1OpenPAM Ximenia 2023-06-27 2 3 - BUGFIX: Fix race condition in openpam_ttyconv(3) when used with 4 expect scripts. 5 6 - BUGFIX: In openpam_set_option(3), when removing an option, properly 7 decrement the option count. 8 9 - BUGFIX: In openpam_subst(3), avoid incrementing past the end of the 10 template. 11============================================================================ 12OpenPAM Tabebuia 2019-02-24 13 14 - BUGFIX: Fix off-by-one bug in pam_getenv(3) which was introduced in 15 OpenPAM Radula. 16 17 - ENHANCE: Add unit tests for pam_{get,put,set}env(3). 18============================================================================ 19OpenPAM Resedacea 2017-04-30 20 21 - BUGFIX: Reinstore the NULL check in pam_end(3) which was removed in 22 OpenPAM Radula, as it breaks common error-handling constructs. 23 24 - BUGFIX: Return PAM_SYMBOL_ERR instead of PAM_SYSTEM_ERR from the 25 dispatcher when the required service function could not be found. 26 27 - ENHANCE: Introduce the PAM_BAD_HANDLE error code for when pamh is 28 NULL in API functions that have a NULL check. 29 30 - ENHANCE: Introduce the PAM_BAD_ITEM, PAM_BAD_FEATURE and 31 PAM_BAD_CONSTANT error codes for situations where we previously 32 incorrectly used PAM_SYMBOL_ERR to denote that an invalid constant 33 had been passed to an API function. 34 35 - ENHANCE: Improve the RETURN VALUES section in API man pages, 36 especially for functions that cannot fail, which were incorrectly 37 documented as returning -1 on failure. 38============================================================================ 39OpenPAM Radula 2017-02-19 40 41 - BUGFIX: Fix an inverted test which prevented pam_get_authtok(3) and 42 pam_get_user(3) from using application-provided custom prompts. 43 44 - BUGFIX: Plug a memory leak in pam_set_item(3). 45 46 - BUGFIX: Plug a potential memory leak in openpam_readlinev(3). 47 48 - BUGFIX: In openpam_readword(3), support line continuations within 49 whitespace. 50 51 - ENHANCE: Add a feature flag to control fallback to "other" policy. 52 53 - ENHANCE: Add a pam_return(8) module which returns an arbitrary 54 code specified in the module options. 55 56 - ENHANCE: More and better unit tests. 57============================================================================ 58OpenPAM Ourouparia 2014-09-12 59 60 - ENHANCE: When executing a chain, require at least one service 61 function to succeed. This mitigates fail-open scenarios caused by 62 misconfigurations or missing modules. 63 64 - ENHANCE: Make sure to overwrite buffers which may have contained an 65 authentication token when they're no longer needed. 66 67 - BUGFIX: Under certain circumstances, specifying a non-existent 68 module (or misspelling the name of a module) in a policy could 69 result in a fail-open scenario. (CVE-2014-3879) 70 71 - FEATURE: Add a search path for modules. This was implemented in 72 Nummularia but inadvertently left out of the release notes. 73 74 - BUGFIX: The is_upper() predicate only accepted the letter A as an 75 upper-case character instead of the entire A-Z range. As a result, 76 service and module names containing upper-case letters other than A 77 would be rejected. 78============================================================================ 79OpenPAM Nummularia 2013-09-07 80 81 - ENHANCE: Rewrite the dynamic loader to improve readability and 82 reliability. Modules can now be listed without the ".so" suffix in 83 the policy file; OpenPAM will automatically add it, just like it 84 will automatically add the version number if required. 85 86 - ENHANCE: Allow openpam_straddch(3) to be called without a character 87 so it can be used to preallocate a string. 88 89 - ENHANCE: Improve portability by adding simple asprintf(3) and 90 vasprintf(3) implementations for platforms that don't have them. 91 92 - ENHANCE: Move the libpam sources into a separate subdirectory. 93 94 - ENHANCE: Substantial documentation improvements. 