19 - ENHANCE: Move the libpam sources into a separate subdirectory.
20
21 - ENHANCE: Substantial documentation improvements.
22
23 - BUGFIX: When openpam_readword(3) encountered an opening quote, it
24   would set the first byte in the buffer to '\0', discarding all
25   existing text and, unless the buffer was empty to begin with, all
26   subsequent text as well.  This went unnoticed because none of the
27   unit tests for quoted strings had any text preceding the opening
28   quote.
29
30 - BUGFIX: make --with-modules-dir work the way it was meant to work
31   (but never did).
32============================================================================
33OpenPAM Micrampelis                                             2012-05-26
34
35 - FEATURE: Add an openpam_readword(3) function which reads the next
36   word from an input stream, applying shell quoting and escaping
37   rules.  Add numerous unit tests for openpam_readword(3).
38
39 - FEATURE: Add an openpam_readlinev(3) function which uses the
40   openpam_readword(3) function to read words from an input stream one
41   at a time until it reaches an unquoted, unescaped newline, and
42   returns an array of those words.  Add several unit tests for
43   openpam_readlinev(3).
44
45 - FEATURE: Add a PAM_HOST item which pam_start(3) initializes to the
46   machine's hostname.  This was implemented in Lycopsida but
47   inadvertantly left out of the release notes.
48
49 - FEATURE: In pam_get_authtok(3), if neither the application nor the
50   module have specified a prompt and PAM_HOST and PAM_RHOST are both
51   defined but not equal, use a different default prompt that includes
52   PAM_USER and PAM_HOST.
53
54 - ENHANCE: Rewrite the policy parser to used openpam_readlinev(),
55   which greatly simplifies the code.
56
57 - ENHANCE: The previous implementation of the policy parser relied on
58   the openpam_readline(3) function, which (by design) munges
59   whitespace and understands neither quotes nor backslash escapes.
60   As a result of the aforementioned rewrite, whitespace, quotes and
61   backslash escapes in policy files are now handled in a consistent
62   and predictable manner.
63
64 - ENHANCE: On platforms that have it, use fdlopen(3) to load modules.
65   This closes the race between the ownership / permission check and
66   the dlopen(3) call.
67
68 - ENHANCE: Reduce the amount of pointless error messages generated
69   while searching for a module.
70
71 - ENHANCE: Numerous documentation improvements, both in content and
72   formatting.
73
74 - BUGFIX: A patch incorporated in Lycopsida inadvertantly changed
75   OpenPAM's behavior when several policies exist for the same
76   service, from ignoring all but the first to concatenating them all.
77   Revert to the original behavior.
78
79 - BUGFIX: Plug a memory leak in the policy parser.
80============================================================================
81OpenPAM Lycopsida                                               2011-12-18
82
83 - ENHANCE: removed static build autodetection, which didn't work
84   anyway.  Use an explicit, user-specified preprocessor variable
85   instead.
86
87 - ENHANCE: cleaned up the documentation a bit.
88
89 - ENHANCE: added openpam_subst(3), allowing certain PAM items to be
90   embedded in strings such as prompts.  Apply it to the prompts used
91   by pam_get_user(3) and pam_get_authtok(3).
92
93 - ENHANCE: added support for the user_prompt, authtok_prompt and
94   oldauthtok_prompt module options, which override the prompts passed
95   by the module to pam_set_user(3) and pam_get_authtok(3).
96
97 - ENHANCE: rewrote the policy parser to support quoted option values.
98
99 - ENHANCE: added pamtest(1), a tool for testing modules and policies.
100
101 - ENHANCE: added code to check the ownership and permissions of a
102   module before loading it.
103
104 - ENHANCE: added / improved input validation in many cases, including
105   the policy file and some function arguments.
106============================================================================
107OpenPAM Hydrangea                                               2007-12-21
108
109 - ENHANCE: when compiling with GCC, mark up API functions with GCC
110   attributes where appropriate.
111
112 - BUGFIX: fixed numerous warnings uncovered by GCC 4.
113
114 - ENHANCE: building the documentation is now optional.
115
116 - ENHANCE: corrected a number of mistakes and style issues in the
117   build system.
