1OpenPAM Resedacea 2017-04-30 2 3 - BUGFIX: Reinstore the NULL check in pam_end(3) which was removed in 4 OpenPAM Radula, as it breaks common error-handling constructs. 5 6 - BUGFIX: Return PAM_SYMBOL_ERR instead of PAM_SYSTEM_ERR from the 7 dispatcher when the required service function could not be found. 8 9 - ENHANCE: Introduce the PAM_BAD_HANDLE error code for when pamh is 10 NULL in API functions that have a NULL check. 11 12 - ENHANCE: Introduce the PAM_BAD_ITEM, PAM_BAD_FEATURE and 13 PAM_BAD_CONSTANT error codes for situations where we previously 14 incorrectly used PAM_SYMBOL_ERR to denote that an invalid constant 15 had been passed to an API function. 16 17 - ENHANCE: Improve the RETURN VALUES section in API man pages, 18 especially for functions that cannot fail, which were incorrectly 19 documented as returning -1 on failure. 20============================================================================ 21OpenPAM Radula 2017-02-19 22 23 - BUGFIX: Fix an inverted test which prevented pam_get_authtok(3) and 24 pam_get_user(3) from using application-provided custom prompts. 25 26 - BUGFIX: Plug a memory leak in pam_set_item(3). 27 28 - BUGFIX: Plug a potential memory leak in openpam_readlinev(3). 29 30 - BUGFIX: In openpam_readword(3), support line continuations within 31 whitespace. 32 33 - ENHANCE: Add a feature flag to control fallback to "other" policy. 34 35 - ENHANCE: Add a pam_return(8) module which returns an arbitrary 36 code specified in the module options. 37 38 - ENHANCE: More and better unit tests. 39============================================================================ 40OpenPAM Ourouparia 2014-09-12 41 42 - ENHANCE: When executing a chain, require at least one service 43 function to succeed. This mitigates fail-open scenarios caused by 44 misconfigurations or missing modules. 45 46 - ENHANCE: Make sure to overwrite buffers which may have contained an 47 authentication token when they're no longer needed. 48 49 - BUGFIX: Under certain circumstances, specifying a non-existent 50 module (or misspelling the name of a module) in a policy could 51 result in a fail-open scenario. (CVE-2014-3879) 52 53 - FEATURE: Add a search path for modules. This was implemented in 54 Nummularia but inadvertently left out of the release notes. 55 56 - BUGFIX: The is_upper() predicate only accepted the letter A as an 57 upper-case character instead of the entire A-Z range. As a result, 58 service and module names containing upper-case letters other than A 59 would be rejected. 60============================================================================ 61OpenPAM Nummularia 2013-09-07 62 63 - ENHANCE: Rewrite the dynamic loader to improve readability and 64 reliability. Modules can now be listed without the ".so" suffix in 65 the policy file; OpenPAM will automatically add it, just like it 66 will automatically add the version number if required. 67 68 - ENHANCE: Allow openpam_straddch(3) to be called without a character 69 so it can be used to preallocate a string. 70 71 - ENHANCE: Improve portability by adding simple asprintf(3) and 72 vasprintf(3) implementations for platforms that don't have them. 73 74 - ENHANCE: Move the libpam sources into a separate subdirectory. 75 76 - ENHANCE: Substantial documentation improvements. 77 78 - BUGFIX: When openpam_readword(3) encountered an opening quote, it 79 would set the first byte in the buffer to '\0', discarding all 80 existing text and, unless the buffer was empty to begin with, all 81 subsequent text as well. This went unnoticed because none of the 82 unit tests for quoted strings had any text preceding the opening 83 quote. 84 85 - BUGFIX: make --with-modules-dir work the way it was meant to work 86 (but never did). 87============================================================================ 88OpenPAM Micrampelis 2012-05-26 89 90 - FEATURE: Add an openpam_readword(3) function which reads the next 91 word from an input stream, applying shell quoting and escaping 92 rules. Add numerous unit tests for openpam_readword(3). 