xref: /freebsd/contrib/openpam/HISTORY (revision c66ec88fed842fbaad62c30d510644ceb7bd2d71)
1OpenPAM Tabebuia						2019-02-24
2
3 - BUGFIX: Fix off-by-one bug in pam_getenv(3) which was introduced in
4   OpenPAM Radula.
5
6 - ENHANCE: Add unit tests for pam_{get,put,set}env(3).
7============================================================================
8OpenPAM Resedacea						2017-04-30
9
10 - BUGFIX: Reinstore the NULL check in pam_end(3) which was removed in
11   OpenPAM Radula, as it breaks common error-handling constructs.
12
13 - BUGFIX: Return PAM_SYMBOL_ERR instead of PAM_SYSTEM_ERR from the
14   dispatcher when the required service function could not be found.
15
16 - ENHANCE: Introduce the PAM_BAD_HANDLE error code for when pamh is
17   NULL in API functions that have a NULL check.
18
19 - ENHANCE: Introduce the PAM_BAD_ITEM, PAM_BAD_FEATURE and
20   PAM_BAD_CONSTANT error codes for situations where we previously
21   incorrectly used PAM_SYMBOL_ERR to denote that an invalid constant
22   had been passed to an API function.
23
24 - ENHANCE: Improve the RETURN VALUES section in API man pages,
25   especially for functions that cannot fail, which were incorrectly
26   documented as returning -1 on failure.
27============================================================================
28OpenPAM Radula							2017-02-19
29
30 - BUGFIX: Fix an inverted test which prevented pam_get_authtok(3) and
31   pam_get_user(3) from using application-provided custom prompts.
32
33 - BUGFIX: Plug a memory leak in pam_set_item(3).
34
35 - BUGFIX: Plug a potential memory leak in openpam_readlinev(3).
36
37 - BUGFIX: In openpam_readword(3), support line continuations within
38   whitespace.
39
40 - ENHANCE: Add a feature flag to control fallback to "other" policy.
41
42 - ENHANCE: Add a pam_return(8) module which returns an arbitrary
43   code specified in the module options.
44
45 - ENHANCE: More and better unit tests.
46============================================================================
47OpenPAM Ourouparia						2014-09-12
48
49 - ENHANCE: When executing a chain, require at least one service
50   function to succeed.  This mitigates fail-open scenarios caused by
51   misconfigurations or missing modules.
52
53 - ENHANCE: Make sure to overwrite buffers which may have contained an
54   authentication token when they're no longer needed.
55
56 - BUGFIX: Under certain circumstances, specifying a non-existent
57   module (or misspelling the name of a module) in a policy could
58   result in a fail-open scenario.  (CVE-2014-3879)
59
60 - FEATURE: Add a search path for modules.  This was implemented in
61   Nummularia but inadvertently left out of the release notes.
62
63 - BUGFIX: The is_upper() predicate only accepted the letter A as an
64   upper-case character instead of the entire A-Z range.  As a result,
65   service and module names containing upper-case letters other than A
66   would be rejected.
67============================================================================
68OpenPAM Nummularia						2013-09-07
69
70 - ENHANCE: Rewrite the dynamic loader to improve readability and
71   reliability.  Modules can now be listed without the ".so" suffix in
72   the policy file; OpenPAM will automatically add it, just like it
73   will automatically add the version number if required.
74
75 - ENHANCE: Allow openpam_straddch(3) to be called without a character
76   so it can be used to preallocate a string.
77
78 - ENHANCE: Improve portability by adding simple asprintf(3) and
79   vasprintf(3) implementations for platforms that don't have them.
80
81 - ENHANCE: Move the libpam sources into a separate subdirectory.
82
83 - ENHANCE: Substantial documentation improvements.
84
85 - BUGFIX: When openpam_readword(3) encountered an opening quote, it
86   would set the first byte in the buffer to '\0', discarding all
87   existing text and, unless the buffer was empty to begin with, all
88   subsequent text as well.  This went unnoticed because none of the
89   unit tests for quoted strings had any text preceding the opening
90   quote.
