1OpenPAM Tabebuia 2019-02-24 2 3 - BUGFIX: Fix off-by-one bug in pam_getenv(3) which was introduced in 4 OpenPAM Radula. 5 6 - ENHANCE: Add unit tests for pam_{get,put,set}env(3). 7============================================================================ 8OpenPAM Resedacea 2017-04-30 9 10 - BUGFIX: Reinstore the NULL check in pam_end(3) which was removed in 11 OpenPAM Radula, as it breaks common error-handling constructs. 12 13 - BUGFIX: Return PAM_SYMBOL_ERR instead of PAM_SYSTEM_ERR from the 14 dispatcher when the required service function could not be found. 15 16 - ENHANCE: Introduce the PAM_BAD_HANDLE error code for when pamh is 17 NULL in API functions that have a NULL check. 18 19 - ENHANCE: Introduce the PAM_BAD_ITEM, PAM_BAD_FEATURE and 20 PAM_BAD_CONSTANT error codes for situations where we previously 21 incorrectly used PAM_SYMBOL_ERR to denote that an invalid constant 22 had been passed to an API function. 23 24 - ENHANCE: Improve the RETURN VALUES section in API man pages, 25 especially for functions that cannot fail, which were incorrectly 26 documented as returning -1 on failure. 27============================================================================ 28OpenPAM Radula 2017-02-19 29 30 - BUGFIX: Fix an inverted test which prevented pam_get_authtok(3) and 31 pam_get_user(3) from using application-provided custom prompts. 32 33 - BUGFIX: Plug a memory leak in pam_set_item(3). 34 35 - BUGFIX: Plug a potential memory leak in openpam_readlinev(3). 36 37 - BUGFIX: In openpam_readword(3), support line continuations within 38 whitespace. 39 40 - ENHANCE: Add a feature flag to control fallback to "other" policy. 41 42 - ENHANCE: Add a pam_return(8) module which returns an arbitrary 43 code specified in the module options. 44 45 - ENHANCE: More and better unit tests. 46============================================================================ 47OpenPAM Ourouparia 2014-09-12 48 49 - ENHANCE: When executing a chain, require at least one service 50 function to succeed. This mitigates fail-open scenarios caused by 51 misconfigurations or missing modules. 52 53 - ENHANCE: Make sure to overwrite buffers which may have contained an 54 authentication token when they're no longer needed. 55 56 - BUGFIX: Under certain circumstances, specifying a non-existent 57 module (or misspelling the name of a module) in a policy could 58 result in a fail-open scenario. (CVE-2014-3879) 59 60 - FEATURE: Add a search path for modules. This was implemented in 61 Nummularia but inadvertently left out of the release notes. 62 63 - BUGFIX: The is_upper() predicate only accepted the letter A as an 64 upper-case character instead of the entire A-Z range. As a result, 65 service and module names containing upper-case letters other than A 66 would be rejected. 67============================================================================ 68OpenPAM Nummularia 2013-09-07 69 70 - ENHANCE: Rewrite the dynamic loader to improve readability and 71 reliability. Modules can now be listed without the ".so" suffix in 72 the policy file; OpenPAM will automatically add it, just like it 73 will automatically add the version number if required. 74 75 - ENHANCE: Allow openpam_straddch(3) to be called without a character 76 so it can be used to preallocate a string. 77 78 - ENHANCE: Improve portability by adding simple asprintf(3) and 79 vasprintf(3) implementations for platforms that don't have them. 80 81 - ENHANCE: Move the libpam sources into a separate subdirectory. 82 83 - ENHANCE: Substantial documentation improvements. 84 85 - BUGFIX: When openpam_readword(3) encountered an opening quote, it 86 would set the first byte in the buffer to '\0', discarding all 87 existing text and, unless the buffer was empty to begin with, all 88 subsequent text as well. This went unnoticed because none of the 89 unit tests for quoted strings had any text preceding the opening 90 quote. 91 92 - BUGFIX: make --with-modules-dir work the way it was meant to work 93 (but never did). 