source: openpam/trunk/HISTORY @ 764

Last change on this file since 764 was 764, checked in by Dag-Erling Smørgrav, 7 years ago

Document the is_upper() bug.

  • Property svn:eol-style set to native
  • Property svn:keywords set to Id
  • Property svn:mime-type set to text/plain
File size: 16.3 KB
Line 
1OpenPAM ??????????                                              2014-??-??
2
3 - FEATURE: Add a pam_oath module that implements RFC 4226 (HOTP) and
4   RFC 6238 (TOTP).
5
6 - BUGFIX: The is_upper() predicate only accepted the letter A as an
7   upper-case character instead of the entire A-Z range.  As a result,
8   service and module names containing upper-case letters other than A
9   would be rejected.
10============================================================================
11OpenPAM Nummularia                                              2013-09-07
12
13 - ENHANCE: Rewrite the dynamic loader to improve readability and
14   reliability.  Modules can now be listed without the ".so" suffix in
15   the policy file; OpenPAM will automatically add it, just like it
16   will automatically add the version number if required.
17
18 - ENHANCE: Allow openpam_straddch(3) to be called without a character
19   so it can be used to preallocate a string.
20
21 - ENHANCE: Improve portability by adding simple asprintf(3) and
22   vasprintf(3) implementations for platforms that don't have them.
23
24 - ENHANCE: Move the libpam sources into a separate subdirectory.
25
26 - ENHANCE: Substantial documentation improvements.
27
28 - BUGFIX: When openpam_readword(3) encountered an opening quote, it
29   would set the first byte in the buffer to '\0', discarding all
30   existing text and, unless the buffer was empty to begin with, all
31   subsequent text as well.  This went unnoticed because none of the
32   unit tests for quoted strings had any text preceding the opening
33   quote.
34
35 - BUGFIX: make --with-modules-dir work the way it was meant to work
36   (but never did).
37============================================================================
38OpenPAM Micrampelis                                             2012-05-26
39
40 - FEATURE: Add an openpam_readword(3) function which reads the next
41   word from an input stream, applying shell quoting and escaping
42   rules.  Add numerous unit tests for openpam_readword(3).
43
44 - FEATURE: Add an openpam_readlinev(3) function which uses the
45   openpam_readword(3) function to read words from an input stream one
46   at a time until it reaches an unquoted, unescaped newline, and
47   returns an array of those words.  Add several unit tests for
48   openpam_readlinev(3).
49
50 - FEATURE: Add a PAM_HOST item which pam_start(3) initializes to the
51   machine's hostname.  This was implemented in Lycopsida but
52   inadvertantly left out of the release notes.
53
54 - FEATURE: In pam_get_authtok(3), if neither the application nor the
55   module have specified a prompt and PAM_HOST and PAM_RHOST are both
56   defined but not equal, use a different default prompt that includes
57   PAM_USER and PAM_HOST.
58
59 - ENHANCE: Rewrite the policy parser to used openpam_readlinev(),
60   which greatly simplifies the code.
61
62 - ENHANCE: The previous implementation of the policy parser relied on
63   the openpam_readline(3) function, which (by design) munges
64   whitespace and understands neither quotes nor backslash escapes.
65   As a result of the aforementioned rewrite, whitespace, quotes and
66   backslash escapes in policy files are now handled in a consistent
67   and predictable manner.
68
69 - ENHANCE: On platforms that have it, use fdlopen(3) to load modules.
70   This closes the race between the ownership / permission check and
71   the dlopen(3) call.
72
73 - ENHANCE: Reduce the amount of pointless error messages generated
74   while searching for a module.
75
76 - ENHANCE: Numerous documentation improvements, both in content and
77   formatting.
78
79 - BUGFIX: A patch incorporated in Lycopsida inadvertantly changed
80   OpenPAM's behavior when several policies exist for the same
81   service, from ignoring all but the first to concatenating them all.
82   Revert to the original behavior.
83
84 - BUGFIX: Plug a memory leak in the policy parser.
85============================================================================
86OpenPAM Lycopsida                                               2011-12-18
87
88 - ENHANCE: removed static build autodetection, which didn't work
89   anyway.  Use an explicit, user-specified preprocessor variable
90   instead.
91
92 - ENHANCE: cleaned up the documentation a bit.
93
94 - ENHANCE: added openpam_subst(3), allowing certain PAM items to be
95   embedded in strings such as prompts.  Apply it to the prompts used
96   by pam_get_user(3) and pam_get_authtok(3).