91
92 - BUGFIX: make --with-modules-dir work the way it was meant to work
93   (but never did).
94============================================================================
95OpenPAM Micrampelis						2012-05-26
96
97 - FEATURE: Add an openpam_readword(3) function which reads the next
98   word from an input stream, applying shell quoting and escaping
99   rules.  Add numerous unit tests for openpam_readword(3).
100
101 - FEATURE: Add an openpam_readlinev(3) function which uses the
102   openpam_readword(3) function to read words from an input stream one
103   at a time until it reaches an unquoted, unescaped newline, and
104   returns an array of those words.  Add several unit tests for
105   openpam_readlinev(3).
106
107 - FEATURE: Add a PAM_HOST item which pam_start(3) initializes to the
108   machine's hostname.  This was implemented in Lycopsida but
109   inadvertantly left out of the release notes.
110
111 - FEATURE: In pam_get_authtok(3), if neither the application nor the
112   module have specified a prompt and PAM_HOST and PAM_RHOST are both
113   defined but not equal, use a different default prompt that includes
114   PAM_USER and PAM_HOST.
115
116 - ENHANCE: Rewrite the policy parser to used openpam_readlinev(),
117   which greatly simplifies the code.
118
119 - ENHANCE: The previous implementation of the policy parser relied on
120   the openpam_readline(3) function, which (by design) munges
121   whitespace and understands neither quotes nor backslash escapes.
122   As a result of the aforementioned rewrite, whitespace, quotes and
123   backslash escapes in policy files are now handled in a consistent
124   and predictable manner.
125
126 - ENHANCE: On platforms that have it, use fdlopen(3) to load modules.
127   This closes the race between the ownership / permission check and
128   the dlopen(3) call.
129
130 - ENHANCE: Reduce the amount of pointless error messages generated
131   while searching for a module.
132
133 - ENHANCE: Numerous documentation improvements, both in content and
134   formatting.
135
136 - BUGFIX: A patch incorporated in Lycopsida inadvertantly changed
137   OpenPAM's behavior when several policies exist for the same
138   service, from ignoring all but the first to concatenating them all.
139   Revert to the original behavior.
140
141 - BUGFIX: Plug a memory leak in the policy parser.
142============================================================================
143OpenPAM Lycopsida						2011-12-18
144
145 - ENHANCE: removed static build autodetection, which didn't work
146   anyway.  Use an explicit, user-specified preprocessor variable
147   instead.
148
149 - ENHANCE: cleaned up the documentation a bit.
150
151 - ENHANCE: added openpam_subst(3), allowing certain PAM items to be
152   embedded in strings such as prompts.  Apply it to the prompts used
153   by pam_get_user(3) and pam_get_authtok(3).
154
155 - ENHANCE: added support for the user_prompt, authtok_prompt and
156   oldauthtok_prompt module options, which override the prompts passed
157   by the module to pam_set_user(3) and pam_get_authtok(3).
158
159 - ENHANCE: rewrote the policy parser to support quoted option values.
160
161 - ENHANCE: added pamtest(1), a tool for testing modules and policies.
162
163 - ENHANCE: added code to check the ownership and permissions of a
164   module before loading it.
165
166 - ENHANCE: added / improved input validation in many cases, including
167   the policy file and some function arguments.  (CVE-2011-4122)
168============================================================================
169OpenPAM Hydrangea						2007-12-21
170
171 - ENHANCE: when compiling with GCC, mark up API functions with GCC
172   attributes where appropriate.
173
174 - BUGFIX: fixed numerous warnings uncovered by GCC 4.
175
176 - ENHANCE: building the documentation is now optional.
177
178 - ENHANCE: corrected a number of mistakes and style issues in the
179   build system.
180
181 - ENHANCE: API function arguments are now const where appropriate, to
182   match corresponding changes in the Solaris PAM and Linux-PAM APIs.
183
184 - ENHANCE: corrected a number of C namespace violations.
