xref: /freebsd/contrib/openpam/HISTORY (revision 2a9021898c4ee2154787da862c238cfeccd655df)
1OpenPAM Ximenia							2023-06-27
2
3 - BUGFIX: Fix race condition in openpam_ttyconv(3) when used with
4   expect scripts.
5
6 - BUGFIX: In openpam_set_option(3), when removing an option, properly
7   decrement the option count.
8
9 - BUGFIX: In openpam_subst(3), avoid incrementing past the end of the
10   template.
11============================================================================
12OpenPAM Tabebuia						2019-02-24
13
14 - BUGFIX: Fix off-by-one bug in pam_getenv(3) which was introduced in
15   OpenPAM Radula.
16
17 - ENHANCE: Add unit tests for pam_{get,put,set}env(3).
18============================================================================
19OpenPAM Resedacea						2017-04-30
20
21 - BUGFIX: Reinstore the NULL check in pam_end(3) which was removed in
22   OpenPAM Radula, as it breaks common error-handling constructs.
23
24 - BUGFIX: Return PAM_SYMBOL_ERR instead of PAM_SYSTEM_ERR from the
25   dispatcher when the required service function could not be found.
26
27 - ENHANCE: Introduce the PAM_BAD_HANDLE error code for when pamh is
28   NULL in API functions that have a NULL check.
29
30 - ENHANCE: Introduce the PAM_BAD_ITEM, PAM_BAD_FEATURE and
31   PAM_BAD_CONSTANT error codes for situations where we previously
32   incorrectly used PAM_SYMBOL_ERR to denote that an invalid constant
33   had been passed to an API function.
34
35 - ENHANCE: Improve the RETURN VALUES section in API man pages,
36   especially for functions that cannot fail, which were incorrectly
37   documented as returning -1 on failure.
38============================================================================
39OpenPAM Radula							2017-02-19
40
41 - BUGFIX: Fix an inverted test which prevented pam_get_authtok(3) and
42   pam_get_user(3) from using application-provided custom prompts.
43
44 - BUGFIX: Plug a memory leak in pam_set_item(3).
45
46 - BUGFIX: Plug a potential memory leak in openpam_readlinev(3).
47
48 - BUGFIX: In openpam_readword(3), support line continuations within
49   whitespace.
50
51 - ENHANCE: Add a feature flag to control fallback to "other" policy.
52
53 - ENHANCE: Add a pam_return(8) module which returns an arbitrary
54   code specified in the module options.
55
56 - ENHANCE: More and better unit tests.
57============================================================================
58OpenPAM Ourouparia						2014-09-12
59
60 - ENHANCE: When executing a chain, require at least one service
61   function to succeed.  This mitigates fail-open scenarios caused by
62   misconfigurations or missing modules.
63
64 - ENHANCE: Make sure to overwrite buffers which may have contained an
65   authentication token when they're no longer needed.
66
67 - BUGFIX: Under certain circumstances, specifying a non-existent
68   module (or misspelling the name of a module) in a policy could
69   result in a fail-open scenario.  (CVE-2014-3879)
70
71 - FEATURE: Add a search path for modules.  This was implemented in
72   Nummularia but inadvertently left out of the release notes.
73
74 - BUGFIX: The is_upper() predicate only accepted the letter A as an
75   upper-case character instead of the entire A-Z range.  As a result,
76   service and module names containing upper-case letters other than A
77   would be rejected.
78============================================================================
79OpenPAM Nummularia						2013-09-07
80
81 - ENHANCE: Rewrite the dynamic loader to improve readability and
82   reliability.  Modules can now be listed without the ".so" suffix in
83   the policy file; OpenPAM will automatically add it, just like it
84   will automatically add the version number if required.
85
86 - ENHANCE: Allow openpam_straddch(3) to be called without a character
87   so it can be used to preallocate a string.
88
89 - ENHANCE: Improve portability by adding simple asprintf(3) and
90   vasprintf(3) implementations for platforms that don't have them.
91
92 - ENHANCE: Move the libpam sources into a separate subdirectory.
93
94 - ENHANCE: Substantial documentation improvements.
