1*45538173SDag-Erling SmørgravOpenPAM Zingiber 2025-05-31 2*45538173SDag-Erling Smørgrav 3*45538173SDag-Erling Smørgrav - BUGFIX: In openpam_borrow_cred(3), the wrong debugging macro was 4*45538173SDag-Erling Smørgrav being used, which resulted in an attempt to interpret the target 5*45538173SDag-Erling Smørgrav UID as an item identifier. 6*45538173SDag-Erling Smørgrav 7*45538173SDag-Erling Smørgrav - ENHANCE: Allow missing modules or subpolicies to be ignored. 8*45538173SDag-Erling Smørgrav 9*45538173SDag-Erling Smørgrav - ENHANCE: Previously, OpenPAM was hardcoded to look for policies in 10*45538173SDag-Erling Smørgrav /usr/local/etc in addition to /etc and modules in /usr/local/lib in 11*45538173SDag-Erling Smørgrav addition to /usr/lib. This is now configurable at compile time. 12*45538173SDag-Erling Smørgrav============================================================================ 133ba4c8c8SDag-Erling SmørgravOpenPAM Ximenia 2023-06-27 143ba4c8c8SDag-Erling Smørgrav 153ba4c8c8SDag-Erling Smørgrav - BUGFIX: Fix race condition in openpam_ttyconv(3) when used with 163ba4c8c8SDag-Erling Smørgrav expect scripts. 173ba4c8c8SDag-Erling Smørgrav 183ba4c8c8SDag-Erling Smørgrav - BUGFIX: In openpam_set_option(3), when removing an option, properly 193ba4c8c8SDag-Erling Smørgrav decrement the option count. 203ba4c8c8SDag-Erling Smørgrav 213ba4c8c8SDag-Erling Smørgrav - BUGFIX: In openpam_subst(3), avoid incrementing past the end of the 223ba4c8c8SDag-Erling Smørgrav template. 233ba4c8c8SDag-Erling Smørgrav============================================================================ 2423d17223SDag-Erling SmørgravOpenPAM Tabebuia 2019-02-24 2523d17223SDag-Erling Smørgrav 2623d17223SDag-Erling Smørgrav - BUGFIX: Fix off-by-one bug in pam_getenv(3) which was introduced in 2723d17223SDag-Erling Smørgrav OpenPAM Radula. 2823d17223SDag-Erling Smørgrav 2923d17223SDag-Erling Smørgrav - ENHANCE: Add unit tests for pam_{get,put,set}env(3). 3023d17223SDag-Erling Smørgrav============================================================================ 3149e56509SDag-Erling SmørgravOpenPAM Resedacea 2017-04-30 3249e56509SDag-Erling Smørgrav 3349e56509SDag-Erling Smørgrav - BUGFIX: Reinstore the NULL check in pam_end(3) which was removed in 3449e56509SDag-Erling Smørgrav OpenPAM Radula, as it breaks common error-handling constructs. 3549e56509SDag-Erling Smørgrav 3649e56509SDag-Erling Smørgrav - BUGFIX: Return PAM_SYMBOL_ERR instead of PAM_SYSTEM_ERR from the 3749e56509SDag-Erling Smørgrav dispatcher when the required service function could not be found. 3849e56509SDag-Erling Smørgrav 3949e56509SDag-Erling Smørgrav - ENHANCE: Introduce the PAM_BAD_HANDLE error code for when pamh is 4049e56509SDag-Erling Smørgrav NULL in API functions that have a NULL check. 4149e56509SDag-Erling Smørgrav 4249e56509SDag-Erling Smørgrav - ENHANCE: Introduce the PAM_BAD_ITEM, PAM_BAD_FEATURE and 4349e56509SDag-Erling Smørgrav PAM_BAD_CONSTANT error codes for situations where we previously 4449e56509SDag-Erling Smørgrav incorrectly used PAM_SYMBOL_ERR to denote that an invalid constant 4549e56509SDag-Erling Smørgrav had been passed to an API function. 4649e56509SDag-Erling Smørgrav 4749e56509SDag-Erling Smørgrav - ENHANCE: Improve the RETURN VALUES section in API man pages, 4849e56509SDag-Erling Smørgrav especially for functions that cannot fail, which were incorrectly 4949e56509SDag-Erling Smørgrav documented as returning -1 on failure. 5049e56509SDag-Erling Smørgrav============================================================================ 51f3b0ac34SDag-Erling SmørgravOpenPAM Radula 2017-02-19 52f3b0ac34SDag-Erling Smørgrav 53f3b0ac34SDag-Erling Smørgrav - BUGFIX: Fix an inverted test which prevented pam_get_authtok(3) and 54f3b0ac34SDag-Erling Smørgrav pam_get_user(3) from using application-provided custom prompts. 55f3b0ac34SDag-Erling Smørgrav 56f3b0ac34SDag-Erling Smørgrav - BUGFIX: Plug a memory leak in pam_set_item(3). 57f3b0ac34SDag-Erling Smørgrav 58f3b0ac34SDag-Erling Smørgrav - BUGFIX: Plug a potential memory leak in openpam_readlinev(3). 59f3b0ac34SDag-Erling Smørgrav 60f3b0ac34SDag-Erling Smørgrav - BUGFIX: In openpam_readword(3), support line continuations within 61f3b0ac34SDag-Erling Smørgrav whitespace. 62f3b0ac34SDag-Erling Smørgrav 63f3b0ac34SDag-Erling Smørgrav - ENHANCE: Add a feature flag to control fallback to "other" policy. 