93 94 - FEATURE: Add an openpam_readlinev(3) function which uses the 95 openpam_readword(3) function to read words from an input stream one 96 at a time until it reaches an unquoted, unescaped newline, and 97 returns an array of those words. Add several unit tests for 98 openpam_readlinev(3). 99 100 - FEATURE: Add a PAM_HOST item which pam_start(3) initializes to the 101 machine's hostname. This was implemented in Lycopsida but 102 inadvertantly left out of the release notes. 103 104 - FEATURE: In pam_get_authtok(3), if neither the application nor the 105 module have specified a prompt and PAM_HOST and PAM_RHOST are both 106 defined but not equal, use a different default prompt that includes 107 PAM_USER and PAM_HOST. 108 109 - ENHANCE: Rewrite the policy parser to used openpam_readlinev(), 110 which greatly simplifies the code. 111 112 - ENHANCE: The previous implementation of the policy parser relied on 113 the openpam_readline(3) function, which (by design) munges 114 whitespace and understands neither quotes nor backslash escapes. 115 As a result of the aforementioned rewrite, whitespace, quotes and 116 backslash escapes in policy files are now handled in a consistent 117 and predictable manner. 118 119 - ENHANCE: On platforms that have it, use fdlopen(3) to load modules. 120 This closes the race between the ownership / permission check and 121 the dlopen(3) call. 122 123 - ENHANCE: Reduce the amount of pointless error messages generated 124 while searching for a module. 125 126 - ENHANCE: Numerous documentation improvements, both in content and 127 formatting. 128 129 - BUGFIX: A patch incorporated in Lycopsida inadvertantly changed 130 OpenPAM's behavior when several policies exist for the same 131 service, from ignoring all but the first to concatenating them all. 132 Revert to the original behavior. 133 134 - BUGFIX: Plug a memory leak in the policy parser. 135============================================================================ 136OpenPAM Lycopsida 2011-12-18 137 138 - ENHANCE: removed static build autodetection, which didn't work 139 anyway. Use an explicit, user-specified preprocessor variable 140 instead. 141 142 - ENHANCE: cleaned up the documentation a bit. 143 144 - ENHANCE: added openpam_subst(3), allowing certain PAM items to be 145 embedded in strings such as prompts. Apply it to the prompts used 146 by pam_get_user(3) and pam_get_authtok(3). 147 148 - ENHANCE: added support for the user_prompt, authtok_prompt and 149 oldauthtok_prompt module options, which override the prompts passed 150 by the module to pam_set_user(3) and pam_get_authtok(3). 151 152 - ENHANCE: rewrote the policy parser to support quoted option values. 153 154 - ENHANCE: added pamtest(1), a tool for testing modules and policies. 155 156 - ENHANCE: added code to check the ownership and permissions of a 157 module before loading it. 158 159 - ENHANCE: added / improved input validation in many cases, including 160 the policy file and some function arguments. (CVE-2011-4122) 161============================================================================ 162OpenPAM Hydrangea 2007-12-21 163 164 - ENHANCE: when compiling with GCC, mark up API functions with GCC 165 attributes where appropriate. 166 167 - BUGFIX: fixed numerous warnings uncovered by GCC 4. 168 169 - ENHANCE: building the documentation is now optional. 170 171 - ENHANCE: corrected a number of mistakes and style issues in the 172 build system. 173 174 - ENHANCE: API function arguments are now const where appropriate, to 175 match corresponding changes in the Solaris PAM and Linux-PAM APIs. 176 177 - ENHANCE: corrected a number of C namespace violations. 