1 OpenPAM Hydrangea 2007-12-21
3 - ENHANCE: when compiling with GCC, mark up API functions with GCC
4 attributes where appropriate.
6 - BUGFIX: fixed numerous warnings uncovered by GCC 4.
8 - ENHANCE: building the documentation is now optional.
10 - ENHANCE: corrected a number of mistakes and style issues in the
13 - ENHANCE: API function arguments are now const where appropriate, to
14 match corresponding changes in the Solaris PAM and Linux-PAM APIs.
16 - ENHANCE: corrected a number of C namespace violations.
18 - ENHANCE: the module cache has been removed, allowing long-lived
19 applications to pick up module changes. This also allows multiple
20 threads to use PAM simultaneously (as long as they use separate PAM
21 contexts), since the module cache was the only part of OpenPAM that
23 ============================================================================
24 OpenPAM Figwort 2005-06-16
26 - BUGFIX: Correct several small signedness and initialization bugs
27 discovered during review by the NetBSD team.
29 - BUGFIX: Modify gendoc.pl to sort cross-references in dictionary
30 order within each section.
32 - ENHANCE: if a policy specifies a relative module path, prepend the
33 module directory so we never call dlopen(3) with a relative path.
35 - ENHANCE: add a pam.conf(5) manual page.
36 ============================================================================
37 OpenPAM Feterita 2005-02-01
39 - BUGFIX: Correct numerous markup errors, invalid cross-references,
40 and other issues in the manual pages, with kind assistance from
41 Ruslan Ermilov <ru@freebsd.org>.
43 - BUGFIX: Avoid multiple evaluation of macro arguments in ENTERX()
46 - BUGFIX: Remove an unnecessary and non-portable pointer cast in
49 - BUGFIX: Fix identical typos in PAM_ACCT_EXPIRED case in
50 pam_strerror(3) and gendoc.pl.
52 - ENHANCE: Minor overhaul of the autoconf / build system.
54 - ENHANCE: Add openpam_free_envlist(3).
55 ============================================================================
56 OpenPAM Eelgrass 2004-02-10
58 - BUGFIX: Correct array handling bugs in conversation code.
60 - BUGFIX: In openpam_ttyconv(3), don't strip trailing linear
61 whitespace from the user's response.
63 - BUGFIX: Many constness issues addressed.
64 ============================================================================
65 OpenPAM Dogwood 2003-07-15
67 - ENHANCE: Use the GNU autotools.
69 - ENHANCE: Constify the msg field in struct pam_message.
71 - BUGFIX: Remove left-over debugging output
73 - BUGFIX: Avoid side effects in arguments to the FREE() macro
75 - ENHANCE: Make openpam_ttyconv(3) use read(2) rather than fgets(3).
77 - BUGFIX: Staticize some variables which shouldn't be global.
79 - BUGFIX: Correcly anticipate a NULL user in pam_get_user(3).
81 - ENHANCE: Various minor documentation improvements.
83 Thanks to Dmitry V. Levin <ldv@altlinux.org> for considerable
84 assistance with this release.
85 ============================================================================
86 OpenPAM Digitalis 2003-06-01
88 - ENHANCE: Completely rewrite the configuration parser and add
89 support for the "include" control flag.
91 - ENHANCE: Improve portability to NetBSD, OpenBSD and Linux.
93 - ENHANCE: Lots of additional paranoia.
95 - BUGFIX: The sample su(1) application dropped privileges before
96 forking instead of after.
98 - ENHANCE: Document openpam_log(3).
100 - ENHANCE: Other minor documentation fixes.
102 Thanks to Dmitry V. Levin <ldv@altlinux.org> for considerable
103 assistance with this release.
104 ============================================================================
105 OpenPAM Dianthus 2003-05-02
107 - BUGFIX: Initialize some potentially uninitialized variables.
109 - BUGFIX: Silence some warnings emitted by gcc -std=iso9899:1999.
111 - BUGFIX: In pam_getenv(), return a pointer to the stored variable
112 instead of a freshly allocated copy.