64f3b0ac34SDag-Erling Smørgrav 65f3b0ac34SDag-Erling Smørgrav - ENHANCE: Add a pam_return(8) module which returns an arbitrary 66f3b0ac34SDag-Erling Smørgrav code specified in the module options. 67f3b0ac34SDag-Erling Smørgrav 68f3b0ac34SDag-Erling Smørgrav - ENHANCE: More and better unit tests. 69f3b0ac34SDag-Erling Smørgrav============================================================================ 70d64f4044SDag-Erling SmørgravOpenPAM Ourouparia 2014-09-12 71d64f4044SDag-Erling Smørgrav 72d64f4044SDag-Erling Smørgrav - ENHANCE: When executing a chain, require at least one service 73d64f4044SDag-Erling Smørgrav function to succeed. This mitigates fail-open scenarios caused by 74d64f4044SDag-Erling Smørgrav misconfigurations or missing modules. 75d64f4044SDag-Erling Smørgrav 76d64f4044SDag-Erling Smørgrav - ENHANCE: Make sure to overwrite buffers which may have contained an 77d64f4044SDag-Erling Smørgrav authentication token when they're no longer needed. 78d64f4044SDag-Erling Smørgrav 79d64f4044SDag-Erling Smørgrav - BUGFIX: Under certain circumstances, specifying a non-existent 80d64f4044SDag-Erling Smørgrav module (or misspelling the name of a module) in a policy could 81d64f4044SDag-Erling Smørgrav result in a fail-open scenario. (CVE-2014-3879) 82d64f4044SDag-Erling Smørgrav 83d64f4044SDag-Erling Smørgrav - FEATURE: Add a search path for modules. This was implemented in 84d64f4044SDag-Erling Smørgrav Nummularia but inadvertently left out of the release notes. 85d64f4044SDag-Erling Smørgrav 86d64f4044SDag-Erling Smørgrav - BUGFIX: The is_upper() predicate only accepted the letter A as an 87d64f4044SDag-Erling Smørgrav upper-case character instead of the entire A-Z range. As a result, 88d64f4044SDag-Erling Smørgrav service and module names containing upper-case letters other than A 89d64f4044SDag-Erling Smørgrav would be rejected. 90d64f4044SDag-Erling Smørgrav============================================================================ 91ce77a8d6SDag-Erling SmørgravOpenPAM Nummularia 2013-09-07 92ce77a8d6SDag-Erling Smørgrav 93ce77a8d6SDag-Erling Smørgrav - ENHANCE: Rewrite the dynamic loader to improve readability and 94ce77a8d6SDag-Erling Smørgrav reliability. Modules can now be listed without the ".so" suffix in 95ce77a8d6SDag-Erling Smørgrav the policy file; OpenPAM will automatically add it, just like it 96ce77a8d6SDag-Erling Smørgrav will automatically add the version number if required. 97ce77a8d6SDag-Erling Smørgrav 98ce77a8d6SDag-Erling Smørgrav - ENHANCE: Allow openpam_straddch(3) to be called without a character 99ce77a8d6SDag-Erling Smørgrav so it can be used to preallocate a string. 100ce77a8d6SDag-Erling Smørgrav 101ce77a8d6SDag-Erling Smørgrav - ENHANCE: Improve portability by adding simple asprintf(3) and 102ce77a8d6SDag-Erling Smørgrav vasprintf(3) implementations for platforms that don't have them. 103ce77a8d6SDag-Erling Smørgrav 104ce77a8d6SDag-Erling Smørgrav - ENHANCE: Move the libpam sources into a separate subdirectory. 105ce77a8d6SDag-Erling Smørgrav 106ce77a8d6SDag-Erling Smørgrav - ENHANCE: Substantial documentation improvements. 107ce77a8d6SDag-Erling Smørgrav 108ce77a8d6SDag-Erling Smørgrav - BUGFIX: When openpam_readword(3) encountered an opening quote, it 109ce77a8d6SDag-Erling Smørgrav would set the first byte in the buffer to '\0', discarding all 110ce77a8d6SDag-Erling Smørgrav existing text and, unless the buffer was empty to begin with, all 111ce77a8d6SDag-Erling Smørgrav subsequent text as well. This went unnoticed because none of the 112ce77a8d6SDag-Erling Smørgrav unit tests for quoted strings had any text preceding the opening 113ce77a8d6SDag-Erling Smørgrav quote. 114ce77a8d6SDag-Erling Smørgrav 115ce77a8d6SDag-Erling Smørgrav - BUGFIX: make --with-modules-dir work the way it was meant to work 116ce77a8d6SDag-Erling Smørgrav (but never did). 117ce77a8d6SDag-Erling Smørgrav============================================================================ 1182f3ed619SDag-Erling SmørgravOpenPAM Micrampelis 2012-05-26 1192f3ed619SDag-Erling Smørgrav 1202f3ed619SDag-Erling Smørgrav - FEATURE: Add an openpam_readword(3) function which reads the next 1212f3ed619SDag-Erling Smørgrav word from an input stream, applying shell quoting and escaping 1222f3ed619SDag-Erling Smørgrav rules. Add numerous unit tests for openpam_readword(3). 