| 1 |
Dave Koblas added the keyword "password" to the list of options |
|---|
| 2 |
accepted by op. This requires the user to supply op with a password |
|---|
| 3 |
before executing the command. The password can be specified in the |
|---|
| 4 |
op.access file (with "password=") or the user's personal password may |
|---|
| 5 |
be required. |
|---|
| 6 |
|
|---|
| 7 |
Howard Owen added the keyword "securid" to the list of options |
|---|
| 8 |
accepted by op. This functions similarly to the "password" option, |
|---|
| 9 |
requiring the user to supply op with his or her current SecurID code before |
|---|
| 10 |
executing the command. If op is compiled without SecurID support, use |
|---|
| 11 |
of this option in op.access will result in an error message and a |
|---|
| 12 |
refusal to execute the corresponding command. |
|---|
| 13 |
|
|---|
| 14 |
Alec Thomas added support for user@host and group@host based access, as well |
|---|
| 15 |
as variable expansion in options. |
|---|
| 16 |
|
|---|
| 17 |
November 22nd 1997 - op 1.1.1 |
|---|
| 18 |
=============================== |
|---|
| 19 |
Break shadow support out from Solaris support. Added SHADOW symbol to the |
|---|
| 20 |
build. It works on Linux 2.0.30. Presumably it still works on Solaris. 8) |
|---|
| 21 |
|
|---|
| 22 |
Cleaned up logging code. It was an uncomfortable mess. Slimmed it down some. |
|---|
| 23 |
|
|---|
| 24 |
September 13th 2002 - op 1.1.2 |
|---|
| 25 |
============================== |
|---|
| 26 |
Added user@host and group@host based access as well as variable expansion. |
|---|
| 27 |
Changed SHADOW to USE_SHADOW so it doesn't conflict with system defines. |
|---|
| 28 |
|
|---|
| 29 |
April 10th 2003 - op 1.1.3 |
|---|
| 30 |
========================== |
|---|
| 31 |
Added a max length arugment to GetField to help prevent buffer overflows. |
|---|
| 32 |
Regular expressions always have ^ prepended and $ appended so that if you put |
|---|
| 33 |
'a' in an rx field it will not match any string with an 'a'. Old behaviour can |
|---|
| 34 |
be emulated with '.*a.*'. |
|---|
| 35 |
Added expiration support to users (user[@host][/expiry]). |
|---|
| 36 |
|
|---|
| 37 |
April 16th 2003 - op 1.1.4 |
|---|
| 38 |
========================== |
|---|
| 39 |
Added basic quoted argument passing to exec commands. This allows for complex |
|---|
| 40 |
shell scripts: |
|---|
| 41 |
|
|---|
| 42 |
inetd /bin/sh -c ' |
|---|
| 43 |
case $1 in |
|---|
| 44 |
on) /usr/sbin/inetd -s ;; |
|---|
| 45 |
off) /usr/bin/pkill inetd ;; |
|---|
| 46 |
esac |
|---|
| 47 |
'; |
|---|
| 48 |
users=ROOTUSERS |
|---|
| 49 |
$1=on|off |
|---|
| 50 |
|
|---|
| 51 |
April 17th 2003 - op 1.1.5 |
|---|
| 52 |
========================== |
|---|
| 53 |
Added extensive logging to op. All logging is sent to syslog as auth.notice. |
|---|
| 54 |
|
|---|
| 55 |
22/07/03 - op 1.1.6 |
|---|
| 56 |
=================== |
|---|
| 57 |
Added PAM support. |
|---|
| 58 |
|
|---|
| 59 |
28/10/03 - op 1.1.7 |
|---|
| 60 |
=================== |
|---|
| 61 |
Logging now uses auth.level, and level is actually useful. |
|---|
| 62 |
|
|---|
| 63 |
06/11/03 - op 1.1.8 |
|---|
| 64 |
=================== |
|---|
| 65 |
Fixed a fairly substantial bug where command arguments with multiple variables |
|---|
| 66 |
were not being expanded at all. |
|---|
| 67 |
|
|---|
| 68 |
24/01/04 - op 1.1.9 |
|---|
| 69 |
=================== |
|---|
| 70 |
Trapping signals (SIGINT, etc.) so that a failed authentication attempt can not |
|---|
| 71 |
be broken out of. |
|---|
| 72 |
|
|---|
| 73 |
27/01/04 - op 1.1.10 |
|---|
| 74 |
==================== |
|---|
| 75 |
Applied some of the FreeBSD patches, thanks to Cyrille Lefevre (the previous |
|---|
| 76 |
FreeBSD port maintainer) for pointing me to these. |
|---|
| 77 |
Patched a potential buffer overflow, again, picked up by Cyrille. |
|---|
| 78 |
Added lots of checks for allocation failures. |
|---|
| 79 |
Added constraints to as many uses of strcpy/strcat as I could find. |
|---|
| 80 |
Added constraint on number of simultaneous groups a user can be in. |
|---|
| 81 |
|
|---|
| 82 |
02/02/04 - op 1.20 |
|---|
| 83 |
================== |
|---|
| 84 |
Fixed a fairly major bug whereby blocked signals were not restored to their |
|---|
| 85 |
original state upon execv'ing the child process. |
|---|
| 86 |
|
|---|
| 87 |
Changed version number scheme to match the original op versions, and bumped up |
|---|
| 88 |
to 1.20. This is part of a collaborative effort between myself and Steve |
|---|
| 89 |
Simmons, who is going to add Kerberos support to op in the near future. Welcome |
|---|
| 90 |
Steve. |
|---|
| 91 |
|
|---|
| 92 |
23/04/04 - op 1.21 |
|---|
| 93 |
================== |
|---|
| 94 |
Added netgroup support. eg. |
|---|
| 95 |
|
|---|
| 96 |
shell /bin/su -; netgroup=op-shell environment |
|---|
| 97 |
|
|---|
| 98 |
This is very useful in conjunction with either LDAP or NIS based netgroups. |
|---|
| 99 |
|
|---|
| 100 |
03/05/04 - op 1.22 |
|---|
| 101 |
================== |
|---|
| 102 |
Added xauth support. This allows the X authority for the current display to be |
|---|
| 103 |
exported to the destination users X authority database. eg. |
|---|
| 104 |
|
|---|
| 105 |
shell /bin/su -; users=athomas $TERM xauth password |
|---|
| 106 |
|
|---|
| 107 |
To enable xauth support, the preprocessor macro XAUTH must be defined as |
|---|
| 108 |
a string pointing to the FULL PATH to the xauth binary. |
|---|
| 109 |
|
|---|
| 110 |
04/05/04 - op 1.23 |
|---|
| 111 |
================== |
|---|
| 112 |
The xauth modifier now updates $XAUTHORITY in the child environment. |
|---|
| 113 |
Fixed a bug when setting the GID explicitly. |
|---|
| 114 |
|
|---|
| 115 |
06/07/04 - op 1.24 |
|---|
| 116 |
================== |
|---|
| 117 |
The xauth directive can now be given a target user, into whose environment the |
|---|
| 118 |
X authentication information is imported. |
|---|
