1OpenPAM Ourouparia 2014-09-12 2 3 - ENHANCE: When executing a chain, require at least one service 4 function to succeed. This mitigates fail-open scenarios caused by 5 misconfigurations or missing modules. 6 7 - ENHANCE: Make sure to overwrite buffers which may have contained an 8 authentication token when they're no longer needed. 9 10 - BUGFIX: Under certain circumstances, specifying a non-existent 11 module (or misspelling the name of a module) in a policy could 12 result in a fail-open scenario. (CVE-2014-3879) 13 14 - FEATURE: Add a search path for modules. This was implemented in 15 Nummularia but inadvertently left out of the release notes. 16 17 - BUGFIX: The is_upper() predicate only accepted the letter A as an 18 upper-case character instead of the entire A-Z range. As a result, 19 service and module names containing upper-case letters other than A 20 would be rejected. 21============================================================================ 22OpenPAM Nummularia 2013-09-07 23 24 - ENHANCE: Rewrite the dynamic loader to improve readability and 25 reliability. Modules can now be listed without the ".so" suffix in 26 the policy file; OpenPAM will automatically add it, just like it 27 will automatically add the version number if required. 28 29 - ENHANCE: Allow openpam_straddch(3) to be called without a character 30 so it can be used to preallocate a string. 31 32 - ENHANCE: Improve portability by adding simple asprintf(3) and 33 vasprintf(3) implementations for platforms that don't have them. 34 35 - ENHANCE: Move the libpam sources into a separate subdirectory. 36 37 - ENHANCE: Substantial documentation improvements. 38 39 - BUGFIX: When openpam_readword(3) encountered an opening quote, it 40 would set the first byte in the buffer to '\0', discarding all 41 existing text and, unless the buffer was empty to begin with, all 42 subsequent text as well. This went unnoticed because none of the 43 unit tests for quoted strings had any text preceding the opening 44 quote. 45 46 - BUGFIX: make --with-modules-dir work the way it was meant to work 47 (but never did). 48============================================================================ 49OpenPAM Micrampelis 2012-05-26 50 51 - FEATURE: Add an openpam_readword(3) function which reads the next 52 word from an input stream, applying shell quoting and escaping 53 rules. Add numerous unit tests for openpam_readword(3). 54 55 - FEATURE: Add an openpam_readlinev(3) function which uses the 56 openpam_readword(3) function to read words from an input stream one 57 at a time until it reaches an unquoted, unescaped newline, and 58 returns an array of those words. Add several unit tests for 59 openpam_readlinev(3). 60 61 - FEATURE: Add a PAM_HOST item which pam_start(3) initializes to the 62 machine's hostname. This was implemented in Lycopsida but 63 inadvertantly left out of the release notes. 64 65 - FEATURE: In pam_get_authtok(3), if neither the application nor the 66 module have specified a prompt and PAM_HOST and PAM_RHOST are both 67 defined but not equal, use a different default prompt that includes 68 PAM_USER and PAM_HOST. 69 70 - ENHANCE: Rewrite the policy parser to used openpam_readlinev(), 71 which greatly simplifies the code. 72 73 - ENHANCE: The previous implementation of the policy parser relied on 74 the openpam_readline(3) function, which (by design) munges 75 whitespace and understands neither quotes nor backslash escapes. 76 As a result of the aforementioned rewrite, whitespace, quotes and 77 backslash escapes in policy files are now handled in a consistent 78 and predictable manner. 79 80 - ENHANCE: On platforms that have it, use fdlopen(3) to load modules. 81 This closes the race between the ownership / permission check and 82 the dlopen(3) call. 83 84 - ENHANCE: Reduce the amount of pointless error messages generated 85 while searching for a module. 86 87 - ENHANCE: Numerous documentation improvements, both in content and 88 formatting. 89 90 - BUGFIX: A patch incorporated in Lycopsida inadvertantly changed 91 OpenPAM's behavior when several policies exist for the same 92 service, from ignoring all but the first to concatenating them all. 93 Revert to the original behavior. 94 95 - BUGFIX: Plug a memory leak in the policy parser. 96============================================================================ 97OpenPAM Lycopsida 2011-12-18 98 99 - ENHANCE: removed static build autodetection, which didn't work 100 anyway. Use an explicit, user-specified preprocessor variable 101 instead. 