xref: /freebsd/contrib/openpam/HISTORY (revision d93a896ef95946b0bf1219866fcb324b78543444)
1OpenPAM Resedacea						2017-04-30
2
3 - BUGFIX: Reinstore the NULL check in pam_end(3) which was removed in
4   OpenPAM Radula, as it breaks common error-handling constructs.
5
6 - BUGFIX: Return PAM_SYMBOL_ERR instead of PAM_SYSTEM_ERR from the
7   dispatcher when the required service function could not be found.
8
9 - ENHANCE: Introduce the PAM_BAD_HANDLE error code for when pamh is
10   NULL in API functions that have a NULL check.
11
12 - ENHANCE: Introduce the PAM_BAD_ITEM, PAM_BAD_FEATURE and
13   PAM_BAD_CONSTANT error codes for situations where we previously
14   incorrectly used PAM_SYMBOL_ERR to denote that an invalid constant
15   had been passed to an API function.
16
17 - ENHANCE: Improve the RETURN VALUES section in API man pages,
18   especially for functions that cannot fail, which were incorrectly
19   documented as returning -1 on failure.
20============================================================================
21OpenPAM Radula							2017-02-19
22
23 - BUGFIX: Fix an inverted test which prevented pam_get_authtok(3) and
24   pam_get_user(3) from using application-provided custom prompts.
25
26 - BUGFIX: Plug a memory leak in pam_set_item(3).
27
28 - BUGFIX: Plug a potential memory leak in openpam_readlinev(3).
29
30 - BUGFIX: In openpam_readword(3), support line continuations within
31   whitespace.
32
33 - ENHANCE: Add a feature flag to control fallback to "other" policy.
34
35 - ENHANCE: Add a pam_return(8) module which returns an arbitrary
36   code specified in the module options.
37
38 - ENHANCE: More and better unit tests.
39============================================================================
40OpenPAM Ourouparia						2014-09-12
41
42 - ENHANCE: When executing a chain, require at least one service
43   function to succeed.  This mitigates fail-open scenarios caused by
44   misconfigurations or missing modules.
45
46 - ENHANCE: Make sure to overwrite buffers which may have contained an
47   authentication token when they're no longer needed.
48
49 - BUGFIX: Under certain circumstances, specifying a non-existent
50   module (or misspelling the name of a module) in a policy could
51   result in a fail-open scenario.  (CVE-2014-3879)
52
53 - FEATURE: Add a search path for modules.  This was implemented in
54   Nummularia but inadvertently left out of the release notes.
55
56 - BUGFIX: The is_upper() predicate only accepted the letter A as an
57   upper-case character instead of the entire A-Z range.  As a result,
58   service and module names containing upper-case letters other than A
59   would be rejected.
60============================================================================
61OpenPAM Nummularia						2013-09-07
62
63 - ENHANCE: Rewrite the dynamic loader to improve readability and
64   reliability.  Modules can now be listed without the ".so" suffix in
65   the policy file; OpenPAM will automatically add it, just like it
66   will automatically add the version number if required.
67
68 - ENHANCE: Allow openpam_straddch(3) to be called without a character
69   so it can be used to preallocate a string.
70
71 - ENHANCE: Improve portability by adding simple asprintf(3) and
72   vasprintf(3) implementations for platforms that don't have them.
73
74 - ENHANCE: Move the libpam sources into a separate subdirectory.
75
76 - ENHANCE: Substantial documentation improvements.
77
78 - BUGFIX: When openpam_readword(3) encountered an opening quote, it
79   would set the first byte in the buffer to '\0', discarding all
80   existing text and, unless the buffer was empty to begin with, all
81   subsequent text as well.  This went unnoticed because none of the
82   unit tests for quoted strings had any text preceding the opening
83   quote.
84
85 - BUGFIX: make --with-modules-dir work the way it was meant to work
86   (but never did).
87============================================================================
88OpenPAM Micrampelis						2012-05-26
89
90 - FEATURE: Add an openpam_readword(3) function which reads the next
91   word from an input stream, applying shell quoting and escaping
92   rules.  Add numerous unit tests for openpam_readword(3).
