HISTORY revision 271624
1314928SimpOpenPAM Ourouparia 2014-09-12 2314928Simp 3314928Simp - ENHANCE: When executing a chain, require at least one service 4314928Simp function to succeed. This mitigates fail-open scenarios caused by 5314928Simp misconfigurations or missing modules. 6314928Simp 7314928Simp - ENHANCE: Make sure to overwrite buffers which may have contained an 8314928Simp authentication token when they're no longer needed. 9314928Simp 10314928Simp - BUGFIX: Under certain circumstances, specifying a non-existent 11314928Simp module (or misspelling the name of a module) in a policy could 12314928Simp result in a fail-open scenario. (CVE-2014-3879) 13314928Simp 14314928Simp - FEATURE: Add a search path for modules. This was implemented in 15314928Simp Nummularia but inadvertently left out of the release notes. 16314928Simp 17314928Simp - BUGFIX: The is_upper() predicate only accepted the letter A as an 18314928Simp upper-case character instead of the entire A-Z range. As a result, 19314928Simp service and module names containing upper-case letters other than A 20314928Simp would be rejected. 21314928Simp============================================================================ 22314928SimpOpenPAM Nummularia 2013-09-07 23314928Simp 24314928Simp - ENHANCE: Rewrite the dynamic loader to improve readability and 25314928Simp reliability. Modules can now be listed without the ".so" suffix in 26314928Simp the policy file; OpenPAM will automatically add it, just like it 27314928Simp will automatically add the version number if required. 28314928Simp 29314928Simp - ENHANCE: Allow openpam_straddch(3) to be called without a character 30332123Skevans so it can be used to preallocate a string. 31314928Simp 32314928Simp - ENHANCE: Improve portability by adding simple asprintf(3) and 33314928Simp vasprintf(3) implementations for platforms that don't have them. 34332123Skevans 35314928Simp - ENHANCE: Move the libpam sources into a separate subdirectory. 36314928Simp 37314928Simp - ENHANCE: Substantial documentation improvements. 38314928Simp 39314928Simp - BUGFIX: When openpam_readword(3) encountered an opening quote, it 40314928Simp would set the first byte in the buffer to '\0', discarding all 41314928Simp existing text and, unless the buffer was empty to begin with, all 42332123Skevans subsequent text as well. This went unnoticed because none of the 43332123Skevans unit tests for quoted strings had any text preceding the opening 44314928Simp quote. 45314928Simp 46332123Skevans - BUGFIX: make --with-modules-dir work the way it was meant to work 47332123Skevans (but never did). 48314928Simp============================================================================ 49314928SimpOpenPAM Micrampelis 2012-05-26 50314928Simp 51314928Simp - FEATURE: Add an openpam_readword(3) function which reads the next 52314928Simp word from an input stream, applying shell quoting and escaping 53314928Simp rules. Add numerous unit tests for openpam_readword(3). 54332123Skevans 55314928Simp - FEATURE: Add an openpam_readlinev(3) function which uses the 56314928Simp openpam_readword(3) function to read words from an input stream one 57314928Simp at a time until it reaches an unquoted, unescaped newline, and 58314928Simp returns an array of those words. Add several unit tests for 59314928Simp openpam_readlinev(3). 60332123Skevans 61314928Simp - FEATURE: Add a PAM_HOST item which pam_start(3) initializes to the 62314928Simp machine's hostname. This was implemented in Lycopsida but 63314928Simp inadvertantly left out of the release notes. 64314928Simp 65314928Simp - FEATURE: In pam_get_authtok(3), if neither the application nor the 66314928Simp module have specified a prompt and PAM_HOST and PAM_RHOST are both 67314928Simp defined but not equal, use a different default prompt that includes 68314928Simp PAM_USER and PAM_HOST. 69314928Simp 70314928Simp - ENHANCE: Rewrite the policy parser to used openpam_readlinev(), 71332123Skevans which greatly simplifies the code. 72314928Simp 73314928Simp - ENHANCE: The previous implementation of the policy parser relied on 74314928Simp the openpam_readline(3) function, which (by design) munges 75314928Simp whitespace and understands neither quotes nor backslash escapes. 