OpenPAM/HISTORY

============================================================================
OpenPAM Cineraria						2002-04-14

 - BUGFIX: Fix confusion between token and prompt in
   pam_get_authtok(3).

 - ENHANCE: Improved documentation.

 - ENHANCE: Adopt the same preprocessor tricks that were used in
   FreeBSD's version of Linux-PAM to simplify static linking without
   requiring dummy primitives.

 - ENHANCE: move the policy-loading code out of pam_start.c.

 - BUGFIX: Fix typo in one of the versions of the openpam_log macro.

 - ENHANCE: Add versioning macros.
============================================================================
OpenPAM Cinchona						2002-04-08

 - ENHANCE: Improved documentation for several API functions.

 - BUGFIX: Fix bug in pam_set_data() that would result in corruption
   of the module data list.

 - BUGFIX: Allocate the correct amount of memory for the environment
   list in pam_putenv().

 - ENHANCE: Change pam_get_authtok()'s prototype so the caller can
   specify what token it wants.  Also introduce PAM_OLDAUTHTOK_PROMPT.

 - BUGFIX: Plug memory leak in pam_get_user() / pam_get_authtok(), and
   reduce differences between these very similar functions.

 - ENHANCE: Check flags carefully in pam_authenticate() and
   pam_chauthtok().

 - BUGFIX: Fix bugs in portability code; libpam now builds on NetBSD.

 - ENHANCE: In pam_get_authtok(), if PAM_OLDAUTHTOK is set, we're
   asked for PAM_AUTHTOK, and we have to prompt the user, prompt her
   twice and compare the responses.

 - ENHANCE: Add openpam_{borrow,restore}_cred(), for temporarily
   switching to user credentials.

 - ENHANCE: Add openpam_free_data(), a generic cleanup function for
   pam_set_data() consumers.
============================================================================
OpenPAM	Centaury						2002-03-14

 - BUGFIX: Add missing #include <string.h> to openpam_log.c.

 - BUGFIX: s/PAM_REINITIALISE_CRED/PAM_REINITIALIZE_CRED/.  XSSO uses
   the former, but Solaris and Linux-PAM use the latter.

 - BUGFIX: The dynamic loader and the module cache contained a number
   of bugs which would cause a segmentation fault if pam_start(3) was
   called again after pam_end(3), as happens in login(1), xdm(1) etc.
   after a failed login.

 - BUGFIX: Refer to a module by the name used in the policy file, even
   if the module that was actually loaded was versioned.

 - ENHANCE: Suppress debugging logs, unless compiled with -DDEBUG.
============================================================================
OpenPAM Celandine						2002-03-05

 - BUGFIX: PAM_TRY_AGAIN is a valid return value for pam_chauthtok().

 - BUGFIX: Run passwd chain twice, first with the PAM_PRELIM_CHECK
   flag set, then with the PAM_UPDATE_AUTHTOK flag set.

 - BUGFIX: Failure of a "sufficient" module should not terminate the
   passwd chain if the PAM_PRELIM_CHECK flag is set.

 - BUGFIX: Clear PAM_AUTHTOK after running the service modules.

 - ENHANCE: Prevent applications from specifying the PAM_PRELIM_CHECK
   or PAM_UPDATE_AUTHTOK flags themselves.

 - BUGFIX: openpam_set_option() did not support changing the value of
   an existing option.

 - ENHANCE: Add support for module versioning.  OpenPAM will prefer a
   module with the same version number as the library itself to one
   with no version number at all.
============================================================================
OpenPAM	Cantaloupe						2002-02-22

 - BUGFIX: The proper use of PAM_SYMBOL_ERR is to indicate an invalid
   argument to pam_[gs]et_item(3), not to indicate dlsym(3) failures.

 - ENHANCE: Add in-line documentation in most source files, and a Perl
   script that generates mdoc code from that.

 - BUGFIX: The environment list was not properly NULL-terminated.

 - ENHANCE: Allow the PAM_AUTHTOK_PROMPT item to override the prompt
   specified by the module.

 - BUGFIX: PAM_NUM_ITEMS was set too low.  It has been moved to
   pam_constants.h to avoid it going stale again.

 - ENHANCE: Move all code related to static modules into a separate
   file.

 - ENHANCE: openpam_ttyconv() now masks most signals while prompting the
   user, and supports setting a timeout (which defaults to off).

 - BUGFIX: Some manual pages referenced XSSO even though they
   documented OpenPAM-specific functions.

 - ENHANCE: Added openpam_get_option() and openpam_set_option().

 - ENHANCE: openpam_get_authtok() now respects the echo_pass,
   try_first_pass, and use_first_pass options.
============================================================================
OpenPAM	Caliopsis						2002-02-13

Fixed a number of bugs in the previous release, including:
  - a number of bugs in and related to pam_[gs]et_item(3)
  - off-by-one bug in pam_start.c would trim last character off certain
    configuration lines
  - incorrect ordering of an array in openpam_load.c would cause service
    module functions to get mixed up
  - missing 'continue' in openpam_dispatch.c caused successes to be
    counted as failures
============================================================================
OpenPAM	Calamite						2002-02-09

First (beta) release.
============================================================================
$P4: //depot/projects/openpam/HISTORY#10 $