114 - ENHANCE: Detect recursion in openpam_borrow_cred()
116 - ENHANCE: Make borrowing one's own credentials a no-op.
118 - ENHANCE: Further improve debugging support.
120 - ENHANCE: Clean up some variable names.
121 ============================================================================
122 OpenPAM Daffodil 2003-01-06
124 - ENHANCE: Document dependency on <sys/types.h> (for size_t)
126 - ENHANCE: Slightly improve error detection in openpam_ttyconv().
128 - BUGFIX: Fix several typos in debugging macros.
129 ============================================================================
130 OpenPAM Cyclamen 2002-12-12
132 - ENHANCE: Improve recursion detection in openpam_dispatch().
134 - ENHANCE: Add debugging messages at entry and exit points of most
137 - ENHANCE: Fix some minor style issues.
139 - BUGFIX: Add default cases to the switches in openpam_log.c.
141 - ENHANCE: Add /usr/local/etc/pam.conf to policy search path.
143 - BUGFIX: In openpam_ttyconv(3), print the prompt to stdout rather
145 ============================================================================
146 OpenPAM Citronella 2002-06-30
148 - ENHANCE: Add the "binding" control flag (from Solaris 9).
150 - ENHANCE: Define struct pam_repository and PAM_REPOSITORY (from
153 - ENHANCE: Flesh out the pam(3) man page.
155 - ENHANCE: Add an openpam(3) page with cross-references to all the
156 documented OpenPAM API extensions.
158 - ENHANCE: Add a pam_conv(3) man page describing the conversation
161 - ENHANCE: Improved sample application.
163 - ENHANCE: Added sample pam_unix module.
165 - BUGFIX: Various documentation nits.
166 ============================================================================
167 OpenPAM Cinquefoil 2002-05-24
169 - BUGFIX: Various warnings uncovered by gcc 3.1.
171 - ENHANCE: Add a null conversation function, openpam_nullconv(3).
173 - BUGFIX: Initialize the "other" chain to all zeroes.
175 - ENHANCE: Document openpam_ttyconv(3).
176 ============================================================================
177 OpenPAM Cinnamon 2002-05-02
179 - ENHANCE: Add a null conversation function, openpam_nullconv().
181 - BUGFIX: Various markup bugs in the documentation.
183 - BUGFIX: Document <security/openpam.h>.
185 - BUGFIX: Duplicate expansion of openpam_log() macro arguments.
187 - ENHANCE: Restructure the policy-loading code and align our use of
188 the "other" policy with Solaris and Linux-PAM.
190 - ENHANCE: Log dlopen() and dlsym() failures.
192 - ENHANCE: In openpam_ttyconv(), emit a newline after error and info
193 messages unless the message contains one already.
195 - BUGFIX: In pam_vprompt(), initialize the response pointer to NULL
196 so we can detect whether the conversation function touched it.
197 ============================================================================
198 OpenPAM Cineraria 2002-04-14
200 - BUGFIX: Fix confusion between token and prompt in
203 - ENHANCE: Improved documentation.
205 - ENHANCE: Adopt the same preprocessor tricks that were used in
206 FreeBSD's version of Linux-PAM to simplify static linking without
207 requiring dummy primitives.
209 - ENHANCE: Move the policy-loading code out of pam_start.c.
211 - BUGFIX: Fix typo in one of the versions of the openpam_log macro.
213 - ENHANCE: Add versioning macros.
214 ============================================================================
215 OpenPAM Cinchona 2002-04-08
217 - ENHANCE: Improved documentation for several API functions.
219 - BUGFIX: Fix bug in pam_set_data() that would result in corruption
220 of the module data list.
222 - BUGFIX: Allocate the correct amount of memory for the environment
223 list in pam_putenv().
225 - ENHANCE: Change pam_get_authtok()'s prototype so the caller can
226 specify what token it wants. Also introduce PAM_OLDAUTHTOK_PROMPT.
228 - BUGFIX: Plug memory leak in pam_get_user() / pam_get_authtok(), and
229 reduce differences between these very similar functions.
231 - ENHANCE: Check flags carefully in pam_authenticate() and
234 - BUGFIX: Fix bugs in portability code; libpam now builds on NetBSD.
