-
Notifications
You must be signed in to change notification settings - Fork 5
/
Copy pathChangeLog
224 lines (177 loc) · 8.12 KB
/
ChangeLog
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
13/04/17 - op 1.34
==================
* port to RHEL 7
* https://travis-ci.org/
16/04/16 - op 1.33
==================
* code auditing using flawfinder, cppcheck, cpplint.py and scan-build.
* Replaced strcpy/strcat by strlcpy/strlcat which are also provided if missing.
* Provided v/snprintf if missing.
* Replaced atoi by strtolong (util.c), atov still provided but unused.
* contrib dir added for various building and packaging architectures
(aix, hp-ux, linux, solaris). results goes to build and packages dirs.
* autoconf-archive macros added to m4 dir to enhance autotools configuration
such as compiler flags for hardening building.
* automake scripts moves to build-aux dir.
* Replaced v8 regexp by POSIX regex if possible.
08/12/05 - op 1.32
==================
* Added rpl_malloc/rpl_realloc so that systems with dodgy implementations
will link. This fixes compilation on HPUX, for example.
* If a 'help' parameter does not exist, use the actual command to be run for
the help.
* Added detection for openlog() returning void.
01/09/05 - op 1.31
==================
The biggest change is the move to the autotools.
Broken down changes.
* Trailing args are now expanded from the last numbered argument encountered.
eg. with {{{/bin/echo $1 $*}}}, the {{{$*}}} will expand to arguments 2 and on.
* Fixed usage of snprintf.
* Renamed fowner to fowners to be more consistent with the rest of the op commands.
* Fixed long standing bug where the incorrect user is reported in the logs.
* Added fperms and fowner constraints thanks to Pierre.
* Logging beautification.
* More automake/autoconf additions and cleanup.
* Cleaned up ChangeLog, README, AUTHORS and NEWS.
* Added man page.
* Merged autoconf branch into trunk.
* Fixed build errors on AIX reported by Pierre.
* {{{make clean}}} cleans up {{{lex.c}}}.
* Some configure fixes for crypt and pam fallback.
* Added --with-shadow.
* Added patch from Pierre that automatically reduces commands in the form "op
/bin/ksh" to "op ksh" if the target is a valid executable. Convenience only.
* Added a log prettification patch from Pierre. Also removed "=>" as it was
ugly. This may break log parsers.
* Added xauth support back in with {{{--enable-xauth=<xauth-binary>}}}.
27/05/05 - op 1.30
==================
Fixed use of DEFAULT section, closes #5. Quite a pain in the arse actually.
Environment variables can now be propagated into child environments even when
"environment" is specified. This will override any existing variables.
Now using vsnprintf rather than snprintf. Correspondingly, changed preprocessor
define which may mean build scripts need to be changed.
Added an INSTALL file documenting the usual installation instructions.
Default to using Flex, as Lex has internal constraints.
Added default op.pam which is now installed if /etc/pam.d exists.
Added patches by Pierre fixing strnprintf issues and a wildcard constraint bug.
Thanks Pierre.
08/04/05 - op 1.29
==================
Added -l argument which lists available commands.
Also added a {{{help="<help>"}}} option which defines the help string displayed
by -l.
Cleaned up the code a bit, adding some basic dynamic array functions instead of
replicating the code across multiple areas.
Closes #4
07/04/05 - op 1.27/1.28
==================
Added ''nolog'' option which suppresses informational logs. Useful for
automated jobs to prevent log spam.
Configuration files in /etc/op.d are now lexically sorted. This allows
variables in configuration files to be used deterministically. Commands
can also be overridden in this fashion.
07/04/05 - op 1.26
==================
op will now read all config files in /etc/op.d with a .conf extension. This is
a clean way of adding extra commands without having to manipulate op.conf.
op.conf does not have to be present at all. Useful for dropping in op config
with other packages or when adding config to systems in bulk. Thanks to Kyle
Hyland for this idea.
