HISTORY revision 236109
1OpenPAM Micrampelis						2012-05-26
2
3 - FEATURE: Add an openpam_readword(3) function which reads the next
4   word from an input stream, applying shell quoting and escaping
5   rules.  Add numerous unit tests for openpam_readword(3).
6
7 - FEATURE: Add an openpam_readlinev(3) function which uses the
8   openpam_readword(3) function to read words from an input stream one
9   at a time until it reaches an unquoted, unescaped newline, and
10   returns an array of those words.  Add several unit tests for
11   openpam_readlinev(3).
12
13 - FEATURE: Add a PAM_HOST item which pam_start(3) initializes to the
14   machine's hostname.  This was implemented in Lycopsida but
15   inadvertantly left out of the release notes.
16
17 - FEATURE: In pam_get_authtok(3), if neither the application nor the
18   module have specified a prompt and PAM_HOST and PAM_RHOST are both
19   defined but not equal, use a different default prompt that includes
20   PAM_USER and PAM_HOST.
21
22 - ENHANCE: Rewrite the policy parser to used openpam_readlinev(),
23   which greatly simplifies the code.
24
25 - ENHANCE: The previous implementation of the policy parser relied on
26   the openpam_readline(3) function, which (by design) munges
27   whitespace and understands neither quotes nor backslash escapes.
28   As a result of the aforementioned rewrite, whitespace, quotes and
29   backslash escapes in policy files are now handled in a consistent
30   and predictable manner.
31
32 - ENHANCE: On platforms that have it, use fdlopen(3) to load modules.
33   This closes the race between the ownership / permission check and
34   the dlopen(3) call.
35
36 - ENHANCE: Reduce the amount of pointless error messages generated
37   while searching for a module.
38
39 - ENHANCE: Numerous documentation improvements, both in content and
40   formatting.
41
42 - BUGFIX: A patch incorporated in Lycopsida inadvertantly changed
43   OpenPAM's behavior when several policies exist for the same
44   service, from ignoring all but the first to concatenating them all.
45   Revert to the original behavior.
46
47 - BUGFIX: Plug a memory leak in the policy parser.
48============================================================================
49OpenPAM Lycopsida						2011-12-18
50
51 - ENHANCE: removed static build autodetection, which didn't work
52   anyway.  Use an explicit, user-specified preprocessor variable
53   instead.
54
55 - ENHANCE: cleaned up the documentation a bit.
56
57 - ENHANCE: added openpam_subst(3), allowing certain PAM items to be
58   embedded in strings such as prompts.  Apply it to the prompts used
59   by pam_get_user(3) and pam_get_authtok(3).
60
61 - ENHANCE: added support for the user_prompt, authtok_prompt and
62   oldauthtok_prompt module options, which override the prompts passed
63   by the module to pam_set_user(3) and pam_get_authtok(3).
64
65 - ENHANCE: rewrote the policy parser to support quoted option values.
66
67 - ENHANCE: added pamtest(1), a tool for testing modules and policies.
68
69 - ENHANCE: added code to check the ownership and permissions of a
70   module before loading it.
71
72 - ENHANCE: added / improved input validation in many cases, including
73   the policy file and some function arguments.
74============================================================================
75OpenPAM Hydrangea						2007-12-21
76
77 - ENHANCE: when compiling with GCC, mark up API functions with GCC
78   attributes where appropriate.
79
80 - BUGFIX: fixed numerous warnings uncovered by GCC 4.
81
82 - ENHANCE: building the documentation is now optional.
83
84 - ENHANCE: corrected a number of mistakes and style issues in the
85   build system.
86
87 - ENHANCE: API function arguments are now const where appropriate, to
88   match corresponding changes in the Solaris PAM and Linux-PAM APIs.
89
90 - ENHANCE: corrected a number of C namespace violations.
91
92 - ENHANCE: the module cache has been removed, allowing long-lived
93   applications to pick up module changes.  This also allows multiple
94   threads to use PAM simultaneously (as long as they use separate PAM
95   contexts), since the module cache was the only part of OpenPAM that
96   was not thread-safe.
