1OpenPAM Radula 2017-02-19 2 3 - BUGFIX: Fix an inverted test which prevented pam_get_authtok(3) and 4 pam_get_user(3) from using application-provided custom prompts. 5 6 - BUGFIX: Plug a memory leak in pam_set_item(3). 7 8 - BUGFIX: Plug a potential memory leak in openpam_readlinev(3). 9 10 - BUGFIX: In openpam_readword(3), support line continuations within 11 whitespace. 12 13 - ENHANCE: Add a feature flag to control fallback to "other" policy. 14 15 - ENHANCE: Add a pam_return(8) module which returns an arbitrary 16 code specified in the module options. 17 18 - ENHANCE: More and better unit tests. 19============================================================================ 20OpenPAM Ourouparia 2014-09-12 21 22 - ENHANCE: When executing a chain, require at least one service 23 function to succeed. This mitigates fail-open scenarios caused by 24 misconfigurations or missing modules. 25 26 - ENHANCE: Make sure to overwrite buffers which may have contained an 27 authentication token when they're no longer needed. 28 29 - BUGFIX: Under certain circumstances, specifying a non-existent 30 module (or misspelling the name of a module) in a policy could 31 result in a fail-open scenario. (CVE-2014-3879) 32 33 - FEATURE: Add a search path for modules. This was implemented in 34 Nummularia but inadvertently left out of the release notes. 35 36 - BUGFIX: The is_upper() predicate only accepted the letter A as an 37 upper-case character instead of the entire A-Z range. As a result, 38 service and module names containing upper-case letters other than A 39 would be rejected. 40============================================================================ 41OpenPAM Nummularia 2013-09-07 42 43 - ENHANCE: Rewrite the dynamic loader to improve readability and 44 reliability. Modules can now be listed without the ".so" suffix in 45 the policy file; OpenPAM will automatically add it, just like it 46 will automatically add the version number if required. 47 48 - ENHANCE: Allow openpam_straddch(3) to be called without a character 49 so it can be used to preallocate a string. 50 51 - ENHANCE: Improve portability by adding simple asprintf(3) and 52 vasprintf(3) implementations for platforms that don't have them. 53 54 - ENHANCE: Move the libpam sources into a separate subdirectory. 55 56 - ENHANCE: Substantial documentation improvements. 57 58 - BUGFIX: When openpam_readword(3) encountered an opening quote, it 59 would set the first byte in the buffer to '\0', discarding all 60 existing text and, unless the buffer was empty to begin with, all 61 subsequent text as well. This went unnoticed because none of the 62 unit tests for quoted strings had any text preceding the opening 63 quote. 64 65 - BUGFIX: make --with-modules-dir work the way it was meant to work 66 (but never did). 67============================================================================ 68OpenPAM Micrampelis 2012-05-26 69 70 - FEATURE: Add an openpam_readword(3) function which reads the next 71 word from an input stream, applying shell quoting and escaping 72 rules. Add numerous unit tests for openpam_readword(3). 73 74 - FEATURE: Add an openpam_readlinev(3) function which uses the 75 openpam_readword(3) function to read words from an input stream one 76 at a time until it reaches an unquoted, unescaped newline, and 77 returns an array of those words. Add several unit tests for 78 openpam_readlinev(3). 79 80 - FEATURE: Add a PAM_HOST item which pam_start(3) initializes to the 81 machine's hostname. This was implemented in Lycopsida but 82 inadvertantly left out of the release notes. 83 84 - FEATURE: In pam_get_authtok(3), if neither the application nor the 85 module have specified a prompt and PAM_HOST and PAM_RHOST are both 86 defined but not equal, use a different default prompt that includes 87 PAM_USER and PAM_HOST. 88 89 - ENHANCE: Rewrite the policy parser to used openpam_readlinev(), 90 which greatly simplifies the code. 91 92 - ENHANCE: The previous implementation of the policy parser relied on 93 the openpam_readline(3) function, which (by design) munges 94 whitespace and understands neither quotes nor backslash escapes. 95 As a result of the aforementioned rewrite, whitespace, quotes and 96 backslash escapes in policy files are now handled in a consistent 97 and predictable manner. 98 99 - ENHANCE: On platforms that have it, use fdlopen(3) to load modules. 100 This closes the race between the ownership / permission check and 101 the dlopen(3) call. 102 103 - ENHANCE: Reduce the amount of pointless error messages generated 104 while searching for a module. 105 106 - ENHANCE: Numerous documentation improvements, both in content and 107 formatting. 