97
98 - ENHANCE: added support for the user_prompt, authtok_prompt and
99   oldauthtok_prompt module options, which override the prompts passed
100   by the module to pam_set_user(3) and pam_get_authtok(3).
101
102 - ENHANCE: rewrote the policy parser to support quoted option values.
103
104 - ENHANCE: added pamtest(1), a tool for testing modules and policies.
105
106 - ENHANCE: added code to check the ownership and permissions of a
107   module before loading it.
108
109 - ENHANCE: added / improved input validation in many cases, including
110   the policy file and some function arguments.
111============================================================================
112OpenPAM Hydrangea                                               2007-12-21
113
114 - ENHANCE: when compiling with GCC, mark up API functions with GCC
115   attributes where appropriate.
116
117 - BUGFIX: fixed numerous warnings uncovered by GCC 4.
118
119 - ENHANCE: building the documentation is now optional.
120
121 - ENHANCE: corrected a number of mistakes and style issues in the
122   build system.
123
124 - ENHANCE: API function arguments are now const where appropriate, to
125   match corresponding changes in the Solaris PAM and Linux-PAM APIs.
126
127 - ENHANCE: corrected a number of C namespace violations.
128
129 - ENHANCE: the module cache has been removed, allowing long-lived
130   applications to pick up module changes.  This also allows multiple
131   threads to use PAM simultaneously (as long as they use separate PAM
132   contexts), since the module cache was the only part of OpenPAM that
133   was not thread-safe.
134============================================================================
135OpenPAM Figwort                                                 2005-06-16
136
137 - BUGFIX: Correct several small signedness and initialization bugs
138   discovered during review by the NetBSD team.
139
140 - BUGFIX: Modify gendoc.pl to sort cross-references in dictionary
141   order within each section.
142
143 - ENHANCE: if a policy specifies a relative module path, prepend the
144   module directory so we never call dlopen(3) with a relative path.
145
146 - ENHANCE: add a pam.conf(5) manual page.
147============================================================================
148OpenPAM Feterita                                                2005-02-01
149
150 - BUGFIX: Correct numerous markup errors, invalid cross-references,
151   and other issues in the manual pages, with kind assistance from
152   Ruslan Ermilov <ru@freebsd.org>.
153
154 - BUGFIX: Avoid multiple evaluation of macro arguments in ENTERX()
155   and RETURNX() macros.
156
157 - BUGFIX: Remove an unnecessary and non-portable pointer cast in
158   pam_get_data(3).
159
160 - BUGFIX: Fix identical typos in PAM_ACCT_EXPIRED case in
161   pam_strerror(3) and gendoc.pl.
162
163 - ENHANCE: Minor overhaul of the autoconf / build system.
164
165 - ENHANCE: Add openpam_free_envlist(3).
166============================================================================
167OpenPAM Eelgrass                                                2004-02-10
168
169 - BUGFIX: Correct array handling bugs in conversation code.
170
171 - BUGFIX: In openpam_ttyconv(3), don't strip trailing linear
172   whitespace from the user's response.
173
174 - BUGFIX: Many constness issues addressed.
175============================================================================
176OpenPAM Dogwood                                                 2003-07-15
177
178 - ENHANCE: Use the GNU autotools.
179
180 - ENHANCE: Constify the msg field in struct pam_message.
181
182 - BUGFIX: Remove left-over debugging output
183
184 - BUGFIX: Avoid side effects in arguments to the FREE() macro
185
186 - ENHANCE: Make openpam_ttyconv(3) use read(2) rather than fgets(3).
187
188 - BUGFIX: Staticize some variables which shouldn't be global.
189
190 - BUGFIX: Correcly anticipate a NULL user in pam_get_user(3).
191
192 - ENHANCE: Various minor documentation improvements.
193
194Thanks to Dmitry V. Levin <ldv@altlinux.org> for considerable
195assistance with this release.
196============================================================================
197OpenPAM Digitalis                                               2003-06-01
198
199 - ENHANCE: Completely rewrite the configuration parser and add
200   support for the "include" control flag.
201
202 - ENHANCE: Improve portability to NetBSD, OpenBSD and Linux.
203
204 - ENHANCE: Lots of additional paranoia.
205
206 - BUGFIX: The sample su(1) application dropped privileges before
207   forking instead of after.
208
209 - ENHANCE: Document openpam_log(3).
210
211 - ENHANCE: Other minor documentation fixes.
212
213Thanks to Dmitry V. Levin <ldv@altlinux.org> for considerable
214assistance with this release.
215============================================================================
216OpenPAM Dianthus                                                2003-05-02
217
218 - BUGFIX: Initialize some potentially uninitialized variables.