185
186 - ENHANCE: the module cache has been removed, allowing long-lived
187   applications to pick up module changes.  This also allows multiple
188   threads to use PAM simultaneously (as long as they use separate PAM
189   contexts), since the module cache was the only part of OpenPAM that
190   was not thread-safe.
191============================================================================
192OpenPAM Figwort							2005-06-16
193
194 - BUGFIX: Correct several small signedness and initialization bugs
195   discovered during review by the NetBSD team.
196
197 - BUGFIX: Modify gendoc.pl to sort cross-references in dictionary
198   order within each section.
199
200 - ENHANCE: if a policy specifies a relative module path, prepend the
201   module directory so we never call dlopen(3) with a relative path.
202
203 - ENHANCE: add a pam.conf(5) manual page.
204============================================================================
205OpenPAM Feterita						2005-02-01
206
207 - BUGFIX: Correct numerous markup errors, invalid cross-references,
208   and other issues in the manual pages, with kind assistance from
209   Ruslan Ermilov <ru@freebsd.org>.
210
211 - BUGFIX: Avoid multiple evaluation of macro arguments in ENTERX()
212   and RETURNX() macros.
213
214 - BUGFIX: Remove an unnecessary and non-portable pointer cast in
215   pam_get_data(3).
216
217 - BUGFIX: Fix identical typos in PAM_ACCT_EXPIRED case in
218   pam_strerror(3) and gendoc.pl.
219
220 - ENHANCE: Minor overhaul of the autoconf / build system.
221
222 - ENHANCE: Add openpam_free_envlist(3).
223============================================================================
224OpenPAM Eelgrass						2004-02-10
225
226 - BUGFIX: Correct array handling bugs in conversation code.
227
228 - BUGFIX: In openpam_ttyconv(3), don't strip trailing linear
229   whitespace from the user's response.
230
231 - BUGFIX: Many constness issues addressed.
232============================================================================
233OpenPAM Dogwood							2003-07-15
234
235 - ENHANCE: Use the GNU autotools.
236
237 - ENHANCE: Constify the msg field in struct pam_message.
238
239 - BUGFIX: Remove left-over debugging output
240
241 - BUGFIX: Avoid side effects in arguments to the FREE() macro
242
243 - ENHANCE: Make openpam_ttyconv(3) use read(2) rather than fgets(3).
244
245 - BUGFIX: Staticize some variables which shouldn't be global.
246
247 - BUGFIX: Correcly anticipate a NULL user in pam_get_user(3).
248
249 - ENHANCE: Various minor documentation improvements.
250
251Thanks to Dmitry V. Levin <ldv@altlinux.org> for considerable
252assistance with this release.
253============================================================================
254OpenPAM Digitalis						2003-06-01
255
256 - ENHANCE: Completely rewrite the configuration parser and add
257   support for the "include" control flag.
258
259 - ENHANCE: Improve portability to NetBSD, OpenBSD and Linux.
260
261 - ENHANCE: Lots of additional paranoia.
262
263 - BUGFIX: The sample su(1) application dropped privileges before
264   forking instead of after.
265
266 - ENHANCE: Document openpam_log(3).
267
268 - ENHANCE: Other minor documentation fixes.
269
270Thanks to Dmitry V. Levin <ldv@altlinux.org> for considerable
271assistance with this release.
272============================================================================
273OpenPAM Dianthus						2003-05-02
274
275 - BUGFIX: Initialize some potentially uninitialized variables.
276
277 - BUGFIX: Silence some warnings emitted by gcc -std=iso9899:1999.
278
279 - BUGFIX: In pam_getenv(), return a pointer to the stored variable
280   instead of a freshly allocated copy.
281
282 - ENHANCE: Detect recursion in openpam_borrow_cred()
283
284 - ENHANCE: Make borrowing one's own credentials a no-op.
285
286 - ENHANCE: Further improve debugging support.
287
288 - ENHANCE: Clean up some variable names.
289============================================================================
290OpenPAM Daffodil						2003-01-06
291
292 - ENHANCE: Document dependency on <sys/types.h> (for size_t)
293
294 - ENHANCE: Slightly improve error detection in openpam_ttyconv().