108 109 - BUGFIX: A patch incorporated in Lycopsida inadvertantly changed 110 OpenPAM's behavior when several policies exist for the same 111 service, from ignoring all but the first to concatenating them all. 112 Revert to the original behavior. 113 114 - BUGFIX: Plug a memory leak in the policy parser. 115============================================================================ 116OpenPAM Lycopsida 2011-12-18 117 118 - ENHANCE: removed static build autodetection, which didn't work 119 anyway. Use an explicit, user-specified preprocessor variable 120 instead. 121 122 - ENHANCE: cleaned up the documentation a bit. 123 124 - ENHANCE: added openpam_subst(3), allowing certain PAM items to be 125 embedded in strings such as prompts. Apply it to the prompts used 126 by pam_get_user(3) and pam_get_authtok(3). 127 128 - ENHANCE: added support for the user_prompt, authtok_prompt and 129 oldauthtok_prompt module options, which override the prompts passed 130 by the module to pam_set_user(3) and pam_get_authtok(3). 131 132 - ENHANCE: rewrote the policy parser to support quoted option values. 133 134 - ENHANCE: added pamtest(1), a tool for testing modules and policies. 135 136 - ENHANCE: added code to check the ownership and permissions of a 137 module before loading it. 138 139 - ENHANCE: added / improved input validation in many cases, including 140 the policy file and some function arguments. (CVE-2011-4122) 141============================================================================ 142OpenPAM Hydrangea 2007-12-21 143 144 - ENHANCE: when compiling with GCC, mark up API functions with GCC 145 attributes where appropriate. 146 147 - BUGFIX: fixed numerous warnings uncovered by GCC 4. 148 149 - ENHANCE: building the documentation is now optional. 150 151 - ENHANCE: corrected a number of mistakes and style issues in the 152 build system. 153 154 - ENHANCE: API function arguments are now const where appropriate, to 155 match corresponding changes in the Solaris PAM and Linux-PAM APIs. 156 157 - ENHANCE: corrected a number of C namespace violations. 158 159 - ENHANCE: the module cache has been removed, allowing long-lived 160 applications to pick up module changes. This also allows multiple 161 threads to use PAM simultaneously (as long as they use separate PAM 162 contexts), since the module cache was the only part of OpenPAM that 163 was not thread-safe. 164============================================================================ 165OpenPAM Figwort 2005-06-16 166 167 - BUGFIX: Correct several small signedness and initialization bugs 168 discovered during review by the NetBSD team. 169 170 - BUGFIX: Modify gendoc.pl to sort cross-references in dictionary 171 order within each section. 172 173 - ENHANCE: if a policy specifies a relative module path, prepend the 174 module directory so we never call dlopen(3) with a relative path. 175 176 - ENHANCE: add a pam.conf(5) manual page. 177============================================================================ 178OpenPAM Feterita 2005-02-01 179 180 - BUGFIX: Correct numerous markup errors, invalid cross-references, 181 and other issues in the manual pages, with kind assistance from 182 Ruslan Ermilov <ru@freebsd.org>. 183 184 - BUGFIX: Avoid multiple evaluation of macro arguments in ENTERX() 185 and RETURNX() macros. 186 187 - BUGFIX: Remove an unnecessary and non-portable pointer cast in 188 pam_get_data(3). 189 190 - BUGFIX: Fix identical typos in PAM_ACCT_EXPIRED case in 191 pam_strerror(3) and gendoc.pl. 192 193 - ENHANCE: Minor overhaul of the autoconf / build system. 194 195 - ENHANCE: Add openpam_free_envlist(3). 196============================================================================ 197OpenPAM Eelgrass 2004-02-10 198 199 - BUGFIX: Correct array handling bugs in conversation code. 200 201 - BUGFIX: In openpam_ttyconv(3), don't strip trailing linear 202 whitespace from the user's response. 203 204 - BUGFIX: Many constness issues addressed. 205============================================================================ 206OpenPAM Dogwood 2003-07-15 207 208 - ENHANCE: Use the GNU autotools. 209 210 - ENHANCE: Constify the msg field in struct pam_message. 211 212 - BUGFIX: Remove left-over debugging output 213 214 - BUGFIX: Avoid side effects in arguments to the FREE() macro 215 216 - ENHANCE: Make openpam_ttyconv(3) use read(2) rather than fgets(3). 217 218 - BUGFIX: Staticize some variables which shouldn't be global. 219 220 - BUGFIX: Correcly anticipate a NULL user in pam_get_user(3). 221 222 - ENHANCE: Various minor documentation improvements. 223 224Thanks to Dmitry V. Levin <ldv@altlinux.org> for considerable 225assistance with this release. 