95
96 - BUGFIX: When openpam_readword(3) encountered an opening quote, it
97   would set the first byte in the buffer to '\0', discarding all
98   existing text and, unless the buffer was empty to begin with, all
99   subsequent text as well.  This went unnoticed because none of the
100   unit tests for quoted strings had any text preceding the opening
101   quote.
102
103 - BUGFIX: make --with-modules-dir work the way it was meant to work
104   (but never did).
105============================================================================
106OpenPAM Micrampelis						2012-05-26
107
108 - FEATURE: Add an openpam_readword(3) function which reads the next
109   word from an input stream, applying shell quoting and escaping
110   rules.  Add numerous unit tests for openpam_readword(3).
111
112 - FEATURE: Add an openpam_readlinev(3) function which uses the
113   openpam_readword(3) function to read words from an input stream one
114   at a time until it reaches an unquoted, unescaped newline, and
115   returns an array of those words.  Add several unit tests for
116   openpam_readlinev(3).
117
118 - FEATURE: Add a PAM_HOST item which pam_start(3) initializes to the
119   machine's hostname.  This was implemented in Lycopsida but
120   inadvertantly left out of the release notes.
121
122 - FEATURE: In pam_get_authtok(3), if neither the application nor the
123   module have specified a prompt and PAM_HOST and PAM_RHOST are both
124   defined but not equal, use a different default prompt that includes
125   PAM_USER and PAM_HOST.
126
127 - ENHANCE: Rewrite the policy parser to used openpam_readlinev(),
128   which greatly simplifies the code.
129
130 - ENHANCE: The previous implementation of the policy parser relied on
131   the openpam_readline(3) function, which (by design) munges
132   whitespace and understands neither quotes nor backslash escapes.
133   As a result of the aforementioned rewrite, whitespace, quotes and
134   backslash escapes in policy files are now handled in a consistent
135   and predictable manner.
136
137 - ENHANCE: On platforms that have it, use fdlopen(3) to load modules.
138   This closes the race between the ownership / permission check and
139   the dlopen(3) call.
140
141 - ENHANCE: Reduce the amount of pointless error messages generated
142   while searching for a module.
143
144 - ENHANCE: Numerous documentation improvements, both in content and
145   formatting.
146
147 - BUGFIX: A patch incorporated in Lycopsida inadvertantly changed
148   OpenPAM's behavior when several policies exist for the same
149   service, from ignoring all but the first to concatenating them all.
150   Revert to the original behavior.
151
152 - BUGFIX: Plug a memory leak in the policy parser.
153============================================================================
154OpenPAM Lycopsida						2011-12-18
155
156 - ENHANCE: removed static build autodetection, which didn't work
157   anyway.  Use an explicit, user-specified preprocessor variable
158   instead.
159
160 - ENHANCE: cleaned up the documentation a bit.
161
162 - ENHANCE: added openpam_subst(3), allowing certain PAM items to be
163   embedded in strings such as prompts.  Apply it to the prompts used
164   by pam_get_user(3) and pam_get_authtok(3).
165
166 - ENHANCE: added support for the user_prompt, authtok_prompt and
167   oldauthtok_prompt module options, which override the prompts passed
168   by the module to pam_set_user(3) and pam_get_authtok(3).
169
170 - ENHANCE: rewrote the policy parser to support quoted option values.
171
172 - ENHANCE: added pamtest(1), a tool for testing modules and policies.
173
174 - ENHANCE: added code to check the ownership and permissions of a
175   module before loading it.
176
177 - ENHANCE: added / improved input validation in many cases, including
178   the policy file and some function arguments.  (CVE-2011-4122)
179============================================================================
180OpenPAM Hydrangea						2007-12-21
181
182 - ENHANCE: when compiling with GCC, mark up API functions with GCC
183   attributes where appropriate.
184
185 - BUGFIX: fixed numerous warnings uncovered by GCC 4.
186
187 - ENHANCE: building the documentation is now optional.
188
189 - ENHANCE: corrected a number of mistakes and style issues in the
190   build system.
191
192 - ENHANCE: API function arguments are now const where appropriate, to
193   match corresponding changes in the Solaris PAM and Linux-PAM APIs.
