xref: /freebsd/contrib/openpam/HISTORY (revision 0aeed3e99367bed5755068d9218cd8041644ff2b)
1OpenPAM Ourouparia						2014-09-12
2
3 - ENHANCE: When executing a chain, require at least one service
4   function to succeed.  This mitigates fail-open scenarios caused by
5   misconfigurations or missing modules.
6
7 - ENHANCE: Make sure to overwrite buffers which may have contained an
8   authentication token when they're no longer needed.
9
10 - BUGFIX: Under certain circumstances, specifying a non-existent
11   module (or misspelling the name of a module) in a policy could
12   result in a fail-open scenario.  (CVE-2014-3879)
13
14 - FEATURE: Add a search path for modules.  This was implemented in
15   Nummularia but inadvertently left out of the release notes.
16
17 - BUGFIX: The is_upper() predicate only accepted the letter A as an
18   upper-case character instead of the entire A-Z range.  As a result,
19   service and module names containing upper-case letters other than A
20   would be rejected.
21============================================================================
22OpenPAM Nummularia						2013-09-07
23
24 - ENHANCE: Rewrite the dynamic loader to improve readability and
25   reliability.  Modules can now be listed without the ".so" suffix in
26   the policy file; OpenPAM will automatically add it, just like it
27   will automatically add the version number if required.
28
29 - ENHANCE: Allow openpam_straddch(3) to be called without a character
30   so it can be used to preallocate a string.
31
32 - ENHANCE: Improve portability by adding simple asprintf(3) and
33   vasprintf(3) implementations for platforms that don't have them.
34
35 - ENHANCE: Move the libpam sources into a separate subdirectory.
36
37 - ENHANCE: Substantial documentation improvements.
38
39 - BUGFIX: When openpam_readword(3) encountered an opening quote, it
40   would set the first byte in the buffer to '\0', discarding all
41   existing text and, unless the buffer was empty to begin with, all
42   subsequent text as well.  This went unnoticed because none of the
43   unit tests for quoted strings had any text preceding the opening
44   quote.
45
46 - BUGFIX: make --with-modules-dir work the way it was meant to work
47   (but never did).
48============================================================================
49OpenPAM Micrampelis						2012-05-26
50
51 - FEATURE: Add an openpam_readword(3) function which reads the next
52   word from an input stream, applying shell quoting and escaping
53   rules.  Add numerous unit tests for openpam_readword(3).
54
55 - FEATURE: Add an openpam_readlinev(3) function which uses the
56   openpam_readword(3) function to read words from an input stream one
57   at a time until it reaches an unquoted, unescaped newline, and
58   returns an array of those words.  Add several unit tests for
59   openpam_readlinev(3).
60
61 - FEATURE: Add a PAM_HOST item which pam_start(3) initializes to the
62   machine's hostname.  This was implemented in Lycopsida but
63   inadvertantly left out of the release notes.
64
65 - FEATURE: In pam_get_authtok(3), if neither the application nor the
66   module have specified a prompt and PAM_HOST and PAM_RHOST are both
67   defined but not equal, use a different default prompt that includes
68   PAM_USER and PAM_HOST.
69
70 - ENHANCE: Rewrite the policy parser to used openpam_readlinev(),
71   which greatly simplifies the code.
72
73 - ENHANCE: The previous implementation of the policy parser relied on
74   the openpam_readline(3) function, which (by design) munges
75   whitespace and understands neither quotes nor backslash escapes.
76   As a result of the aforementioned rewrite, whitespace, quotes and
77   backslash escapes in policy files are now handled in a consistent
78   and predictable manner.
79
80 - ENHANCE: On platforms that have it, use fdlopen(3) to load modules.
81   This closes the race between the ownership / permission check and
82   the dlopen(3) call.
83
84 - ENHANCE: Reduce the amount of pointless error messages generated
85   while searching for a module.
86
87 - ENHANCE: Numerous documentation improvements, both in content and
88   formatting.
89
90 - BUGFIX: A patch incorporated in Lycopsida inadvertantly changed
91   OpenPAM's behavior when several policies exist for the same
92   service, from ignoring all but the first to concatenating them all.
93   Revert to the original behavior.
94
95 - BUGFIX: Plug a memory leak in the policy parser.
96============================================================================
97OpenPAM Lycopsida						2011-12-18
98
99 - ENHANCE: removed static build autodetection, which didn't work
100   anyway.  Use an explicit, user-specified preprocessor variable
101   instead.
102
103 - ENHANCE: cleaned up the documentation a bit.