295
296 - BUGFIX: Fix several typos in debugging macros.
297============================================================================
298OpenPAM Cyclamen						2002-12-12
299
300 - ENHANCE: Improve recursion detection in openpam_dispatch().
301
302 - ENHANCE: Add debugging messages at entry and exit points of most
303   functions.
304
305 - ENHANCE: Fix some minor style issues.
306
307 - BUGFIX: Add default cases to the switches in openpam_log.c.
308
309 - ENHANCE: Add /usr/local/etc/pam.conf to policy search path.
310
311 - BUGFIX: In openpam_ttyconv(3), print the prompt to stdout rather
312   than stderr.
313============================================================================
314OpenPAM Citronella						2002-06-30
315
316 - ENHANCE: Add the "binding" control flag (from Solaris 9).
317
318 - ENHANCE: Define struct pam_repository and PAM_REPOSITORY (from
319   Solaris 9).
320
321 - ENHANCE: Flesh out the pam(3) man page.
322
323 - ENHANCE: Add an openpam(3) page with cross-references to all the
324   documented OpenPAM API extensions.
325
326 - ENHANCE: Add a pam_conv(3) man page describing the conversation
327   system.
328
329 - ENHANCE: Improved sample application.
330
331 - ENHANCE: Added sample pam_unix module.
332
333 - BUGFIX: Various documentation nits.
334============================================================================
335OpenPAM Cinquefoil						2002-05-24
336
337 - BUGFIX: Various warnings uncovered by gcc 3.1.
338
339 - ENHANCE: Add a null conversation function, openpam_nullconv(3).
340
341 - BUGFIX: Initialize the "other" chain to all zeroes.
342
343 - ENHANCE: Document openpam_ttyconv(3).
344============================================================================
345OpenPAM Cinnamon						2002-05-02
346
347 - ENHANCE: Add a null conversation function, openpam_nullconv().
348
349 - BUGFIX: Various markup bugs in the documentation.
350
351 - BUGFIX: Document <security/openpam.h>.
352
353 - BUGFIX: Duplicate expansion of openpam_log() macro arguments.
354
355 - ENHANCE: Restructure the policy-loading code and align our use of
356   the "other" policy with Solaris and Linux-PAM.
357
358 - ENHANCE: Log dlopen() and dlsym() failures.
359
360 - ENHANCE: In openpam_ttyconv(), emit a newline after error and info
361   messages unless the message contains one already.
362
363 - BUGFIX: In pam_vprompt(), initialize the response pointer to NULL
364   so we can detect whether the conversation function touched it.
365============================================================================
366OpenPAM Cineraria						2002-04-14
367
368 - BUGFIX: Fix confusion between token and prompt in
369   pam_get_authtok(3).
370
371 - ENHANCE: Improved documentation.
372
373 - ENHANCE: Adopt the same preprocessor tricks that were used in
374   FreeBSD's version of Linux-PAM to simplify static linking without
375   requiring dummy primitives.
376
377 - ENHANCE: Move the policy-loading code out of pam_start.c.
378
379 - BUGFIX: Fix typo in one of the versions of the openpam_log macro.
380
381 - ENHANCE: Add versioning macros.
382============================================================================
383OpenPAM Cinchona						2002-04-08
384
385 - ENHANCE: Improved documentation for several API functions.
386
387 - BUGFIX: Fix bug in pam_set_data() that would result in corruption
388   of the module data list.
389
390 - BUGFIX: Allocate the correct amount of memory for the environment
391   list in pam_putenv().
392
393 - ENHANCE: Change pam_get_authtok()'s prototype so the caller can
394   specify what token it wants.  Also introduce PAM_OLDAUTHTOK_PROMPT.
395
396 - BUGFIX: Plug memory leak in pam_get_user() / pam_get_authtok(), and
397   reduce differences between these very similar functions.
398
399 - ENHANCE: Check flags carefully in pam_authenticate() and
400   pam_chauthtok().
401
402 - BUGFIX: Fix bugs in portability code; libpam now builds on NetBSD.