1232f3ed619SDag-Erling Smørgrav 1242f3ed619SDag-Erling Smørgrav - FEATURE: Add an openpam_readlinev(3) function which uses the 1252f3ed619SDag-Erling Smørgrav openpam_readword(3) function to read words from an input stream one 1262f3ed619SDag-Erling Smørgrav at a time until it reaches an unquoted, unescaped newline, and 1272f3ed619SDag-Erling Smørgrav returns an array of those words. Add several unit tests for 1282f3ed619SDag-Erling Smørgrav openpam_readlinev(3). 1292f3ed619SDag-Erling Smørgrav 1302f3ed619SDag-Erling Smørgrav - FEATURE: Add a PAM_HOST item which pam_start(3) initializes to the 1312f3ed619SDag-Erling Smørgrav machine's hostname. This was implemented in Lycopsida but 1322f3ed619SDag-Erling Smørgrav inadvertantly left out of the release notes. 1332f3ed619SDag-Erling Smørgrav 1342f3ed619SDag-Erling Smørgrav - FEATURE: In pam_get_authtok(3), if neither the application nor the 1352f3ed619SDag-Erling Smørgrav module have specified a prompt and PAM_HOST and PAM_RHOST are both 1362f3ed619SDag-Erling Smørgrav defined but not equal, use a different default prompt that includes 1372f3ed619SDag-Erling Smørgrav PAM_USER and PAM_HOST. 1382f3ed619SDag-Erling Smørgrav 1392f3ed619SDag-Erling Smørgrav - ENHANCE: Rewrite the policy parser to used openpam_readlinev(), 1402f3ed619SDag-Erling Smørgrav which greatly simplifies the code. 1412f3ed619SDag-Erling Smørgrav 1422f3ed619SDag-Erling Smørgrav - ENHANCE: The previous implementation of the policy parser relied on 1432f3ed619SDag-Erling Smørgrav the openpam_readline(3) function, which (by design) munges 1442f3ed619SDag-Erling Smørgrav whitespace and understands neither quotes nor backslash escapes. 1452f3ed619SDag-Erling Smørgrav As a result of the aforementioned rewrite, whitespace, quotes and 1462f3ed619SDag-Erling Smørgrav backslash escapes in policy files are now handled in a consistent 1472f3ed619SDag-Erling Smørgrav and predictable manner. 1482f3ed619SDag-Erling Smørgrav 1492f3ed619SDag-Erling Smørgrav - ENHANCE: On platforms that have it, use fdlopen(3) to load modules. 1502f3ed619SDag-Erling Smørgrav This closes the race between the ownership / permission check and 1512f3ed619SDag-Erling Smørgrav the dlopen(3) call. 1522f3ed619SDag-Erling Smørgrav 1532f3ed619SDag-Erling Smørgrav - ENHANCE: Reduce the amount of pointless error messages generated 1542f3ed619SDag-Erling Smørgrav while searching for a module. 1552f3ed619SDag-Erling Smørgrav 1562f3ed619SDag-Erling Smørgrav - ENHANCE: Numerous documentation improvements, both in content and 1572f3ed619SDag-Erling Smørgrav formatting. 1582f3ed619SDag-Erling Smørgrav 1592f3ed619SDag-Erling Smørgrav - BUGFIX: A patch incorporated in Lycopsida inadvertantly changed 1602f3ed619SDag-Erling Smørgrav OpenPAM's behavior when several policies exist for the same 1612f3ed619SDag-Erling Smørgrav service, from ignoring all but the first to concatenating them all. 1622f3ed619SDag-Erling Smørgrav Revert to the original behavior. 1632f3ed619SDag-Erling Smørgrav 1642f3ed619SDag-Erling Smørgrav - BUGFIX: Plug a memory leak in the policy parser. 1652f3ed619SDag-Erling Smørgrav============================================================================ 1667f106882SDag-Erling SmørgravOpenPAM Lycopsida 2011-12-18 1677f106882SDag-Erling Smørgrav 1687f106882SDag-Erling Smørgrav - ENHANCE: removed static build autodetection, which didn't work 1697f106882SDag-Erling Smørgrav anyway. Use an explicit, user-specified preprocessor variable 1707f106882SDag-Erling Smørgrav instead. 1717f106882SDag-Erling Smørgrav 1727f106882SDag-Erling Smørgrav - ENHANCE: cleaned up the documentation a bit. 1737f106882SDag-Erling Smørgrav 1747f106882SDag-Erling Smørgrav - ENHANCE: added openpam_subst(3), allowing certain PAM items to be 1757f106882SDag-Erling Smørgrav embedded in strings such as prompts. Apply it to the prompts used 1767f106882SDag-Erling Smørgrav by pam_get_user(3) and pam_get_authtok(3). 1777f106882SDag-Erling Smørgrav 1787f106882SDag-Erling Smørgrav - ENHANCE: added support for the user_prompt, authtok_prompt and 1797f106882SDag-Erling Smørgrav oldauthtok_prompt module options, which override the prompts passed 1807f106882SDag-Erling Smørgrav by the module to pam_set_user(3) and pam_get_authtok(3). 1817f106882SDag-Erling Smørgrav 1827f106882SDag-Erling Smørgrav - ENHANCE: rewrote the policy parser to support quoted option values. 1837f106882SDag-Erling Smørgrav 1847f106882SDag-Erling Smørgrav - ENHANCE: added pamtest(1), a tool for testing modules and policies. 