76332123Skevans As a result of the aforementioned rewrite, whitespace, quotes and 77332123Skevans backslash escapes in policy files are now handled in a consistent 78314928Simp and predictable manner. 79332123Skevans 80314928Simp - ENHANCE: On platforms that have it, use fdlopen(3) to load modules. 81314928Simp This closes the race between the ownership / permission check and 82314928Simp the dlopen(3) call. 83314928Simp 84314928Simp - ENHANCE: Reduce the amount of pointless error messages generated 85314928Simp while searching for a module. 86314928Simp 87314928Simp - ENHANCE: Numerous documentation improvements, both in content and 88314928Simp formatting. 89314928Simp 90314928Simp - BUGFIX: A patch incorporated in Lycopsida inadvertantly changed 91314928Simp OpenPAM's behavior when several policies exist for the same 92332123Skevans service, from ignoring all but the first to concatenating them all. 93314928Simp Revert to the original behavior. 94314928Simp 95332123Skevans - BUGFIX: Plug a memory leak in the policy parser. 96332123Skevans============================================================================ 97332123SkevansOpenPAM Lycopsida 2011-12-18 98314928Simp 99314928Simp - ENHANCE: removed static build autodetection, which didn't work 100314928Simp anyway. Use an explicit, user-specified preprocessor variable 101314928Simp instead. 102314928Simp 103314928Simp - ENHANCE: cleaned up the documentation a bit. 104332123Skevans 105332123Skevans - ENHANCE: added openpam_subst(3), allowing certain PAM items to be 106332123Skevans embedded in strings such as prompts. Apply it to the prompts used 107314928Simp by pam_get_user(3) and pam_get_authtok(3). 108314928Simp 109314928Simp - ENHANCE: added support for the user_prompt, authtok_prompt and 110314928Simp oldauthtok_prompt module options, which override the prompts passed 111314928Simp by the module to pam_set_user(3) and pam_get_authtok(3). 112314928Simp 113314928Simp - ENHANCE: rewrote the policy parser to support quoted option values. 114314928Simp 115314928Simp - ENHANCE: added pamtest(1), a tool for testing modules and policies. 116314928Simp 117332123Skevans - ENHANCE: added code to check the ownership and permissions of a 118314928Simp module before loading it. 119314928Simp 120314928Simp - ENHANCE: added / improved input validation in many cases, including 121314928Simp the policy file and some function arguments. (CVE-2011-4122) 122314928Simp============================================================================ 123314928SimpOpenPAM Hydrangea 2007-12-21 124332123Skevans 125332123Skevans - ENHANCE: when compiling with GCC, mark up API functions with GCC 126314928Simp attributes where appropriate. 127332123Skevans 128332123Skevans - BUGFIX: fixed numerous warnings uncovered by GCC 4. 129332123Skevans 130332123Skevans - ENHANCE: building the documentation is now optional. 131332123Skevans 132332123Skevans - ENHANCE: corrected a number of mistakes and style issues in the 133332123Skevans build system. 134332123Skevans 135332123Skevans - ENHANCE: API function arguments are now const where appropriate, to 136332123Skevans match corresponding changes in the Solaris PAM and Linux-PAM APIs. 137332123Skevans 138332123Skevans - ENHANCE: corrected a number of C namespace violations. 139332123Skevans 140332123Skevans - ENHANCE: the module cache has been removed, allowing long-lived 141332123Skevans applications to pick up module changes. This also allows multiple 142332123Skevans threads to use PAM simultaneously (as long as they use separate PAM 143332123Skevans contexts), since the module cache was the only part of OpenPAM that 144332123Skevans was not thread-safe. 145332123Skevans============================================================================ 146332123SkevansOpenPAM Figwort 2005-06-16 147332123Skevans 148332123Skevans - BUGFIX: Correct several small signedness and initialization bugs 149332123Skevans discovered during review by the NetBSD team. 150332123Skevans 151332123Skevans - BUGFIX: Modify gendoc.pl to sort cross-references in dictionary 152332123Skevans order within each section. 