104
105 - ENHANCE: added openpam_subst(3), allowing certain PAM items to be
106   embedded in strings such as prompts.  Apply it to the prompts used
107   by pam_get_user(3) and pam_get_authtok(3).
108
109 - ENHANCE: added support for the user_prompt, authtok_prompt and
110   oldauthtok_prompt module options, which override the prompts passed
111   by the module to pam_set_user(3) and pam_get_authtok(3).
112
113 - ENHANCE: rewrote the policy parser to support quoted option values.
114
115 - ENHANCE: added pamtest(1), a tool for testing modules and policies.
116
117 - ENHANCE: added code to check the ownership and permissions of a
118   module before loading it.
119
120 - ENHANCE: added / improved input validation in many cases, including
121   the policy file and some function arguments.  (CVE-2011-4122)
122============================================================================
123OpenPAM Hydrangea						2007-12-21
124
125 - ENHANCE: when compiling with GCC, mark up API functions with GCC
126   attributes where appropriate.
127
128 - BUGFIX: fixed numerous warnings uncovered by GCC 4.
129
130 - ENHANCE: building the documentation is now optional.
131
132 - ENHANCE: corrected a number of mistakes and style issues in the
133   build system.
134
135 - ENHANCE: API function arguments are now const where appropriate, to
136   match corresponding changes in the Solaris PAM and Linux-PAM APIs.
137
138 - ENHANCE: corrected a number of C namespace violations.
139
140 - ENHANCE: the module cache has been removed, allowing long-lived
141   applications to pick up module changes.  This also allows multiple
142   threads to use PAM simultaneously (as long as they use separate PAM
143   contexts), since the module cache was the only part of OpenPAM that
144   was not thread-safe.
145============================================================================
146OpenPAM Figwort							2005-06-16
147
148 - BUGFIX: Correct several small signedness and initialization bugs
149   discovered during review by the NetBSD team.
150
151 - BUGFIX: Modify gendoc.pl to sort cross-references in dictionary
152   order within each section.
153
154 - ENHANCE: if a policy specifies a relative module path, prepend the
155   module directory so we never call dlopen(3) with a relative path.
156
157 - ENHANCE: add a pam.conf(5) manual page.
158============================================================================
159OpenPAM Feterita						2005-02-01
160
161 - BUGFIX: Correct numerous markup errors, invalid cross-references,
162   and other issues in the manual pages, with kind assistance from
163   Ruslan Ermilov <ru@freebsd.org>.
164
165 - BUGFIX: Avoid multiple evaluation of macro arguments in ENTERX()
166   and RETURNX() macros.
167
168 - BUGFIX: Remove an unnecessary and non-portable pointer cast in
169   pam_get_data(3).
170
171 - BUGFIX: Fix identical typos in PAM_ACCT_EXPIRED case in
172   pam_strerror(3) and gendoc.pl.
173
174 - ENHANCE: Minor overhaul of the autoconf / build system.
175
176 - ENHANCE: Add openpam_free_envlist(3).
177============================================================================
178OpenPAM Eelgrass						2004-02-10
179
180 - BUGFIX: Correct array handling bugs in conversation code.
181
182 - BUGFIX: In openpam_ttyconv(3), don't strip trailing linear
183   whitespace from the user's response.
184
185 - BUGFIX: Many constness issues addressed.
186============================================================================
187OpenPAM Dogwood							2003-07-15
188
189 - ENHANCE: Use the GNU autotools.
190
191 - ENHANCE: Constify the msg field in struct pam_message.
192
193 - BUGFIX: Remove left-over debugging output
194
195 - BUGFIX: Avoid side effects in arguments to the FREE() macro
196
197 - ENHANCE: Make openpam_ttyconv(3) use read(2) rather than fgets(3).
198
199 - BUGFIX: Staticize some variables which shouldn't be global.
200
201 - BUGFIX: Correcly anticipate a NULL user in pam_get_user(3).
202
203 - ENHANCE: Various minor documentation improvements.
204
205Thanks to Dmitry V. Levin <ldv@altlinux.org> for considerable
206assistance with this release.
207============================================================================
208OpenPAM Digitalis						2003-06-01
209
210 - ENHANCE: Completely rewrite the configuration parser and add
211   support for the "include" control flag.
212
213 - ENHANCE: Improve portability to NetBSD, OpenBSD and Linux.
214
215 - ENHANCE: Lots of additional paranoia.
216
217 - BUGFIX: The sample su(1) application dropped privileges before
218   forking instead of after.
219
220 - ENHANCE: Document openpam_log(3).