94============================================================================ 95OpenPAM Micrampelis 2012-05-26 96 97 - FEATURE: Add an openpam_readword(3) function which reads the next 98 word from an input stream, applying shell quoting and escaping 99 rules. Add numerous unit tests for openpam_readword(3). 100 101 - FEATURE: Add an openpam_readlinev(3) function which uses the 102 openpam_readword(3) function to read words from an input stream one 103 at a time until it reaches an unquoted, unescaped newline, and 104 returns an array of those words. Add several unit tests for 105 openpam_readlinev(3). 106 107 - FEATURE: Add a PAM_HOST item which pam_start(3) initializes to the 108 machine's hostname. This was implemented in Lycopsida but 109 inadvertantly left out of the release notes. 110 111 - FEATURE: In pam_get_authtok(3), if neither the application nor the 112 module have specified a prompt and PAM_HOST and PAM_RHOST are both 113 defined but not equal, use a different default prompt that includes 114 PAM_USER and PAM_HOST. 115 116 - ENHANCE: Rewrite the policy parser to used openpam_readlinev(), 117 which greatly simplifies the code. 118 119 - ENHANCE: The previous implementation of the policy parser relied on 120 the openpam_readline(3) function, which (by design) munges 121 whitespace and understands neither quotes nor backslash escapes. 122 As a result of the aforementioned rewrite, whitespace, quotes and 123 backslash escapes in policy files are now handled in a consistent 124 and predictable manner. 125 126 - ENHANCE: On platforms that have it, use fdlopen(3) to load modules. 127 This closes the race between the ownership / permission check and 128 the dlopen(3) call. 129 130 - ENHANCE: Reduce the amount of pointless error messages generated 131 while searching for a module. 132 133 - ENHANCE: Numerous documentation improvements, both in content and 134 formatting. 135 136 - BUGFIX: A patch incorporated in Lycopsida inadvertantly changed 137 OpenPAM's behavior when several policies exist for the same 138 service, from ignoring all but the first to concatenating them all. 139 Revert to the original behavior. 140 141 - BUGFIX: Plug a memory leak in the policy parser. 142============================================================================ 143OpenPAM Lycopsida 2011-12-18 144 145 - ENHANCE: removed static build autodetection, which didn't work 146 anyway. Use an explicit, user-specified preprocessor variable 147 instead. 148 149 - ENHANCE: cleaned up the documentation a bit. 150 151 - ENHANCE: added openpam_subst(3), allowing certain PAM items to be 152 embedded in strings such as prompts. Apply it to the prompts used 153 by pam_get_user(3) and pam_get_authtok(3). 154 155 - ENHANCE: added support for the user_prompt, authtok_prompt and 156 oldauthtok_prompt module options, which override the prompts passed 157 by the module to pam_set_user(3) and pam_get_authtok(3). 158 159 - ENHANCE: rewrote the policy parser to support quoted option values. 160 161 - ENHANCE: added pamtest(1), a tool for testing modules and policies. 162 163 - ENHANCE: added code to check the ownership and permissions of a 164 module before loading it. 165 166 - ENHANCE: added / improved input validation in many cases, including 167 the policy file and some function arguments. (CVE-2011-4122) 168============================================================================ 169OpenPAM Hydrangea 2007-12-21 170 171 - ENHANCE: when compiling with GCC, mark up API functions with GCC 172 attributes where appropriate. 173 174 - BUGFIX: fixed numerous warnings uncovered by GCC 4. 175 176 - ENHANCE: building the documentation is now optional. 177 178 - ENHANCE: corrected a number of mistakes and style issues in the 179 build system. 180 181 - ENHANCE: API function arguments are now const where appropriate, to 182 match corresponding changes in the Solaris PAM and Linux-PAM APIs. 183 184 - ENHANCE: corrected a number of C namespace violations. 