178 179 - ENHANCE: the module cache has been removed, allowing long-lived 180 applications to pick up module changes. This also allows multiple 181 threads to use PAM simultaneously (as long as they use separate PAM 182 contexts), since the module cache was the only part of OpenPAM that 183 was not thread-safe. 184============================================================================ 185OpenPAM Figwort 2005-06-16 186 187 - BUGFIX: Correct several small signedness and initialization bugs 188 discovered during review by the NetBSD team. 189 190 - BUGFIX: Modify gendoc.pl to sort cross-references in dictionary 191 order within each section. 192 193 - ENHANCE: if a policy specifies a relative module path, prepend the 194 module directory so we never call dlopen(3) with a relative path. 195 196 - ENHANCE: add a pam.conf(5) manual page. 197============================================================================ 198OpenPAM Feterita 2005-02-01 199 200 - BUGFIX: Correct numerous markup errors, invalid cross-references, 201 and other issues in the manual pages, with kind assistance from 202 Ruslan Ermilov <ru@freebsd.org>. 203 204 - BUGFIX: Avoid multiple evaluation of macro arguments in ENTERX() 205 and RETURNX() macros. 206 207 - BUGFIX: Remove an unnecessary and non-portable pointer cast in 208 pam_get_data(3). 209 210 - BUGFIX: Fix identical typos in PAM_ACCT_EXPIRED case in 211 pam_strerror(3) and gendoc.pl. 212 213 - ENHANCE: Minor overhaul of the autoconf / build system. 214 215 - ENHANCE: Add openpam_free_envlist(3). 216============================================================================ 217OpenPAM Eelgrass 2004-02-10 218 219 - BUGFIX: Correct array handling bugs in conversation code. 220 221 - BUGFIX: In openpam_ttyconv(3), don't strip trailing linear 222 whitespace from the user's response. 223 224 - BUGFIX: Many constness issues addressed. 225============================================================================ 226OpenPAM Dogwood 2003-07-15 227 228 - ENHANCE: Use the GNU autotools. 229 230 - ENHANCE: Constify the msg field in struct pam_message. 231 232 - BUGFIX: Remove left-over debugging output 233 234 - BUGFIX: Avoid side effects in arguments to the FREE() macro 235 236 - ENHANCE: Make openpam_ttyconv(3) use read(2) rather than fgets(3). 237 238 - BUGFIX: Staticize some variables which shouldn't be global. 239 240 - BUGFIX: Correcly anticipate a NULL user in pam_get_user(3). 241 242 - ENHANCE: Various minor documentation improvements. 243 244Thanks to Dmitry V. Levin <ldv@altlinux.org> for considerable 245assistance with this release. 246============================================================================ 247OpenPAM Digitalis 2003-06-01 248 249 - ENHANCE: Completely rewrite the configuration parser and add 250 support for the "include" control flag. 251 252 - ENHANCE: Improve portability to NetBSD, OpenBSD and Linux. 253 254 - ENHANCE: Lots of additional paranoia. 255 256 - BUGFIX: The sample su(1) application dropped privileges before 257 forking instead of after. 258 259 - ENHANCE: Document openpam_log(3). 260 261 - ENHANCE: Other minor documentation fixes. 262 263Thanks to Dmitry V. Levin <ldv@altlinux.org> for considerable 264assistance with this release. 265============================================================================ 266OpenPAM Dianthus 2003-05-02 267 268 - BUGFIX: Initialize some potentially uninitialized variables. 269 270 - BUGFIX: Silence some warnings emitted by gcc -std=iso9899:1999. 271 272 - BUGFIX: In pam_getenv(), return a pointer to the stored variable 273 instead of a freshly allocated copy. 274 275 - ENHANCE: Detect recursion in openpam_borrow_cred() 276 277 - ENHANCE: Make borrowing one's own credentials a no-op. 278 279 - ENHANCE: Further improve debugging support. 280 281 - ENHANCE: Clean up some variable names. 282============================================================================ 283OpenPAM Daffodil 2003-01-06 284 285 - ENHANCE: Document dependency on <sys/types.h> (for size_t) 286 287 - ENHANCE: Slightly improve error detection in openpam_ttyconv(). 