xref: /dragonfly/contrib/openpam/HISTORY (revision 2020c8fe) 
1OpenPAM Lycopsida						2011-12-18
2
3 - ENHANCE: removed static build autodetection, which didn't work
4   anyway.  Use an explicit, user-specified preprocessor variable
5   instead.
6
7 - ENHANCE: cleaned up the documentation a bit.
8
9 - ENHANCE: added openpam_subst(3), allowing certain PAM items to be
10   embedded in strings such as prompts.  Apply it to the prompts used
11   by pam_get_user(3) and pam_get_authtok(3).
12
13 - ENHANCE: added support for the user_prompt, authtok_prompt and
14   oldauthtok_prompt module options, which override the prompts passed
15   by the module to pam_set_user(3) and pam_get_authtok(3).
16
17 - ENHANCE: rewrote the policy parser to support quoted option values.
18
19 - ENHANCE: added pamtest(1), a tool for testing modules and policies.
20
21 - ENHANCE: added code to check the ownership and permissions of a
22   module before loading it.
23
24 - ENHANCE: added / improved input validation in many cases, including
25   the policy file and some function arguments.
26============================================================================
27OpenPAM Hydrangea						2007-12-21
28
29 - ENHANCE: when compiling with GCC, mark up API functions with GCC
30   attributes where appropriate.
31
32 - BUGFIX: fixed numerous warnings uncovered by GCC 4.
33
34 - ENHANCE: building the documentation is now optional.
35
36 - ENHANCE: corrected a number of mistakes and style issues in the
37   build system.
38
39 - ENHANCE: API function arguments are now const where appropriate, to
40   match corresponding changes in the Solaris PAM and Linux-PAM APIs.
41
42 - ENHANCE: corrected a number of C namespace violations.
43
44 - ENHANCE: the module cache has been removed, allowing long-lived
45   applications to pick up module changes.  This also allows multiple
46   threads to use PAM simultaneously (as long as they use separate PAM
47   contexts), since the module cache was the only part of OpenPAM that
48   was not thread-safe.
49============================================================================
50OpenPAM Figwort							2005-06-16
51
52 - BUGFIX: Correct several small signedness and initialization bugs
53   discovered during review by the NetBSD team.
54
55 - BUGFIX: Modify gendoc.pl to sort cross-references in dictionary
56   order within each section.
57
58 - ENHANCE: if a policy specifies a relative module path, prepend the
59   module directory so we never call dlopen(3) with a relative path.
60
61 - ENHANCE: add a pam.conf(5) manual page.
62============================================================================
63OpenPAM Feterita						2005-02-01
64
65 - BUGFIX: Correct numerous markup errors, invalid cross-references,
66   and other issues in the manual pages, with kind assistance from
67   Ruslan Ermilov <ru@freebsd.org>.
68
69 - BUGFIX: Avoid multiple evaluation of macro arguments in ENTERX()
70   and RETURNX() macros.
71
72 - BUGFIX: Remove an unnecessary and non-portable pointer cast in
73   pam_get_data(3).
74
75 - BUGFIX: Fix identical typos in PAM_ACCT_EXPIRED case in
76   pam_strerror(3) and gendoc.pl.
77
78 - ENHANCE: Minor overhaul of the autoconf / build system.
79
80 - ENHANCE: Add openpam_free_envlist(3).
81============================================================================
82OpenPAM Eelgrass						2004-02-10
83
84 - BUGFIX: Correct array handling bugs in conversation code.
85
86 - BUGFIX: In openpam_ttyconv(3), don't strip trailing linear
87   whitespace from the user's response.
88
89 - BUGFIX: Many constness issues addressed.
90============================================================================
91OpenPAM Dogwood							2003-07-15
92
93 - ENHANCE: Use the GNU autotools.
94
95 - ENHANCE: Constify the msg field in struct pam_message.
96
97 - BUGFIX: Remove left-over debugging output
98
99 - BUGFIX: Avoid side effects in arguments to the FREE() macro
100
101 - ENHANCE: Make openpam_ttyconv(3) use read(2) rather than fgets(3).
102
103 - BUGFIX: Staticize some variables which shouldn't be global.
104
105 - BUGFIX: Correcly anticipate a NULL user in pam_get_user(3).
106
107 - ENHANCE: Various minor documentation improvements.
108
109Thanks to Dmitry V. Levin <ldv@altlinux.org> for considerable
110assistance with this release.
111============================================================================
112OpenPAM Digitalis						2003-06-01
113
114 - ENHANCE: Completely rewrite the configuration parser and add
115   support for the "include" control flag.
116
117 - ENHANCE: Improve portability to NetBSD, OpenBSD and Linux.
118
119 - ENHANCE: Lots of additional paranoia.