1857f106882SDag-Erling Smørgrav 1867f106882SDag-Erling Smørgrav - ENHANCE: added code to check the ownership and permissions of a 1877f106882SDag-Erling Smørgrav module before loading it. 1887f106882SDag-Erling Smørgrav 1897f106882SDag-Erling Smørgrav - ENHANCE: added / improved input validation in many cases, including 190d64f4044SDag-Erling Smørgrav the policy file and some function arguments. (CVE-2011-4122) 1917f106882SDag-Erling Smørgrav============================================================================ 192fe980754SDag-Erling SmørgravOpenPAM Hydrangea 2007-12-21 193fe980754SDag-Erling Smørgrav 194fe980754SDag-Erling Smørgrav - ENHANCE: when compiling with GCC, mark up API functions with GCC 195fe980754SDag-Erling Smørgrav attributes where appropriate. 196fe980754SDag-Erling Smørgrav 197fe980754SDag-Erling Smørgrav - BUGFIX: fixed numerous warnings uncovered by GCC 4. 198fe980754SDag-Erling Smørgrav 199fe980754SDag-Erling Smørgrav - ENHANCE: building the documentation is now optional. 200fe980754SDag-Erling Smørgrav 201fe980754SDag-Erling Smørgrav - ENHANCE: corrected a number of mistakes and style issues in the 202fe980754SDag-Erling Smørgrav build system. 203fe980754SDag-Erling Smørgrav 204fe980754SDag-Erling Smørgrav - ENHANCE: API function arguments are now const where appropriate, to 205fe980754SDag-Erling Smørgrav match corresponding changes in the Solaris PAM and Linux-PAM APIs. 206fe980754SDag-Erling Smørgrav 207fe980754SDag-Erling Smørgrav - ENHANCE: corrected a number of C namespace violations. 208fe980754SDag-Erling Smørgrav 209fe980754SDag-Erling Smørgrav - ENHANCE: the module cache has been removed, allowing long-lived 210fe980754SDag-Erling Smørgrav applications to pick up module changes. This also allows multiple 211fe980754SDag-Erling Smørgrav threads to use PAM simultaneously (as long as they use separate PAM 212fe980754SDag-Erling Smørgrav contexts), since the module cache was the only part of OpenPAM that 213fe980754SDag-Erling Smørgrav was not thread-safe. 214fe980754SDag-Erling Smørgrav============================================================================ 215556dce83SDag-Erling SmørgravOpenPAM Figwort 2005-06-16 216556dce83SDag-Erling Smørgrav 217556dce83SDag-Erling Smørgrav - BUGFIX: Correct several small signedness and initialization bugs 218556dce83SDag-Erling Smørgrav discovered during review by the NetBSD team. 219556dce83SDag-Erling Smørgrav 220556dce83SDag-Erling Smørgrav - BUGFIX: Modify gendoc.pl to sort cross-references in dictionary 221556dce83SDag-Erling Smørgrav order within each section. 222556dce83SDag-Erling Smørgrav 223556dce83SDag-Erling Smørgrav - ENHANCE: if a policy specifies a relative module path, prepend the 224556dce83SDag-Erling Smørgrav module directory so we never call dlopen(3) with a relative path. 225556dce83SDag-Erling Smørgrav 226556dce83SDag-Erling Smørgrav - ENHANCE: add a pam.conf(5) manual page. 227556dce83SDag-Erling Smørgrav============================================================================ 228b33ab329SDag-Erling SmørgravOpenPAM Feterita 2005-02-01 229b33ab329SDag-Erling Smørgrav 230b33ab329SDag-Erling Smørgrav - BUGFIX: Correct numerous markup errors, invalid cross-references, 231b33ab329SDag-Erling Smørgrav and other issues in the manual pages, with kind assistance from 232b33ab329SDag-Erling Smørgrav Ruslan Ermilov <ru@freebsd.org>. 233b33ab329SDag-Erling Smørgrav 234b33ab329SDag-Erling Smørgrav - BUGFIX: Avoid multiple evaluation of macro arguments in ENTERX() 235b33ab329SDag-Erling Smørgrav and RETURNX() macros. 236b33ab329SDag-Erling Smørgrav 237b33ab329SDag-Erling Smørgrav - BUGFIX: Remove an unnecessary and non-portable pointer cast in 238b33ab329SDag-Erling Smørgrav pam_get_data(3). 239b33ab329SDag-Erling Smørgrav 240b33ab329SDag-Erling Smørgrav - BUGFIX: Fix identical typos in PAM_ACCT_EXPIRED case in 241b33ab329SDag-Erling Smørgrav pam_strerror(3) and gendoc.pl. 242b33ab329SDag-Erling Smørgrav 243b33ab329SDag-Erling Smørgrav - ENHANCE: Minor overhaul of the autoconf / build system. 244b33ab329SDag-Erling Smørgrav 245b33ab329SDag-Erling Smørgrav - ENHANCE: Add openpam_free_envlist(3). 246b33ab329SDag-Erling Smørgrav============================================================================ 247e10ae022SDag-Erling SmørgravOpenPAM Eelgrass 2004-02-10 248e10ae022SDag-Erling Smørgrav 249e10ae022SDag-Erling Smørgrav - BUGFIX: Correct array handling bugs in conversation code. 250e10ae022SDag-Erling Smørgrav 251e10ae022SDag-Erling Smørgrav - BUGFIX: In openpam_ttyconv(3), don't strip trailing linear 252e10ae022SDag-Erling Smørgrav whitespace from the user's response. 