288 289 - BUGFIX: Fix several typos in debugging macros. 290============================================================================ 291OpenPAM Cyclamen 2002-12-12 292 293 - ENHANCE: Improve recursion detection in openpam_dispatch(). 294 295 - ENHANCE: Add debugging messages at entry and exit points of most 296 functions. 297 298 - ENHANCE: Fix some minor style issues. 299 300 - BUGFIX: Add default cases to the switches in openpam_log.c. 301 302 - ENHANCE: Add /usr/local/etc/pam.conf to policy search path. 303 304 - BUGFIX: In openpam_ttyconv(3), print the prompt to stdout rather 305 than stderr. 306============================================================================ 307OpenPAM Citronella 2002-06-30 308 309 - ENHANCE: Add the "binding" control flag (from Solaris 9). 310 311 - ENHANCE: Define struct pam_repository and PAM_REPOSITORY (from 312 Solaris 9). 313 314 - ENHANCE: Flesh out the pam(3) man page. 315 316 - ENHANCE: Add an openpam(3) page with cross-references to all the 317 documented OpenPAM API extensions. 318 319 - ENHANCE: Add a pam_conv(3) man page describing the conversation 320 system. 321 322 - ENHANCE: Improved sample application. 323 324 - ENHANCE: Added sample pam_unix module. 325 326 - BUGFIX: Various documentation nits. 327============================================================================ 328OpenPAM Cinquefoil 2002-05-24 329 330 - BUGFIX: Various warnings uncovered by gcc 3.1. 331 332 - ENHANCE: Add a null conversation function, openpam_nullconv(3). 333 334 - BUGFIX: Initialize the "other" chain to all zeroes. 335 336 - ENHANCE: Document openpam_ttyconv(3). 337============================================================================ 338OpenPAM Cinnamon 2002-05-02 339 340 - ENHANCE: Add a null conversation function, openpam_nullconv(). 341 342 - BUGFIX: Various markup bugs in the documentation. 343 344 - BUGFIX: Document <security/openpam.h>. 345 346 - BUGFIX: Duplicate expansion of openpam_log() macro arguments. 347 348 - ENHANCE: Restructure the policy-loading code and align our use of 349 the "other" policy with Solaris and Linux-PAM. 350 351 - ENHANCE: Log dlopen() and dlsym() failures. 352 353 - ENHANCE: In openpam_ttyconv(), emit a newline after error and info 354 messages unless the message contains one already. 355 356 - BUGFIX: In pam_vprompt(), initialize the response pointer to NULL 357 so we can detect whether the conversation function touched it. 358============================================================================ 359OpenPAM Cineraria 2002-04-14 360 361 - BUGFIX: Fix confusion between token and prompt in 362 pam_get_authtok(3). 363 364 - ENHANCE: Improved documentation. 365 366 - ENHANCE: Adopt the same preprocessor tricks that were used in 367 FreeBSD's version of Linux-PAM to simplify static linking without 368 requiring dummy primitives. 369 370 - ENHANCE: Move the policy-loading code out of pam_start.c. 371 372 - BUGFIX: Fix typo in one of the versions of the openpam_log macro. 373 374 - ENHANCE: Add versioning macros. 375============================================================================ 376OpenPAM Cinchona 2002-04-08 377 378 - ENHANCE: Improved documentation for several API functions. 379 380 - BUGFIX: Fix bug in pam_set_data() that would result in corruption 381 of the module data list. 382 383 - BUGFIX: Allocate the correct amount of memory for the environment 384 list in pam_putenv(). 385 386 - ENHANCE: Change pam_get_authtok()'s prototype so the caller can 387 specify what token it wants. Also introduce PAM_OLDAUTHTOK_PROMPT. 388 389 - BUGFIX: Plug memory leak in pam_get_user() / pam_get_authtok(), and 390 reduce differences between these very similar functions. 391 392 - ENHANCE: Check flags carefully in pam_authenticate() and 393 pam_chauthtok(). 394 395 - BUGFIX: Fix bugs in portability code; libpam now builds on NetBSD. 