OpenPAM Eelgrass						2004-02-10

 - BUGFIX: Correct array handling bugs in conversation code.

 - BUGFIX: In openpam_ttyconv(3), don't strip trailing linear
   whitespace from the user's response.

 - BUGFIX: Many constness issues addressed.
============================================================================
OpenPAM Dogwood							2003-07-15

 - ENHANCE: Use the GNU autotools.

 - ENHANCE: Constify the msg field in struct pam_message.

 - BUGFIX: Remove left-over debugging output

 - BUGFIX: Avoid side effects in arguments to the FREE() macro

 - ENHANCE: Make openpam_ttyconv(3) use read(2) rather than fgets(3).

 - BUGFIX: Staticize some variables which shouldn't be global.

 - BUGFIX: Correcly anticipate a NULL user in pam_get_user(3).

 - ENHANCE: Various minor documentation improvements.

Thanks to Dmitry V. Levin <ldv@altlinux.org> for considerable
assistance with this release.
============================================================================
OpenPAM Digitalis						2003-06-01

 - ENHANCE: Completely rewrite the configuration parser and add
   support for the "include" control flag.

 - ENHANCE: Improve portability to NetBSD, OpenBSD and Linux.

 - ENHANCE: Lots of additional paranoia.

 - BUGFIX: The sample su(1) application dropped privileges before
   forking instead of after.

 - ENHANCE: Document openpam_log(3).

 - ENHANCE: Other minor documentation fixes.

Thanks to Dmitry V. Levin <ldv@altlinux.org> for considerable
assistance with this release.
============================================================================
OpenPAM Dianthus						2003-05-02

 - BUGFIX: Initialize some potentially uninitialized variables.

 - BUGFIX: Silence some warnings emitted by gcc -std=iso9899:1999.

 - BUGFIX: In pam_getenv(), return a pointer to the stored variable
   instead of a freshly allocated copy.

 - ENHANCE: Detect recursion in openpam_borrow_cred()

 - ENHANCE: Make borrowing one's own credentials a no-op.

 - ENHANCE: Further improve debugging support.

 - ENHANCE: Clean up some variable names.
============================================================================
OpenPAM Daffodil						2003-01-06

 - ENHANCE: Document dependency on <sys/types.h> (for size_t)

 - ENHANCE: Slightly improve error detection in openpam_ttyconv().

 - BUGFIX: Fix several typos in debugging macros.
============================================================================
OpenPAM Cyclamen						2002-12-12

 - ENHANCE: Improve recursion detection in openpam_dispatch().

 - ENHANCE: Add debugging messages at entry and exit points of most
   functions.

 - ENHANCE: Fix some minor style issues.

 - BUGFIX: Add default cases to the switches in openpam_log.c.

 - ENHANCE: Add /usr/local/etc/pam.conf to policy search path.

 - BUGFIX: In openpam_ttyconv(3), print the prompt to stdout rather
   than stderr.
============================================================================
OpenPAM Citronella						2002-06-30

 - ENHANCE: Add the "binding" control flag (from Solaris 9).

 - ENHANCE: Define struct pam_repository and PAM_REPOSITORY (from
   Solaris 9).

 - ENHANCE: Flesh out the pam(3) man page.

 - ENHANCE: Add an openpam(3) page with cross-references to all the
   documented OpenPAM API extensions.

 - ENHANCE: Add a pam_conv(3) man page describing the conversation
   system.

 - ENHANCE: Improved sample application.

 - ENHANCE: Added sample pam_unix module.

 - BUGFIX: Various documentation nits.
============================================================================
OpenPAM Cinquefoil						2002-05-24

 - BUGFIX: Various warnings uncovered by gcc 3.1.

 - ENHANCE: Add a null conversation function, openpam_nullconv(3).

 - BUGFIX: Initialize the "other" chain to all zeroes.

 - ENHANCE: Document openpam_ttyconv(3).
============================================================================
OpenPAM Cinnamon						2002-05-02

 - ENHANCE: Add a null conversation function, openpam_nullconv().

 - BUGFIX: Various markup bugs in the documentation.

 - BUGFIX: Document <security/openpam.h>.

 - BUGFIX: Duplicate expansion of openpam_log() macro arguments.

 - ENHANCE: Restructure the policy-loading code and align our use of
   the "other" policy with Solaris and Linux-PAM.

 - ENHANCE: Log dlopen() and dlsym() failures.

 - ENHANCE: In openpam_ttyconv(), emit a newline after error and info
   messages unless the message contains one already.

 - BUGFIX: In pam_vprompt(), initialize the response pointer to NULL
   so we can detect whether the conversation function touched it.
============================================================================
OpenPAM Cineraria						2002-04-14

 - BUGFIX: Fix confusion between token and prompt in
   pam_get_authtok(3).

 - ENHANCE: Improved documentation.

 - ENHANCE: Adopt the same preprocessor tricks that were used in
   FreeBSD's version of Linux-PAM to simplify static linking without
   requiring dummy primitives.

