summaryrefslogtreecommitdiffstats
path: root/contrib/openpam/HISTORY
blob: 2b1f44f07d3c3894028e00664d5a1689c454b259 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
============================================================================
OpenPAM Cinnamon						2002-05-02

 - ENHANCE: Add a null conversation function, openpam_nullconv().

 - BUGFIX: Various markup bugs in the documentation.

 - BUGFIX: Document <security/openpam.h>.

 - BUGFIX: Duplicate expansion of openpam_log() macro arguments.

 - ENHANCE: Restructure the policy-loading code and align our use of
   the "other" policy with Solaris and Linux-PAM.

 - ENHANCE: Log dlopen() and dlsym() failures.

 - ENHANCE: In openpam_ttyconv(), emit a newline after error and info
   messages unless the message contains one already.

 - BUGFIX: In pam_vprompt(), initialize the response pointer to NULL
   so we can detect whether the conversation function touched it.
============================================================================
OpenPAM Cineraria						2002-04-14

 - BUGFIX: Fix confusion between token and prompt in
   pam_get_authtok(3).

 - ENHANCE: Improved documentation.

 - ENHANCE: Adopt the same preprocessor tricks that were used in
   FreeBSD's version of Linux-PAM to simplify static linking without
   requiring dummy primitives.

 - ENHANCE: Move the policy-loading code out of pam_start.c.

 - BUGFIX: Fix typo in one of the versions of the openpam_log macro.

 - ENHANCE: Add versioning macros.
============================================================================
OpenPAM Cinchona						2002-04-08

 - ENHANCE: Improved documentation for several API functions.

 - BUGFIX: Fix bug in pam_set_data() that would result in corruption
   of the module data list.

 - BUGFIX: Allocate the correct amount of memory for the environment
   list in pam_putenv().

 - ENHANCE: Change pam_get_authtok()'s prototype so the caller can
   specify what token it wants.  Also introduce PAM_OLDAUTHTOK_PROMPT.

 - BUGFIX: Plug memory leak in pam_get_user() / pam_get_authtok(), and
   reduce differences between these very similar functions.

 - ENHANCE: Check flags carefully in pam_authenticate() and
   pam_chauthtok().

 - BUGFIX: Fix bugs in portability code; libpam now builds on NetBSD.

 - ENHANCE: In pam_get_authtok(), if PAM_OLDAUTHTOK is set, we're
   asked for PAM_AUTHTOK, and we have to prompt the user, prompt her
   twice and compare the responses.

 - ENHANCE: Add openpam_{borrow,restore}_cred(), for temporarily
   switching to user credentials.

 - ENHANCE: Add openpam_free_data(), a generic cleanup function for
   pam_set_data() consumers.
============================================================================
OpenPAM	Centaury						2002-03-14

 - BUGFIX: Add missing #include <string.h> to openpam_log.c.

 - BUGFIX: s/PAM_REINITIALISE_CRED/PAM_REINITIALIZE_CRED/.  XSSO uses
   the former, but Solaris and Linux-PAM use the latter.

 - BUGFIX: The dynamic loader and the module cache contained a number
   of bugs which would cause a segmentation fault if pam_start(3) was
   called again after pam_end(3), as happens in login(1), xdm(1) etc.
   after a failed login.

 - BUGFIX: Refer to a module by the name used in the policy file, even
   if the module that was actually loaded was versioned.

 - ENHANCE: Suppress debugging logs, unless compiled with -DDEBUG.
============================================================================
OpenPAM Celandine						2002-03-05

 - BUGFIX: PAM_TRY_AGAIN is a valid return value for pam_chauthtok().

 - BUGFIX: Run passwd chain twice, first with the PAM_PRELIM_CHECK
   flag set, then with the PAM_UPDATE_AUTHTOK flag set.

 - BUGFIX: Failure of a "sufficient" module should not terminate the
   passwd chain if the PAM_PRELIM_CHECK flag is set.

 - BUGFIX: Clear PAM_AUTHTOK after running the service modules.

 - ENHANCE: Prevent applications from specifying the PAM_PRELIM_CHECK
   or PAM_UPDATE_AUTHTOK flags themselves.

 - BUGFIX: openpam_set_option() did not support changing the value of
   an existing option.

 - ENHANCE: Add support for module versioning.  OpenPAM will prefer a
   module with the same version number as the library itself to one
   with no version number at all.
============================================================================
OpenPAM	Cantaloupe						2002-02-22

 - BUGFIX: The proper use of PAM_SYMBOL_ERR is to indicate an invalid
   argument to pam_[gs]et_item(3), not to indicate dlsym(3) failures.

 - ENHANCE: Add in-line documentation in most source files, and a Perl
   script that generates mdoc code from that.

 - BUGFIX: The environment list was not properly NULL-terminated.

 - ENHANCE: Allow the PAM_AUTHTOK_PROMPT item to override the prompt
   specified by the module.

 - BUGFIX: PAM_NUM_ITEMS was set too low.  It has been moved to
   pam_constants.h to avoid it going stale again.

 - ENHANCE: Move all code related to static modules into a separate
   file.

 - ENHANCE: openpam_ttyconv() now masks most signals while prompting the
   user, and supports setting a timeout (which defaults to off).

 - BUGFIX: Some manual pages referenced XSSO even though they
   documented OpenPAM-specific functions.

 - ENHANCE: Added openpam_get_option() and openpam_set_option().

 - ENHANCE: openpam_get_authtok() now respects the echo_pass,
   try_first_pass, and use_first_pass options.
============================================================================
OpenPAM	Caliopsis						2002-02-13

Fixed a number of bugs in the previous release, including:
  - a number of bugs in and related to pam_[gs]et_item(3)
  - off-by-one bug in pam_start.c would trim last character off certain
    configuration lines
  - incorrect ordering of an array in openpam_load.c would cause service
    module functions to get mixed up
  - missing 'continue' in openpam_dispatch.c caused successes to be
    counted as failures
============================================================================
OpenPAM	Calamite						2002-02-09

First (beta) release.
============================================================================
$P4: //depot/projects/openpam/HISTORY#11 $
OpenPOWER on IntegriCloud