396 397 - ENHANCE: In pam_get_authtok(), if PAM_OLDAUTHTOK is set, we're 398 asked for PAM_AUTHTOK, and we have to prompt the user, prompt her 399 twice and compare the responses. 400 401 - ENHANCE: Add openpam_{borrow,restore}_cred(), for temporarily 402 switching to user credentials. 403 404 - ENHANCE: Add openpam_free_data(), a generic cleanup function for 405 pam_set_data() consumers. 406============================================================================ 407OpenPAM Centaury 2002-03-14 408 409 - BUGFIX: Add missing #include <string.h> to openpam_log.c. 410 411 - BUGFIX: s/PAM_REINITIALISE_CRED/PAM_REINITIALIZE_CRED/. XSSO uses 412 the former, but Solaris and Linux-PAM use the latter. 413 414 - BUGFIX: The dynamic loader and the module cache contained a number 415 of bugs which would cause a segmentation fault if pam_start(3) was 416 called again after pam_end(3), as happens in login(1), xdm(1) etc. 417 after a failed login. 418 419 - BUGFIX: Refer to a module by the name used in the policy file, even 420 if the module that was actually loaded was versioned. 421 422 - ENHANCE: Suppress debugging logs, unless compiled with -DDEBUG. 423============================================================================ 424OpenPAM Celandine 2002-03-05 425 426 - BUGFIX: PAM_TRY_AGAIN is a valid return value for pam_chauthtok(). 427 428 - BUGFIX: Run passwd chain twice, first with the PAM_PRELIM_CHECK 429 flag set, then with the PAM_UPDATE_AUTHTOK flag set. 430 431 - BUGFIX: Failure of a "sufficient" module should not terminate the 432 passwd chain if the PAM_PRELIM_CHECK flag is set. 433 434 - BUGFIX: Clear PAM_AUTHTOK after running the service modules. 435 436 - ENHANCE: Prevent applications from specifying the PAM_PRELIM_CHECK 437 or PAM_UPDATE_AUTHTOK flags themselves. 438 439 - BUGFIX: openpam_set_option() did not support changing the value of 440 an existing option. 441 442 - ENHANCE: Add support for module versioning. OpenPAM will prefer a 443 module with the same version number as the library itself to one 444 with no version number at all. 445============================================================================ 446OpenPAM Cantaloupe 2002-02-22 447 448 - BUGFIX: The proper use of PAM_SYMBOL_ERR is to indicate an invalid 449 argument to pam_[gs]et_item(3), not to indicate dlsym(3) failures. 450 451 - ENHANCE: Add in-line documentation in most source files, and a Perl 452 script that generates mdoc code from that. 453 454 - BUGFIX: The environment list was not properly NULL-terminated. 455 456 - ENHANCE: Allow the PAM_AUTHTOK_PROMPT item to override the prompt 457 specified by the module. 458 459 - BUGFIX: PAM_NUM_ITEMS was set too low. It has been moved to 460 pam_constants.h to avoid it going stale again. 461 462 - ENHANCE: Move all code related to static modules into a separate 463 file. 464 465 - ENHANCE: openpam_ttyconv() now masks most signals while prompting the 466 user, and supports setting a timeout (which defaults to off). 467 468 - BUGFIX: Some manual pages referenced XSSO even though they 469 documented OpenPAM-specific functions. 470 471 - ENHANCE: Added openpam_get_option() and openpam_set_option(). 472 473 - ENHANCE: openpam_get_authtok() now respects the echo_pass, 474 try_first_pass, and use_first_pass options. 475============================================================================ 476OpenPAM Caliopsis 2002-02-13 477 478Fixed a number of bugs in the previous release, including: 479 - a number of bugs in and related to pam_[gs]et_item(3) 480 - off-by-one bug in pam_start.c would trim last character off certain 481 configuration lines 482 - incorrect ordering of an array in openpam_load.c would cause service 483 module functions to get mixed up 484 - missing 'continue' in openpam_dispatch.c caused successes to be 485 counted as failures 486============================================================================ 487OpenPAM Calamite 2002-02-09 488 489First (beta) release. 490