Also made error reporting a bit smarter when config files are missing or have
incorrect permissions.
06/07/04 - op 1.24
==================
The xauth directive can now be given a target user, into whose environment the
X authentication information is imported.
04/05/04 - op 1.23
==================
The xauth modifier now updates $XAUTHORITY in the child environment.
Fixed a bug when setting the GID explicitly.
03/05/04 - op 1.22
==================
Added xauth support. This allows the X authority for the current display to be
exported to the destination users X authority database. eg.
shell /bin/su -; users=athomas $TERM xauth password
To enable xauth support, the preprocessor macro XAUTH must be defined as
a string pointing to the FULL PATH to the xauth binary.
23/04/04 - op 1.21
==================
Added netgroup support. eg.
shell /bin/su -; netgroup=op-shell environment
This is very useful in conjunction with either LDAP or NIS based netgroups.
02/02/04 - op 1.20
==================
Fixed a fairly major bug whereby blocked signals were not restored to their
original state upon execv'ing the child process.
Changed version number scheme to match the original op versions, and bumped up
to 1.20. This is part of a collaborative effort between myself and Steve
Simmons, who is going to add Kerberos support to op in the near future. Welcome
Steve.
27/01/04 - op 1.1.10
====================
Applied some of the FreeBSD patches, thanks to Cyrille Lefevre (the previous
FreeBSD port maintainer) for pointing me to these.
Patched a potential buffer overflow, again, picked up by Cyrille.
Added lots of checks for allocation failures.
Added constraints to as many uses of strcpy/strcat as I could find.
Added constraint on number of simultaneous groups a user can be in.
24/01/04 - op 1.1.9
===================
Trapping signals (SIGINT, etc.) so that a failed authentication attempt can not
be broken out of.
06/11/03 - op 1.1.8
===================
Fixed a fairly substantial bug where command arguments with multiple variables
were not being expanded at all.
28/10/03 - op 1.1.7
===================
Logging now uses auth.level, and level is actually useful.
22/07/03 - op 1.1.6
===================
Added PAM support.
April 17th 2003 - op 1.1.5
==========================
Added extensive logging to op. All logging is sent to syslog as auth.notice.
April 16th 2003 - op 1.1.4
==========================
Added basic quoted argument passing to exec commands. This allows for complex
shell scripts:
inetd /bin/sh -c '
case $1 in
on) /usr/sbin/inetd -s ;;
off) /usr/bin/pkill inetd ;;
esac
';
users=ROOTUSERS
$1=on|off
April 10th 2003 - op 1.1.3
==========================
Added a max length arugment to GetField to help prevent buffer overflows.
Regular expressions always have ^ prepended and $ appended so that if you put
'a' in an rx field it will not match any string with an 'a'. Old behaviour can
be emulated with '.*a.*'.
Added expiration support to users (user[@host][/expiry]).
September 13th 2002 - op 1.1.2
==============================
Added user@host and group@host based access as well as variable expansion.
Changed SHADOW to USE_SHADOW so it doesn't conflict with system defines.
November 22nd 1997 - op 1.1.1
===============================
Break shadow support out from Solaris support. Added SHADOW symbol to the
build. It works on Linux 2.0.30. Presumably it still works on Solaris. 8)
Cleaned up logging code. It was an uncomfortable mess. Slimmed it down some.
Historical ChangeLog entries below
==================================
Dave Koblas added the keyword "password" to the list of options
accepted by op. This requires the user to supply op with a password
before executing the command. The password can be specified in the
op.access file (with "password=") or the user's personal password may
be required.
Howard Owen added the keyword "securid" to the list of options
accepted by op. This functions similarly to the "password" option,
requiring the user to supply op with his or her current SecurID code before
executing the command. If op is compiled without SecurID support, use
of this option in op.access will result in an error message and a
refusal to execute the corresponding command.