253e10ae022SDag-Erling Smørgrav 254e10ae022SDag-Erling Smørgrav - BUGFIX: Many constness issues addressed. 255e10ae022SDag-Erling Smørgrav============================================================================ 256ca236e63SDag-Erling SmørgravOpenPAM Dogwood 2003-07-15 257ca236e63SDag-Erling Smørgrav 258ca236e63SDag-Erling Smørgrav - ENHANCE: Use the GNU autotools. 259ca236e63SDag-Erling Smørgrav 260ca236e63SDag-Erling Smørgrav - ENHANCE: Constify the msg field in struct pam_message. 261ca236e63SDag-Erling Smørgrav 262ca236e63SDag-Erling Smørgrav - BUGFIX: Remove left-over debugging output 263ca236e63SDag-Erling Smørgrav 264ca236e63SDag-Erling Smørgrav - BUGFIX: Avoid side effects in arguments to the FREE() macro 265ca236e63SDag-Erling Smørgrav 266ca236e63SDag-Erling Smørgrav - ENHANCE: Make openpam_ttyconv(3) use read(2) rather than fgets(3). 267ca236e63SDag-Erling Smørgrav 268ca236e63SDag-Erling Smørgrav - BUGFIX: Staticize some variables which shouldn't be global. 269ca236e63SDag-Erling Smørgrav 270ca236e63SDag-Erling Smørgrav - BUGFIX: Correcly anticipate a NULL user in pam_get_user(3). 271ca236e63SDag-Erling Smørgrav 272ca236e63SDag-Erling Smørgrav - ENHANCE: Various minor documentation improvements. 273ca236e63SDag-Erling Smørgrav 274ca236e63SDag-Erling SmørgravThanks to Dmitry V. Levin <ldv@altlinux.org> for considerable 275ca236e63SDag-Erling Smørgravassistance with this release. 276ca236e63SDag-Erling Smørgrav============================================================================ 27731c521e9SDag-Erling SmørgravOpenPAM Digitalis 2003-06-01 27831c521e9SDag-Erling Smørgrav 27931c521e9SDag-Erling Smørgrav - ENHANCE: Completely rewrite the configuration parser and add 28031c521e9SDag-Erling Smørgrav support for the "include" control flag. 28131c521e9SDag-Erling Smørgrav 28231c521e9SDag-Erling Smørgrav - ENHANCE: Improve portability to NetBSD, OpenBSD and Linux. 28331c521e9SDag-Erling Smørgrav 28431c521e9SDag-Erling Smørgrav - ENHANCE: Lots of additional paranoia. 28531c521e9SDag-Erling Smørgrav 28631c521e9SDag-Erling Smørgrav - BUGFIX: The sample su(1) application dropped privileges before 28731c521e9SDag-Erling Smørgrav forking instead of after. 28831c521e9SDag-Erling Smørgrav 28931c521e9SDag-Erling Smørgrav - ENHANCE: Document openpam_log(3). 29031c521e9SDag-Erling Smørgrav 29131c521e9SDag-Erling Smørgrav - ENHANCE: Other minor documentation fixes. 29231c521e9SDag-Erling Smørgrav 29331c521e9SDag-Erling SmørgravThanks to Dmitry V. Levin <ldv@altlinux.org> for considerable 29431c521e9SDag-Erling Smørgravassistance with this release. 29531c521e9SDag-Erling Smørgrav============================================================================ 2964cb68ea5SDag-Erling SmørgravOpenPAM Dianthus 2003-05-02 2974cb68ea5SDag-Erling Smørgrav 2984cb68ea5SDag-Erling Smørgrav - BUGFIX: Initialize some potentially uninitialized variables. 2994cb68ea5SDag-Erling Smørgrav 3004cb68ea5SDag-Erling Smørgrav - BUGFIX: Silence some warnings emitted by gcc -std=iso9899:1999. 3014cb68ea5SDag-Erling Smørgrav 3024cb68ea5SDag-Erling Smørgrav - BUGFIX: In pam_getenv(), return a pointer to the stored variable 3034cb68ea5SDag-Erling Smørgrav instead of a freshly allocated copy. 3044cb68ea5SDag-Erling Smørgrav 3054cb68ea5SDag-Erling Smørgrav - ENHANCE: Detect recursion in openpam_borrow_cred() 3064cb68ea5SDag-Erling Smørgrav 3074cb68ea5SDag-Erling Smørgrav - ENHANCE: Make borrowing one's own credentials a no-op. 3084cb68ea5SDag-Erling Smørgrav 3094cb68ea5SDag-Erling Smørgrav - ENHANCE: Further improve debugging support. 3104cb68ea5SDag-Erling Smørgrav 3114cb68ea5SDag-Erling Smørgrav - ENHANCE: Clean up some variable names. 3124cb68ea5SDag-Erling Smørgrav============================================================================ 313644f2b7cSDag-Erling SmørgravOpenPAM Daffodil 2003-01-06 314644f2b7cSDag-Erling Smørgrav 315644f2b7cSDag-Erling Smørgrav - ENHANCE: Document dependency on <sys/types.h> (for size_t) 316644f2b7cSDag-Erling Smørgrav 317644f2b7cSDag-Erling Smørgrav - ENHANCE: Slightly improve error detection in openpam_ttyconv(). 318644f2b7cSDag-Erling Smørgrav 319644f2b7cSDag-Erling Smørgrav - BUGFIX: Fix several typos in debugging macros. 