1OpenPAM Lycopsida 2011-12-18 2 3 - ENHANCE: removed static build autodetection, which didn't work 4 anyway. Use an explicit, user-specified preprocessor variable 5 instead. 6 7 - ENHANCE: cleaned up the documentation a bit. 8 9 - ENHANCE: added openpam_subst(3), allowing certain PAM items to be 10 embedded in strings such as prompts. Apply it to the prompts used 11 by pam_get_user(3) and pam_get_authtok(3). 12 13 - ENHANCE: added support for the user_prompt, authtok_prompt and 14 oldauthtok_prompt module options, which override the prompts passed 15 by the module to pam_set_user(3) and pam_get_authtok(3). 16 17 - ENHANCE: rewrote the policy parser to support quoted option values. 18 19 - ENHANCE: added pamtest(1), a tool for testing modules and policies. 20 21 - ENHANCE: added code to check the ownership and permissions of a 22 module before loading it. 23 24 - ENHANCE: added / improved input validation in many cases, including 25 the policy file and some function arguments. 26============================================================================ 27OpenPAM Hydrangea 2007-12-21 28 29 - ENHANCE: when compiling with GCC, mark up API functions with GCC 30 attributes where appropriate. 31 32 - BUGFIX: fixed numerous warnings uncovered by GCC 4. 33 34 - ENHANCE: building the documentation is now optional. 35 36 - ENHANCE: corrected a number of mistakes and style issues in the 37 build system. 38 39 - ENHANCE: API function arguments are now const where appropriate, to 40 match corresponding changes in the Solaris PAM and Linux-PAM APIs. 41 42 - ENHANCE: corrected a number of C namespace violations. 43 44 - ENHANCE: the module cache has been removed, allowing long-lived 45 applications to pick up module changes. This also allows multiple 46 threads to use PAM simultaneously (as long as they use separate PAM 47 contexts), since the module cache was the only part of OpenPAM that 48 was not thread-safe. 49============================================================================ 50OpenPAM Figwort 2005-06-16 51 52 - BUGFIX: Correct several small signedness and initialization bugs 53 discovered during review by the NetBSD team. 54 55 - BUGFIX: Modify gendoc.pl to sort cross-references in dictionary 56 order within each section. 57 58 - ENHANCE: if a policy specifies a relative module path, prepend the 59 module directory so we never call dlopen(3) with a relative path. 60 61 - ENHANCE: add a pam.conf(5) manual page. 62============================================================================ 63OpenPAM Feterita 2005-02-01 64 65 - BUGFIX: Correct numerous markup errors, invalid cross-references, 66 and other issues in the manual pages, with kind assistance from 67 Ruslan Ermilov <ru@freebsd.org>. 68 69 - BUGFIX: Avoid multiple evaluation of macro arguments in ENTERX() 70 and RETURNX() macros. 71 72 - BUGFIX: Remove an unnecessary and non-portable pointer cast in 73 pam_get_data(3). 74 75 - BUGFIX: Fix identical typos in PAM_ACCT_EXPIRED case in 76 pam_strerror(3) and gendoc.pl. 77 78 - ENHANCE: Minor overhaul of the autoconf / build system. 79 80 - ENHANCE: Add openpam_free_envlist(3). 81============================================================================ 82OpenPAM Eelgrass 2004-02-10 83 84 - BUGFIX: Correct array handling bugs in conversation code. 85 86 - BUGFIX: In openpam_ttyconv(3), don't strip trailing linear 87 whitespace from the user's response. 88 89 - BUGFIX: Many constness issues addressed. 90============================================================================ 91OpenPAM Dogwood 2003-07-15 92 93 - ENHANCE: Use the GNU autotools. 94 95 - ENHANCE: Constify the msg field in struct pam_message. 96 97 - BUGFIX: Remove left-over debugging output 98 99 - BUGFIX: Avoid side effects in arguments to the FREE() macro 100 101 - ENHANCE: Make openpam_ttyconv(3) use read(2) rather than fgets(3). 102 103 - BUGFIX: Staticize some variables which shouldn't be global. 104 105 - BUGFIX: Correcly anticipate a NULL user in pam_get_user(3). 106 107 - ENHANCE: Various minor documentation improvements. 108 109Thanks to Dmitry V. Levin <ldv@altlinux.org> for considerable 110assistance with this release. 111============================================================================ 112OpenPAM Digitalis 2003-06-01 113 114 - ENHANCE: Completely rewrite the configuration parser and add 115 support for the "include" control flag. 116 117 - ENHANCE: Improve portability to NetBSD, OpenBSD and Linux. 118 119 - ENHANCE: Lots of additional paranoia. 