185 186 - ENHANCE: the module cache has been removed, allowing long-lived 187 applications to pick up module changes. This also allows multiple 188 threads to use PAM simultaneously (as long as they use separate PAM 189 contexts), since the module cache was the only part of OpenPAM that 190 was not thread-safe. 191============================================================================ 192OpenPAM Figwort 2005-06-16 193 194 - BUGFIX: Correct several small signedness and initialization bugs 195 discovered during review by the NetBSD team. 196 197 - BUGFIX: Modify gendoc.pl to sort cross-references in dictionary 198 order within each section. 199 200 - ENHANCE: if a policy specifies a relative module path, prepend the 201 module directory so we never call dlopen(3) with a relative path. 202 203 - ENHANCE: add a pam.conf(5) manual page. 204============================================================================ 205OpenPAM Feterita 2005-02-01 206 207 - BUGFIX: Correct numerous markup errors, invalid cross-references, 208 and other issues in the manual pages, with kind assistance from 209 Ruslan Ermilov <ru@freebsd.org>. 210 211 - BUGFIX: Avoid multiple evaluation of macro arguments in ENTERX() 212 and RETURNX() macros. 213 214 - BUGFIX: Remove an unnecessary and non-portable pointer cast in 215 pam_get_data(3). 216 217 - BUGFIX: Fix identical typos in PAM_ACCT_EXPIRED case in 218 pam_strerror(3) and gendoc.pl. 219 220 - ENHANCE: Minor overhaul of the autoconf / build system. 221 222 - ENHANCE: Add openpam_free_envlist(3). 223============================================================================ 224OpenPAM Eelgrass 2004-02-10 225 226 - BUGFIX: Correct array handling bugs in conversation code. 227 228 - BUGFIX: In openpam_ttyconv(3), don't strip trailing linear 229 whitespace from the user's response. 230 231 - BUGFIX: Many constness issues addressed. 232============================================================================ 233OpenPAM Dogwood 2003-07-15 234 235 - ENHANCE: Use the GNU autotools. 236 237 - ENHANCE: Constify the msg field in struct pam_message. 238 239 - BUGFIX: Remove left-over debugging output 240 241 - BUGFIX: Avoid side effects in arguments to the FREE() macro 242 243 - ENHANCE: Make openpam_ttyconv(3) use read(2) rather than fgets(3). 244 245 - BUGFIX: Staticize some variables which shouldn't be global. 246 247 - BUGFIX: Correcly anticipate a NULL user in pam_get_user(3). 248 249 - ENHANCE: Various minor documentation improvements. 250 251Thanks to Dmitry V. Levin <ldv@altlinux.org> for considerable 252assistance with this release. 253============================================================================ 254OpenPAM Digitalis 2003-06-01 255 256 - ENHANCE: Completely rewrite the configuration parser and add 257 support for the "include" control flag. 258 259 - ENHANCE: Improve portability to NetBSD, OpenBSD and Linux. 260 261 - ENHANCE: Lots of additional paranoia. 262 263 - BUGFIX: The sample su(1) application dropped privileges before 264 forking instead of after. 265 266 - ENHANCE: Document openpam_log(3). 267 268 - ENHANCE: Other minor documentation fixes. 269 270Thanks to Dmitry V. Levin <ldv@altlinux.org> for considerable 271assistance with this release. 272============================================================================ 273OpenPAM Dianthus 2003-05-02 274 275 - BUGFIX: Initialize some potentially uninitialized variables. 276 277 - BUGFIX: Silence some warnings emitted by gcc -std=iso9899:1999. 278 279 - BUGFIX: In pam_getenv(), return a pointer to the stored variable 280 instead of a freshly allocated copy. 281 282 - ENHANCE: Detect recursion in openpam_borrow_cred() 283 284 - ENHANCE: Make borrowing one's own credentials a no-op. 285 286 - ENHANCE: Further improve debugging support. 287 288 - ENHANCE: Clean up some variable names. 289============================================================================ 290OpenPAM Daffodil 2003-01-06 291 292 - ENHANCE: Document dependency on <sys/types.h> (for size_t) 293 294 - ENHANCE: Slightly improve error detection in openpam_ttyconv(). 