102 103 - ENHANCE: cleaned up the documentation a bit. 104 105 - ENHANCE: added openpam_subst(3), allowing certain PAM items to be 106 embedded in strings such as prompts. Apply it to the prompts used 107 by pam_get_user(3) and pam_get_authtok(3). 108 109 - ENHANCE: added support for the user_prompt, authtok_prompt and 110 oldauthtok_prompt module options, which override the prompts passed 111 by the module to pam_set_user(3) and pam_get_authtok(3). 112 113 - ENHANCE: rewrote the policy parser to support quoted option values. 114 115 - ENHANCE: added pamtest(1), a tool for testing modules and policies. 116 117 - ENHANCE: added code to check the ownership and permissions of a 118 module before loading it. 119 120 - ENHANCE: added / improved input validation in many cases, including 121 the policy file and some function arguments. (CVE-2011-4122) 122============================================================================ 123OpenPAM Hydrangea 2007-12-21 124 125 - ENHANCE: when compiling with GCC, mark up API functions with GCC 126 attributes where appropriate. 127 128 - BUGFIX: fixed numerous warnings uncovered by GCC 4. 129 130 - ENHANCE: building the documentation is now optional. 131 132 - ENHANCE: corrected a number of mistakes and style issues in the 133 build system. 134 135 - ENHANCE: API function arguments are now const where appropriate, to 136 match corresponding changes in the Solaris PAM and Linux-PAM APIs. 137 138 - ENHANCE: corrected a number of C namespace violations. 139 140 - ENHANCE: the module cache has been removed, allowing long-lived 141 applications to pick up module changes. This also allows multiple 142 threads to use PAM simultaneously (as long as they use separate PAM 143 contexts), since the module cache was the only part of OpenPAM that 144 was not thread-safe. 145============================================================================ 146OpenPAM Figwort 2005-06-16 147 148 - BUGFIX: Correct several small signedness and initialization bugs 149 discovered during review by the NetBSD team. 150 151 - BUGFIX: Modify gendoc.pl to sort cross-references in dictionary 152 order within each section. 153 154 - ENHANCE: if a policy specifies a relative module path, prepend the 155 module directory so we never call dlopen(3) with a relative path. 156 157 - ENHANCE: add a pam.conf(5) manual page. 158============================================================================ 159OpenPAM Feterita 2005-02-01 160 161 - BUGFIX: Correct numerous markup errors, invalid cross-references, 162 and other issues in the manual pages, with kind assistance from 163 Ruslan Ermilov <ru@freebsd.org>. 164 165 - BUGFIX: Avoid multiple evaluation of macro arguments in ENTERX() 166 and RETURNX() macros. 167 168 - BUGFIX: Remove an unnecessary and non-portable pointer cast in 169 pam_get_data(3). 170 171 - BUGFIX: Fix identical typos in PAM_ACCT_EXPIRED case in 172 pam_strerror(3) and gendoc.pl. 173 174 - ENHANCE: Minor overhaul of the autoconf / build system. 175 176 - ENHANCE: Add openpam_free_envlist(3). 177============================================================================ 178OpenPAM Eelgrass 2004-02-10 179 180 - BUGFIX: Correct array handling bugs in conversation code. 181 182 - BUGFIX: In openpam_ttyconv(3), don't strip trailing linear 183 whitespace from the user's response. 184 185 - BUGFIX: Many constness issues addressed. 186============================================================================ 187OpenPAM Dogwood 2003-07-15 188 189 - ENHANCE: Use the GNU autotools. 190 191 - ENHANCE: Constify the msg field in struct pam_message. 192 193 - BUGFIX: Remove left-over debugging output 194 195 - BUGFIX: Avoid side effects in arguments to the FREE() macro 196 197 - ENHANCE: Make openpam_ttyconv(3) use read(2) rather than fgets(3). 198 199 - BUGFIX: Staticize some variables which shouldn't be global. 200 201 - BUGFIX: Correcly anticipate a NULL user in pam_get_user(3). 202 203 - ENHANCE: Various minor documentation improvements. 204 205Thanks to Dmitry V. Levin <ldv@altlinux.org> for considerable 206assistance with this release. 207============================================================================ 208OpenPAM Digitalis 2003-06-01 209 210 - ENHANCE: Completely rewrite the configuration parser and add 211 support for the "include" control flag. 212 213 - ENHANCE: Improve portability to NetBSD, OpenBSD and Linux. 214 215 - ENHANCE: Lots of additional paranoia. 