93
94 - FEATURE: Add an openpam_readlinev(3) function which uses the
95   openpam_readword(3) function to read words from an input stream one
96   at a time until it reaches an unquoted, unescaped newline, and
97   returns an array of those words.  Add several unit tests for
98   openpam_readlinev(3).
99
100 - FEATURE: Add a PAM_HOST item which pam_start(3) initializes to the
101   machine's hostname.  This was implemented in Lycopsida but
102   inadvertantly left out of the release notes.
103
104 - FEATURE: In pam_get_authtok(3), if neither the application nor the
105   module have specified a prompt and PAM_HOST and PAM_RHOST are both
106   defined but not equal, use a different default prompt that includes
107   PAM_USER and PAM_HOST.
108
109 - ENHANCE: Rewrite the policy parser to used openpam_readlinev(),
110   which greatly simplifies the code.
111
112 - ENHANCE: The previous implementation of the policy parser relied on
113   the openpam_readline(3) function, which (by design) munges
114   whitespace and understands neither quotes nor backslash escapes.
115   As a result of the aforementioned rewrite, whitespace, quotes and
116   backslash escapes in policy files are now handled in a consistent
117   and predictable manner.
118
119 - ENHANCE: On platforms that have it, use fdlopen(3) to load modules.
120   This closes the race between the ownership / permission check and
121   the dlopen(3) call.
122
123 - ENHANCE: Reduce the amount of pointless error messages generated
124   while searching for a module.
125
126 - ENHANCE: Numerous documentation improvements, both in content and
127   formatting.
128
129 - BUGFIX: A patch incorporated in Lycopsida inadvertantly changed
130   OpenPAM's behavior when several policies exist for the same
131   service, from ignoring all but the first to concatenating them all.
132   Revert to the original behavior.
133
134 - BUGFIX: Plug a memory leak in the policy parser.
135============================================================================
136OpenPAM Lycopsida						2011-12-18
137
138 - ENHANCE: removed static build autodetection, which didn't work
139   anyway.  Use an explicit, user-specified preprocessor variable
140   instead.
141
142 - ENHANCE: cleaned up the documentation a bit.
143
144 - ENHANCE: added openpam_subst(3), allowing certain PAM items to be
145   embedded in strings such as prompts.  Apply it to the prompts used
146   by pam_get_user(3) and pam_get_authtok(3).
147
148 - ENHANCE: added support for the user_prompt, authtok_prompt and
149   oldauthtok_prompt module options, which override the prompts passed
150   by the module to pam_set_user(3) and pam_get_authtok(3).
151
152 - ENHANCE: rewrote the policy parser to support quoted option values.
153
154 - ENHANCE: added pamtest(1), a tool for testing modules and policies.
155
156 - ENHANCE: added code to check the ownership and permissions of a
157   module before loading it.
158
159 - ENHANCE: added / improved input validation in many cases, including
160   the policy file and some function arguments.  (CVE-2011-4122)
161============================================================================
162OpenPAM Hydrangea						2007-12-21
163
164 - ENHANCE: when compiling with GCC, mark up API functions with GCC
165   attributes where appropriate.
166
167 - BUGFIX: fixed numerous warnings uncovered by GCC 4.
168
169 - ENHANCE: building the documentation is now optional.
170
171 - ENHANCE: corrected a number of mistakes and style issues in the
172   build system.
173
174 - ENHANCE: API function arguments are now const where appropriate, to
175   match corresponding changes in the Solaris PAM and Linux-PAM APIs.
176
177 - ENHANCE: corrected a number of C namespace violations.
178
179 - ENHANCE: the module cache has been removed, allowing long-lived
180   applications to pick up module changes.  This also allows multiple
181   threads to use PAM simultaneously (as long as they use separate PAM
182   contexts), since the module cache was the only part of OpenPAM that
183   was not thread-safe.