97============================================================================
98OpenPAM Figwort							2005-06-16
99
100 - BUGFIX: Correct several small signedness and initialization bugs
101   discovered during review by the NetBSD team.
102
103 - BUGFIX: Modify gendoc.pl to sort cross-references in dictionary
104   order within each section.
105
106 - ENHANCE: if a policy specifies a relative module path, prepend the
107   module directory so we never call dlopen(3) with a relative path.
108
109 - ENHANCE: add a pam.conf(5) manual page.
110============================================================================
111OpenPAM Feterita						2005-02-01
112
113 - BUGFIX: Correct numerous markup errors, invalid cross-references,
114   and other issues in the manual pages, with kind assistance from
115   Ruslan Ermilov <ru@freebsd.org>.
116
117 - BUGFIX: Avoid multiple evaluation of macro arguments in ENTERX()
118   and RETURNX() macros.
119
120 - BUGFIX: Remove an unnecessary and non-portable pointer cast in
121   pam_get_data(3).
122
123 - BUGFIX: Fix identical typos in PAM_ACCT_EXPIRED case in
124   pam_strerror(3) and gendoc.pl.
125
126 - ENHANCE: Minor overhaul of the autoconf / build system.
127
128 - ENHANCE: Add openpam_free_envlist(3).
129============================================================================
130OpenPAM Eelgrass						2004-02-10
131
132 - BUGFIX: Correct array handling bugs in conversation code.
133
134 - BUGFIX: In openpam_ttyconv(3), don't strip trailing linear
135   whitespace from the user's response.
136
137 - BUGFIX: Many constness issues addressed.
138============================================================================
139OpenPAM Dogwood							2003-07-15
140
141 - ENHANCE: Use the GNU autotools.
142
143 - ENHANCE: Constify the msg field in struct pam_message.
144
145 - BUGFIX: Remove left-over debugging output
146
147 - BUGFIX: Avoid side effects in arguments to the FREE() macro
148
149 - ENHANCE: Make openpam_ttyconv(3) use read(2) rather than fgets(3).
150
151 - BUGFIX: Staticize some variables which shouldn't be global.
152
153 - BUGFIX: Correcly anticipate a NULL user in pam_get_user(3).
154
155 - ENHANCE: Various minor documentation improvements.
156
157Thanks to Dmitry V. Levin <ldv@altlinux.org> for considerable
158assistance with this release.
159============================================================================
160OpenPAM Digitalis						2003-06-01
161
162 - ENHANCE: Completely rewrite the configuration parser and add
163   support for the "include" control flag.
164
165 - ENHANCE: Improve portability to NetBSD, OpenBSD and Linux.
166
167 - ENHANCE: Lots of additional paranoia.
168
169 - BUGFIX: The sample su(1) application dropped privileges before
170   forking instead of after.
171
172 - ENHANCE: Document openpam_log(3).
173
174 - ENHANCE: Other minor documentation fixes.
175
176Thanks to Dmitry V. Levin <ldv@altlinux.org> for considerable
177assistance with this release.
178============================================================================
179OpenPAM Dianthus						2003-05-02
180
181 - BUGFIX: Initialize some potentially uninitialized variables.
182
183 - BUGFIX: Silence some warnings emitted by gcc -std=iso9899:1999.
184
185 - BUGFIX: In pam_getenv(), return a pointer to the stored variable
186   instead of a freshly allocated copy.
187
188 - ENHANCE: Detect recursion in openpam_borrow_cred()
189
190 - ENHANCE: Make borrowing one's own credentials a no-op.
191
192 - ENHANCE: Further improve debugging support.
193
194 - ENHANCE: Clean up some variable names.
195============================================================================
196OpenPAM Daffodil						2003-01-06
197
198 - ENHANCE: Document dependency on <sys/types.h> (for size_t)
199
200 - ENHANCE: Slightly improve error detection in openpam_ttyconv().
201
202 - BUGFIX: Fix several typos in debugging macros.