295 296 - BUGFIX: Fix several typos in debugging macros. 297============================================================================ 298OpenPAM Cyclamen 2002-12-12 299 300 - ENHANCE: Improve recursion detection in openpam_dispatch(). 301 302 - ENHANCE: Add debugging messages at entry and exit points of most 303 functions. 304 305 - ENHANCE: Fix some minor style issues. 306 307 - BUGFIX: Add default cases to the switches in openpam_log.c. 308 309 - ENHANCE: Add /usr/local/etc/pam.conf to policy search path. 310 311 - BUGFIX: In openpam_ttyconv(3), print the prompt to stdout rather 312 than stderr. 313============================================================================ 314OpenPAM Citronella 2002-06-30 315 316 - ENHANCE: Add the "binding" control flag (from Solaris 9). 317 318 - ENHANCE: Define struct pam_repository and PAM_REPOSITORY (from 319 Solaris 9). 320 321 - ENHANCE: Flesh out the pam(3) man page. 322 323 - ENHANCE: Add an openpam(3) page with cross-references to all the 324 documented OpenPAM API extensions. 325 326 - ENHANCE: Add a pam_conv(3) man page describing the conversation 327 system. 328 329 - ENHANCE: Improved sample application. 330 331 - ENHANCE: Added sample pam_unix module. 332 333 - BUGFIX: Various documentation nits. 334============================================================================ 335OpenPAM Cinquefoil 2002-05-24 336 337 - BUGFIX: Various warnings uncovered by gcc 3.1. 338 339 - ENHANCE: Add a null conversation function, openpam_nullconv(3). 340 341 - BUGFIX: Initialize the "other" chain to all zeroes. 342 343 - ENHANCE: Document openpam_ttyconv(3). 344============================================================================ 345OpenPAM Cinnamon 2002-05-02 346 347 - ENHANCE: Add a null conversation function, openpam_nullconv(). 348 349 - BUGFIX: Various markup bugs in the documentation. 350 351 - BUGFIX: Document <security/openpam.h>. 352 353 - BUGFIX: Duplicate expansion of openpam_log() macro arguments. 354 355 - ENHANCE: Restructure the policy-loading code and align our use of 356 the "other" policy with Solaris and Linux-PAM. 357 358 - ENHANCE: Log dlopen() and dlsym() failures. 359 360 - ENHANCE: In openpam_ttyconv(), emit a newline after error and info 361 messages unless the message contains one already. 362 363 - BUGFIX: In pam_vprompt(), initialize the response pointer to NULL 364 so we can detect whether the conversation function touched it. 365============================================================================ 366OpenPAM Cineraria 2002-04-14 367 368 - BUGFIX: Fix confusion between token and prompt in 369 pam_get_authtok(3). 370 371 - ENHANCE: Improved documentation. 372 373 - ENHANCE: Adopt the same preprocessor tricks that were used in 374 FreeBSD's version of Linux-PAM to simplify static linking without 375 requiring dummy primitives. 376 377 - ENHANCE: Move the policy-loading code out of pam_start.c. 378 379 - BUGFIX: Fix typo in one of the versions of the openpam_log macro. 380 381 - ENHANCE: Add versioning macros. 382============================================================================ 383OpenPAM Cinchona 2002-04-08 384 385 - ENHANCE: Improved documentation for several API functions. 386 387 - BUGFIX: Fix bug in pam_set_data() that would result in corruption 388 of the module data list. 389 390 - BUGFIX: Allocate the correct amount of memory for the environment 391 list in pam_putenv(). 392 393 - ENHANCE: Change pam_get_authtok()'s prototype so the caller can 394 specify what token it wants. Also introduce PAM_OLDAUTHTOK_PROMPT. 395 396 - BUGFIX: Plug memory leak in pam_get_user() / pam_get_authtok(), and 397 reduce differences between these very similar functions. 398 399 - ENHANCE: Check flags carefully in pam_authenticate() and 400 pam_chauthtok(). 401 402 - BUGFIX: Fix bugs in portability code; libpam now builds on NetBSD. 