root/op/1.30/ChangeLog

Dave Koblas added the keyword "password" to the list of options
accepted by op. This requires the user to supply op with a password
before executing the command.  The password can be specified in the
op.access file (with "password=") or the user's personal password may
be required.

Howard Owen added the keyword "securid" to the list of options
accepted by op. This functions similarly to the "password" option,
requiring the user to supply op with his or her current SecurID code before
executing the command. If op is compiled without SecurID support, use
of this option in op.access will result in an error message and a
refusal to execute the corresponding command.

Alec Thomas added support for user@host and group@host based access, as well
as variable expansion in options.

November 22nd 1997 - op 1.1.1
===============================
Break shadow support out from Solaris support. Added SHADOW symbol to the 
build. It works on Linux 2.0.30. Presumably it still works on Solaris. 8)

Cleaned up logging code. It was an uncomfortable mess. Slimmed it down some.

September 13th 2002 - op 1.1.2
==============================
Added user@host and group@host based access as well as variable expansion.
Changed SHADOW to USE_SHADOW so it doesn't conflict with system defines.

April 10th 2003 - op 1.1.3
==========================
Added a max length arugment to GetField to help prevent buffer overflows.
Regular expressions always have ^ prepended and $ appended so that if you put
'a' in an rx field it will not match any string with an 'a'. Old behaviour can
be emulated with '.*a.*'.
Added expiration support to users (user[@host][/expiry]).

April 16th 2003 - op 1.1.4
==========================
Added basic quoted argument passing to exec commands. This allows for complex
shell scripts:

        inetd /bin/sh -c '
                        case $1 in
                                on) /usr/sbin/inetd -s ;;
                                off) /usr/bin/pkill inetd ;;
                        esac
                        ';
                users=ROOTUSERS
                $1=on|off

April 17th 2003 - op 1.1.5
==========================
Added extensive logging to op. All logging is sent to syslog as auth.notice.

22/07/03 - op 1.1.6
===================
Added PAM support.

28/10/03 - op 1.1.7
===================
Logging now uses auth.level, and level is actually useful.

06/11/03 - op 1.1.8
===================
Fixed a fairly substantial bug where command arguments with multiple variables
were not being expanded at all.

24/01/04 - op 1.1.9
===================
Trapping signals (SIGINT, etc.) so that a failed authentication attempt can not
be broken out of.

27/01/04 - op 1.1.10
====================
Applied some of the FreeBSD patches, thanks to Cyrille Lefevre (the previous
FreeBSD port maintainer) for pointing me to these.
Patched a potential buffer overflow, again, picked up by Cyrille.
Added lots of checks for allocation failures.
Added constraints to as many uses of strcpy/strcat as I could find.
Added constraint on number of simultaneous groups a user can be in.

02/02/04 - op 1.20
==================
Fixed a fairly major bug whereby blocked signals were not restored to their
original state upon execv'ing the child process.

Changed version number scheme to match the original op versions, and bumped up
to 1.20. This is part of a collaborative effort between myself and Steve
Simmons, who is going to add Kerberos support to op in the near future. Welcome
Steve.

23/04/04 - op 1.21
==================
Added netgroup support. eg.

        shell /bin/su -; netgroup=op-shell environment

This is very useful in conjunction with either LDAP or NIS based netgroups.

03/05/04 - op 1.22
==================
Added xauth support. This allows the X authority for the current display to be
exported to the destination users X authority database. eg.

        shell  /bin/su -; users=athomas $TERM xauth password

To enable xauth support, the preprocessor macro XAUTH must be defined as
a string pointing to the FULL PATH to the xauth binary.

04/05/04 - op 1.23
==================
The xauth modifier now updates $XAUTHORITY in the child environment.
Fixed a bug when setting the GID explicitly.

06/07/04 - op 1.24
==================
The xauth directive can now be given a target user, into whose environment the
X authentication information is imported.

07/04/05 - op 1.26
==================
op will now read all config files in /etc/op.d with a .conf extension. This is
a clean way of adding extra commands without having to manipulate op.conf.
op.conf does not have to be present at all.  Useful for dropping in op config
with other packages or when adding config to systems in bulk. Thanks to Kyle
Hyland for this idea.

Also made error reporting a bit smarter when config files are missing or have
incorrect permissions. 

07/04/05 - op 1.27/1.28
==================
Added ''nolog'' option which suppresses informational logs. Useful for
automated jobs to prevent log spam.

Configuration files in /etc/op.d are now lexically sorted. This allows
variables in configuration files to be used deterministically. Commands
can also be overridden in this fashion.

08/04/05 - op 1.29
==================
Added -l argument which lists available commands.

Also added a {{{help="<help>"}}} option which defines the help string displayed
by -l.

Cleaned up the code a bit, adding some basic dynamic array functions instead of
replicating the code across multiple areas.

Closes #4

 27/05/05- op 1.30
==================
Fixed use of DEFAULT section, closes #5. Quite a pain in the arse actually.

Environment variables can now be propagated into child environments even when
"environment" is specified. This will override any existing variables.

Now using vsnprintf rather than snprintf. Correspondingly, changed preprocessor
define which may mean build scripts need to be changed.

Added an INSTALL file documenting the usual installation instructions.

Default to using Flex, as Lex has internal constraints.

Added default op.pam which is now installed if /etc/pam.d exists.

Added patches by Pierre fixing strnprintf issues and a wildcard constraint bug.
Thanks Pierre.