95 96 - BUGFIX: When openpam_readword(3) encountered an opening quote, it 97 would set the first byte in the buffer to '\0', discarding all 98 existing text and, unless the buffer was empty to begin with, all 99 subsequent text as well. This went unnoticed because none of the 100 unit tests for quoted strings had any text preceding the opening 101 quote. 102 103 - BUGFIX: make --with-modules-dir work the way it was meant to work 104 (but never did). 105============================================================================ 106OpenPAM Micrampelis 2012-05-26 107 108 - FEATURE: Add an openpam_readword(3) function which reads the next 109 word from an input stream, applying shell quoting and escaping 110 rules. Add numerous unit tests for openpam_readword(3). 111 112 - FEATURE: Add an openpam_readlinev(3) function which uses the 113 openpam_readword(3) function to read words from an input stream one 114 at a time until it reaches an unquoted, unescaped newline, and 115 returns an array of those words. Add several unit tests for 116 openpam_readlinev(3). 117 118 - FEATURE: Add a PAM_HOST item which pam_start(3) initializes to the 119 machine's hostname. This was implemented in Lycopsida but 120 inadvertantly left out of the release notes. 121 122 - FEATURE: In pam_get_authtok(3), if neither the application nor the 123 module have specified a prompt and PAM_HOST and PAM_RHOST are both 124 defined but not equal, use a different default prompt that includes 125 PAM_USER and PAM_HOST. 126 127 - ENHANCE: Rewrite the policy parser to used openpam_readlinev(), 128 which greatly simplifies the code. 129 130 - ENHANCE: The previous implementation of the policy parser relied on 131 the openpam_readline(3) function, which (by design) munges 132 whitespace and understands neither quotes nor backslash escapes. 133 As a result of the aforementioned rewrite, whitespace, quotes and 134 backslash escapes in policy files are now handled in a consistent 135 and predictable manner. 136 137 - ENHANCE: On platforms that have it, use fdlopen(3) to load modules. 138 This closes the race between the ownership / permission check and 139 the dlopen(3) call. 140 141 - ENHANCE: Reduce the amount of pointless error messages generated 142 while searching for a module. 143 144 - ENHANCE: Numerous documentation improvements, both in content and 145 formatting. 146 147 - BUGFIX: A patch incorporated in Lycopsida inadvertantly changed 148 OpenPAM's behavior when several policies exist for the same 149 service, from ignoring all but the first to concatenating them all. 150 Revert to the original behavior. 151 152 - BUGFIX: Plug a memory leak in the policy parser. 153============================================================================ 154OpenPAM Lycopsida 2011-12-18 155 156 - ENHANCE: removed static build autodetection, which didn't work 157 anyway. Use an explicit, user-specified preprocessor variable 158 instead. 159 160 - ENHANCE: cleaned up the documentation a bit. 161 162 - ENHANCE: added openpam_subst(3), allowing certain PAM items to be 163 embedded in strings such as prompts. Apply it to the prompts used 164 by pam_get_user(3) and pam_get_authtok(3). 165 166 - ENHANCE: added support for the user_prompt, authtok_prompt and 167 oldauthtok_prompt module options, which override the prompts passed 168 by the module to pam_set_user(3) and pam_get_authtok(3). 169 170 - ENHANCE: rewrote the policy parser to support quoted option values. 171 172 - ENHANCE: added pamtest(1), a tool for testing modules and policies. 173 174 - ENHANCE: added code to check the ownership and permissions of a 175 module before loading it. 176 177 - ENHANCE: added / improved input validation in many cases, including 178 the policy file and some function arguments. (CVE-2011-4122) 179============================================================================ 180OpenPAM Hydrangea 2007-12-21 181 182 - ENHANCE: when compiling with GCC, mark up API functions with GCC 183 attributes where appropriate. 184 185 - BUGFIX: fixed numerous warnings uncovered by GCC 4. 186 187 - ENHANCE: building the documentation is now optional. 188 189 - ENHANCE: corrected a number of mistakes and style issues in the 190 build system. 