236 - ENHANCE: In pam_get_authtok(), if PAM_OLDAUTHTOK is set, we're
237 asked for PAM_AUTHTOK, and we have to prompt the user, prompt her
238 twice and compare the responses.
240 - ENHANCE: Add openpam_{borrow,restore}_cred(), for temporarily
241 switching to user credentials.
243 - ENHANCE: Add openpam_free_data(), a generic cleanup function for
244 pam_set_data() consumers.
245 ============================================================================
246 OpenPAM Centaury 2002-03-14
248 - BUGFIX: Add missing #include <string.h> to openpam_log.c.
250 - BUGFIX: s/PAM_REINITIALISE_CRED/PAM_REINITIALIZE_CRED/. XSSO uses
251 the former, but Solaris and Linux-PAM use the latter.
253 - BUGFIX: The dynamic loader and the module cache contained a number
254 of bugs which would cause a segmentation fault if pam_start(3) was
255 called again after pam_end(3), as happens in login(1), xdm(1) etc.
256 after a failed login.
258 - BUGFIX: Refer to a module by the name used in the policy file, even
259 if the module that was actually loaded was versioned.
261 - ENHANCE: Suppress debugging logs, unless compiled with -DDEBUG.
262 ============================================================================
263 OpenPAM Celandine 2002-03-05
265 - BUGFIX: PAM_TRY_AGAIN is a valid return value for pam_chauthtok().
267 - BUGFIX: Run passwd chain twice, first with the PAM_PRELIM_CHECK
268 flag set, then with the PAM_UPDATE_AUTHTOK flag set.
270 - BUGFIX: Failure of a "sufficient" module should not terminate the
271 passwd chain if the PAM_PRELIM_CHECK flag is set.
273 - BUGFIX: Clear PAM_AUTHTOK after running the service modules.
275 - ENHANCE: Prevent applications from specifying the PAM_PRELIM_CHECK
276 or PAM_UPDATE_AUTHTOK flags themselves.
278 - BUGFIX: openpam_set_option() did not support changing the value of
281 - ENHANCE: Add support for module versioning. OpenPAM will prefer a
282 module with the same version number as the library itself to one
283 with no version number at all.
284 ============================================================================
285 OpenPAM Cantaloupe 2002-02-22
287 - BUGFIX: The proper use of PAM_SYMBOL_ERR is to indicate an invalid
288 argument to pam_[gs]et_item(3), not to indicate dlsym(3) failures.
290 - ENHANCE: Add in-line documentation in most source files, and a Perl
291 script that generates mdoc code from that.
293 - BUGFIX: The environment list was not properly NULL-terminated.
295 - ENHANCE: Allow the PAM_AUTHTOK_PROMPT item to override the prompt
296 specified by the module.
298 - BUGFIX: PAM_NUM_ITEMS was set too low. It has been moved to
299 pam_constants.h to avoid it going stale again.
301 - ENHANCE: Move all code related to static modules into a separate
304 - ENHANCE: openpam_ttyconv() now masks most signals while prompting the
305 user, and supports setting a timeout (which defaults to off).
307 - BUGFIX: Some manual pages referenced XSSO even though they
308 documented OpenPAM-specific functions.
310 - ENHANCE: Added openpam_get_option() and openpam_set_option().
312 - ENHANCE: openpam_get_authtok() now respects the echo_pass,
313 try_first_pass, and use_first_pass options.
314 ============================================================================
315 OpenPAM Caliopsis 2002-02-13
317 Fixed a number of bugs in the previous release, including:
318 - a number of bugs in and related to pam_[gs]et_item(3)
319 - off-by-one bug in pam_start.c would trim last character off certain
321 - incorrect ordering of an array in openpam_load.c would cause service
322 module functions to get mixed up
323 - missing 'continue' in openpam_dispatch.c caused successes to be
325 ============================================================================
326 OpenPAM Calamite 2002-02-09
328 First (beta) release.
329 ============================================================================
330 $Id: HISTORY 409 2007-12-21 11:38:50Z des $
projects / dragonfly.git / blob