184============================================================================
185OpenPAM Figwort							2005-06-16
186
187 - BUGFIX: Correct several small signedness and initialization bugs
188   discovered during review by the NetBSD team.
189
190 - BUGFIX: Modify gendoc.pl to sort cross-references in dictionary
191   order within each section.
192
193 - ENHANCE: if a policy specifies a relative module path, prepend the
194   module directory so we never call dlopen(3) with a relative path.
195
196 - ENHANCE: add a pam.conf(5) manual page.
197============================================================================
198OpenPAM Feterita						2005-02-01
199
200 - BUGFIX: Correct numerous markup errors, invalid cross-references,
201   and other issues in the manual pages, with kind assistance from
202   Ruslan Ermilov <ru@freebsd.org>.
203
204 - BUGFIX: Avoid multiple evaluation of macro arguments in ENTERX()
205   and RETURNX() macros.
206
207 - BUGFIX: Remove an unnecessary and non-portable pointer cast in
208   pam_get_data(3).
209
210 - BUGFIX: Fix identical typos in PAM_ACCT_EXPIRED case in
211   pam_strerror(3) and gendoc.pl.
212
213 - ENHANCE: Minor overhaul of the autoconf / build system.
214
215 - ENHANCE: Add openpam_free_envlist(3).
216============================================================================
217OpenPAM Eelgrass						2004-02-10
218
219 - BUGFIX: Correct array handling bugs in conversation code.
220
221 - BUGFIX: In openpam_ttyconv(3), don't strip trailing linear
222   whitespace from the user's response.
223
224 - BUGFIX: Many constness issues addressed.
225============================================================================
226OpenPAM Dogwood							2003-07-15
227
228 - ENHANCE: Use the GNU autotools.
229
230 - ENHANCE: Constify the msg field in struct pam_message.
231
232 - BUGFIX: Remove left-over debugging output
233
234 - BUGFIX: Avoid side effects in arguments to the FREE() macro
235
236 - ENHANCE: Make openpam_ttyconv(3) use read(2) rather than fgets(3).
237
238 - BUGFIX: Staticize some variables which shouldn't be global.
239
240 - BUGFIX: Correcly anticipate a NULL user in pam_get_user(3).
241
242 - ENHANCE: Various minor documentation improvements.
243
244Thanks to Dmitry V. Levin <ldv@altlinux.org> for considerable
245assistance with this release.
246============================================================================
247OpenPAM Digitalis						2003-06-01
248
249 - ENHANCE: Completely rewrite the configuration parser and add
250   support for the "include" control flag.
251
252 - ENHANCE: Improve portability to NetBSD, OpenBSD and Linux.
253
254 - ENHANCE: Lots of additional paranoia.
255
256 - BUGFIX: The sample su(1) application dropped privileges before
257   forking instead of after.
258
259 - ENHANCE: Document openpam_log(3).
260
261 - ENHANCE: Other minor documentation fixes.
262
263Thanks to Dmitry V. Levin <ldv@altlinux.org> for considerable
264assistance with this release.
265============================================================================
266OpenPAM Dianthus						2003-05-02
267
268 - BUGFIX: Initialize some potentially uninitialized variables.
269
270 - BUGFIX: Silence some warnings emitted by gcc -std=iso9899:1999.
271
272 - BUGFIX: In pam_getenv(), return a pointer to the stored variable
273   instead of a freshly allocated copy.
274
275 - ENHANCE: Detect recursion in openpam_borrow_cred()
276
277 - ENHANCE: Make borrowing one's own credentials a no-op.
278
279 - ENHANCE: Further improve debugging support.
280
281 - ENHANCE: Clean up some variable names.
282============================================================================
283OpenPAM Daffodil						2003-01-06
284
285 - ENHANCE: Document dependency on <sys/types.h> (for size_t)
286
287 - ENHANCE: Slightly improve error detection in openpam_ttyconv().
288
289 - BUGFIX: Fix several typos in debugging macros.