191 192 - ENHANCE: API function arguments are now const where appropriate, to 193 match corresponding changes in the Solaris PAM and Linux-PAM APIs. 194 195 - ENHANCE: corrected a number of C namespace violations. 196 197 - ENHANCE: the module cache has been removed, allowing long-lived 198 applications to pick up module changes. This also allows multiple 199 threads to use PAM simultaneously (as long as they use separate PAM 200 contexts), since the module cache was the only part of OpenPAM that 201 was not thread-safe. 202============================================================================ 203OpenPAM Figwort 2005-06-16 204 205 - BUGFIX: Correct several small signedness and initialization bugs 206 discovered during review by the NetBSD team. 207 208 - BUGFIX: Modify gendoc.pl to sort cross-references in dictionary 209 order within each section. 210 211 - ENHANCE: if a policy specifies a relative module path, prepend the 212 module directory so we never call dlopen(3) with a relative path. 213 214 - ENHANCE: add a pam.conf(5) manual page. 215============================================================================ 216OpenPAM Feterita 2005-02-01 217 218 - BUGFIX: Correct numerous markup errors, invalid cross-references, 219 and other issues in the manual pages, with kind assistance from 220 Ruslan Ermilov <ru@freebsd.org>. 221 222 - BUGFIX: Avoid multiple evaluation of macro arguments in ENTERX() 223 and RETURNX() macros. 224 225 - BUGFIX: Remove an unnecessary and non-portable pointer cast in 226 pam_get_data(3). 227 228 - BUGFIX: Fix identical typos in PAM_ACCT_EXPIRED case in 229 pam_strerror(3) and gendoc.pl. 230 231 - ENHANCE: Minor overhaul of the autoconf / build system. 232 233 - ENHANCE: Add openpam_free_envlist(3). 234============================================================================ 235OpenPAM Eelgrass 2004-02-10 236 237 - BUGFIX: Correct array handling bugs in conversation code. 238 239 - BUGFIX: In openpam_ttyconv(3), don't strip trailing linear 240 whitespace from the user's response. 241 242 - BUGFIX: Many constness issues addressed. 243============================================================================ 244OpenPAM Dogwood 2003-07-15 245 246 - ENHANCE: Use the GNU autotools. 247 248 - ENHANCE: Constify the msg field in struct pam_message. 249 250 - BUGFIX: Remove left-over debugging output 251 252 - BUGFIX: Avoid side effects in arguments to the FREE() macro 253 254 - ENHANCE: Make openpam_ttyconv(3) use read(2) rather than fgets(3). 255 256 - BUGFIX: Staticize some variables which shouldn't be global. 257 258 - BUGFIX: Correcly anticipate a NULL user in pam_get_user(3). 259 260 - ENHANCE: Various minor documentation improvements. 261 262Thanks to Dmitry V. Levin <ldv@altlinux.org> for considerable 263assistance with this release. 264============================================================================ 265OpenPAM Digitalis 2003-06-01 266 267 - ENHANCE: Completely rewrite the configuration parser and add 268 support for the "include" control flag. 269 270 - ENHANCE: Improve portability to NetBSD, OpenBSD and Linux. 271 272 - ENHANCE: Lots of additional paranoia. 273 274 - BUGFIX: The sample su(1) application dropped privileges before 275 forking instead of after. 276 277 - ENHANCE: Document openpam_log(3). 278 279 - ENHANCE: Other minor documentation fixes. 280 281Thanks to Dmitry V. Levin <ldv@altlinux.org> for considerable 282assistance with this release. 283============================================================================ 284OpenPAM Dianthus 2003-05-02 285 286 - BUGFIX: Initialize some potentially uninitialized variables. 287 288 - BUGFIX: Silence some warnings emitted by gcc -std=iso9899:1999. 289 290 - BUGFIX: In pam_getenv(), return a pointer to the stored variable 291 instead of a freshly allocated copy. 292 293 - ENHANCE: Detect recursion in openpam_borrow_cred() 294 295 - ENHANCE: Make borrowing one's own credentials a no-op. 296 297 - ENHANCE: Further improve debugging support. 