226============================================================================ 227OpenPAM Digitalis 2003-06-01 228 229 - ENHANCE: Completely rewrite the configuration parser and add 230 support for the "include" control flag. 231 232 - ENHANCE: Improve portability to NetBSD, OpenBSD and Linux. 233 234 - ENHANCE: Lots of additional paranoia. 235 236 - BUGFIX: The sample su(1) application dropped privileges before 237 forking instead of after. 238 239 - ENHANCE: Document openpam_log(3). 240 241 - ENHANCE: Other minor documentation fixes. 242 243Thanks to Dmitry V. Levin <ldv@altlinux.org> for considerable 244assistance with this release. 245============================================================================ 246OpenPAM Dianthus 2003-05-02 247 248 - BUGFIX: Initialize some potentially uninitialized variables. 249 250 - BUGFIX: Silence some warnings emitted by gcc -std=iso9899:1999. 251 252 - BUGFIX: In pam_getenv(), return a pointer to the stored variable 253 instead of a freshly allocated copy. 254 255 - ENHANCE: Detect recursion in openpam_borrow_cred() 256 257 - ENHANCE: Make borrowing one's own credentials a no-op. 258 259 - ENHANCE: Further improve debugging support. 260 261 - ENHANCE: Clean up some variable names. 262============================================================================ 263OpenPAM Daffodil 2003-01-06 264 265 - ENHANCE: Document dependency on <sys/types.h> (for size_t) 266 267 - ENHANCE: Slightly improve error detection in openpam_ttyconv(). 268 269 - BUGFIX: Fix several typos in debugging macros. 270============================================================================ 271OpenPAM Cyclamen 2002-12-12 272 273 - ENHANCE: Improve recursion detection in openpam_dispatch(). 274 275 - ENHANCE: Add debugging messages at entry and exit points of most 276 functions. 277 278 - ENHANCE: Fix some minor style issues. 279 280 - BUGFIX: Add default cases to the switches in openpam_log.c. 281 282 - ENHANCE: Add /usr/local/etc/pam.conf to policy search path. 283 284 - BUGFIX: In openpam_ttyconv(3), print the prompt to stdout rather 285 than stderr. 286============================================================================ 287OpenPAM Citronella 2002-06-30 288 289 - ENHANCE: Add the "binding" control flag (from Solaris 9). 290 291 - ENHANCE: Define struct pam_repository and PAM_REPOSITORY (from 292 Solaris 9). 293 294 - ENHANCE: Flesh out the pam(3) man page. 295 296 - ENHANCE: Add an openpam(3) page with cross-references to all the 297 documented OpenPAM API extensions. 298 299 - ENHANCE: Add a pam_conv(3) man page describing the conversation 300 system. 301 302 - ENHANCE: Improved sample application. 303 304 - ENHANCE: Added sample pam_unix module. 305 306 - BUGFIX: Various documentation nits. 307============================================================================ 308OpenPAM Cinquefoil 2002-05-24 309 310 - BUGFIX: Various warnings uncovered by gcc 3.1. 311 312 - ENHANCE: Add a null conversation function, openpam_nullconv(3). 313 314 - BUGFIX: Initialize the "other" chain to all zeroes. 315 316 - ENHANCE: Document openpam_ttyconv(3). 317============================================================================ 318OpenPAM Cinnamon 2002-05-02 319 320 - ENHANCE: Add a null conversation function, openpam_nullconv(). 321 322 - BUGFIX: Various markup bugs in the documentation. 323 324 - BUGFIX: Document <security/openpam.h>. 325 326 - BUGFIX: Duplicate expansion of openpam_log() macro arguments. 327 328 - ENHANCE: Restructure the policy-loading code and align our use of 329 the "other" policy with Solaris and Linux-PAM. 330 331 - ENHANCE: Log dlopen() and dlsym() failures. 332 333 - ENHANCE: In openpam_ttyconv(), emit a newline after error and info 334 messages unless the message contains one already. 335 336 - BUGFIX: In pam_vprompt(), initialize the response pointer to NULL 337 so we can detect whether the conversation function touched it. 338============================================================================ 339OpenPAM Cineraria 2002-04-14 340 341 - BUGFIX: Fix confusion between token and prompt in 342 pam_get_authtok(3). 343 344 - ENHANCE: Improved documentation. 345 346 - ENHANCE: Adopt the same preprocessor tricks that were used in 347 FreeBSD's version of Linux-PAM to simplify static linking without 348 requiring dummy primitives. 349 350 - ENHANCE: Move the policy-loading code out of pam_start.c. 351 352 - BUGFIX: Fix typo in one of the versions of the openpam_log macro. 353 354 - ENHANCE: Add versioning macros. 355============================================================================ 356OpenPAM Cinchona 2002-04-08 357 358 - ENHANCE: Improved documentation for several API functions. 