194
195 - ENHANCE: corrected a number of C namespace violations.
196
197 - ENHANCE: the module cache has been removed, allowing long-lived
198   applications to pick up module changes.  This also allows multiple
199   threads to use PAM simultaneously (as long as they use separate PAM
200   contexts), since the module cache was the only part of OpenPAM that
201   was not thread-safe.
202============================================================================
203OpenPAM Figwort							2005-06-16
204
205 - BUGFIX: Correct several small signedness and initialization bugs
206   discovered during review by the NetBSD team.
207
208 - BUGFIX: Modify gendoc.pl to sort cross-references in dictionary
209   order within each section.
210
211 - ENHANCE: if a policy specifies a relative module path, prepend the
212   module directory so we never call dlopen(3) with a relative path.
213
214 - ENHANCE: add a pam.conf(5) manual page.
215============================================================================
216OpenPAM Feterita						2005-02-01
217
218 - BUGFIX: Correct numerous markup errors, invalid cross-references,
219   and other issues in the manual pages, with kind assistance from
220   Ruslan Ermilov <ru@freebsd.org>.
221
222 - BUGFIX: Avoid multiple evaluation of macro arguments in ENTERX()
223   and RETURNX() macros.
224
225 - BUGFIX: Remove an unnecessary and non-portable pointer cast in
226   pam_get_data(3).
227
228 - BUGFIX: Fix identical typos in PAM_ACCT_EXPIRED case in
229   pam_strerror(3) and gendoc.pl.
230
231 - ENHANCE: Minor overhaul of the autoconf / build system.
232
233 - ENHANCE: Add openpam_free_envlist(3).
234============================================================================
235OpenPAM Eelgrass						2004-02-10
236
237 - BUGFIX: Correct array handling bugs in conversation code.
238
239 - BUGFIX: In openpam_ttyconv(3), don't strip trailing linear
240   whitespace from the user's response.
241
242 - BUGFIX: Many constness issues addressed.
243============================================================================
244OpenPAM Dogwood							2003-07-15
245
246 - ENHANCE: Use the GNU autotools.
247
248 - ENHANCE: Constify the msg field in struct pam_message.
249
250 - BUGFIX: Remove left-over debugging output
251
252 - BUGFIX: Avoid side effects in arguments to the FREE() macro
253
254 - ENHANCE: Make openpam_ttyconv(3) use read(2) rather than fgets(3).
255
256 - BUGFIX: Staticize some variables which shouldn't be global.
257
258 - BUGFIX: Correcly anticipate a NULL user in pam_get_user(3).
259
260 - ENHANCE: Various minor documentation improvements.
261
262Thanks to Dmitry V. Levin <ldv@altlinux.org> for considerable
263assistance with this release.
264============================================================================
265OpenPAM Digitalis						2003-06-01
266
267 - ENHANCE: Completely rewrite the configuration parser and add
268   support for the "include" control flag.
269
270 - ENHANCE: Improve portability to NetBSD, OpenBSD and Linux.
271
272 - ENHANCE: Lots of additional paranoia.
273
274 - BUGFIX: The sample su(1) application dropped privileges before
275   forking instead of after.
276
277 - ENHANCE: Document openpam_log(3).
278
279 - ENHANCE: Other minor documentation fixes.
280
281Thanks to Dmitry V. Levin <ldv@altlinux.org> for considerable
282assistance with this release.
283============================================================================
284OpenPAM Dianthus						2003-05-02
285
286 - BUGFIX: Initialize some potentially uninitialized variables.
287
288 - BUGFIX: Silence some warnings emitted by gcc -std=iso9899:1999.
289
290 - BUGFIX: In pam_getenv(), return a pointer to the stored variable
291   instead of a freshly allocated copy.
292
293 - ENHANCE: Detect recursion in openpam_borrow_cred()
294
295 - ENHANCE: Make borrowing one's own credentials a no-op.
296
297 - ENHANCE: Further improve debugging support.
298
299 - ENHANCE: Clean up some variable names.