298 299 - ENHANCE: Clean up some variable names. 300============================================================================ 301OpenPAM Daffodil 2003-01-06 302 303 - ENHANCE: Document dependency on <sys/types.h> (for size_t) 304 305 - ENHANCE: Slightly improve error detection in openpam_ttyconv(). 306 307 - BUGFIX: Fix several typos in debugging macros. 308============================================================================ 309OpenPAM Cyclamen 2002-12-12 310 311 - ENHANCE: Improve recursion detection in openpam_dispatch(). 312 313 - ENHANCE: Add debugging messages at entry and exit points of most 314 functions. 315 316 - ENHANCE: Fix some minor style issues. 317 318 - BUGFIX: Add default cases to the switches in openpam_log.c. 319 320 - ENHANCE: Add /usr/local/etc/pam.conf to policy search path. 321 322 - BUGFIX: In openpam_ttyconv(3), print the prompt to stdout rather 323 than stderr. 324============================================================================ 325OpenPAM Citronella 2002-06-30 326 327 - ENHANCE: Add the "binding" control flag (from Solaris 9). 328 329 - ENHANCE: Define struct pam_repository and PAM_REPOSITORY (from 330 Solaris 9). 331 332 - ENHANCE: Flesh out the pam(3) man page. 333 334 - ENHANCE: Add an openpam(3) page with cross-references to all the 335 documented OpenPAM API extensions. 336 337 - ENHANCE: Add a pam_conv(3) man page describing the conversation 338 system. 339 340 - ENHANCE: Improved sample application. 341 342 - ENHANCE: Added sample pam_unix module. 343 344 - BUGFIX: Various documentation nits. 345============================================================================ 346OpenPAM Cinquefoil 2002-05-24 347 348 - BUGFIX: Various warnings uncovered by gcc 3.1. 349 350 - ENHANCE: Add a null conversation function, openpam_nullconv(3). 351 352 - BUGFIX: Initialize the "other" chain to all zeroes. 353 354 - ENHANCE: Document openpam_ttyconv(3). 355============================================================================ 356OpenPAM Cinnamon 2002-05-02 357 358 - ENHANCE: Add a null conversation function, openpam_nullconv(). 359 360 - BUGFIX: Various markup bugs in the documentation. 361 362 - BUGFIX: Document <security/openpam.h>. 363 364 - BUGFIX: Duplicate expansion of openpam_log() macro arguments. 365 366 - ENHANCE: Restructure the policy-loading code and align our use of 367 the "other" policy with Solaris and Linux-PAM. 368 369 - ENHANCE: Log dlopen() and dlsym() failures. 370 371 - ENHANCE: In openpam_ttyconv(), emit a newline after error and info 372 messages unless the message contains one already. 373 374 - BUGFIX: In pam_vprompt(), initialize the response pointer to NULL 375 so we can detect whether the conversation function touched it. 376============================================================================ 377OpenPAM Cineraria 2002-04-14 378 379 - BUGFIX: Fix confusion between token and prompt in 380 pam_get_authtok(3). 381 382 - ENHANCE: Improved documentation. 383 384 - ENHANCE: Adopt the same preprocessor tricks that were used in 385 FreeBSD's version of Linux-PAM to simplify static linking without 386 requiring dummy primitives. 387 388 - ENHANCE: Move the policy-loading code out of pam_start.c. 389 390 - BUGFIX: Fix typo in one of the versions of the openpam_log macro. 391 392 - ENHANCE: Add versioning macros. 393============================================================================ 394OpenPAM Cinchona 2002-04-08 395 396 - ENHANCE: Improved documentation for several API functions. 397 398 - BUGFIX: Fix bug in pam_set_data() that would result in corruption 399 of the module data list. 400 401 - BUGFIX: Allocate the correct amount of memory for the environment 402 list in pam_putenv(). 403 404 - ENHANCE: Change pam_get_authtok()'s prototype so the caller can 405 specify what token it wants. Also introduce PAM_OLDAUTHTOK_PROMPT. 406 407 - BUGFIX: Plug memory leak in pam_get_user() / pam_get_authtok(), and 408 reduce differences between these very similar functions. 409 410 - ENHANCE: Check flags carefully in pam_authenticate() and 411 pam_chauthtok(). 