118
119 - ENHANCE: API function arguments are now const where appropriate, to
120   match corresponding changes in the Solaris PAM and Linux-PAM APIs.
121
122 - ENHANCE: corrected a number of C namespace violations.
123
124 - ENHANCE: the module cache has been removed, allowing long-lived
125   applications to pick up module changes.  This also allows multiple
126   threads to use PAM simultaneously (as long as they use separate PAM
127   contexts), since the module cache was the only part of OpenPAM that
128   was not thread-safe.
129============================================================================
130OpenPAM Figwort                                                 2005-06-16
131
132 - BUGFIX: Correct several small signedness and initialization bugs
133   discovered during review by the NetBSD team.
134
135 - BUGFIX: Modify gendoc.pl to sort cross-references in dictionary
136   order within each section.
137
138 - ENHANCE: if a policy specifies a relative module path, prepend the
139   module directory so we never call dlopen(3) with a relative path.
140
141 - ENHANCE: add a pam.conf(5) manual page.
142============================================================================
143OpenPAM Feterita                                                2005-02-01
144
145 - BUGFIX: Correct numerous markup errors, invalid cross-references,
146   and other issues in the manual pages, with kind assistance from
147   Ruslan Ermilov <ru@freebsd.org>.
148
149 - BUGFIX: Avoid multiple evaluation of macro arguments in ENTERX()
150   and RETURNX() macros.
151
152 - BUGFIX: Remove an unnecessary and non-portable pointer cast in
153   pam_get_data(3).
154
155 - BUGFIX: Fix identical typos in PAM_ACCT_EXPIRED case in
156   pam_strerror(3) and gendoc.pl.
157
158 - ENHANCE: Minor overhaul of the autoconf / build system.
159
160 - ENHANCE: Add openpam_free_envlist(3).
161============================================================================
162OpenPAM Eelgrass                                                2004-02-10
163
164 - BUGFIX: Correct array handling bugs in conversation code.
165
166 - BUGFIX: In openpam_ttyconv(3), don't strip trailing linear
167   whitespace from the user's response.
168
169 - BUGFIX: Many constness issues addressed.
170============================================================================
171OpenPAM Dogwood                                                 2003-07-15
172
173 - ENHANCE: Use the GNU autotools.
174
175 - ENHANCE: Constify the msg field in struct pam_message.
176
177 - BUGFIX: Remove left-over debugging output
178
179 - BUGFIX: Avoid side effects in arguments to the FREE() macro
180
181 - ENHANCE: Make openpam_ttyconv(3) use read(2) rather than fgets(3).
182
183 - BUGFIX: Staticize some variables which shouldn't be global.
184
185 - BUGFIX: Correcly anticipate a NULL user in pam_get_user(3).
186
187 - ENHANCE: Various minor documentation improvements.
188
189Thanks to Dmitry V. Levin <ldv@altlinux.org> for considerable
190assistance with this release.
191============================================================================
192OpenPAM Digitalis                                               2003-06-01
193
194 - ENHANCE: Completely rewrite the configuration parser and add
195   support for the "include" control flag.
196
197 - ENHANCE: Improve portability to NetBSD, OpenBSD and Linux.
198
199 - ENHANCE: Lots of additional paranoia.
200
201 - BUGFIX: The sample su(1) application dropped privileges before
202   forking instead of after.
203
204 - ENHANCE: Document openpam_log(3).
205
206 - ENHANCE: Other minor documentation fixes.
207
208Thanks to Dmitry V. Levin <ldv@altlinux.org> for considerable
209assistance with this release.
210============================================================================
211OpenPAM Dianthus                                                2003-05-02
212
213 - BUGFIX: Initialize some potentially uninitialized variables.
214
215 - BUGFIX: Silence some warnings emitted by gcc -std=iso9899:1999.
216
217 - BUGFIX: In pam_getenv(), return a pointer to the stored variable
218   instead of a freshly allocated copy.
219
220 - ENHANCE: Detect recursion in openpam_borrow_cred()
221
222 - ENHANCE: Make borrowing one's own credentials a no-op.
223
224 - ENHANCE: Further improve debugging support.
225
226 - ENHANCE: Clean up some variable names.