300============================================================================
301OpenPAM Daffodil						2003-01-06
302
303 - ENHANCE: Document dependency on <sys/types.h> (for size_t)
304
305 - ENHANCE: Slightly improve error detection in openpam_ttyconv().
306
307 - BUGFIX: Fix several typos in debugging macros.
308============================================================================
309OpenPAM Cyclamen						2002-12-12
310
311 - ENHANCE: Improve recursion detection in openpam_dispatch().
312
313 - ENHANCE: Add debugging messages at entry and exit points of most
314   functions.
315
316 - ENHANCE: Fix some minor style issues.
317
318 - BUGFIX: Add default cases to the switches in openpam_log.c.
319
320 - ENHANCE: Add /usr/local/etc/pam.conf to policy search path.
321
322 - BUGFIX: In openpam_ttyconv(3), print the prompt to stdout rather
323   than stderr.
324============================================================================
325OpenPAM Citronella						2002-06-30
326
327 - ENHANCE: Add the "binding" control flag (from Solaris 9).
328
329 - ENHANCE: Define struct pam_repository and PAM_REPOSITORY (from
330   Solaris 9).
331
332 - ENHANCE: Flesh out the pam(3) man page.
333
334 - ENHANCE: Add an openpam(3) page with cross-references to all the
335   documented OpenPAM API extensions.
336
337 - ENHANCE: Add a pam_conv(3) man page describing the conversation
338   system.
339
340 - ENHANCE: Improved sample application.
341
342 - ENHANCE: Added sample pam_unix module.
343
344 - BUGFIX: Various documentation nits.
345============================================================================
346OpenPAM Cinquefoil						2002-05-24
347
348 - BUGFIX: Various warnings uncovered by gcc 3.1.
349
350 - ENHANCE: Add a null conversation function, openpam_nullconv(3).
351
352 - BUGFIX: Initialize the "other" chain to all zeroes.
353
354 - ENHANCE: Document openpam_ttyconv(3).
355============================================================================
356OpenPAM Cinnamon						2002-05-02
357
358 - ENHANCE: Add a null conversation function, openpam_nullconv().
359
360 - BUGFIX: Various markup bugs in the documentation.
361
362 - BUGFIX: Document <security/openpam.h>.
363
364 - BUGFIX: Duplicate expansion of openpam_log() macro arguments.
365
366 - ENHANCE: Restructure the policy-loading code and align our use of
367   the "other" policy with Solaris and Linux-PAM.
368
369 - ENHANCE: Log dlopen() and dlsym() failures.
370
371 - ENHANCE: In openpam_ttyconv(), emit a newline after error and info
372   messages unless the message contains one already.
373
374 - BUGFIX: In pam_vprompt(), initialize the response pointer to NULL
375   so we can detect whether the conversation function touched it.
376============================================================================
377OpenPAM Cineraria						2002-04-14
378
379 - BUGFIX: Fix confusion between token and prompt in
380   pam_get_authtok(3).
381
382 - ENHANCE: Improved documentation.
383
384 - ENHANCE: Adopt the same preprocessor tricks that were used in
385   FreeBSD's version of Linux-PAM to simplify static linking without
386   requiring dummy primitives.
387
388 - ENHANCE: Move the policy-loading code out of pam_start.c.
389
390 - BUGFIX: Fix typo in one of the versions of the openpam_log macro.
391
392 - ENHANCE: Add versioning macros.
393============================================================================
394OpenPAM Cinchona						2002-04-08
395
396 - ENHANCE: Improved documentation for several API functions.
397
398 - BUGFIX: Fix bug in pam_set_data() that would result in corruption
399   of the module data list.
400
401 - BUGFIX: Allocate the correct amount of memory for the environment
402   list in pam_putenv().
403
404 - ENHANCE: Change pam_get_authtok()'s prototype so the caller can
405   specify what token it wants.  Also introduce PAM_OLDAUTHTOK_PROMPT.
406
407 - BUGFIX: Plug memory leak in pam_get_user() / pam_get_authtok(), and
408   reduce differences between these very similar functions.
409
410 - ENHANCE: Check flags carefully in pam_authenticate() and
411   pam_chauthtok().
412
413 - BUGFIX: Fix bugs in portability code; libpam now builds on NetBSD.