120
121 - BUGFIX: The sample su(1) application dropped privileges before
122   forking instead of after.
123
124 - ENHANCE: Document openpam_log(3).
125
126 - ENHANCE: Other minor documentation fixes.
127
128Thanks to Dmitry V. Levin <ldv@altlinux.org> for considerable
129assistance with this release.
130============================================================================
131OpenPAM Dianthus						2003-05-02
132
133 - BUGFIX: Initialize some potentially uninitialized variables.
134
135 - BUGFIX: Silence some warnings emitted by gcc -std=iso9899:1999.
136
137 - BUGFIX: In pam_getenv(), return a pointer to the stored variable
138   instead of a freshly allocated copy.
139
140 - ENHANCE: Detect recursion in openpam_borrow_cred()
141
142 - ENHANCE: Make borrowing one's own credentials a no-op.
143
144 - ENHANCE: Further improve debugging support.
145
146 - ENHANCE: Clean up some variable names.
147============================================================================
148OpenPAM Daffodil						2003-01-06
149
150 - ENHANCE: Document dependency on <sys/types.h> (for size_t)
151
152 - ENHANCE: Slightly improve error detection in openpam_ttyconv().
153
154 - BUGFIX: Fix several typos in debugging macros.
155============================================================================
156OpenPAM Cyclamen						2002-12-12
157
158 - ENHANCE: Improve recursion detection in openpam_dispatch().
159
160 - ENHANCE: Add debugging messages at entry and exit points of most
161   functions.
162
163 - ENHANCE: Fix some minor style issues.
164
165 - BUGFIX: Add default cases to the switches in openpam_log.c.
166
167 - ENHANCE: Add /usr/local/etc/pam.conf to policy search path.
168
169 - BUGFIX: In openpam_ttyconv(3), print the prompt to stdout rather
170   than stderr.
171============================================================================
172OpenPAM Citronella						2002-06-30
173
174 - ENHANCE: Add the "binding" control flag (from Solaris 9).
175
176 - ENHANCE: Define struct pam_repository and PAM_REPOSITORY (from
177   Solaris 9).
178
179 - ENHANCE: Flesh out the pam(3) man page.
180
181 - ENHANCE: Add an openpam(3) page with cross-references to all the
182   documented OpenPAM API extensions.
183
184 - ENHANCE: Add a pam_conv(3) man page describing the conversation
185   system.
186
187 - ENHANCE: Improved sample application.
188
189 - ENHANCE: Added sample pam_unix module.
190
191 - BUGFIX: Various documentation nits.
192============================================================================
193OpenPAM Cinquefoil						2002-05-24
194
195 - BUGFIX: Various warnings uncovered by gcc 3.1.
196
197 - ENHANCE: Add a null conversation function, openpam_nullconv(3).
198
199 - BUGFIX: Initialize the "other" chain to all zeroes.
200
201 - ENHANCE: Document openpam_ttyconv(3).
202============================================================================
203OpenPAM Cinnamon						2002-05-02
204
205 - ENHANCE: Add a null conversation function, openpam_nullconv().
206
207 - BUGFIX: Various markup bugs in the documentation.
208
209 - BUGFIX: Document <security/openpam.h>.
210
211 - BUGFIX: Duplicate expansion of openpam_log() macro arguments.
212
213 - ENHANCE: Restructure the policy-loading code and align our use of
214   the "other" policy with Solaris and Linux-PAM.
215
216 - ENHANCE: Log dlopen() and dlsym() failures.
217
218 - ENHANCE: In openpam_ttyconv(), emit a newline after error and info
219   messages unless the message contains one already.
220
221 - BUGFIX: In pam_vprompt(), initialize the response pointer to NULL
222   so we can detect whether the conversation function touched it.
223============================================================================
224OpenPAM Cineraria						2002-04-14
225
226 - BUGFIX: Fix confusion between token and prompt in
227   pam_get_authtok(3).
228
229 - ENHANCE: Improved documentation.
230
231 - ENHANCE: Adopt the same preprocessor tricks that were used in
232   FreeBSD's version of Linux-PAM to simplify static linking without
233   requiring dummy primitives.
234
235 - ENHANCE: Move the policy-loading code out of pam_start.c.
236
237 - BUGFIX: Fix typo in one of the versions of the openpam_log macro.
238
239 - ENHANCE: Add versioning macros.
240============================================================================
241OpenPAM Cinchona						2002-04-08
242
243 - ENHANCE: Improved documentation for several API functions.
244
245 - BUGFIX: Fix bug in pam_set_data() that would result in corruption
246   of the module data list.
247
248 - BUGFIX: Allocate the correct amount of memory for the environment
249   list in pam_putenv().
