08/12/05 - op 1.32 ================== * Added rpl_malloc/rpl_realloc so that systems with dodgy implementations will link. This fixes compilation on HPUX, for example. * If a 'help' parameter does not exist, use the actual command to be run for the help. * Added detection for openlog() returning void. 01/09/05 - op 1.31 ================== The biggest change is the move to the autotools. Broken down changes. * Trailing args are now expanded from the last numbered argument encountered. eg. with {{{/bin/echo $1 $*}}}, the {{{$*}}} will expand to arguments 2 and on. * Fixed usage of snprintf. * Renamed fowner to fowners to be more consistent with the rest of the op commands. * Fixed long standing bug where the incorrect user is reported in the logs. * Added fperms and fowner constraints thanks to Pierre. * Logging beautification. * More automake/autoconf additions and cleanup. * Cleaned up ChangeLog, README, AUTHORS and NEWS. * Added man page. * Merged autoconf branch into trunk. * Fixed build errors on AIX reported by Pierre. * {{{make clean}}} cleans up {{{lex.c}}}. * Some configure fixes for crypt and pam fallback. * Added --with-shadow. * Added patch from Pierre that automatically reduces commands in the form "op /bin/ksh" to "op ksh" if the target is a valid executable. Convenience only. * Added a log prettification patch from Pierre. Also removed "=>" as it was ugly. This may break log parsers. * Added xauth support back in with {{{--enable-xauth=}}}. 27/05/05 - op 1.30 ================== Fixed use of DEFAULT section, closes #5. Quite a pain in the arse actually. Environment variables can now be propagated into child environments even when "environment" is specified. This will override any existing variables. Now using vsnprintf rather than snprintf. Correspondingly, changed preprocessor define which may mean build scripts need to be changed. Added an INSTALL file documenting the usual installation instructions. Default to using Flex, as Lex has internal constraints. Added default op.pam which is now installed if /etc/pam.d exists. Added patches by Pierre fixing strnprintf issues and a wildcard constraint bug. Thanks Pierre. 08/04/05 - op 1.29 ================== Added -l argument which lists available commands. Also added a {{{help=""}}} option which defines the help string displayed by -l. Cleaned up the code a bit, adding some basic dynamic array functions instead of replicating the code across multiple areas. Closes #4 07/04/05 - op 1.27/1.28 ================== Added ''nolog'' option which suppresses informational logs. Useful for automated jobs to prevent log spam. Configuration files in /etc/op.d are now lexically sorted. This allows variables in configuration files to be used deterministically. Commands can also be overridden in this fashion. 07/04/05 - op 1.26 ================== op will now read all config files in /etc/op.d with a .conf extension. This is a clean way of adding extra commands without having to manipulate op.conf. op.conf does not have to be present at all. Useful for dropping in op config with other packages or when adding config to systems in bulk. Thanks to Kyle Hyland for this idea. Also made error reporting a bit smarter when config files are missing or have incorrect permissions. 06/07/04 - op 1.24 ================== The xauth directive can now be given a target user, into whose environment the X authentication information is imported. 04/05/04 - op 1.23 ================== The xauth modifier now updates $XAUTHORITY in the child environment. Fixed a bug when setting the GID explicitly. 03/05/04 - op 1.22 ================== Added xauth support. This allows the X authority for the current display to be exported to the destination users X authority database. eg. shell /bin/su -; users=athomas $TERM xauth password To enable xauth support, the preprocessor macro XAUTH must be defined as a string pointing to the FULL PATH to the xauth binary. 23/04/04 - op 1.21 ================== Added netgroup support. eg. shell /bin/su -; netgroup=op-shell environment This is very useful in conjunction with either LDAP or NIS based netgroups. 02/02/04 - op 1.20 ================== Fixed a fairly major bug whereby blocked signals were not restored to their original state upon execv'ing the child process. Changed version number scheme to match the original op versions, and bumped up to 1.20. This is part of a collaborative effort between myself and Steve Simmons, who is going to add Kerberos support to op in the near future. Welcome Steve. 27/01/04 - op 1.1.10 ==================== Applied some of the FreeBSD patches, thanks to Cyrille Lefevre (the previous FreeBSD port maintainer) for pointing me to these. Patched a potential buffer overflow, again, picked up by Cyrille. Added lots of checks for allocation failures. Added constraints to as many uses of strcpy/strcat as I could find. Added constraint on number of simultaneous groups a user can be in. 24/01/04 - op 1.1.9 =================== Trapping signals (SIGINT, etc.) so that a failed authentication attempt can not be broken out of. 06/11/03 - op 1.1.8 =================== Fixed a fairly substantial bug where command arguments with multiple variables were not being expanded at all. 28/10/03 - op 1.1.7 =================== Logging now uses auth.level, and level is actually useful. 22/07/03 - op 1.1.6 =================== Added PAM support. April 17th 2003 - op 1.1.5 ========================== Added extensive logging to op. All logging is sent to syslog as auth.notice. April 16th 2003 - op 1.1.4 ========================== Added basic quoted argument passing to exec commands. This allows for complex shell scripts: inetd /bin/sh -c ' case $1 in on) /usr/sbin/inetd -s ;; off) /usr/bin/pkill inetd ;; esac '; users=ROOTUSERS $1=on|off April 10th 2003 - op 1.1.3 ========================== Added a max length arugment to GetField to help prevent buffer overflows. Regular expressions always have ^ prepended and $ appended so that if you put 'a' in an rx field it will not match any string with an 'a'. Old behaviour can be emulated with '.*a.*'. Added expiration support to users (user[@host][/expiry]). September 13th 2002 - op 1.1.2 ============================== Added user@host and group@host based access as well as variable expansion. Changed SHADOW to USE_SHADOW so it doesn't conflict with system defines. November 22nd 1997 - op 1.1.1 =============================== Break shadow support out from Solaris support. Added SHADOW symbol to the build. It works on Linux 2.0.30. Presumably it still works on Solaris. 8) Cleaned up logging code. It was an uncomfortable mess. Slimmed it down some. Historical ChangeLog entries below ================================== Dave Koblas added the keyword "password" to the list of options accepted by op. This requires the user to supply op with a password before executing the command. The password can be specified in the op.access file (with "password=") or the user's personal password may be required. Howard Owen added the keyword "securid" to the list of options accepted by op. This functions similarly to the "password" option, requiring the user to supply op with his or her current SecurID code before executing the command. If op is compiled without SecurID support, use of this option in op.access will result in an error message and a refusal to execute the corresponding command.