227============================================================================
228OpenPAM Daffodil                                                2003-01-06
229
230 - ENHANCE: Document dependency on <sys/types.h> (for size_t)
231
232 - ENHANCE: Slightly improve error detection in openpam_ttyconv().
233
234 - BUGFIX: Fix several typos in debugging macros.
235============================================================================
236OpenPAM Cyclamen                                                2002-12-12
237
238 - ENHANCE: Improve recursion detection in openpam_dispatch().
239
240 - ENHANCE: Add debugging messages at entry and exit points of most
241   functions.
242
243 - ENHANCE: Fix some minor style issues.
244
245 - BUGFIX: Add default cases to the switches in openpam_log.c.
246
247 - ENHANCE: Add /usr/local/etc/pam.conf to policy search path.
248
249 - BUGFIX: In openpam_ttyconv(3), print the prompt to stdout rather
250   than stderr.
251============================================================================
252OpenPAM Citronella                                              2002-06-30
253
254 - ENHANCE: Add the "binding" control flag (from Solaris 9).
255
256 - ENHANCE: Define struct pam_repository and PAM_REPOSITORY (from
257   Solaris 9).
258
259 - ENHANCE: Flesh out the pam(3) man page.
260
261 - ENHANCE: Add an openpam(3) page with cross-references to all the
262   documented OpenPAM API extensions.
263
264 - ENHANCE: Add a pam_conv(3) man page describing the conversation
265   system.
266
267 - ENHANCE: Improved sample application.
268
269 - ENHANCE: Added sample pam_unix module.
270
271 - BUGFIX: Various documentation nits.
272============================================================================
273OpenPAM Cinquefoil                                              2002-05-24
274
275 - BUGFIX: Various warnings uncovered by gcc 3.1.
276
277 - ENHANCE: Add a null conversation function, openpam_nullconv(3).
278
279 - BUGFIX: Initialize the "other" chain to all zeroes.
280
281 - ENHANCE: Document openpam_ttyconv(3).
282============================================================================
283OpenPAM Cinnamon                                                2002-05-02
284
285 - ENHANCE: Add a null conversation function, openpam_nullconv().
286
287 - BUGFIX: Various markup bugs in the documentation.
288
289 - BUGFIX: Document <security/openpam.h>.
290
291 - BUGFIX: Duplicate expansion of openpam_log() macro arguments.
292
293 - ENHANCE: Restructure the policy-loading code and align our use of
294   the "other" policy with Solaris and Linux-PAM.
295
296 - ENHANCE: Log dlopen() and dlsym() failures.
297
298 - ENHANCE: In openpam_ttyconv(), emit a newline after error and info
299   messages unless the message contains one already.
300
301 - BUGFIX: In pam_vprompt(), initialize the response pointer to NULL
302   so we can detect whether the conversation function touched it.
303============================================================================
304OpenPAM Cineraria                                               2002-04-14
305
306 - BUGFIX: Fix confusion between token and prompt in
307   pam_get_authtok(3).
308
309 - ENHANCE: Improved documentation.
310
311 - ENHANCE: Adopt the same preprocessor tricks that were used in
312   FreeBSD's version of Linux-PAM to simplify static linking without
313   requiring dummy primitives.
314
315 - ENHANCE: Move the policy-loading code out of pam_start.c.
316
317 - BUGFIX: Fix typo in one of the versions of the openpam_log macro.
318
319 - ENHANCE: Add versioning macros.
320============================================================================
321OpenPAM Cinchona                                                2002-04-08
322
323 - ENHANCE: Improved documentation for several API functions.
324
325 - BUGFIX: Fix bug in pam_set_data() that would result in corruption
326   of the module data list.
327
328 - BUGFIX: Allocate the correct amount of memory for the environment
329   list in pam_putenv().
330
331 - ENHANCE: Change pam_get_authtok()'s prototype so the caller can
332   specify what token it wants.  Also introduce PAM_OLDAUTHTOK_PROMPT.
333
334 - BUGFIX: Plug memory leak in pam_get_user() / pam_get_authtok(), and
335   reduce differences between these very similar functions.
336
337 - ENHANCE: Check flags carefully in pam_authenticate() and
338   pam_chauthtok().
339
340 - BUGFIX: Fix bugs in portability code; libpam now builds on NetBSD.