250
251 - ENHANCE: Change pam_get_authtok()'s prototype so the caller can
252   specify what token it wants.  Also introduce PAM_OLDAUTHTOK_PROMPT.
253
254 - BUGFIX: Plug memory leak in pam_get_user() / pam_get_authtok(), and
255   reduce differences between these very similar functions.
256
257 - ENHANCE: Check flags carefully in pam_authenticate() and
258   pam_chauthtok().
259
260 - BUGFIX: Fix bugs in portability code; libpam now builds on NetBSD.
261
262 - ENHANCE: In pam_get_authtok(), if PAM_OLDAUTHTOK is set, we're
263   asked for PAM_AUTHTOK, and we have to prompt the user, prompt her
264   twice and compare the responses.
265
266 - ENHANCE: Add openpam_{borrow,restore}_cred(), for temporarily
267   switching to user credentials.
268
269 - ENHANCE: Add openpam_free_data(), a generic cleanup function for
270   pam_set_data() consumers.
271============================================================================
272OpenPAM	Centaury						2002-03-14
273
274 - BUGFIX: Add missing #include <string.h> to openpam_log.c.
275
276 - BUGFIX: s/PAM_REINITIALISE_CRED/PAM_REINITIALIZE_CRED/.  XSSO uses
277   the former, but Solaris and Linux-PAM use the latter.
278
279 - BUGFIX: The dynamic loader and the module cache contained a number
280   of bugs which would cause a segmentation fault if pam_start(3) was
281   called again after pam_end(3), as happens in login(1), xdm(1) etc.
282   after a failed login.
283
284 - BUGFIX: Refer to a module by the name used in the policy file, even
285   if the module that was actually loaded was versioned.
286
287 - ENHANCE: Suppress debugging logs, unless compiled with -DDEBUG.
288============================================================================
289OpenPAM Celandine						2002-03-05
290
291 - BUGFIX: PAM_TRY_AGAIN is a valid return value for pam_chauthtok().
292
293 - BUGFIX: Run passwd chain twice, first with the PAM_PRELIM_CHECK
294   flag set, then with the PAM_UPDATE_AUTHTOK flag set.
295
296 - BUGFIX: Failure of a "sufficient" module should not terminate the
297   passwd chain if the PAM_PRELIM_CHECK flag is set.
298
299 - BUGFIX: Clear PAM_AUTHTOK after running the service modules.
300
301 - ENHANCE: Prevent applications from specifying the PAM_PRELIM_CHECK
302   or PAM_UPDATE_AUTHTOK flags themselves.
303
304 - BUGFIX: openpam_set_option() did not support changing the value of
305   an existing option.
306
307 - ENHANCE: Add support for module versioning.  OpenPAM will prefer a
308   module with the same version number as the library itself to one
309   with no version number at all.
310============================================================================
311OpenPAM	Cantaloupe						2002-02-22
312
313 - BUGFIX: The proper use of PAM_SYMBOL_ERR is to indicate an invalid
314   argument to pam_[gs]et_item(3), not to indicate dlsym(3) failures.
315
316 - ENHANCE: Add in-line documentation in most source files, and a Perl
317   script that generates mdoc code from that.
318
319 - BUGFIX: The environment list was not properly NULL-terminated.
320
321 - ENHANCE: Allow the PAM_AUTHTOK_PROMPT item to override the prompt
322   specified by the module.
323
324 - BUGFIX: PAM_NUM_ITEMS was set too low.  It has been moved to
325   pam_constants.h to avoid it going stale again.
326
327 - ENHANCE: Move all code related to static modules into a separate
328   file.
329
330 - ENHANCE: openpam_ttyconv() now masks most signals while prompting the
331   user, and supports setting a timeout (which defaults to off).
332
333 - BUGFIX: Some manual pages referenced XSSO even though they
334   documented OpenPAM-specific functions.
335
336 - ENHANCE: Added openpam_get_option() and openpam_set_option().
337
338 - ENHANCE: openpam_get_authtok() now respects the echo_pass,
339   try_first_pass, and use_first_pass options.
340============================================================================
341OpenPAM	Caliopsis						2002-02-13
342
343Fixed a number of bugs in the previous release, including:
344  - a number of bugs in and related to pam_[gs]et_item(3)
345  - off-by-one bug in pam_start.c would trim last character off certain
346    configuration lines
347  - incorrect ordering of an array in openpam_load.c would cause service
348    module functions to get mixed up
349  - missing 'continue' in openpam_dispatch.c caused successes to be
350    counted as failures
351============================================================================
352OpenPAM	Calamite						2002-02-09
353
354First (beta) release.
355============================================================================
356$Id: HISTORY 504 2011-12-18 14:11:12Z des $
357