219
220 - BUGFIX: Silence some warnings emitted by gcc -std=iso9899:1999.
221
222 - BUGFIX: In pam_getenv(), return a pointer to the stored variable
223   instead of a freshly allocated copy.
224
225 - ENHANCE: Detect recursion in openpam_borrow_cred()
226
227 - ENHANCE: Make borrowing one's own credentials a no-op.
228
229 - ENHANCE: Further improve debugging support.
230
231 - ENHANCE: Clean up some variable names.
232============================================================================
233OpenPAM Daffodil                                                2003-01-06
234
235 - ENHANCE: Document dependency on <sys/types.h> (for size_t)
236
237 - ENHANCE: Slightly improve error detection in openpam_ttyconv().
238
239 - BUGFIX: Fix several typos in debugging macros.
240============================================================================
241OpenPAM Cyclamen                                                2002-12-12
242
243 - ENHANCE: Improve recursion detection in openpam_dispatch().
244
245 - ENHANCE: Add debugging messages at entry and exit points of most
246   functions.
247
248 - ENHANCE: Fix some minor style issues.
249
250 - BUGFIX: Add default cases to the switches in openpam_log.c.
251
252 - ENHANCE: Add /usr/local/etc/pam.conf to policy search path.
253
254 - BUGFIX: In openpam_ttyconv(3), print the prompt to stdout rather
255   than stderr.
256============================================================================
257OpenPAM Citronella                                              2002-06-30
258
259 - ENHANCE: Add the "binding" control flag (from Solaris 9).
260
261 - ENHANCE: Define struct pam_repository and PAM_REPOSITORY (from
262   Solaris 9).
263
264 - ENHANCE: Flesh out the pam(3) man page.
265
266 - ENHANCE: Add an openpam(3) page with cross-references to all the
267   documented OpenPAM API extensions.
268
269 - ENHANCE: Add a pam_conv(3) man page describing the conversation
270   system.
271
272 - ENHANCE: Improved sample application.
273
274 - ENHANCE: Added sample pam_unix module.
275
276 - BUGFIX: Various documentation nits.
277============================================================================
278OpenPAM Cinquefoil                                              2002-05-24
279
280 - BUGFIX: Various warnings uncovered by gcc 3.1.
281
282 - ENHANCE: Add a null conversation function, openpam_nullconv(3).
283
284 - BUGFIX: Initialize the "other" chain to all zeroes.
285
286 - ENHANCE: Document openpam_ttyconv(3).
287============================================================================
288OpenPAM Cinnamon                                                2002-05-02
289
290 - ENHANCE: Add a null conversation function, openpam_nullconv().
291
292 - BUGFIX: Various markup bugs in the documentation.
293
294 - BUGFIX: Document <security/openpam.h>.
295
296 - BUGFIX: Duplicate expansion of openpam_log() macro arguments.
297
298 - ENHANCE: Restructure the policy-loading code and align our use of
299   the "other" policy with Solaris and Linux-PAM.
300
301 - ENHANCE: Log dlopen() and dlsym() failures.
302
303 - ENHANCE: In openpam_ttyconv(), emit a newline after error and info
304   messages unless the message contains one already.
305
306 - BUGFIX: In pam_vprompt(), initialize the response pointer to NULL
307   so we can detect whether the conversation function touched it.
308============================================================================
309OpenPAM Cineraria                                               2002-04-14
310
311 - BUGFIX: Fix confusion between token and prompt in
312   pam_get_authtok(3).
313
314 - ENHANCE: Improved documentation.
315
316 - ENHANCE: Adopt the same preprocessor tricks that were used in
317   FreeBSD's version of Linux-PAM to simplify static linking without
318   requiring dummy primitives.
319
320 - ENHANCE: Move the policy-loading code out of pam_start.c.
321
322 - BUGFIX: Fix typo in one of the versions of the openpam_log macro.
323
324 - ENHANCE: Add versioning macros.
325============================================================================
326OpenPAM Cinchona                                                2002-04-08
327
328 - ENHANCE: Improved documentation for several API functions.
329
330 - BUGFIX: Fix bug in pam_set_data() that would result in corruption
331   of the module data list.
332
333 - BUGFIX: Allocate the correct amount of memory for the environment
334   list in pam_putenv().
335
336 - ENHANCE: Change pam_get_authtok()'s prototype so the caller can
337   specify what token it wants.  Also introduce PAM_OLDAUTHTOK_PROMPT.