221
222 - ENHANCE: Other minor documentation fixes.
223
224Thanks to Dmitry V. Levin <ldv@altlinux.org> for considerable
225assistance with this release.
226============================================================================
227OpenPAM Dianthus						2003-05-02
228
229 - BUGFIX: Initialize some potentially uninitialized variables.
230
231 - BUGFIX: Silence some warnings emitted by gcc -std=iso9899:1999.
232
233 - BUGFIX: In pam_getenv(), return a pointer to the stored variable
234   instead of a freshly allocated copy.
235
236 - ENHANCE: Detect recursion in openpam_borrow_cred()
237
238 - ENHANCE: Make borrowing one's own credentials a no-op.
239
240 - ENHANCE: Further improve debugging support.
241
242 - ENHANCE: Clean up some variable names.
243============================================================================
244OpenPAM Daffodil						2003-01-06
245
246 - ENHANCE: Document dependency on <sys/types.h> (for size_t)
247
248 - ENHANCE: Slightly improve error detection in openpam_ttyconv().
249
250 - BUGFIX: Fix several typos in debugging macros.
251============================================================================
252OpenPAM Cyclamen						2002-12-12
253
254 - ENHANCE: Improve recursion detection in openpam_dispatch().
255
256 - ENHANCE: Add debugging messages at entry and exit points of most
257   functions.
258
259 - ENHANCE: Fix some minor style issues.
260
261 - BUGFIX: Add default cases to the switches in openpam_log.c.
262
263 - ENHANCE: Add /usr/local/etc/pam.conf to policy search path.
264
265 - BUGFIX: In openpam_ttyconv(3), print the prompt to stdout rather
266   than stderr.
267============================================================================
268OpenPAM Citronella						2002-06-30
269
270 - ENHANCE: Add the "binding" control flag (from Solaris 9).
271
272 - ENHANCE: Define struct pam_repository and PAM_REPOSITORY (from
273   Solaris 9).
274
275 - ENHANCE: Flesh out the pam(3) man page.
276
277 - ENHANCE: Add an openpam(3) page with cross-references to all the
278   documented OpenPAM API extensions.
279
280 - ENHANCE: Add a pam_conv(3) man page describing the conversation
281   system.
282
283 - ENHANCE: Improved sample application.
284
285 - ENHANCE: Added sample pam_unix module.
286
287 - BUGFIX: Various documentation nits.
288============================================================================
289OpenPAM Cinquefoil						2002-05-24
290
291 - BUGFIX: Various warnings uncovered by gcc 3.1.
292
293 - ENHANCE: Add a null conversation function, openpam_nullconv(3).
294
295 - BUGFIX: Initialize the "other" chain to all zeroes.
296
297 - ENHANCE: Document openpam_ttyconv(3).
298============================================================================
299OpenPAM Cinnamon						2002-05-02
300
301 - ENHANCE: Add a null conversation function, openpam_nullconv().
302
303 - BUGFIX: Various markup bugs in the documentation.
304
305 - BUGFIX: Document <security/openpam.h>.
306
307 - BUGFIX: Duplicate expansion of openpam_log() macro arguments.
308
309 - ENHANCE: Restructure the policy-loading code and align our use of
310   the "other" policy with Solaris and Linux-PAM.
311
312 - ENHANCE: Log dlopen() and dlsym() failures.
313
314 - ENHANCE: In openpam_ttyconv(), emit a newline after error and info
315   messages unless the message contains one already.
316
317 - BUGFIX: In pam_vprompt(), initialize the response pointer to NULL
318   so we can detect whether the conversation function touched it.
319============================================================================
320OpenPAM Cineraria						2002-04-14
321
322 - BUGFIX: Fix confusion between token and prompt in
323   pam_get_authtok(3).
324
325 - ENHANCE: Improved documentation.
326
327 - ENHANCE: Adopt the same preprocessor tricks that were used in
328   FreeBSD's version of Linux-PAM to simplify static linking without
329   requiring dummy primitives.
330
331 - ENHANCE: Move the policy-loading code out of pam_start.c.
332
333 - BUGFIX: Fix typo in one of the versions of the openpam_log macro.
334
335 - ENHANCE: Add versioning macros.
336============================================================================
337OpenPAM Cinchona						2002-04-08
338
339 - ENHANCE: Improved documentation for several API functions.
340
341 - BUGFIX: Fix bug in pam_set_data() that would result in corruption
342   of the module data list.
343
344 - BUGFIX: Allocate the correct amount of memory for the environment
345   list in pam_putenv().