290============================================================================
291OpenPAM Cyclamen						2002-12-12
292
293 - ENHANCE: Improve recursion detection in openpam_dispatch().
294
295 - ENHANCE: Add debugging messages at entry and exit points of most
296   functions.
297
298 - ENHANCE: Fix some minor style issues.
299
300 - BUGFIX: Add default cases to the switches in openpam_log.c.
301
302 - ENHANCE: Add /usr/local/etc/pam.conf to policy search path.
303
304 - BUGFIX: In openpam_ttyconv(3), print the prompt to stdout rather
305   than stderr.
306============================================================================
307OpenPAM Citronella						2002-06-30
308
309 - ENHANCE: Add the "binding" control flag (from Solaris 9).
310
311 - ENHANCE: Define struct pam_repository and PAM_REPOSITORY (from
312   Solaris 9).
313
314 - ENHANCE: Flesh out the pam(3) man page.
315
316 - ENHANCE: Add an openpam(3) page with cross-references to all the
317   documented OpenPAM API extensions.
318
319 - ENHANCE: Add a pam_conv(3) man page describing the conversation
320   system.
321
322 - ENHANCE: Improved sample application.
323
324 - ENHANCE: Added sample pam_unix module.
325
326 - BUGFIX: Various documentation nits.
327============================================================================
328OpenPAM Cinquefoil						2002-05-24
329
330 - BUGFIX: Various warnings uncovered by gcc 3.1.
331
332 - ENHANCE: Add a null conversation function, openpam_nullconv(3).
333
334 - BUGFIX: Initialize the "other" chain to all zeroes.
335
336 - ENHANCE: Document openpam_ttyconv(3).
337============================================================================
338OpenPAM Cinnamon						2002-05-02
339
340 - ENHANCE: Add a null conversation function, openpam_nullconv().
341
342 - BUGFIX: Various markup bugs in the documentation.
343
344 - BUGFIX: Document <security/openpam.h>.
345
346 - BUGFIX: Duplicate expansion of openpam_log() macro arguments.
347
348 - ENHANCE: Restructure the policy-loading code and align our use of
349   the "other" policy with Solaris and Linux-PAM.
350
351 - ENHANCE: Log dlopen() and dlsym() failures.
352
353 - ENHANCE: In openpam_ttyconv(), emit a newline after error and info
354   messages unless the message contains one already.
355
356 - BUGFIX: In pam_vprompt(), initialize the response pointer to NULL
357   so we can detect whether the conversation function touched it.
358============================================================================
359OpenPAM Cineraria						2002-04-14
360
361 - BUGFIX: Fix confusion between token and prompt in
362   pam_get_authtok(3).
363
364 - ENHANCE: Improved documentation.
365
366 - ENHANCE: Adopt the same preprocessor tricks that were used in
367   FreeBSD's version of Linux-PAM to simplify static linking without
368   requiring dummy primitives.
369
370 - ENHANCE: Move the policy-loading code out of pam_start.c.
371
372 - BUGFIX: Fix typo in one of the versions of the openpam_log macro.
373
374 - ENHANCE: Add versioning macros.
375============================================================================
376OpenPAM Cinchona						2002-04-08
377
378 - ENHANCE: Improved documentation for several API functions.
379
380 - BUGFIX: Fix bug in pam_set_data() that would result in corruption
381   of the module data list.
382
383 - BUGFIX: Allocate the correct amount of memory for the environment
384   list in pam_putenv().
385
386 - ENHANCE: Change pam_get_authtok()'s prototype so the caller can
387   specify what token it wants.  Also introduce PAM_OLDAUTHTOK_PROMPT.
388
389 - BUGFIX: Plug memory leak in pam_get_user() / pam_get_authtok(), and
390   reduce differences between these very similar functions.
391
392 - ENHANCE: Check flags carefully in pam_authenticate() and
393   pam_chauthtok().
394
395 - BUGFIX: Fix bugs in portability code; libpam now builds on NetBSD.