120 121 - BUGFIX: The sample su(1) application dropped privileges before 122 forking instead of after. 123 124 - ENHANCE: Document openpam_log(3). 125 126 - ENHANCE: Other minor documentation fixes. 127 128Thanks to Dmitry V. Levin <ldv@altlinux.org> for considerable 129assistance with this release. 130============================================================================ 131OpenPAM Dianthus 2003-05-02 132 133 - BUGFIX: Initialize some potentially uninitialized variables. 134 135 - BUGFIX: Silence some warnings emitted by gcc -std=iso9899:1999. 136 137 - BUGFIX: In pam_getenv(), return a pointer to the stored variable 138 instead of a freshly allocated copy. 139 140 - ENHANCE: Detect recursion in openpam_borrow_cred() 141 142 - ENHANCE: Make borrowing one's own credentials a no-op. 143 144 - ENHANCE: Further improve debugging support. 145 146 - ENHANCE: Clean up some variable names. 147============================================================================ 148OpenPAM Daffodil 2003-01-06 149 150 - ENHANCE: Document dependency on <sys/types.h> (for size_t) 151 152 - ENHANCE: Slightly improve error detection in openpam_ttyconv(). 153 154 - BUGFIX: Fix several typos in debugging macros. 155============================================================================ 156OpenPAM Cyclamen 2002-12-12 157 158 - ENHANCE: Improve recursion detection in openpam_dispatch(). 159 160 - ENHANCE: Add debugging messages at entry and exit points of most 161 functions. 162 163 - ENHANCE: Fix some minor style issues. 164 165 - BUGFIX: Add default cases to the switches in openpam_log.c. 166 167 - ENHANCE: Add /usr/local/etc/pam.conf to policy search path. 168 169 - BUGFIX: In openpam_ttyconv(3), print the prompt to stdout rather 170 than stderr. 171============================================================================ 172OpenPAM Citronella 2002-06-30 173 174 - ENHANCE: Add the "binding" control flag (from Solaris 9). 175 176 - ENHANCE: Define struct pam_repository and PAM_REPOSITORY (from 177 Solaris 9). 178 179 - ENHANCE: Flesh out the pam(3) man page. 180 181 - ENHANCE: Add an openpam(3) page with cross-references to all the 182 documented OpenPAM API extensions. 183 184 - ENHANCE: Add a pam_conv(3) man page describing the conversation 185 system. 186 187 - ENHANCE: Improved sample application. 188 189 - ENHANCE: Added sample pam_unix module. 190 191 - BUGFIX: Various documentation nits. 192============================================================================ 193OpenPAM Cinquefoil 2002-05-24 194 195 - BUGFIX: Various warnings uncovered by gcc 3.1. 196 197 - ENHANCE: Add a null conversation function, openpam_nullconv(3). 198 199 - BUGFIX: Initialize the "other" chain to all zeroes. 200 201 - ENHANCE: Document openpam_ttyconv(3). 202============================================================================ 203OpenPAM Cinnamon 2002-05-02 204 205 - ENHANCE: Add a null conversation function, openpam_nullconv(). 206 207 - BUGFIX: Various markup bugs in the documentation. 208 209 - BUGFIX: Document <security/openpam.h>. 210 211 - BUGFIX: Duplicate expansion of openpam_log() macro arguments. 212 213 - ENHANCE: Restructure the policy-loading code and align our use of 214 the "other" policy with Solaris and Linux-PAM. 215 216 - ENHANCE: Log dlopen() and dlsym() failures. 217 218 - ENHANCE: In openpam_ttyconv(), emit a newline after error and info 219 messages unless the message contains one already. 220 221 - BUGFIX: In pam_vprompt(), initialize the response pointer to NULL 222 so we can detect whether the conversation function touched it. 223============================================================================ 224OpenPAM Cineraria 2002-04-14 225 226 - BUGFIX: Fix confusion between token and prompt in 227 pam_get_authtok(3). 228 229 - ENHANCE: Improved documentation. 230 231 - ENHANCE: Adopt the same preprocessor tricks that were used in 232 FreeBSD's version of Linux-PAM to simplify static linking without 233 requiring dummy primitives. 234 235 - ENHANCE: Move the policy-loading code out of pam_start.c. 236 237 - BUGFIX: Fix typo in one of the versions of the openpam_log macro. 238 239 - ENHANCE: Add versioning macros. 240============================================================================ 241OpenPAM Cinchona 2002-04-08 242 243 - ENHANCE: Improved documentation for several API functions. 244 245 - BUGFIX: Fix bug in pam_set_data() that would result in corruption 246 of the module data list. 247 248 - BUGFIX: Allocate the correct amount of memory for the environment 249 list in pam_putenv(). 