 - ENHANCE: Move the policy-loading code out of pam_start.c.

 - BUGFIX: Fix typo in one of the versions of the openpam_log macro.

 - ENHANCE: Add versioning macros.
============================================================================
OpenPAM Cinchona						2002-04-08

 - ENHANCE: Improved documentation for several API functions.

 - BUGFIX: Fix bug in pam_set_data() that would result in corruption
   of the module data list.

 - BUGFIX: Allocate the correct amount of memory for the environment
   list in pam_putenv().

 - ENHANCE: Change pam_get_authtok()'s prototype so the caller can
   specify what token it wants.  Also introduce PAM_OLDAUTHTOK_PROMPT.

 - BUGFIX: Plug memory leak in pam_get_user() / pam_get_authtok(), and
   reduce differences between these very similar functions.

 - ENHANCE: Check flags carefully in pam_authenticate() and
   pam_chauthtok().

 - BUGFIX: Fix bugs in portability code; libpam now builds on NetBSD.

 - ENHANCE: In pam_get_authtok(), if PAM_OLDAUTHTOK is set, we're
   asked for PAM_AUTHTOK, and we have to prompt the user, prompt her
   twice and compare the responses.

 - ENHANCE: Add openpam_{borrow,restore}_cred(), for temporarily
   switching to user credentials.

 - ENHANCE: Add openpam_free_data(), a generic cleanup function for
   pam_set_data() consumers.
============================================================================
OpenPAM	Centaury						2002-03-14

 - BUGFIX: Add missing #include <string.h> to openpam_log.c.

 - BUGFIX: s/PAM_REINITIALISE_CRED/PAM_REINITIALIZE_CRED/.  XSSO uses
   the former, but Solaris and Linux-PAM use the latter.

 - BUGFIX: The dynamic loader and the module cache contained a number
   of bugs which would cause a segmentation fault if pam_start(3) was
   called again after pam_end(3), as happens in login(1), xdm(1) etc.
   after a failed login.

 - BUGFIX: Refer to a module by the name used in the policy file, even
   if the module that was actually loaded was versioned.

 - ENHANCE: Suppress debugging logs, unless compiled with -DDEBUG.
============================================================================
OpenPAM Celandine						2002-03-05

 - BUGFIX: PAM_TRY_AGAIN is a valid return value for pam_chauthtok().

 - BUGFIX: Run passwd chain twice, first with the PAM_PRELIM_CHECK
   flag set, then with the PAM_UPDATE_AUTHTOK flag set.

 - BUGFIX: Failure of a "sufficient" module should not terminate the
   passwd chain if the PAM_PRELIM_CHECK flag is set.

 - BUGFIX: Clear PAM_AUTHTOK after running the service modules.

 - ENHANCE: Prevent applications from specifying the PAM_PRELIM_CHECK
   or PAM_UPDATE_AUTHTOK flags themselves.

 - BUGFIX: openpam_set_option() did not support changing the value of
   an existing option.

 - ENHANCE: Add support for module versioning.  OpenPAM will prefer a
   module with the same version number as the library itself to one
   with no version number at all.
============================================================================
OpenPAM	Cantaloupe						2002-02-22

 - BUGFIX: The proper use of PAM_SYMBOL_ERR is to indicate an invalid
   argument to pam_[gs]et_item(3), not to indicate dlsym(3) failures.

 - ENHANCE: Add in-line documentation in most source files, and a Perl
   script that generates mdoc code from that.

 - BUGFIX: The environment list was not properly NULL-terminated.

 - ENHANCE: Allow the PAM_AUTHTOK_PROMPT item to override the prompt
   specified by the module.

 - BUGFIX: PAM_NUM_ITEMS was set too low.  It has been moved to
   pam_constants.h to avoid it going stale again.

 - ENHANCE: Move all code related to static modules into a separate
   file.

 - ENHANCE: openpam_ttyconv() now masks most signals while prompting the
   user, and supports setting a timeout (which defaults to off).

 - BUGFIX: Some manual pages referenced XSSO even though they
   documented OpenPAM-specific functions.

 - ENHANCE: Added openpam_get_option() and openpam_set_option().

 - ENHANCE: openpam_get_authtok() now respects the echo_pass,
   try_first_pass, and use_first_pass options.
============================================================================
OpenPAM	Caliopsis						2002-02-13

Fixed a number of bugs in the previous release, including:
  - a number of bugs in and related to pam_[gs]et_item(3)
  - off-by-one bug in pam_start.c would trim last character off certain
    configuration lines
  - incorrect ordering of an array in openpam_load.c would cause service
    module functions to get mixed up
  - missing 'continue' in openpam_dispatch.c caused successes to be
    counted as failures
============================================================================
OpenPAM	Calamite						2002-02-09

First (beta) release.
============================================================================
$P4: //depot/projects/openpam/HISTORY#22 $
