1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
|
============================================================================
OpenPAM Cinnamon 2002-05-02
- ENHANCE: Add a null conversation function, openpam_nullconv().
- BUGFIX: Various markup bugs in the documentation.
- BUGFIX: Document <security/openpam.h>.
- BUGFIX: Duplicate expansion of openpam_log() macro arguments.
- ENHANCE: Restructure the policy-loading code and align our use of
the "other" policy with Solaris and Linux-PAM.
- ENHANCE: Log dlopen() and dlsym() failures.
- ENHANCE: In openpam_ttyconv(), emit a newline after error and info
messages unless the message contains one already.
- BUGFIX: In pam_vprompt(), initialize the response pointer to NULL
so we can detect whether the conversation function touched it.
============================================================================
OpenPAM Cineraria 2002-04-14
- BUGFIX: Fix confusion between token and prompt in
pam_get_authtok(3).
- ENHANCE: Improved documentation.
- ENHANCE: Adopt the same preprocessor tricks that were used in
FreeBSD's version of Linux-PAM to simplify static linking without
requiring dummy primitives.
- ENHANCE: Move the policy-loading code out of pam_start.c.
- BUGFIX: Fix typo in one of the versions of the openpam_log macro.
- ENHANCE: Add versioning macros.
============================================================================
OpenPAM Cinchona 2002-04-08
- ENHANCE: Improved documentation for several API functions.
- BUGFIX: Fix bug in pam_set_data() that would result in corruption
of the module data list.
- BUGFIX: Allocate the correct amount of memory for the environment
list in pam_putenv().
- ENHANCE: Change pam_get_authtok()'s prototype so the caller can
specify what token it wants. Also introduce PAM_OLDAUTHTOK_PROMPT.
- BUGFIX: Plug memory leak in pam_get_user() / pam_get_authtok(), and
reduce differences between these very similar functions.
- ENHANCE: Check flags carefully in pam_authenticate() and
pam_chauthtok().
- BUGFIX: Fix bugs in portability code; libpam now builds on NetBSD.
- ENHANCE: In pam_get_authtok(), if PAM_OLDAUTHTOK is set, we're
asked for PAM_AUTHTOK, and we have to prompt the user, prompt her
twice and compare the responses.
- ENHANCE: Add openpam_{borrow,restore}_cred(), for temporarily
switching to user credentials.
- ENHANCE: Add openpam_free_data(), a generic cleanup function for
pam_set_data() consumers.
============================================================================
OpenPAM Centaury 2002-03-14
- BUGFIX: Add missing #include <string.h> to openpam_log.c.
- BUGFIX: s/PAM_REINITIALISE_CRED/PAM_REINITIALIZE_CRED/. XSSO uses
the former, but Solaris and Linux-PAM use the latter.
- BUGFIX: The dynamic loader and the module cache contained a number
of bugs which would cause a segmentation fault if pam_start(3) was
called again after pam_end(3), as happens in login(1), xdm(1) etc.
after a failed login.
- BUGFIX: Refer to a module by the name used in the policy file, even
if the module that was actually loaded was versioned.
- ENHANCE: Suppress debugging logs, unless compiled with -DDEBUG.
============================================================================
OpenPAM Celandine 2002-03-05
- BUGFIX: PAM_TRY_AGAIN is a valid return value for pam_chauthtok().
- BUGFIX: Run passwd chain twice, first with the PAM_PRELIM_CHECK
flag set, then with the PAM_UPDATE_AUTHTOK flag set.
- BUGFIX: Failure of a "sufficient" module should not terminate the
passwd chain if the PAM_PRELIM_CHECK flag is set.
- BUGFIX: Clear PAM_AUTHTOK after running the service modules.
- ENHANCE: Prevent applications from specifying the PAM_PRELIM_CHECK
or PAM_UPDATE_AUTHTOK flags themselves.
- BUGFIX: openpam_set_option() did not support changing the value of
an existing option.
- ENHANCE: Add support for module versioning. OpenPAM will prefer a
module with the same version number as the library itself to one
with no version number at all.
============================================================================
OpenPAM Cantaloupe 2002-02-22
- BUGFIX: The proper use of PAM_SYMBOL_ERR is to indicate an invalid
argument to pam_[gs]et_item(3), not to indicate dlsym(3) failures.
- ENHANCE: Add in-line documentation in most source files, and a Perl
script that generates mdoc code from that.
- BUGFIX: The environment list was not properly NULL-terminated.
- ENHANCE: Allow the PAM_AUTHTOK_PROMPT item to override the prompt
specified by the module.
- BUGFIX: PAM_NUM_ITEMS was set too low. It has been moved to
pam_constants.h to avoid it going stale again.
- ENHANCE: Move all code related to static modules into a separate
file.
- ENHANCE: openpam_ttyconv() now masks most signals while prompting the
user, and supports setting a timeout (which defaults to off).
- BUGFIX: Some manual pages referenced XSSO even though they
documented OpenPAM-specific functions.
- ENHANCE: Added openpam_get_option() and openpam_set_option().
- ENHANCE: openpam_get_authtok() now respects the echo_pass,
try_first_pass, and use_first_pass options.
============================================================================
OpenPAM Caliopsis 2002-02-13
Fixed a number of bugs in the previous release, including:
- a number of bugs in and related to pam_[gs]et_item(3)
- off-by-one bug in pam_start.c would trim last character off certain
configuration lines
- incorrect ordering of an array in openpam_load.c would cause service
module functions to get mixed up
- missing 'continue' in openpam_dispatch.c caused successes to be
counted as failures
============================================================================
OpenPAM Calamite 2002-02-09
First (beta) release.
============================================================================
$P4: //depot/projects/openpam/HISTORY#11 $
|