153332123Skevans 154332123Skevans - ENHANCE: if a policy specifies a relative module path, prepend the 155332123Skevans module directory so we never call dlopen(3) with a relative path. 156332123Skevans 157332123Skevans - ENHANCE: add a pam.conf(5) manual page. 158332123Skevans============================================================================ 159332123SkevansOpenPAM Feterita 2005-02-01 160332123Skevans 161332123Skevans - BUGFIX: Correct numerous markup errors, invalid cross-references, 162332123Skevans and other issues in the manual pages, with kind assistance from 163332123Skevans Ruslan Ermilov <ru@freebsd.org>. 164332123Skevans 165332123Skevans - BUGFIX: Avoid multiple evaluation of macro arguments in ENTERX() 166332123Skevans and RETURNX() macros. 167332123Skevans 168332123Skevans - BUGFIX: Remove an unnecessary and non-portable pointer cast in 169332123Skevans pam_get_data(3). 170332123Skevans 171332123Skevans - BUGFIX: Fix identical typos in PAM_ACCT_EXPIRED case in 172332123Skevans pam_strerror(3) and gendoc.pl. 173332123Skevans 174332123Skevans - ENHANCE: Minor overhaul of the autoconf / build system. 175332123Skevans 176332123Skevans - ENHANCE: Add openpam_free_envlist(3). 177332123Skevans============================================================================ 178332123SkevansOpenPAM Eelgrass 2004-02-10 179332123Skevans 180332123Skevans - BUGFIX: Correct array handling bugs in conversation code. 181332123Skevans 182332123Skevans - BUGFIX: In openpam_ttyconv(3), don't strip trailing linear 183332123Skevans whitespace from the user's response. 184332123Skevans 185332123Skevans - BUGFIX: Many constness issues addressed. 186332123Skevans============================================================================ 187332123SkevansOpenPAM Dogwood 2003-07-15 188332123Skevans 189332123Skevans - ENHANCE: Use the GNU autotools. 190332123Skevans 191332123Skevans - ENHANCE: Constify the msg field in struct pam_message. 192332123Skevans 193332123Skevans - BUGFIX: Remove left-over debugging output 194332123Skevans 195332123Skevans - BUGFIX: Avoid side effects in arguments to the FREE() macro 196332123Skevans 197314928Simp - ENHANCE: Make openpam_ttyconv(3) use read(2) rather than fgets(3). 198332123Skevans 199332123Skevans - BUGFIX: Staticize some variables which shouldn't be global. 200314928Simp 201314928Simp - BUGFIX: Correcly anticipate a NULL user in pam_get_user(3). 202314928Simp 203314928Simp - ENHANCE: Various minor documentation improvements. 204332123Skevans 205332123SkevansThanks to Dmitry V. Levin <ldv@altlinux.org> for considerable 206332123Skevansassistance with this release. 207314928Simp============================================================================ 208332123SkevansOpenPAM Digitalis 2003-06-01 209314928Simp 210314928Simp - ENHANCE: Completely rewrite the configuration parser and add 211332123Skevans support for the "include" control flag. 212332123Skevans 213332123Skevans - ENHANCE: Improve portability to NetBSD, OpenBSD and Linux. 214332123Skevans 215332123Skevans - ENHANCE: Lots of additional paranoia. 216314928Simp 217332123Skevans - BUGFIX: The sample su(1) application dropped privileges before 218332123Skevans forking instead of after. 219332123Skevans 220332123Skevans - ENHANCE: Document openpam_log(3). 221332123Skevans 222332123Skevans - ENHANCE: Other minor documentation fixes. 223332123Skevans 224332123SkevansThanks to Dmitry V. Levin <ldv@altlinux.org> for considerable 225332123Skevansassistance with this release. 226332123Skevans============================================================================ 227332123SkevansOpenPAM Dianthus 2003-05-02 228332123Skevans 229332123Skevans - BUGFIX: Initialize some potentially uninitialized variables. 230332123Skevans 231332123Skevans - BUGFIX: Silence some warnings emitted by gcc -std=iso9899:1999. 232314928Simp 233332123Skevans - BUGFIX: In pam_getenv(), return a pointer to the stored variable 234314928Simp instead of a freshly allocated copy. 235314928Simp 236332123Skevans - ENHANCE: Detect recursion in openpam_borrow_cred() 237314928Simp 238332123Skevans - ENHANCE: Make borrowing one's own credentials a no-op. 239332123Skevans 240332123Skevans - ENHANCE: Further improve debugging support. 