403 404 - ENHANCE: In pam_get_authtok(), if PAM_OLDAUTHTOK is set, we're 405 asked for PAM_AUTHTOK, and we have to prompt the user, prompt her 406 twice and compare the responses. 407 408 - ENHANCE: Add openpam_{borrow,restore}_cred(), for temporarily 409 switching to user credentials. 410 411 - ENHANCE: Add openpam_free_data(), a generic cleanup function for 412 pam_set_data() consumers. 413============================================================================ 414OpenPAM Centaury 2002-03-14 415 416 - BUGFIX: Add missing #include <string.h> to openpam_log.c. 417 418 - BUGFIX: s/PAM_REINITIALISE_CRED/PAM_REINITIALIZE_CRED/. XSSO uses 419 the former, but Solaris and Linux-PAM use the latter. 420 421 - BUGFIX: The dynamic loader and the module cache contained a number 422 of bugs which would cause a segmentation fault if pam_start(3) was 423 called again after pam_end(3), as happens in login(1), xdm(1) etc. 424 after a failed login. 425 426 - BUGFIX: Refer to a module by the name used in the policy file, even 427 if the module that was actually loaded was versioned. 428 429 - ENHANCE: Suppress debugging logs, unless compiled with -DDEBUG. 430============================================================================ 431OpenPAM Celandine 2002-03-05 432 433 - BUGFIX: PAM_TRY_AGAIN is a valid return value for pam_chauthtok(). 434 435 - BUGFIX: Run passwd chain twice, first with the PAM_PRELIM_CHECK 436 flag set, then with the PAM_UPDATE_AUTHTOK flag set. 437 438 - BUGFIX: Failure of a "sufficient" module should not terminate the 439 passwd chain if the PAM_PRELIM_CHECK flag is set. 440 441 - BUGFIX: Clear PAM_AUTHTOK after running the service modules. 442 443 - ENHANCE: Prevent applications from specifying the PAM_PRELIM_CHECK 444 or PAM_UPDATE_AUTHTOK flags themselves. 445 446 - BUGFIX: openpam_set_option() did not support changing the value of 447 an existing option. 448 449 - ENHANCE: Add support for module versioning. OpenPAM will prefer a 450 module with the same version number as the library itself to one 451 with no version number at all. 452============================================================================ 453OpenPAM Cantaloupe 2002-02-22 454 455 - BUGFIX: The proper use of PAM_SYMBOL_ERR is to indicate an invalid 456 argument to pam_[gs]et_item(3), not to indicate dlsym(3) failures. 457 458 - ENHANCE: Add in-line documentation in most source files, and a Perl 459 script that generates mdoc code from that. 460 461 - BUGFIX: The environment list was not properly NULL-terminated. 462 463 - ENHANCE: Allow the PAM_AUTHTOK_PROMPT item to override the prompt 464 specified by the module. 465 466 - BUGFIX: PAM_NUM_ITEMS was set too low. It has been moved to 467 pam_constants.h to avoid it going stale again. 468 469 - ENHANCE: Move all code related to static modules into a separate 470 file. 471 472 - ENHANCE: openpam_ttyconv() now masks most signals while prompting the 473 user, and supports setting a timeout (which defaults to off). 474 475 - BUGFIX: Some manual pages referenced XSSO even though they 476 documented OpenPAM-specific functions. 477 478 - ENHANCE: Added openpam_get_option() and openpam_set_option(). 479 480 - ENHANCE: openpam_get_authtok() now respects the echo_pass, 481 try_first_pass, and use_first_pass options. 482============================================================================ 483OpenPAM Caliopsis 2002-02-13 484 485Fixed a number of bugs in the previous release, including: 486 - a number of bugs in and related to pam_[gs]et_item(3) 487 - off-by-one bug in pam_start.c would trim last character off certain 488 configuration lines 489 - incorrect ordering of an array in openpam_load.c would cause service 490 module functions to get mixed up 491 - missing 'continue' in openpam_dispatch.c caused successes to be 492 counted as failures 493============================================================================ 494OpenPAM Calamite 2002-02-09 495 496First (beta) release. 497