203============================================================================
204OpenPAM Cyclamen						2002-12-12
205
206 - ENHANCE: Improve recursion detection in openpam_dispatch().
207
208 - ENHANCE: Add debugging messages at entry and exit points of most
209   functions.
210
211 - ENHANCE: Fix some minor style issues.
212
213 - BUGFIX: Add default cases to the switches in openpam_log.c.
214
215 - ENHANCE: Add /usr/local/etc/pam.conf to policy search path.
216
217 - BUGFIX: In openpam_ttyconv(3), print the prompt to stdout rather
218   than stderr.
219============================================================================
220OpenPAM Citronella						2002-06-30
221
222 - ENHANCE: Add the "binding" control flag (from Solaris 9).
223
224 - ENHANCE: Define struct pam_repository and PAM_REPOSITORY (from
225   Solaris 9).
226
227 - ENHANCE: Flesh out the pam(3) man page.
228
229 - ENHANCE: Add an openpam(3) page with cross-references to all the
230   documented OpenPAM API extensions.
231
232 - ENHANCE: Add a pam_conv(3) man page describing the conversation
233   system.
234
235 - ENHANCE: Improved sample application.
236
237 - ENHANCE: Added sample pam_unix module.
238
239 - BUGFIX: Various documentation nits.
240============================================================================
241OpenPAM Cinquefoil						2002-05-24
242
243 - BUGFIX: Various warnings uncovered by gcc 3.1.
244
245 - ENHANCE: Add a null conversation function, openpam_nullconv(3).
246
247 - BUGFIX: Initialize the "other" chain to all zeroes.
248
249 - ENHANCE: Document openpam_ttyconv(3).
250============================================================================
251OpenPAM Cinnamon						2002-05-02
252
253 - ENHANCE: Add a null conversation function, openpam_nullconv().
254
255 - BUGFIX: Various markup bugs in the documentation.
256
257 - BUGFIX: Document <security/openpam.h>.
258
259 - BUGFIX: Duplicate expansion of openpam_log() macro arguments.
260
261 - ENHANCE: Restructure the policy-loading code and align our use of
262   the "other" policy with Solaris and Linux-PAM.
263
264 - ENHANCE: Log dlopen() and dlsym() failures.
265
266 - ENHANCE: In openpam_ttyconv(), emit a newline after error and info
267   messages unless the message contains one already.
268
269 - BUGFIX: In pam_vprompt(), initialize the response pointer to NULL
270   so we can detect whether the conversation function touched it.
271============================================================================
272OpenPAM Cineraria						2002-04-14
273
274 - BUGFIX: Fix confusion between token and prompt in
275   pam_get_authtok(3).
276
277 - ENHANCE: Improved documentation.
278
279 - ENHANCE: Adopt the same preprocessor tricks that were used in
280   FreeBSD's version of Linux-PAM to simplify static linking without
281   requiring dummy primitives.
282
283 - ENHANCE: Move the policy-loading code out of pam_start.c.
284
285 - BUGFIX: Fix typo in one of the versions of the openpam_log macro.
286
287 - ENHANCE: Add versioning macros.
288============================================================================
289OpenPAM Cinchona						2002-04-08
290
291 - ENHANCE: Improved documentation for several API functions.
292
293 - BUGFIX: Fix bug in pam_set_data() that would result in corruption
294   of the module data list.
295
296 - BUGFIX: Allocate the correct amount of memory for the environment
297   list in pam_putenv().
298
299 - ENHANCE: Change pam_get_authtok()'s prototype so the caller can
300   specify what token it wants.  Also introduce PAM_OLDAUTHTOK_PROMPT.
301
302 - BUGFIX: Plug memory leak in pam_get_user() / pam_get_authtok(), and
303   reduce differences between these very similar functions.
304
305 - ENHANCE: Check flags carefully in pam_authenticate() and
306   pam_chauthtok().
307
308 - BUGFIX: Fix bugs in portability code; libpam now builds on NetBSD.
309
310 - ENHANCE: In pam_get_authtok(), if PAM_OLDAUTHTOK is set, we're
311   asked for PAM_AUTHTOK, and we have to prompt the user, prompt her
312   twice and compare the responses.