241332123Skevans 242332123Skevans - ENHANCE: Clean up some variable names. 243332123Skevans============================================================================ 244332123SkevansOpenPAM Daffodil 2003-01-06 245332123Skevans 246332123Skevans - ENHANCE: Document dependency on <sys/types.h> (for size_t) 247332123Skevans 248332123Skevans - ENHANCE: Slightly improve error detection in openpam_ttyconv(). 249332123Skevans 250332123Skevans - BUGFIX: Fix several typos in debugging macros. 251332123Skevans============================================================================ 252332123SkevansOpenPAM Cyclamen 2002-12-12 253 254 - ENHANCE: Improve recursion detection in openpam_dispatch(). 255 256 - ENHANCE: Add debugging messages at entry and exit points of most 257 functions. 258 259 - ENHANCE: Fix some minor style issues. 260 261 - BUGFIX: Add default cases to the switches in openpam_log.c. 262 263 - ENHANCE: Add /usr/local/etc/pam.conf to policy search path. 264 265 - BUGFIX: In openpam_ttyconv(3), print the prompt to stdout rather 266 than stderr. 267============================================================================ 268OpenPAM Citronella 2002-06-30 269 270 - ENHANCE: Add the "binding" control flag (from Solaris 9). 271 272 - ENHANCE: Define struct pam_repository and PAM_REPOSITORY (from 273 Solaris 9). 274 275 - ENHANCE: Flesh out the pam(3) man page. 276 277 - ENHANCE: Add an openpam(3) page with cross-references to all the 278 documented OpenPAM API extensions. 279 280 - ENHANCE: Add a pam_conv(3) man page describing the conversation 281 system. 282 283 - ENHANCE: Improved sample application. 284 285 - ENHANCE: Added sample pam_unix module. 286 287 - BUGFIX: Various documentation nits. 288============================================================================ 289OpenPAM Cinquefoil 2002-05-24 290 291 - BUGFIX: Various warnings uncovered by gcc 3.1. 292 293 - ENHANCE: Add a null conversation function, openpam_nullconv(3). 294 295 - BUGFIX: Initialize the "other" chain to all zeroes. 296 297 - ENHANCE: Document openpam_ttyconv(3). 298============================================================================ 299OpenPAM Cinnamon 2002-05-02 300 301 - ENHANCE: Add a null conversation function, openpam_nullconv(). 302 303 - BUGFIX: Various markup bugs in the documentation. 304 305 - BUGFIX: Document <security/openpam.h>. 306 307 - BUGFIX: Duplicate expansion of openpam_log() macro arguments. 308 309 - ENHANCE: Restructure the policy-loading code and align our use of 310 the "other" policy with Solaris and Linux-PAM. 311 312 - ENHANCE: Log dlopen() and dlsym() failures. 313 314 - ENHANCE: In openpam_ttyconv(), emit a newline after error and info 315 messages unless the message contains one already. 316 317 - BUGFIX: In pam_vprompt(), initialize the response pointer to NULL 318 so we can detect whether the conversation function touched it. 319============================================================================ 320OpenPAM Cineraria 2002-04-14 321 322 - BUGFIX: Fix confusion between token and prompt in 323 pam_get_authtok(3). 324 325 - ENHANCE: Improved documentation. 326 327 - ENHANCE: Adopt the same preprocessor tricks that were used in 328 FreeBSD's version of Linux-PAM to simplify static linking without 329 requiring dummy primitives. 330 331 - ENHANCE: Move the policy-loading code out of pam_start.c. 332 333 - BUGFIX: Fix typo in one of the versions of the openpam_log macro. 334 335 - ENHANCE: Add versioning macros. 336============================================================================ 337OpenPAM Cinchona 2002-04-08 338 339 - ENHANCE: Improved documentation for several API functions. 340 341 - BUGFIX: Fix bug in pam_set_data() that would result in corruption 342 of the module data list. 343 344 - BUGFIX: Allocate the correct amount of memory for the environment 345 list in pam_putenv(). 346 347 - ENHANCE: Change pam_get_authtok()'s prototype so the caller can 348 specify what token it wants. Also introduce PAM_OLDAUTHTOK_PROMPT. 349 350 - BUGFIX: Plug memory leak in pam_get_user() / pam_get_authtok(), and 351 reduce differences between these very similar functions. 