320644f2b7cSDag-Erling Smørgrav============================================================================ 32164819919SDag-Erling SmørgravOpenPAM Cyclamen 2002-12-12 32264819919SDag-Erling Smørgrav 32364819919SDag-Erling Smørgrav - ENHANCE: Improve recursion detection in openpam_dispatch(). 32464819919SDag-Erling Smørgrav 32564819919SDag-Erling Smørgrav - ENHANCE: Add debugging messages at entry and exit points of most 32664819919SDag-Erling Smørgrav functions. 32764819919SDag-Erling Smørgrav 32864819919SDag-Erling Smørgrav - ENHANCE: Fix some minor style issues. 32964819919SDag-Erling Smørgrav 33064819919SDag-Erling Smørgrav - BUGFIX: Add default cases to the switches in openpam_log.c. 33164819919SDag-Erling Smørgrav 33264819919SDag-Erling Smørgrav - ENHANCE: Add /usr/local/etc/pam.conf to policy search path. 33364819919SDag-Erling Smørgrav 33464819919SDag-Erling Smørgrav - BUGFIX: In openpam_ttyconv(3), print the prompt to stdout rather 33564819919SDag-Erling Smørgrav than stderr. 3365c1eca55SDag-Erling Smørgrav============================================================================ 337ee02aaa9SDag-Erling SmørgravOpenPAM Citronella 2002-06-30 338ee02aaa9SDag-Erling Smørgrav 339ee02aaa9SDag-Erling Smørgrav - ENHANCE: Add the "binding" control flag (from Solaris 9). 340ee02aaa9SDag-Erling Smørgrav 341ee02aaa9SDag-Erling Smørgrav - ENHANCE: Define struct pam_repository and PAM_REPOSITORY (from 342ee02aaa9SDag-Erling Smørgrav Solaris 9). 343ee02aaa9SDag-Erling Smørgrav 344ee02aaa9SDag-Erling Smørgrav - ENHANCE: Flesh out the pam(3) man page. 345ee02aaa9SDag-Erling Smørgrav 346ee02aaa9SDag-Erling Smørgrav - ENHANCE: Add an openpam(3) page with cross-references to all the 347ee02aaa9SDag-Erling Smørgrav documented OpenPAM API extensions. 348ee02aaa9SDag-Erling Smørgrav 349ee02aaa9SDag-Erling Smørgrav - ENHANCE: Add a pam_conv(3) man page describing the conversation 350ee02aaa9SDag-Erling Smørgrav system. 351ee02aaa9SDag-Erling Smørgrav 352ee02aaa9SDag-Erling Smørgrav - ENHANCE: Improved sample application. 353ee02aaa9SDag-Erling Smørgrav 354ee02aaa9SDag-Erling Smørgrav - ENHANCE: Added sample pam_unix module. 355ee02aaa9SDag-Erling Smørgrav 356ee02aaa9SDag-Erling Smørgrav - BUGFIX: Various documentation nits. 357ee02aaa9SDag-Erling Smørgrav============================================================================ 35855e3fbc9SDag-Erling SmørgravOpenPAM Cinquefoil 2002-05-24 35955e3fbc9SDag-Erling Smørgrav 36055e3fbc9SDag-Erling Smørgrav - BUGFIX: Various warnings uncovered by gcc 3.1. 36155e3fbc9SDag-Erling Smørgrav 36255e3fbc9SDag-Erling Smørgrav - ENHANCE: Add a null conversation function, openpam_nullconv(3). 36355e3fbc9SDag-Erling Smørgrav 36455e3fbc9SDag-Erling Smørgrav - BUGFIX: Initialize the "other" chain to all zeroes. 36555e3fbc9SDag-Erling Smørgrav 36655e3fbc9SDag-Erling Smørgrav - ENHANCE: Document openpam_ttyconv(3). 36755e3fbc9SDag-Erling Smørgrav============================================================================ 368ac7e3b9dSDag-Erling SmørgravOpenPAM Cinnamon 2002-05-02 369ac7e3b9dSDag-Erling Smørgrav 370ac7e3b9dSDag-Erling Smørgrav - ENHANCE: Add a null conversation function, openpam_nullconv(). 371ac7e3b9dSDag-Erling Smørgrav 372ac7e3b9dSDag-Erling Smørgrav - BUGFIX: Various markup bugs in the documentation. 373ac7e3b9dSDag-Erling Smørgrav 374ac7e3b9dSDag-Erling Smørgrav - BUGFIX: Document <security/openpam.h>. 375ac7e3b9dSDag-Erling Smørgrav 376ac7e3b9dSDag-Erling Smørgrav - BUGFIX: Duplicate expansion of openpam_log() macro arguments. 377ac7e3b9dSDag-Erling Smørgrav 378ac7e3b9dSDag-Erling Smørgrav - ENHANCE: Restructure the policy-loading code and align our use of 379ac7e3b9dSDag-Erling Smørgrav the "other" policy with Solaris and Linux-PAM. 380ac7e3b9dSDag-Erling Smørgrav 381ac7e3b9dSDag-Erling Smørgrav - ENHANCE: Log dlopen() and dlsym() failures. 382ac7e3b9dSDag-Erling Smørgrav 383ac7e3b9dSDag-Erling Smørgrav - ENHANCE: In openpam_ttyconv(), emit a newline after error and info 384ac7e3b9dSDag-Erling Smørgrav messages unless the message contains one already. 385ac7e3b9dSDag-Erling Smørgrav 386ac7e3b9dSDag-Erling Smørgrav - BUGFIX: In pam_vprompt(), initialize the response pointer to NULL 387ac7e3b9dSDag-Erling Smørgrav so we can detect whether the conversation function touched it. 388ac7e3b9dSDag-Erling Smørgrav============================================================================ 389183bda37SDag-Erling SmørgravOpenPAM Cineraria 2002-04-14 390183bda37SDag-Erling Smørgrav 391ac7e3b9dSDag-Erling Smørgrav - BUGFIX: Fix confusion between token and prompt in 392ac7e3b9dSDag-Erling Smørgrav pam_get_authtok(3). 