359 360 - BUGFIX: Fix bug in pam_set_data() that would result in corruption 361 of the module data list. 362 363 - BUGFIX: Allocate the correct amount of memory for the environment 364 list in pam_putenv(). 365 366 - ENHANCE: Change pam_get_authtok()'s prototype so the caller can 367 specify what token it wants. Also introduce PAM_OLDAUTHTOK_PROMPT. 368 369 - BUGFIX: Plug memory leak in pam_get_user() / pam_get_authtok(), and 370 reduce differences between these very similar functions. 371 372 - ENHANCE: Check flags carefully in pam_authenticate() and 373 pam_chauthtok(). 374 375 - BUGFIX: Fix bugs in portability code; libpam now builds on NetBSD. 376 377 - ENHANCE: In pam_get_authtok(), if PAM_OLDAUTHTOK is set, we're 378 asked for PAM_AUTHTOK, and we have to prompt the user, prompt her 379 twice and compare the responses. 380 381 - ENHANCE: Add openpam_{borrow,restore}_cred(), for temporarily 382 switching to user credentials. 383 384 - ENHANCE: Add openpam_free_data(), a generic cleanup function for 385 pam_set_data() consumers. 386============================================================================ 387OpenPAM Centaury 2002-03-14 388 389 - BUGFIX: Add missing #include <string.h> to openpam_log.c. 390 391 - BUGFIX: s/PAM_REINITIALISE_CRED/PAM_REINITIALIZE_CRED/. XSSO uses 392 the former, but Solaris and Linux-PAM use the latter. 393 394 - BUGFIX: The dynamic loader and the module cache contained a number 395 of bugs which would cause a segmentation fault if pam_start(3) was 396 called again after pam_end(3), as happens in login(1), xdm(1) etc. 397 after a failed login. 398 399 - BUGFIX: Refer to a module by the name used in the policy file, even 400 if the module that was actually loaded was versioned. 401 402 - ENHANCE: Suppress debugging logs, unless compiled with -DDEBUG. 403============================================================================ 404OpenPAM Celandine 2002-03-05 405 406 - BUGFIX: PAM_TRY_AGAIN is a valid return value for pam_chauthtok(). 407 408 - BUGFIX: Run passwd chain twice, first with the PAM_PRELIM_CHECK 409 flag set, then with the PAM_UPDATE_AUTHTOK flag set. 410 411 - BUGFIX: Failure of a "sufficient" module should not terminate the 412 passwd chain if the PAM_PRELIM_CHECK flag is set. 413 414 - BUGFIX: Clear PAM_AUTHTOK after running the service modules. 415 416 - ENHANCE: Prevent applications from specifying the PAM_PRELIM_CHECK 417 or PAM_UPDATE_AUTHTOK flags themselves. 418 419 - BUGFIX: openpam_set_option() did not support changing the value of 420 an existing option. 421 422 - ENHANCE: Add support for module versioning. OpenPAM will prefer a 423 module with the same version number as the library itself to one 424 with no version number at all. 425============================================================================ 426OpenPAM Cantaloupe 2002-02-22 427 428 - BUGFIX: The proper use of PAM_SYMBOL_ERR is to indicate an invalid 429 argument to pam_[gs]et_item(3), not to indicate dlsym(3) failures. 430 431 - ENHANCE: Add in-line documentation in most source files, and a Perl 432 script that generates mdoc code from that. 433 434 - BUGFIX: The environment list was not properly NULL-terminated. 435 436 - ENHANCE: Allow the PAM_AUTHTOK_PROMPT item to override the prompt 437 specified by the module. 438 439 - BUGFIX: PAM_NUM_ITEMS was set too low. It has been moved to 440 pam_constants.h to avoid it going stale again. 441 442 - ENHANCE: Move all code related to static modules into a separate 443 file. 444 445 - ENHANCE: openpam_ttyconv() now masks most signals while prompting the 446 user, and supports setting a timeout (which defaults to off). 447 448 - BUGFIX: Some manual pages referenced XSSO even though they 449 documented OpenPAM-specific functions. 450 451 - ENHANCE: Added openpam_get_option() and openpam_set_option(). 452 453 - ENHANCE: openpam_get_authtok() now respects the echo_pass, 454 try_first_pass, and use_first_pass options. 455============================================================================ 456OpenPAM Caliopsis 2002-02-13 457 458Fixed a number of bugs in the previous release, including: 459 - a number of bugs in and related to pam_[gs]et_item(3) 460 - off-by-one bug in pam_start.c would trim last character off certain 461 configuration lines 462 - incorrect ordering of an array in openpam_load.c would cause service 463 module functions to get mixed up 464 - missing 'continue' in openpam_dispatch.c caused successes to be 465 counted as failures 466============================================================================ 467OpenPAM Calamite 2002-02-09 468 469First (beta) release. 470