216 217 - BUGFIX: The sample su(1) application dropped privileges before 218 forking instead of after. 219 220 - ENHANCE: Document openpam_log(3). 221 222 - ENHANCE: Other minor documentation fixes. 223 224Thanks to Dmitry V. Levin <ldv@altlinux.org> for considerable 225assistance with this release. 226============================================================================ 227OpenPAM Dianthus 2003-05-02 228 229 - BUGFIX: Initialize some potentially uninitialized variables. 230 231 - BUGFIX: Silence some warnings emitted by gcc -std=iso9899:1999. 232 233 - BUGFIX: In pam_getenv(), return a pointer to the stored variable 234 instead of a freshly allocated copy. 235 236 - ENHANCE: Detect recursion in openpam_borrow_cred() 237 238 - ENHANCE: Make borrowing one's own credentials a no-op. 239 240 - ENHANCE: Further improve debugging support. 241 242 - ENHANCE: Clean up some variable names. 243============================================================================ 244OpenPAM Daffodil 2003-01-06 245 246 - ENHANCE: Document dependency on <sys/types.h> (for size_t) 247 248 - ENHANCE: Slightly improve error detection in openpam_ttyconv(). 249 250 - BUGFIX: Fix several typos in debugging macros. 251============================================================================ 252OpenPAM Cyclamen 2002-12-12 253 254 - ENHANCE: Improve recursion detection in openpam_dispatch(). 255 256 - ENHANCE: Add debugging messages at entry and exit points of most 257 functions. 258 259 - ENHANCE: Fix some minor style issues. 260 261 - BUGFIX: Add default cases to the switches in openpam_log.c. 262 263 - ENHANCE: Add /usr/local/etc/pam.conf to policy search path. 264 265 - BUGFIX: In openpam_ttyconv(3), print the prompt to stdout rather 266 than stderr. 267============================================================================ 268OpenPAM Citronella 2002-06-30 269 270 - ENHANCE: Add the "binding" control flag (from Solaris 9). 271 272 - ENHANCE: Define struct pam_repository and PAM_REPOSITORY (from 273 Solaris 9). 274 275 - ENHANCE: Flesh out the pam(3) man page. 276 277 - ENHANCE: Add an openpam(3) page with cross-references to all the 278 documented OpenPAM API extensions. 279 280 - ENHANCE: Add a pam_conv(3) man page describing the conversation 281 system. 282 283 - ENHANCE: Improved sample application. 284 285 - ENHANCE: Added sample pam_unix module. 286 287 - BUGFIX: Various documentation nits. 288============================================================================ 289OpenPAM Cinquefoil 2002-05-24 290 291 - BUGFIX: Various warnings uncovered by gcc 3.1. 292 293 - ENHANCE: Add a null conversation function, openpam_nullconv(3). 294 295 - BUGFIX: Initialize the "other" chain to all zeroes. 296 297 - ENHANCE: Document openpam_ttyconv(3). 298============================================================================ 299OpenPAM Cinnamon 2002-05-02 300 301 - ENHANCE: Add a null conversation function, openpam_nullconv(). 302 303 - BUGFIX: Various markup bugs in the documentation. 304 305 - BUGFIX: Document <security/openpam.h>. 306 307 - BUGFIX: Duplicate expansion of openpam_log() macro arguments. 308 309 - ENHANCE: Restructure the policy-loading code and align our use of 310 the "other" policy with Solaris and Linux-PAM. 311 312 - ENHANCE: Log dlopen() and dlsym() failures. 313 314 - ENHANCE: In openpam_ttyconv(), emit a newline after error and info 315 messages unless the message contains one already. 316 317 - BUGFIX: In pam_vprompt(), initialize the response pointer to NULL 318 so we can detect whether the conversation function touched it. 319============================================================================ 320OpenPAM Cineraria 2002-04-14 321 322 - BUGFIX: Fix confusion between token and prompt in 323 pam_get_authtok(3). 324 325 - ENHANCE: Improved documentation. 326 327 - ENHANCE: Adopt the same preprocessor tricks that were used in 328 FreeBSD's version of Linux-PAM to simplify static linking without 329 requiring dummy primitives. 330 331 - ENHANCE: Move the policy-loading code out of pam_start.c. 332 333 - BUGFIX: Fix typo in one of the versions of the openpam_log macro. 334 335 - ENHANCE: Add versioning macros. 336============================================================================ 337OpenPAM Cinchona 2002-04-08 338 339 - ENHANCE: Improved documentation for several API functions. 340 341 - BUGFIX: Fix bug in pam_set_data() that would result in corruption 342 of the module data list. 343 344 - BUGFIX: Allocate the correct amount of memory for the environment 345 list in pam_putenv(). 