============================================================================ OpenPAM Cinquefoil 2002-05-24 - BUGFIX: Various warnings uncovered by gcc 3.1. - ENHANCE: Add a null conversation function, openpam_nullconv(3). - BUGFIX: Initialize the "other" chain to all zeroes. - ENHANCE: Document openpam_ttyconv(3). ============================================================================ OpenPAM Cinnamon 2002-05-02 - ENHANCE: Add a null conversation function, openpam_nullconv(). - BUGFIX: Various markup bugs in the documentation. - BUGFIX: Document . - BUGFIX: Duplicate expansion of openpam_log() macro arguments. - ENHANCE: Restructure the policy-loading code and align our use of the "other" policy with Solaris and Linux-PAM. - ENHANCE: Log dlopen() and dlsym() failures. - ENHANCE: In openpam_ttyconv(), emit a newline after error and info messages unless the message contains one already. - BUGFIX: In pam_vprompt(), initialize the response pointer to NULL so we can detect whether the conversation function touched it. ============================================================================ OpenPAM Cineraria 2002-04-14 - BUGFIX: Fix confusion between token and prompt in pam_get_authtok(3). - ENHANCE: Improved documentation. - ENHANCE: Adopt the same preprocessor tricks that were used in FreeBSD's version of Linux-PAM to simplify static linking without requiring dummy primitives. - ENHANCE: Move the policy-loading code out of pam_start.c. - BUGFIX: Fix typo in one of the versions of the openpam_log macro. - ENHANCE: Add versioning macros. ============================================================================ OpenPAM Cinchona 2002-04-08 - ENHANCE: Improved documentation for several API functions. - BUGFIX: Fix bug in pam_set_data() that would result in corruption of the module data list. - BUGFIX: Allocate the correct amount of memory for the environment list in pam_putenv(). - ENHANCE: Change pam_get_authtok()'s prototype so the caller can specify what token it wants. Also introduce PAM_OLDAUTHTOK_PROMPT. - BUGFIX: Plug memory leak in pam_get_user() / pam_get_authtok(), and reduce differences between these very similar functions. - ENHANCE: Check flags carefully in pam_authenticate() and pam_chauthtok(). - BUGFIX: Fix bugs in portability code; libpam now builds on NetBSD. - ENHANCE: In pam_get_authtok(), if PAM_OLDAUTHTOK is set, we're asked for PAM_AUTHTOK, and we have to prompt the user, prompt her twice and compare the responses. - ENHANCE: Add openpam_{borrow,restore}_cred(), for temporarily switching to user credentials. - ENHANCE: Add openpam_free_data(), a generic cleanup function for pam_set_data() consumers. ============================================================================ OpenPAM Centaury 2002-03-14 - BUGFIX: Add missing #include to openpam_log.c. - BUGFIX: s/PAM_REINITIALISE_CRED/PAM_REINITIALIZE_CRED/. XSSO uses the former, but Solaris and Linux-PAM use the latter. - BUGFIX: The dynamic loader and the module cache contained a number of bugs which would cause a segmentation fault if pam_start(3) was called again after pam_end(3), as happens in login(1), xdm(1) etc. after a failed login. - BUGFIX: Refer to a module by the name used in the policy file, even if the module that was actually loaded was versioned. - ENHANCE: Suppress debugging logs, unless compiled with -DDEBUG. ============================================================================ OpenPAM Celandine 2002-03-05 - BUGFIX: PAM_TRY_AGAIN is a valid return value for pam_chauthtok(). - BUGFIX: Run passwd chain twice, first with the PAM_PRELIM_CHECK flag set, then with the PAM_UPDATE_AUTHTOK flag set. - BUGFIX: Failure of a "sufficient" module should not terminate the passwd chain if the PAM_PRELIM_CHECK flag is set. - BUGFIX: Clear PAM_AUTHTOK after running the service modules. - ENHANCE: Prevent applications from specifying the PAM_PRELIM_CHECK or PAM_UPDATE_AUTHTOK flags themselves. - BUGFIX: openpam_set_option() did not support changing the value of an existing option. - ENHANCE: Add support for module versioning. OpenPAM will prefer a module with the same version number as the library itself to one with no version number at all. ============================================================================ OpenPAM Cantaloupe 2002-02-22 - BUGFIX: The proper use of PAM_SYMBOL_ERR is to indicate an invalid argument to pam_[gs]et_item(3), not to indicate dlsym(3) failures. - ENHANCE: Add in-line documentation in most source files, and a Perl script that generates mdoc code from that. - BUGFIX: The environment list was not properly NULL-terminated. - ENHANCE: Allow the PAM_AUTHTOK_PROMPT item to override the prompt specified by the module. - BUGFIX: PAM_NUM_ITEMS was set too low. It has been moved to pam_constants.h to avoid it going stale again. - ENHANCE: Move all code related to static modules into a separate file. - ENHANCE: openpam_ttyconv() now masks most signals while prompting the user, and supports setting a timeout (which defaults to off). - BUGFIX: Some manual pages referenced XSSO even though they documented OpenPAM-specific functions. - ENHANCE: Added openpam_get_option() and openpam_set_option(). - ENHANCE: openpam_get_authtok() now respects the echo_pass, try_first_pass, and use_first_pass options. ============================================================================ OpenPAM Caliopsis 2002-02-13 Fixed a number of bugs in the previous release, including: - a number of bugs in and related to pam_[gs]et_item(3) - off-by-one bug in pam_start.c would trim last character off certain configuration lines - incorrect ordering of an array in openpam_load.c would cause service module functions to get mixed up - missing 'continue' in openpam_dispatch.c caused successes to be counted as failures ============================================================================ OpenPAM Calamite 2002-02-09 First (beta) release. ============================================================================ $P4: //depot/projects/openpam/HISTORY#12 $