346
347 - ENHANCE: Change pam_get_authtok()'s prototype so the caller can
348   specify what token it wants.  Also introduce PAM_OLDAUTHTOK_PROMPT.
349
350 - BUGFIX: Plug memory leak in pam_get_user() / pam_get_authtok(), and
351   reduce differences between these very similar functions.
352
353 - ENHANCE: Check flags carefully in pam_authenticate() and
354   pam_chauthtok().
355
356 - BUGFIX: Fix bugs in portability code; libpam now builds on NetBSD.
357
358 - ENHANCE: In pam_get_authtok(), if PAM_OLDAUTHTOK is set, we're
359   asked for PAM_AUTHTOK, and we have to prompt the user, prompt her
360   twice and compare the responses.
361
362 - ENHANCE: Add openpam_{borrow,restore}_cred(), for temporarily
363   switching to user credentials.
364
365 - ENHANCE: Add openpam_free_data(), a generic cleanup function for
366   pam_set_data() consumers.
367============================================================================
368OpenPAM Centaury						2002-03-14
369
370 - BUGFIX: Add missing #include <string.h> to openpam_log.c.
371
372 - BUGFIX: s/PAM_REINITIALISE_CRED/PAM_REINITIALIZE_CRED/.  XSSO uses
373   the former, but Solaris and Linux-PAM use the latter.
374
375 - BUGFIX: The dynamic loader and the module cache contained a number
376   of bugs which would cause a segmentation fault if pam_start(3) was
377   called again after pam_end(3), as happens in login(1), xdm(1) etc.
378   after a failed login.
379
380 - BUGFIX: Refer to a module by the name used in the policy file, even
381   if the module that was actually loaded was versioned.
382
383 - ENHANCE: Suppress debugging logs, unless compiled with -DDEBUG.
384============================================================================
385OpenPAM Celandine						2002-03-05
386
387 - BUGFIX: PAM_TRY_AGAIN is a valid return value for pam_chauthtok().
388
389 - BUGFIX: Run passwd chain twice, first with the PAM_PRELIM_CHECK
390   flag set, then with the PAM_UPDATE_AUTHTOK flag set.
391
392 - BUGFIX: Failure of a "sufficient" module should not terminate the
393   passwd chain if the PAM_PRELIM_CHECK flag is set.
394
395 - BUGFIX: Clear PAM_AUTHTOK after running the service modules.
396
397 - ENHANCE: Prevent applications from specifying the PAM_PRELIM_CHECK
398   or PAM_UPDATE_AUTHTOK flags themselves.
399
400 - BUGFIX: openpam_set_option() did not support changing the value of
401   an existing option.
402
403 - ENHANCE: Add support for module versioning.  OpenPAM will prefer a
404   module with the same version number as the library itself to one
405   with no version number at all.
406============================================================================
407OpenPAM Cantaloupe						2002-02-22
408
409 - BUGFIX: The proper use of PAM_SYMBOL_ERR is to indicate an invalid
410   argument to pam_[gs]et_item(3), not to indicate dlsym(3) failures.
411
412 - ENHANCE: Add in-line documentation in most source files, and a Perl
413   script that generates mdoc code from that.
414
415 - BUGFIX: The environment list was not properly NULL-terminated.
416
417 - ENHANCE: Allow the PAM_AUTHTOK_PROMPT item to override the prompt
418   specified by the module.
419
420 - BUGFIX: PAM_NUM_ITEMS was set too low.  It has been moved to
421   pam_constants.h to avoid it going stale again.
422
423 - ENHANCE: Move all code related to static modules into a separate
424   file.
425
426 - ENHANCE: openpam_ttyconv() now masks most signals while prompting the
427   user, and supports setting a timeout (which defaults to off).
428
429 - BUGFIX: Some manual pages referenced XSSO even though they
430   documented OpenPAM-specific functions.
431
432 - ENHANCE: Added openpam_get_option() and openpam_set_option().
433
434 - ENHANCE: openpam_get_authtok() now respects the echo_pass,
435   try_first_pass, and use_first_pass options.
436============================================================================
437OpenPAM Caliopsis						2002-02-13
438
439Fixed a number of bugs in the previous release, including:
440  - a number of bugs in and related to pam_[gs]et_item(3)
441  - off-by-one bug in pam_start.c would trim last character off certain
442    configuration lines
443  - incorrect ordering of an array in openpam_load.c would cause service
444    module functions to get mixed up
445  - missing 'continue' in openpam_dispatch.c caused successes to be
446    counted as failures
447============================================================================
448OpenPAM Calamite						2002-02-09
449
450First (beta) release.
451