346 347 - ENHANCE: Change pam_get_authtok()'s prototype so the caller can 348 specify what token it wants. Also introduce PAM_OLDAUTHTOK_PROMPT. 349 350 - BUGFIX: Plug memory leak in pam_get_user() / pam_get_authtok(), and 351 reduce differences between these very similar functions. 352 353 - ENHANCE: Check flags carefully in pam_authenticate() and 354 pam_chauthtok(). 355 356 - BUGFIX: Fix bugs in portability code; libpam now builds on NetBSD. 357 358 - ENHANCE: In pam_get_authtok(), if PAM_OLDAUTHTOK is set, we're 359 asked for PAM_AUTHTOK, and we have to prompt the user, prompt her 360 twice and compare the responses. 361 362 - ENHANCE: Add openpam_{borrow,restore}_cred(), for temporarily 363 switching to user credentials. 364 365 - ENHANCE: Add openpam_free_data(), a generic cleanup function for 366 pam_set_data() consumers. 367============================================================================ 368OpenPAM Centaury 2002-03-14 369 370 - BUGFIX: Add missing #include <string.h> to openpam_log.c. 371 372 - BUGFIX: s/PAM_REINITIALISE_CRED/PAM_REINITIALIZE_CRED/. XSSO uses 373 the former, but Solaris and Linux-PAM use the latter. 374 375 - BUGFIX: The dynamic loader and the module cache contained a number 376 of bugs which would cause a segmentation fault if pam_start(3) was 377 called again after pam_end(3), as happens in login(1), xdm(1) etc. 378 after a failed login. 379 380 - BUGFIX: Refer to a module by the name used in the policy file, even 381 if the module that was actually loaded was versioned. 382 383 - ENHANCE: Suppress debugging logs, unless compiled with -DDEBUG. 384============================================================================ 385OpenPAM Celandine 2002-03-05 386 387 - BUGFIX: PAM_TRY_AGAIN is a valid return value for pam_chauthtok(). 388 389 - BUGFIX: Run passwd chain twice, first with the PAM_PRELIM_CHECK 390 flag set, then with the PAM_UPDATE_AUTHTOK flag set. 391 392 - BUGFIX: Failure of a "sufficient" module should not terminate the 393 passwd chain if the PAM_PRELIM_CHECK flag is set. 394 395 - BUGFIX: Clear PAM_AUTHTOK after running the service modules. 396 397 - ENHANCE: Prevent applications from specifying the PAM_PRELIM_CHECK 398 or PAM_UPDATE_AUTHTOK flags themselves. 399 400 - BUGFIX: openpam_set_option() did not support changing the value of 401 an existing option. 402 403 - ENHANCE: Add support for module versioning. OpenPAM will prefer a 404 module with the same version number as the library itself to one 405 with no version number at all. 406============================================================================ 407OpenPAM Cantaloupe 2002-02-22 408 409 - BUGFIX: The proper use of PAM_SYMBOL_ERR is to indicate an invalid 410 argument to pam_[gs]et_item(3), not to indicate dlsym(3) failures. 411 412 - ENHANCE: Add in-line documentation in most source files, and a Perl 413 script that generates mdoc code from that. 414 415 - BUGFIX: The environment list was not properly NULL-terminated. 416 417 - ENHANCE: Allow the PAM_AUTHTOK_PROMPT item to override the prompt 418 specified by the module. 419 420 - BUGFIX: PAM_NUM_ITEMS was set too low. It has been moved to 421 pam_constants.h to avoid it going stale again. 422 423 - ENHANCE: Move all code related to static modules into a separate 424 file. 425 426 - ENHANCE: openpam_ttyconv() now masks most signals while prompting the 427 user, and supports setting a timeout (which defaults to off). 428 429 - BUGFIX: Some manual pages referenced XSSO even though they 430 documented OpenPAM-specific functions. 431 432 - ENHANCE: Added openpam_get_option() and openpam_set_option(). 433 434 - ENHANCE: openpam_get_authtok() now respects the echo_pass, 435 try_first_pass, and use_first_pass options. 436============================================================================ 437OpenPAM Caliopsis 2002-02-13 438 439Fixed a number of bugs in the previous release, including: 440 - a number of bugs in and related to pam_[gs]et_item(3) 441 - off-by-one bug in pam_start.c would trim last character off certain 442 configuration lines 443 - incorrect ordering of an array in openpam_load.c would cause service 444 module functions to get mixed up 445 - missing 'continue' in openpam_dispatch.c caused successes to be 446 counted as failures 447============================================================================ 448OpenPAM Calamite 2002-02-09 449 450First (beta) release. 451