403
404 - ENHANCE: In pam_get_authtok(), if PAM_OLDAUTHTOK is set, we're
405   asked for PAM_AUTHTOK, and we have to prompt the user, prompt her
406   twice and compare the responses.
407
408 - ENHANCE: Add openpam_{borrow,restore}_cred(), for temporarily
409   switching to user credentials.
410
411 - ENHANCE: Add openpam_free_data(), a generic cleanup function for
412   pam_set_data() consumers.
413============================================================================
414OpenPAM Centaury						2002-03-14
415
416 - BUGFIX: Add missing #include <string.h> to openpam_log.c.
417
418 - BUGFIX: s/PAM_REINITIALISE_CRED/PAM_REINITIALIZE_CRED/.  XSSO uses
419   the former, but Solaris and Linux-PAM use the latter.
420
421 - BUGFIX: The dynamic loader and the module cache contained a number
422   of bugs which would cause a segmentation fault if pam_start(3) was
423   called again after pam_end(3), as happens in login(1), xdm(1) etc.
424   after a failed login.
425
426 - BUGFIX: Refer to a module by the name used in the policy file, even
427   if the module that was actually loaded was versioned.
428
429 - ENHANCE: Suppress debugging logs, unless compiled with -DDEBUG.
430============================================================================
431OpenPAM Celandine						2002-03-05
432
433 - BUGFIX: PAM_TRY_AGAIN is a valid return value for pam_chauthtok().
434
435 - BUGFIX: Run passwd chain twice, first with the PAM_PRELIM_CHECK
436   flag set, then with the PAM_UPDATE_AUTHTOK flag set.
437
438 - BUGFIX: Failure of a "sufficient" module should not terminate the
439   passwd chain if the PAM_PRELIM_CHECK flag is set.
440
441 - BUGFIX: Clear PAM_AUTHTOK after running the service modules.
442
443 - ENHANCE: Prevent applications from specifying the PAM_PRELIM_CHECK
444   or PAM_UPDATE_AUTHTOK flags themselves.
445
446 - BUGFIX: openpam_set_option() did not support changing the value of
447   an existing option.
448
449 - ENHANCE: Add support for module versioning.  OpenPAM will prefer a
450   module with the same version number as the library itself to one
451   with no version number at all.
452============================================================================
453OpenPAM Cantaloupe						2002-02-22
454
455 - BUGFIX: The proper use of PAM_SYMBOL_ERR is to indicate an invalid
456   argument to pam_[gs]et_item(3), not to indicate dlsym(3) failures.
457
458 - ENHANCE: Add in-line documentation in most source files, and a Perl
459   script that generates mdoc code from that.
460
461 - BUGFIX: The environment list was not properly NULL-terminated.
462
463 - ENHANCE: Allow the PAM_AUTHTOK_PROMPT item to override the prompt
464   specified by the module.
465
466 - BUGFIX: PAM_NUM_ITEMS was set too low.  It has been moved to
467   pam_constants.h to avoid it going stale again.
468
469 - ENHANCE: Move all code related to static modules into a separate
470   file.
471
472 - ENHANCE: openpam_ttyconv() now masks most signals while prompting the
473   user, and supports setting a timeout (which defaults to off).
474
475 - BUGFIX: Some manual pages referenced XSSO even though they
476   documented OpenPAM-specific functions.
477
478 - ENHANCE: Added openpam_get_option() and openpam_set_option().
479
480 - ENHANCE: openpam_get_authtok() now respects the echo_pass,
481   try_first_pass, and use_first_pass options.
482============================================================================
483OpenPAM Caliopsis						2002-02-13
484
485Fixed a number of bugs in the previous release, including:
486  - a number of bugs in and related to pam_[gs]et_item(3)
487  - off-by-one bug in pam_start.c would trim last character off certain
488    configuration lines
489  - incorrect ordering of an array in openpam_load.c would cause service
490    module functions to get mixed up
491  - missing 'continue' in openpam_dispatch.c caused successes to be
492    counted as failures
493============================================================================
494OpenPAM Calamite						2002-02-09
495
496First (beta) release.
497