393ac7e3b9dSDag-Erling Smørgrav 394183bda37SDag-Erling Smørgrav - ENHANCE: Improved documentation. 395183bda37SDag-Erling Smørgrav 396183bda37SDag-Erling Smørgrav - ENHANCE: Adopt the same preprocessor tricks that were used in 397183bda37SDag-Erling Smørgrav FreeBSD's version of Linux-PAM to simplify static linking without 398183bda37SDag-Erling Smørgrav requiring dummy primitives. 399183bda37SDag-Erling Smørgrav 400ac7e3b9dSDag-Erling Smørgrav - ENHANCE: Move the policy-loading code out of pam_start.c. 401183bda37SDag-Erling Smørgrav 402183bda37SDag-Erling Smørgrav - BUGFIX: Fix typo in one of the versions of the openpam_log macro. 403183bda37SDag-Erling Smørgrav 404183bda37SDag-Erling Smørgrav - ENHANCE: Add versioning macros. 405183bda37SDag-Erling Smørgrav============================================================================ 40693889be5SDag-Erling SmørgravOpenPAM Cinchona 2002-04-08 40793889be5SDag-Erling Smørgrav 40893889be5SDag-Erling Smørgrav - ENHANCE: Improved documentation for several API functions. 40993889be5SDag-Erling Smørgrav 41093889be5SDag-Erling Smørgrav - BUGFIX: Fix bug in pam_set_data() that would result in corruption 41193889be5SDag-Erling Smørgrav of the module data list. 41293889be5SDag-Erling Smørgrav 41393889be5SDag-Erling Smørgrav - BUGFIX: Allocate the correct amount of memory for the environment 41493889be5SDag-Erling Smørgrav list in pam_putenv(). 41593889be5SDag-Erling Smørgrav 41693889be5SDag-Erling Smørgrav - ENHANCE: Change pam_get_authtok()'s prototype so the caller can 41793889be5SDag-Erling Smørgrav specify what token it wants. Also introduce PAM_OLDAUTHTOK_PROMPT. 41893889be5SDag-Erling Smørgrav 41993889be5SDag-Erling Smørgrav - BUGFIX: Plug memory leak in pam_get_user() / pam_get_authtok(), and 42093889be5SDag-Erling Smørgrav reduce differences between these very similar functions. 42193889be5SDag-Erling Smørgrav 42293889be5SDag-Erling Smørgrav - ENHANCE: Check flags carefully in pam_authenticate() and 42393889be5SDag-Erling Smørgrav pam_chauthtok(). 42493889be5SDag-Erling Smørgrav 42593889be5SDag-Erling Smørgrav - BUGFIX: Fix bugs in portability code; libpam now builds on NetBSD. 42693889be5SDag-Erling Smørgrav 42793889be5SDag-Erling Smørgrav - ENHANCE: In pam_get_authtok(), if PAM_OLDAUTHTOK is set, we're 42893889be5SDag-Erling Smørgrav asked for PAM_AUTHTOK, and we have to prompt the user, prompt her 42993889be5SDag-Erling Smørgrav twice and compare the responses. 43093889be5SDag-Erling Smørgrav 43193889be5SDag-Erling Smørgrav - ENHANCE: Add openpam_{borrow,restore}_cred(), for temporarily 43293889be5SDag-Erling Smørgrav switching to user credentials. 43393889be5SDag-Erling Smørgrav 43493889be5SDag-Erling Smørgrav - ENHANCE: Add openpam_free_data(), a generic cleanup function for 43593889be5SDag-Erling Smørgrav pam_set_data() consumers. 43693889be5SDag-Erling Smørgrav============================================================================ 437856bb440SDag-Erling SmørgravOpenPAM Centaury 2002-03-14 438856bb440SDag-Erling Smørgrav 439856bb440SDag-Erling Smørgrav - BUGFIX: Add missing #include <string.h> to openpam_log.c. 440856bb440SDag-Erling Smørgrav 441856bb440SDag-Erling Smørgrav - BUGFIX: s/PAM_REINITIALISE_CRED/PAM_REINITIALIZE_CRED/. XSSO uses 442856bb440SDag-Erling Smørgrav the former, but Solaris and Linux-PAM use the latter. 443856bb440SDag-Erling Smørgrav 444856bb440SDag-Erling Smørgrav - BUGFIX: The dynamic loader and the module cache contained a number 445856bb440SDag-Erling Smørgrav of bugs which would cause a segmentation fault if pam_start(3) was 446856bb440SDag-Erling Smørgrav called again after pam_end(3), as happens in login(1), xdm(1) etc. 447856bb440SDag-Erling Smørgrav after a failed login. 448856bb440SDag-Erling Smørgrav 449856bb440SDag-Erling Smørgrav - BUGFIX: Refer to a module by the name used in the policy file, even 450856bb440SDag-Erling Smørgrav if the module that was actually loaded was versioned. 451856bb440SDag-Erling Smørgrav 452856bb440SDag-Erling Smørgrav - ENHANCE: Suppress debugging logs, unless compiled with -DDEBUG. 453856bb440SDag-Erling Smørgrav============================================================================ 4544579d22cSDag-Erling SmørgravOpenPAM Celandine 2002-03-05 4554579d22cSDag-Erling Smørgrav 4564579d22cSDag-Erling Smørgrav - BUGFIX: PAM_TRY_AGAIN is a valid return value for pam_chauthtok(). 