352 353 - ENHANCE: Check flags carefully in pam_authenticate() and 354 pam_chauthtok(). 355 356 - BUGFIX: Fix bugs in portability code; libpam now builds on NetBSD. 357 358 - ENHANCE: In pam_get_authtok(), if PAM_OLDAUTHTOK is set, we're 359 asked for PAM_AUTHTOK, and we have to prompt the user, prompt her 360 twice and compare the responses. 361 362 - ENHANCE: Add openpam_{borrow,restore}_cred(), for temporarily 363 switching to user credentials. 364 365 - ENHANCE: Add openpam_free_data(), a generic cleanup function for 366 pam_set_data() consumers. 367============================================================================ 368OpenPAM Centaury 2002-03-14 369 370 - BUGFIX: Add missing #include <string.h> to openpam_log.c. 371 372 - BUGFIX: s/PAM_REINITIALISE_CRED/PAM_REINITIALIZE_CRED/. XSSO uses 373 the former, but Solaris and Linux-PAM use the latter. 374 375 - BUGFIX: The dynamic loader and the module cache contained a number 376 of bugs which would cause a segmentation fault if pam_start(3) was 377 called again after pam_end(3), as happens in login(1), xdm(1) etc. 378 after a failed login. 379 380 - BUGFIX: Refer to a module by the name used in the policy file, even 381 if the module that was actually loaded was versioned. 382 383 - ENHANCE: Suppress debugging logs, unless compiled with -DDEBUG. 384============================================================================ 385OpenPAM Celandine 2002-03-05 386 387 - BUGFIX: PAM_TRY_AGAIN is a valid return value for pam_chauthtok(). 388 389 - BUGFIX: Run passwd chain twice, first with the PAM_PRELIM_CHECK 390 flag set, then with the PAM_UPDATE_AUTHTOK flag set. 391 392 - BUGFIX: Failure of a "sufficient" module should not terminate the 393 passwd chain if the PAM_PRELIM_CHECK flag is set. 394 395 - BUGFIX: Clear PAM_AUTHTOK after running the service modules. 396 397 - ENHANCE: Prevent applications from specifying the PAM_PRELIM_CHECK 398 or PAM_UPDATE_AUTHTOK flags themselves. 399 400 - BUGFIX: openpam_set_option() did not support changing the value of 401 an existing option. 402 403 - ENHANCE: Add support for module versioning. OpenPAM will prefer a 404 module with the same version number as the library itself to one 405 with no version number at all. 406============================================================================ 407OpenPAM Cantaloupe 2002-02-22 408 409 - BUGFIX: The proper use of PAM_SYMBOL_ERR is to indicate an invalid 410 argument to pam_[gs]et_item(3), not to indicate dlsym(3) failures. 411 412 - ENHANCE: Add in-line documentation in most source files, and a Perl 413 script that generates mdoc code from that. 414 415 - BUGFIX: The environment list was not properly NULL-terminated. 416 417 - ENHANCE: Allow the PAM_AUTHTOK_PROMPT item to override the prompt 418 specified by the module. 419 420 - BUGFIX: PAM_NUM_ITEMS was set too low. It has been moved to 421 pam_constants.h to avoid it going stale again. 422 423 - ENHANCE: Move all code related to static modules into a separate 424 file. 425 426 - ENHANCE: openpam_ttyconv() now masks most signals while prompting the 427 user, and supports setting a timeout (which defaults to off). 428 429 - BUGFIX: Some manual pages referenced XSSO even though they 430 documented OpenPAM-specific functions. 431 432 - ENHANCE: Added openpam_get_option() and openpam_set_option(). 433 434 - ENHANCE: openpam_get_authtok() now respects the echo_pass, 435 try_first_pass, and use_first_pass options. 436============================================================================ 437OpenPAM Caliopsis 2002-02-13 438 439Fixed a number of bugs in the previous release, including: 440 - a number of bugs in and related to pam_[gs]et_item(3) 441 - off-by-one bug in pam_start.c would trim last character off certain 442 configuration lines 443 - incorrect ordering of an array in openpam_load.c would cause service 444 module functions to get mixed up 445 - missing 'continue' in openpam_dispatch.c caused successes to be 446 counted as failures 447============================================================================ 448OpenPAM Calamite 2002-02-09 449 450First (beta) release. 451