396
397 - ENHANCE: In pam_get_authtok(), if PAM_OLDAUTHTOK is set, we're
398   asked for PAM_AUTHTOK, and we have to prompt the user, prompt her
399   twice and compare the responses.
400
401 - ENHANCE: Add openpam_{borrow,restore}_cred(), for temporarily
402   switching to user credentials.
403
404 - ENHANCE: Add openpam_free_data(), a generic cleanup function for
405   pam_set_data() consumers.
406============================================================================
407OpenPAM Centaury						2002-03-14
408
409 - BUGFIX: Add missing #include <string.h> to openpam_log.c.
410
411 - BUGFIX: s/PAM_REINITIALISE_CRED/PAM_REINITIALIZE_CRED/.  XSSO uses
412   the former, but Solaris and Linux-PAM use the latter.
413
414 - BUGFIX: The dynamic loader and the module cache contained a number
415   of bugs which would cause a segmentation fault if pam_start(3) was
416   called again after pam_end(3), as happens in login(1), xdm(1) etc.
417   after a failed login.
418
419 - BUGFIX: Refer to a module by the name used in the policy file, even
420   if the module that was actually loaded was versioned.
421
422 - ENHANCE: Suppress debugging logs, unless compiled with -DDEBUG.
423============================================================================
424OpenPAM Celandine						2002-03-05
425
426 - BUGFIX: PAM_TRY_AGAIN is a valid return value for pam_chauthtok().
427
428 - BUGFIX: Run passwd chain twice, first with the PAM_PRELIM_CHECK
429   flag set, then with the PAM_UPDATE_AUTHTOK flag set.
430
431 - BUGFIX: Failure of a "sufficient" module should not terminate the
432   passwd chain if the PAM_PRELIM_CHECK flag is set.
433
434 - BUGFIX: Clear PAM_AUTHTOK after running the service modules.
435
436 - ENHANCE: Prevent applications from specifying the PAM_PRELIM_CHECK
437   or PAM_UPDATE_AUTHTOK flags themselves.
438
439 - BUGFIX: openpam_set_option() did not support changing the value of
440   an existing option.
441
442 - ENHANCE: Add support for module versioning.  OpenPAM will prefer a
443   module with the same version number as the library itself to one
444   with no version number at all.
445============================================================================
446OpenPAM Cantaloupe						2002-02-22
447
448 - BUGFIX: The proper use of PAM_SYMBOL_ERR is to indicate an invalid
449   argument to pam_[gs]et_item(3), not to indicate dlsym(3) failures.
450
451 - ENHANCE: Add in-line documentation in most source files, and a Perl
452   script that generates mdoc code from that.
453
454 - BUGFIX: The environment list was not properly NULL-terminated.
455
456 - ENHANCE: Allow the PAM_AUTHTOK_PROMPT item to override the prompt
457   specified by the module.
458
459 - BUGFIX: PAM_NUM_ITEMS was set too low.  It has been moved to
460   pam_constants.h to avoid it going stale again.
461
462 - ENHANCE: Move all code related to static modules into a separate
463   file.
464
465 - ENHANCE: openpam_ttyconv() now masks most signals while prompting the
466   user, and supports setting a timeout (which defaults to off).
467
468 - BUGFIX: Some manual pages referenced XSSO even though they
469   documented OpenPAM-specific functions.
470
471 - ENHANCE: Added openpam_get_option() and openpam_set_option().
472
473 - ENHANCE: openpam_get_authtok() now respects the echo_pass,
474   try_first_pass, and use_first_pass options.
475============================================================================
476OpenPAM Caliopsis						2002-02-13
477
478Fixed a number of bugs in the previous release, including:
479  - a number of bugs in and related to pam_[gs]et_item(3)
480  - off-by-one bug in pam_start.c would trim last character off certain
481    configuration lines
482  - incorrect ordering of an array in openpam_load.c would cause service
483    module functions to get mixed up
484  - missing 'continue' in openpam_dispatch.c caused successes to be
485    counted as failures
486============================================================================
487OpenPAM Calamite						2002-02-09
488
489First (beta) release.
490