freebsd-skq/contrib/openpam/HISTORY
2002-05-02 04:40:21 +00:00

156 lines
5.9 KiB
Plaintext

============================================================================
OpenPAM Cinnamon 2002-05-02
- ENHANCE: Add a null conversation function, openpam_nullconv().
- BUGFIX: Various markup bugs in the documentation.
- BUGFIX: Document <security/openpam.h>.
- BUGFIX: Duplicate expansion of openpam_log() macro arguments.
- ENHANCE: Restructure the policy-loading code and align our use of
the "other" policy with Solaris and Linux-PAM.
- ENHANCE: Log dlopen() and dlsym() failures.
- ENHANCE: In openpam_ttyconv(), emit a newline after error and info
messages unless the message contains one already.
- BUGFIX: In pam_vprompt(), initialize the response pointer to NULL
so we can detect whether the conversation function touched it.
============================================================================
OpenPAM Cineraria 2002-04-14
- BUGFIX: Fix confusion between token and prompt in
pam_get_authtok(3).
- ENHANCE: Improved documentation.
- ENHANCE: Adopt the same preprocessor tricks that were used in
FreeBSD's version of Linux-PAM to simplify static linking without
requiring dummy primitives.
- ENHANCE: Move the policy-loading code out of pam_start.c.
- BUGFIX: Fix typo in one of the versions of the openpam_log macro.
- ENHANCE: Add versioning macros.
============================================================================
OpenPAM Cinchona 2002-04-08
- ENHANCE: Improved documentation for several API functions.
- BUGFIX: Fix bug in pam_set_data() that would result in corruption
of the module data list.
- BUGFIX: Allocate the correct amount of memory for the environment
list in pam_putenv().
- ENHANCE: Change pam_get_authtok()'s prototype so the caller can
specify what token it wants. Also introduce PAM_OLDAUTHTOK_PROMPT.
- BUGFIX: Plug memory leak in pam_get_user() / pam_get_authtok(), and
reduce differences between these very similar functions.
- ENHANCE: Check flags carefully in pam_authenticate() and
pam_chauthtok().
- BUGFIX: Fix bugs in portability code; libpam now builds on NetBSD.
- ENHANCE: In pam_get_authtok(), if PAM_OLDAUTHTOK is set, we're
asked for PAM_AUTHTOK, and we have to prompt the user, prompt her
twice and compare the responses.
- ENHANCE: Add openpam_{borrow,restore}_cred(), for temporarily
switching to user credentials.
- ENHANCE: Add openpam_free_data(), a generic cleanup function for
pam_set_data() consumers.
============================================================================
OpenPAM Centaury 2002-03-14
- BUGFIX: Add missing #include <string.h> to openpam_log.c.
- BUGFIX: s/PAM_REINITIALISE_CRED/PAM_REINITIALIZE_CRED/. XSSO uses
the former, but Solaris and Linux-PAM use the latter.
- BUGFIX: The dynamic loader and the module cache contained a number
of bugs which would cause a segmentation fault if pam_start(3) was
called again after pam_end(3), as happens in login(1), xdm(1) etc.
after a failed login.
- BUGFIX: Refer to a module by the name used in the policy file, even
if the module that was actually loaded was versioned.
- ENHANCE: Suppress debugging logs, unless compiled with -DDEBUG.
============================================================================
OpenPAM Celandine 2002-03-05
- BUGFIX: PAM_TRY_AGAIN is a valid return value for pam_chauthtok().
- BUGFIX: Run passwd chain twice, first with the PAM_PRELIM_CHECK
flag set, then with the PAM_UPDATE_AUTHTOK flag set.
- BUGFIX: Failure of a "sufficient" module should not terminate the
passwd chain if the PAM_PRELIM_CHECK flag is set.
- BUGFIX: Clear PAM_AUTHTOK after running the service modules.
- ENHANCE: Prevent applications from specifying the PAM_PRELIM_CHECK
or PAM_UPDATE_AUTHTOK flags themselves.
- BUGFIX: openpam_set_option() did not support changing the value of
an existing option.
- ENHANCE: Add support for module versioning. OpenPAM will prefer a
module with the same version number as the library itself to one
with no version number at all.
============================================================================
OpenPAM Cantaloupe 2002-02-22
- BUGFIX: The proper use of PAM_SYMBOL_ERR is to indicate an invalid
argument to pam_[gs]et_item(3), not to indicate dlsym(3) failures.
- ENHANCE: Add in-line documentation in most source files, and a Perl
script that generates mdoc code from that.
- BUGFIX: The environment list was not properly NULL-terminated.
- ENHANCE: Allow the PAM_AUTHTOK_PROMPT item to override the prompt
specified by the module.
- BUGFIX: PAM_NUM_ITEMS was set too low. It has been moved to
pam_constants.h to avoid it going stale again.
- ENHANCE: Move all code related to static modules into a separate
file.
- ENHANCE: openpam_ttyconv() now masks most signals while prompting the
user, and supports setting a timeout (which defaults to off).
- BUGFIX: Some manual pages referenced XSSO even though they
documented OpenPAM-specific functions.
- ENHANCE: Added openpam_get_option() and openpam_set_option().
- ENHANCE: openpam_get_authtok() now respects the echo_pass,
try_first_pass, and use_first_pass options.
============================================================================
OpenPAM Caliopsis 2002-02-13
Fixed a number of bugs in the previous release, including:
- a number of bugs in and related to pam_[gs]et_item(3)
- off-by-one bug in pam_start.c would trim last character off certain
configuration lines
- incorrect ordering of an array in openpam_load.c would cause service
module functions to get mixed up
- missing 'continue' in openpam_dispatch.c caused successes to be
counted as failures
============================================================================
OpenPAM Calamite 2002-02-09
First (beta) release.
============================================================================
$P4: //depot/projects/openpam/HISTORY#11 $