250 251 - ENHANCE: Change pam_get_authtok()'s prototype so the caller can 252 specify what token it wants. Also introduce PAM_OLDAUTHTOK_PROMPT. 253 254 - BUGFIX: Plug memory leak in pam_get_user() / pam_get_authtok(), and 255 reduce differences between these very similar functions. 256 257 - ENHANCE: Check flags carefully in pam_authenticate() and 258 pam_chauthtok(). 259 260 - BUGFIX: Fix bugs in portability code; libpam now builds on NetBSD. 261 262 - ENHANCE: In pam_get_authtok(), if PAM_OLDAUTHTOK is set, we're 263 asked for PAM_AUTHTOK, and we have to prompt the user, prompt her 264 twice and compare the responses. 265 266 - ENHANCE: Add openpam_{borrow,restore}_cred(), for temporarily 267 switching to user credentials. 268 269 - ENHANCE: Add openpam_free_data(), a generic cleanup function for 270 pam_set_data() consumers. 271============================================================================ 272OpenPAM Centaury 2002-03-14 273 274 - BUGFIX: Add missing #include <string.h> to openpam_log.c. 275 276 - BUGFIX: s/PAM_REINITIALISE_CRED/PAM_REINITIALIZE_CRED/. XSSO uses 277 the former, but Solaris and Linux-PAM use the latter. 278 279 - BUGFIX: The dynamic loader and the module cache contained a number 280 of bugs which would cause a segmentation fault if pam_start(3) was 281 called again after pam_end(3), as happens in login(1), xdm(1) etc. 282 after a failed login. 283 284 - BUGFIX: Refer to a module by the name used in the policy file, even 285 if the module that was actually loaded was versioned. 286 287 - ENHANCE: Suppress debugging logs, unless compiled with -DDEBUG. 288============================================================================ 289OpenPAM Celandine 2002-03-05 290 291 - BUGFIX: PAM_TRY_AGAIN is a valid return value for pam_chauthtok(). 292 293 - BUGFIX: Run passwd chain twice, first with the PAM_PRELIM_CHECK 294 flag set, then with the PAM_UPDATE_AUTHTOK flag set. 295 296 - BUGFIX: Failure of a "sufficient" module should not terminate the 297 passwd chain if the PAM_PRELIM_CHECK flag is set. 298 299 - BUGFIX: Clear PAM_AUTHTOK after running the service modules. 300 301 - ENHANCE: Prevent applications from specifying the PAM_PRELIM_CHECK 302 or PAM_UPDATE_AUTHTOK flags themselves. 303 304 - BUGFIX: openpam_set_option() did not support changing the value of 305 an existing option. 306 307 - ENHANCE: Add support for module versioning. OpenPAM will prefer a 308 module with the same version number as the library itself to one 309 with no version number at all. 310============================================================================ 311OpenPAM Cantaloupe 2002-02-22 312 313 - BUGFIX: The proper use of PAM_SYMBOL_ERR is to indicate an invalid 314 argument to pam_[gs]et_item(3), not to indicate dlsym(3) failures. 315 316 - ENHANCE: Add in-line documentation in most source files, and a Perl 317 script that generates mdoc code from that. 318 319 - BUGFIX: The environment list was not properly NULL-terminated. 320 321 - ENHANCE: Allow the PAM_AUTHTOK_PROMPT item to override the prompt 322 specified by the module. 323 324 - BUGFIX: PAM_NUM_ITEMS was set too low. It has been moved to 325 pam_constants.h to avoid it going stale again. 326 327 - ENHANCE: Move all code related to static modules into a separate 328 file. 329 330 - ENHANCE: openpam_ttyconv() now masks most signals while prompting the 331 user, and supports setting a timeout (which defaults to off). 332 333 - BUGFIX: Some manual pages referenced XSSO even though they 334 documented OpenPAM-specific functions. 335 336 - ENHANCE: Added openpam_get_option() and openpam_set_option(). 337 338 - ENHANCE: openpam_get_authtok() now respects the echo_pass, 339 try_first_pass, and use_first_pass options. 340============================================================================ 341OpenPAM Caliopsis 2002-02-13 342 343Fixed a number of bugs in the previous release, including: 344 - a number of bugs in and related to pam_[gs]et_item(3) 345 - off-by-one bug in pam_start.c would trim last character off certain 346 configuration lines 347 - incorrect ordering of an array in openpam_load.c would cause service 348 module functions to get mixed up 349 - missing 'continue' in openpam_dispatch.c caused successes to be 350 counted as failures 351============================================================================ 352OpenPAM Calamite 2002-02-09 353 354First (beta) release. 355============================================================================ 356$Id: HISTORY 504 2011-12-18 14:11:12Z des $ 357