313
314 - ENHANCE: Add openpam_{borrow,restore}_cred(), for temporarily
315   switching to user credentials.
316
317 - ENHANCE: Add openpam_free_data(), a generic cleanup function for
318   pam_set_data() consumers.
319============================================================================
320OpenPAM Centaury						2002-03-14
321
322 - BUGFIX: Add missing #include <string.h> to openpam_log.c.
323
324 - BUGFIX: s/PAM_REINITIALISE_CRED/PAM_REINITIALIZE_CRED/.  XSSO uses
325   the former, but Solaris and Linux-PAM use the latter.
326
327 - BUGFIX: The dynamic loader and the module cache contained a number
328   of bugs which would cause a segmentation fault if pam_start(3) was
329   called again after pam_end(3), as happens in login(1), xdm(1) etc.
330   after a failed login.
331
332 - BUGFIX: Refer to a module by the name used in the policy file, even
333   if the module that was actually loaded was versioned.
334
335 - ENHANCE: Suppress debugging logs, unless compiled with -DDEBUG.
336============================================================================
337OpenPAM Celandine						2002-03-05
338
339 - BUGFIX: PAM_TRY_AGAIN is a valid return value for pam_chauthtok().
340
341 - BUGFIX: Run passwd chain twice, first with the PAM_PRELIM_CHECK
342   flag set, then with the PAM_UPDATE_AUTHTOK flag set.
343
344 - BUGFIX: Failure of a "sufficient" module should not terminate the
345   passwd chain if the PAM_PRELIM_CHECK flag is set.
346
347 - BUGFIX: Clear PAM_AUTHTOK after running the service modules.
348
349 - ENHANCE: Prevent applications from specifying the PAM_PRELIM_CHECK
350   or PAM_UPDATE_AUTHTOK flags themselves.
351
352 - BUGFIX: openpam_set_option() did not support changing the value of
353   an existing option.
354
355 - ENHANCE: Add support for module versioning.  OpenPAM will prefer a
356   module with the same version number as the library itself to one
357   with no version number at all.
358============================================================================
359OpenPAM Cantaloupe						2002-02-22
360
361 - BUGFIX: The proper use of PAM_SYMBOL_ERR is to indicate an invalid
362   argument to pam_[gs]et_item(3), not to indicate dlsym(3) failures.
363
364 - ENHANCE: Add in-line documentation in most source files, and a Perl
365   script that generates mdoc code from that.
366
367 - BUGFIX: The environment list was not properly NULL-terminated.
368
369 - ENHANCE: Allow the PAM_AUTHTOK_PROMPT item to override the prompt
370   specified by the module.
371
372 - BUGFIX: PAM_NUM_ITEMS was set too low.  It has been moved to
373   pam_constants.h to avoid it going stale again.
374
375 - ENHANCE: Move all code related to static modules into a separate
376   file.
377
378 - ENHANCE: openpam_ttyconv() now masks most signals while prompting the
379   user, and supports setting a timeout (which defaults to off).
380
381 - BUGFIX: Some manual pages referenced XSSO even though they
382   documented OpenPAM-specific functions.
383
384 - ENHANCE: Added openpam_get_option() and openpam_set_option().
385
386 - ENHANCE: openpam_get_authtok() now respects the echo_pass,
387   try_first_pass, and use_first_pass options.
388============================================================================
389OpenPAM Caliopsis						2002-02-13
390
391Fixed a number of bugs in the previous release, including:
392  - a number of bugs in and related to pam_[gs]et_item(3)
393  - off-by-one bug in pam_start.c would trim last character off certain
394    configuration lines
395  - incorrect ordering of an array in openpam_load.c would cause service
396    module functions to get mixed up
397  - missing 'continue' in openpam_dispatch.c caused successes to be
398    counted as failures
399============================================================================
400OpenPAM Calamite						2002-02-09
401
402First (beta) release.
403============================================================================
404$Id: HISTORY 609 2012-05-26 13:57:45Z des $
405