338
339 - BUGFIX: Plug memory leak in pam_get_user() / pam_get_authtok(), and
340   reduce differences between these very similar functions.
341
342 - ENHANCE: Check flags carefully in pam_authenticate() and
343   pam_chauthtok().
344
345 - BUGFIX: Fix bugs in portability code; libpam now builds on NetBSD.
346
347 - ENHANCE: In pam_get_authtok(), if PAM_OLDAUTHTOK is set, we're
348   asked for PAM_AUTHTOK, and we have to prompt the user, prompt her
349   twice and compare the responses.
350
351 - ENHANCE: Add openpam_{borrow,restore}_cred(), for temporarily
352   switching to user credentials.
353
354 - ENHANCE: Add openpam_free_data(), a generic cleanup function for
355   pam_set_data() consumers.
356============================================================================
357OpenPAM Centaury                                                2002-03-14
358
359 - BUGFIX: Add missing #include <string.h> to openpam_log.c.
360
361 - BUGFIX: s/PAM_REINITIALISE_CRED/PAM_REINITIALIZE_CRED/.  XSSO uses
362   the former, but Solaris and Linux-PAM use the latter.
363
364 - BUGFIX: The dynamic loader and the module cache contained a number
365   of bugs which would cause a segmentation fault if pam_start(3) was
366   called again after pam_end(3), as happens in login(1), xdm(1) etc.
367   after a failed login.
368
369 - BUGFIX: Refer to a module by the name used in the policy file, even
370   if the module that was actually loaded was versioned.
371
372 - ENHANCE: Suppress debugging logs, unless compiled with -DDEBUG.
373============================================================================
374OpenPAM Celandine                                               2002-03-05
375
376 - BUGFIX: PAM_TRY_AGAIN is a valid return value for pam_chauthtok().
377
378 - BUGFIX: Run passwd chain twice, first with the PAM_PRELIM_CHECK
379   flag set, then with the PAM_UPDATE_AUTHTOK flag set.
380
381 - BUGFIX: Failure of a "sufficient" module should not terminate the
382   passwd chain if the PAM_PRELIM_CHECK flag is set.
383
384 - BUGFIX: Clear PAM_AUTHTOK after running the service modules.
385
386 - ENHANCE: Prevent applications from specifying the PAM_PRELIM_CHECK
387   or PAM_UPDATE_AUTHTOK flags themselves.
388
389 - BUGFIX: openpam_set_option() did not support changing the value of
390   an existing option.
391
392 - ENHANCE: Add support for module versioning.  OpenPAM will prefer a
393   module with the same version number as the library itself to one
394   with no version number at all.
395============================================================================
396OpenPAM Cantaloupe                                              2002-02-22
397
398 - BUGFIX: The proper use of PAM_SYMBOL_ERR is to indicate an invalid
399   argument to pam_[gs]et_item(3), not to indicate dlsym(3) failures.
400
401 - ENHANCE: Add in-line documentation in most source files, and a Perl
402   script that generates mdoc code from that.
403
404 - BUGFIX: The environment list was not properly NULL-terminated.
405
406 - ENHANCE: Allow the PAM_AUTHTOK_PROMPT item to override the prompt
407   specified by the module.
408
409 - BUGFIX: PAM_NUM_ITEMS was set too low.  It has been moved to
410   pam_constants.h to avoid it going stale again.
411
412 - ENHANCE: Move all code related to static modules into a separate
413   file.
414
415 - ENHANCE: openpam_ttyconv() now masks most signals while prompting the
416   user, and supports setting a timeout (which defaults to off).
417
418 - BUGFIX: Some manual pages referenced XSSO even though they
419   documented OpenPAM-specific functions.
420
421 - ENHANCE: Added openpam_get_option() and openpam_set_option().
422
423 - ENHANCE: openpam_get_authtok() now respects the echo_pass,
424   try_first_pass, and use_first_pass options.
425============================================================================
426OpenPAM Caliopsis                                               2002-02-13
427
428Fixed a number of bugs in the previous release, including:
429  - a number of bugs in and related to pam_[gs]et_item(3)
430  - off-by-one bug in pam_start.c would trim last character off certain
431    configuration lines
432  - incorrect ordering of an array in openpam_load.c would cause service
433    module functions to get mixed up
434  - missing 'continue' in openpam_dispatch.c caused successes to be
435    counted as failures
436============================================================================
437OpenPAM Calamite                                                2002-02-09
438
439First (beta) release.
440============================================================================
441$Id: HISTORY 764 2014-02-26 17:30:57Z des $
Note: See TracBrowser for help on using the repository browser.