341
342 - ENHANCE: In pam_get_authtok(), if PAM_OLDAUTHTOK is set, we're
343   asked for PAM_AUTHTOK, and we have to prompt the user, prompt her
344   twice and compare the responses.
345
346 - ENHANCE: Add openpam_{borrow,restore}_cred(), for temporarily
347   switching to user credentials.
348
349 - ENHANCE: Add openpam_free_data(), a generic cleanup function for
350   pam_set_data() consumers.
351============================================================================
352OpenPAM Centaury                                                2002-03-14
353
354 - BUGFIX: Add missing #include <string.h> to openpam_log.c.
355
356 - BUGFIX: s/PAM_REINITIALISE_CRED/PAM_REINITIALIZE_CRED/.  XSSO uses
357   the former, but Solaris and Linux-PAM use the latter.
358
359 - BUGFIX: The dynamic loader and the module cache contained a number
360   of bugs which would cause a segmentation fault if pam_start(3) was
361   called again after pam_end(3), as happens in login(1), xdm(1) etc.
362   after a failed login.
363
364 - BUGFIX: Refer to a module by the name used in the policy file, even
365   if the module that was actually loaded was versioned.
366
367 - ENHANCE: Suppress debugging logs, unless compiled with -DDEBUG.
368============================================================================
369OpenPAM Celandine                                               2002-03-05
370
371 - BUGFIX: PAM_TRY_AGAIN is a valid return value for pam_chauthtok().
372
373 - BUGFIX: Run passwd chain twice, first with the PAM_PRELIM_CHECK
374   flag set, then with the PAM_UPDATE_AUTHTOK flag set.
375
376 - BUGFIX: Failure of a "sufficient" module should not terminate the
377   passwd chain if the PAM_PRELIM_CHECK flag is set.
378
379 - BUGFIX: Clear PAM_AUTHTOK after running the service modules.
380
381 - ENHANCE: Prevent applications from specifying the PAM_PRELIM_CHECK
382   or PAM_UPDATE_AUTHTOK flags themselves.
383
384 - BUGFIX: openpam_set_option() did not support changing the value of
385   an existing option.
386
387 - ENHANCE: Add support for module versioning.  OpenPAM will prefer a
388   module with the same version number as the library itself to one
389   with no version number at all.
390============================================================================
391OpenPAM Cantaloupe                                              2002-02-22
392
393 - BUGFIX: The proper use of PAM_SYMBOL_ERR is to indicate an invalid
394   argument to pam_[gs]et_item(3), not to indicate dlsym(3) failures.
395
396 - ENHANCE: Add in-line documentation in most source files, and a Perl
397   script that generates mdoc code from that.
398
399 - BUGFIX: The environment list was not properly NULL-terminated.
400
401 - ENHANCE: Allow the PAM_AUTHTOK_PROMPT item to override the prompt
402   specified by the module.
403
404 - BUGFIX: PAM_NUM_ITEMS was set too low.  It has been moved to
405   pam_constants.h to avoid it going stale again.
406
407 - ENHANCE: Move all code related to static modules into a separate
408   file.
409
410 - ENHANCE: openpam_ttyconv() now masks most signals while prompting the
411   user, and supports setting a timeout (which defaults to off).
412
413 - BUGFIX: Some manual pages referenced XSSO even though they
414   documented OpenPAM-specific functions.
415
416 - ENHANCE: Added openpam_get_option() and openpam_set_option().
417
418 - ENHANCE: openpam_get_authtok() now respects the echo_pass,
419   try_first_pass, and use_first_pass options.
420============================================================================
421OpenPAM Caliopsis                                               2002-02-13
422
423Fixed a number of bugs in the previous release, including:
424  - a number of bugs in and related to pam_[gs]et_item(3)
425  - off-by-one bug in pam_start.c would trim last character off certain
426    configuration lines
427  - incorrect ordering of an array in openpam_load.c would cause service
428    module functions to get mixed up
429  - missing 'continue' in openpam_dispatch.c caused successes to be
430    counted as failures
431============================================================================
432OpenPAM Calamite                                                2002-02-09
433
434First (beta) release.
435============================================================================
436$Id: HISTORY 735 2013-09-07 12:37:27Z des $
Note: See TracBrowser for help on using the repository browser.