414
415 - ENHANCE: In pam_get_authtok(), if PAM_OLDAUTHTOK is set, we're
416   asked for PAM_AUTHTOK, and we have to prompt the user, prompt her
417   twice and compare the responses.
418
419 - ENHANCE: Add openpam_{borrow,restore}_cred(), for temporarily
420   switching to user credentials.
421
422 - ENHANCE: Add openpam_free_data(), a generic cleanup function for
423   pam_set_data() consumers.
424============================================================================
425OpenPAM Centaury						2002-03-14
426
427 - BUGFIX: Add missing #include <string.h> to openpam_log.c.
428
429 - BUGFIX: s/PAM_REINITIALISE_CRED/PAM_REINITIALIZE_CRED/.  XSSO uses
430   the former, but Solaris and Linux-PAM use the latter.
431
432 - BUGFIX: The dynamic loader and the module cache contained a number
433   of bugs which would cause a segmentation fault if pam_start(3) was
434   called again after pam_end(3), as happens in login(1), xdm(1) etc.
435   after a failed login.
436
437 - BUGFIX: Refer to a module by the name used in the policy file, even
438   if the module that was actually loaded was versioned.
439
440 - ENHANCE: Suppress debugging logs, unless compiled with -DDEBUG.
441============================================================================
442OpenPAM Celandine						2002-03-05
443
444 - BUGFIX: PAM_TRY_AGAIN is a valid return value for pam_chauthtok().
445
446 - BUGFIX: Run passwd chain twice, first with the PAM_PRELIM_CHECK
447   flag set, then with the PAM_UPDATE_AUTHTOK flag set.
448
449 - BUGFIX: Failure of a "sufficient" module should not terminate the
450   passwd chain if the PAM_PRELIM_CHECK flag is set.
451
452 - BUGFIX: Clear PAM_AUTHTOK after running the service modules.
453
454 - ENHANCE: Prevent applications from specifying the PAM_PRELIM_CHECK
455   or PAM_UPDATE_AUTHTOK flags themselves.
456
457 - BUGFIX: openpam_set_option() did not support changing the value of
458   an existing option.
459
460 - ENHANCE: Add support for module versioning.  OpenPAM will prefer a
461   module with the same version number as the library itself to one
462   with no version number at all.
463============================================================================
464OpenPAM Cantaloupe						2002-02-22
465
466 - BUGFIX: The proper use of PAM_SYMBOL_ERR is to indicate an invalid
467   argument to pam_[gs]et_item(3), not to indicate dlsym(3) failures.
468
469 - ENHANCE: Add in-line documentation in most source files, and a Perl
470   script that generates mdoc code from that.
471
472 - BUGFIX: The environment list was not properly NULL-terminated.
473
474 - ENHANCE: Allow the PAM_AUTHTOK_PROMPT item to override the prompt
475   specified by the module.
476
477 - BUGFIX: PAM_NUM_ITEMS was set too low.  It has been moved to
478   pam_constants.h to avoid it going stale again.
479
480 - ENHANCE: Move all code related to static modules into a separate
481   file.
482
483 - ENHANCE: openpam_ttyconv() now masks most signals while prompting the
484   user, and supports setting a timeout (which defaults to off).
485
486 - BUGFIX: Some manual pages referenced XSSO even though they
487   documented OpenPAM-specific functions.
488
489 - ENHANCE: Added openpam_get_option() and openpam_set_option().
490
491 - ENHANCE: openpam_get_authtok() now respects the echo_pass,
492   try_first_pass, and use_first_pass options.
493============================================================================
494OpenPAM Caliopsis						2002-02-13
495
496Fixed a number of bugs in the previous release, including:
497  - a number of bugs in and related to pam_[gs]et_item(3)
498  - off-by-one bug in pam_start.c would trim last character off certain
499    configuration lines
500  - incorrect ordering of an array in openpam_load.c would cause service
501    module functions to get mixed up
502  - missing 'continue' in openpam_dispatch.c caused successes to be
503    counted as failures
504============================================================================
505OpenPAM Calamite						2002-02-09
506
507First (beta) release.
508