412 413 - BUGFIX: Fix bugs in portability code; libpam now builds on NetBSD. 414 415 - ENHANCE: In pam_get_authtok(), if PAM_OLDAUTHTOK is set, we're 416 asked for PAM_AUTHTOK, and we have to prompt the user, prompt her 417 twice and compare the responses. 418 419 - ENHANCE: Add openpam_{borrow,restore}_cred(), for temporarily 420 switching to user credentials. 421 422 - ENHANCE: Add openpam_free_data(), a generic cleanup function for 423 pam_set_data() consumers. 424============================================================================ 425OpenPAM Centaury 2002-03-14 426 427 - BUGFIX: Add missing #include <string.h> to openpam_log.c. 428 429 - BUGFIX: s/PAM_REINITIALISE_CRED/PAM_REINITIALIZE_CRED/. XSSO uses 430 the former, but Solaris and Linux-PAM use the latter. 431 432 - BUGFIX: The dynamic loader and the module cache contained a number 433 of bugs which would cause a segmentation fault if pam_start(3) was 434 called again after pam_end(3), as happens in login(1), xdm(1) etc. 435 after a failed login. 436 437 - BUGFIX: Refer to a module by the name used in the policy file, even 438 if the module that was actually loaded was versioned. 439 440 - ENHANCE: Suppress debugging logs, unless compiled with -DDEBUG. 441============================================================================ 442OpenPAM Celandine 2002-03-05 443 444 - BUGFIX: PAM_TRY_AGAIN is a valid return value for pam_chauthtok(). 445 446 - BUGFIX: Run passwd chain twice, first with the PAM_PRELIM_CHECK 447 flag set, then with the PAM_UPDATE_AUTHTOK flag set. 448 449 - BUGFIX: Failure of a "sufficient" module should not terminate the 450 passwd chain if the PAM_PRELIM_CHECK flag is set. 451 452 - BUGFIX: Clear PAM_AUTHTOK after running the service modules. 453 454 - ENHANCE: Prevent applications from specifying the PAM_PRELIM_CHECK 455 or PAM_UPDATE_AUTHTOK flags themselves. 456 457 - BUGFIX: openpam_set_option() did not support changing the value of 458 an existing option. 459 460 - ENHANCE: Add support for module versioning. OpenPAM will prefer a 461 module with the same version number as the library itself to one 462 with no version number at all. 463============================================================================ 464OpenPAM Cantaloupe 2002-02-22 465 466 - BUGFIX: The proper use of PAM_SYMBOL_ERR is to indicate an invalid 467 argument to pam_[gs]et_item(3), not to indicate dlsym(3) failures. 468 469 - ENHANCE: Add in-line documentation in most source files, and a Perl 470 script that generates mdoc code from that. 471 472 - BUGFIX: The environment list was not properly NULL-terminated. 473 474 - ENHANCE: Allow the PAM_AUTHTOK_PROMPT item to override the prompt 475 specified by the module. 476 477 - BUGFIX: PAM_NUM_ITEMS was set too low. It has been moved to 478 pam_constants.h to avoid it going stale again. 479 480 - ENHANCE: Move all code related to static modules into a separate 481 file. 482 483 - ENHANCE: openpam_ttyconv() now masks most signals while prompting the 484 user, and supports setting a timeout (which defaults to off). 485 486 - BUGFIX: Some manual pages referenced XSSO even though they 487 documented OpenPAM-specific functions. 488 489 - ENHANCE: Added openpam_get_option() and openpam_set_option(). 490 491 - ENHANCE: openpam_get_authtok() now respects the echo_pass, 492 try_first_pass, and use_first_pass options. 493============================================================================ 494OpenPAM Caliopsis 2002-02-13 495 496Fixed a number of bugs in the previous release, including: 497 - a number of bugs in and related to pam_[gs]et_item(3) 498 - off-by-one bug in pam_start.c would trim last character off certain 499 configuration lines 500 - incorrect ordering of an array in openpam_load.c would cause service 501 module functions to get mixed up 502 - missing 'continue' in openpam_dispatch.c caused successes to be 503 counted as failures 504============================================================================ 505OpenPAM Calamite 2002-02-09 506 507First (beta) release. 508