4574579d22cSDag-Erling Smørgrav 4584579d22cSDag-Erling Smørgrav - BUGFIX: Run passwd chain twice, first with the PAM_PRELIM_CHECK 4594579d22cSDag-Erling Smørgrav flag set, then with the PAM_UPDATE_AUTHTOK flag set. 4604579d22cSDag-Erling Smørgrav 4614579d22cSDag-Erling Smørgrav - BUGFIX: Failure of a "sufficient" module should not terminate the 4624579d22cSDag-Erling Smørgrav passwd chain if the PAM_PRELIM_CHECK flag is set. 4634579d22cSDag-Erling Smørgrav 4644579d22cSDag-Erling Smørgrav - BUGFIX: Clear PAM_AUTHTOK after running the service modules. 4654579d22cSDag-Erling Smørgrav 4664579d22cSDag-Erling Smørgrav - ENHANCE: Prevent applications from specifying the PAM_PRELIM_CHECK 4674579d22cSDag-Erling Smørgrav or PAM_UPDATE_AUTHTOK flags themselves. 4684579d22cSDag-Erling Smørgrav 4694579d22cSDag-Erling Smørgrav - BUGFIX: openpam_set_option() did not support changing the value of 4704579d22cSDag-Erling Smørgrav an existing option. 4714579d22cSDag-Erling Smørgrav 4724579d22cSDag-Erling Smørgrav - ENHANCE: Add support for module versioning. OpenPAM will prefer a 4734579d22cSDag-Erling Smørgrav module with the same version number as the library itself to one 4744579d22cSDag-Erling Smørgrav with no version number at all. 4754579d22cSDag-Erling Smørgrav============================================================================ 47646acc370SDag-Erling SmørgravOpenPAM Cantaloupe 2002-02-22 47746acc370SDag-Erling Smørgrav 47846acc370SDag-Erling Smørgrav - BUGFIX: The proper use of PAM_SYMBOL_ERR is to indicate an invalid 47946acc370SDag-Erling Smørgrav argument to pam_[gs]et_item(3), not to indicate dlsym(3) failures. 48046acc370SDag-Erling Smørgrav 48146acc370SDag-Erling Smørgrav - ENHANCE: Add in-line documentation in most source files, and a Perl 48246acc370SDag-Erling Smørgrav script that generates mdoc code from that. 48346acc370SDag-Erling Smørgrav 48446acc370SDag-Erling Smørgrav - BUGFIX: The environment list was not properly NULL-terminated. 48546acc370SDag-Erling Smørgrav 48646acc370SDag-Erling Smørgrav - ENHANCE: Allow the PAM_AUTHTOK_PROMPT item to override the prompt 48746acc370SDag-Erling Smørgrav specified by the module. 48846acc370SDag-Erling Smørgrav 48946acc370SDag-Erling Smørgrav - BUGFIX: PAM_NUM_ITEMS was set too low. It has been moved to 49046acc370SDag-Erling Smørgrav pam_constants.h to avoid it going stale again. 49146acc370SDag-Erling Smørgrav 49246acc370SDag-Erling Smørgrav - ENHANCE: Move all code related to static modules into a separate 49346acc370SDag-Erling Smørgrav file. 49446acc370SDag-Erling Smørgrav 49546acc370SDag-Erling Smørgrav - ENHANCE: openpam_ttyconv() now masks most signals while prompting the 49646acc370SDag-Erling Smørgrav user, and supports setting a timeout (which defaults to off). 49746acc370SDag-Erling Smørgrav 49846acc370SDag-Erling Smørgrav - BUGFIX: Some manual pages referenced XSSO even though they 49946acc370SDag-Erling Smørgrav documented OpenPAM-specific functions. 50046acc370SDag-Erling Smørgrav 50146acc370SDag-Erling Smørgrav - ENHANCE: Added openpam_get_option() and openpam_set_option(). 50246acc370SDag-Erling Smørgrav 50346acc370SDag-Erling Smørgrav - ENHANCE: openpam_get_authtok() now respects the echo_pass, 50446acc370SDag-Erling Smørgrav try_first_pass, and use_first_pass options. 50546acc370SDag-Erling Smørgrav============================================================================ 506ac676a11SDag-Erling SmørgravOpenPAM Caliopsis 2002-02-13 507ac676a11SDag-Erling Smørgrav 508ac676a11SDag-Erling SmørgravFixed a number of bugs in the previous release, including: 509ac676a11SDag-Erling Smørgrav - a number of bugs in and related to pam_[gs]et_item(3) 510ac676a11SDag-Erling Smørgrav - off-by-one bug in pam_start.c would trim last character off certain 511ac676a11SDag-Erling Smørgrav configuration lines 512ac676a11SDag-Erling Smørgrav - incorrect ordering of an array in openpam_load.c would cause service 513ac676a11SDag-Erling Smørgrav module functions to get mixed up 514ac676a11SDag-Erling Smørgrav - missing 'continue' in openpam_dispatch.c caused successes to be 515ac676a11SDag-Erling Smørgrav counted as failures 516ac676a11SDag-Erling Smørgrav============================================================================ 5175c1eca55SDag-Erling SmørgravOpenPAM Calamite 2002-02-09 5185c1eca55SDag-Erling Smørgrav 5195c1eca55SDag-Erling SmørgravFirst (beta) release. 520