1255376SdesOpenPAM Nummularia 2013-09-07 2255376Sdes 3255376Sdes - ENHANCE: Rewrite the dynamic loader to improve readability and 4255376Sdes reliability. Modules can now be listed without the ".so" suffix in 5255376Sdes the policy file; OpenPAM will automatically add it, just like it 6255376Sdes will automatically add the version number if required. 7255376Sdes 8255376Sdes - ENHANCE: Allow openpam_straddch(3) to be called without a character 9255376Sdes so it can be used to preallocate a string. 10255376Sdes 11255376Sdes - ENHANCE: Improve portability by adding simple asprintf(3) and 12255376Sdes vasprintf(3) implementations for platforms that don't have them. 13255376Sdes 14255376Sdes - ENHANCE: Move the libpam sources into a separate subdirectory. 15255376Sdes 16255376Sdes - ENHANCE: Substantial documentation improvements. 17255376Sdes 18255376Sdes - BUGFIX: When openpam_readword(3) encountered an opening quote, it 19255376Sdes would set the first byte in the buffer to '\0', discarding all 20255376Sdes existing text and, unless the buffer was empty to begin with, all 21255376Sdes subsequent text as well. This went unnoticed because none of the 22255376Sdes unit tests for quoted strings had any text preceding the opening 23255376Sdes quote. 24255376Sdes 25255376Sdes - BUGFIX: make --with-modules-dir work the way it was meant to work 26255376Sdes (but never did). 27255376Sdes============================================================================ 28236109SdesOpenPAM Micrampelis 2012-05-26 29236109Sdes 30236109Sdes - FEATURE: Add an openpam_readword(3) function which reads the next 31236109Sdes word from an input stream, applying shell quoting and escaping 32236109Sdes rules. Add numerous unit tests for openpam_readword(3). 33236109Sdes 34236109Sdes - FEATURE: Add an openpam_readlinev(3) function which uses the 35236109Sdes openpam_readword(3) function to read words from an input stream one 36236109Sdes at a time until it reaches an unquoted, unescaped newline, and 37236109Sdes returns an array of those words. Add several unit tests for 38236109Sdes openpam_readlinev(3). 39236109Sdes 40236109Sdes - FEATURE: Add a PAM_HOST item which pam_start(3) initializes to the 41236109Sdes machine's hostname. This was implemented in Lycopsida but 42236109Sdes inadvertantly left out of the release notes. 43236109Sdes 44236109Sdes - FEATURE: In pam_get_authtok(3), if neither the application nor the 45236109Sdes module have specified a prompt and PAM_HOST and PAM_RHOST are both 46236109Sdes defined but not equal, use a different default prompt that includes 47236109Sdes PAM_USER and PAM_HOST. 48236109Sdes 49236109Sdes - ENHANCE: Rewrite the policy parser to used openpam_readlinev(), 50236109Sdes which greatly simplifies the code. 51236109Sdes 52236109Sdes - ENHANCE: The previous implementation of the policy parser relied on 53236109Sdes the openpam_readline(3) function, which (by design) munges 54236109Sdes whitespace and understands neither quotes nor backslash escapes. 55236109Sdes As a result of the aforementioned rewrite, whitespace, quotes and 56236109Sdes backslash escapes in policy files are now handled in a consistent 57236109Sdes and predictable manner. 58236109Sdes 59236109Sdes - ENHANCE: On platforms that have it, use fdlopen(3) to load modules. 60236109Sdes This closes the race between the ownership / permission check and 61236109Sdes the dlopen(3) call. 62236109Sdes 63236109Sdes - ENHANCE: Reduce the amount of pointless error messages generated 64236109Sdes while searching for a module. 65236109Sdes 66236109Sdes - ENHANCE: Numerous documentation improvements, both in content and 67236109Sdes formatting. 68236109Sdes 69236109Sdes - BUGFIX: A patch incorporated in Lycopsida inadvertantly changed 70236109Sdes OpenPAM's behavior when several policies exist for the same 71236109Sdes service, from ignoring all but the first to concatenating them all. 72236109Sdes Revert to the original behavior. 73236109Sdes 74236109Sdes - BUGFIX: Plug a memory leak in the policy parser. 75236109Sdes============================================================================ 76228692SdesOpenPAM Lycopsida 2011-12-18 77228692Sdes 78228692Sdes - ENHANCE: removed static build autodetection, which didn't work 79228692Sdes anyway. Use an explicit, user-specified preprocessor variable 80228692Sdes instead. 81228692Sdes 82228692Sdes - ENHANCE: cleaned up the documentation a bit. 83228692Sdes 84228692Sdes - ENHANCE: added openpam_subst(3), allowing certain PAM items to be 85228692Sdes embedded in strings such as prompts. Apply it to the prompts used 86228692Sdes by pam_get_user(3) and pam_get_authtok(3). 87228692Sdes 88228692Sdes - ENHANCE: added support for the user_prompt, authtok_prompt and 89228692Sdes oldauthtok_prompt module options, which override the prompts passed 90228692Sdes by the module to pam_set_user(3) and pam_get_authtok(3). 91228692Sdes 92228692Sdes - ENHANCE: rewrote the policy parser to support quoted option values. 93228692Sdes 94228692Sdes - ENHANCE: added pamtest(1), a tool for testing modules and policies. 95228692Sdes 96228692Sdes - ENHANCE: added code to check the ownership and permissions of a 97228692Sdes module before loading it. 98228692Sdes 99228692Sdes - ENHANCE: added / improved input validation in many cases, including 100228692Sdes the policy file and some function arguments. 101228692Sdes============================================================================ 102174832SdesOpenPAM Hydrangea 2007-12-21 103147455Sdes 104174832Sdes - ENHANCE: when compiling with GCC, mark up API functions with GCC 105174832Sdes attributes where appropriate. 106174832Sdes 107174832Sdes - BUGFIX: fixed numerous warnings uncovered by GCC 4. 108174832Sdes 109174832Sdes - ENHANCE: building the documentation is now optional. 110174832Sdes 111174832Sdes - ENHANCE: corrected a number of mistakes and style issues in the 112174832Sdes build system. 113174832Sdes 114174832Sdes - ENHANCE: API function arguments are now const where appropriate, to 115174832Sdes match corresponding changes in the Solaris PAM and Linux-PAM APIs. 116174832Sdes 117174832Sdes - ENHANCE: corrected a number of C namespace violations. 118174832Sdes 119174832Sdes - ENHANCE: the module cache has been removed, allowing long-lived 120174832Sdes applications to pick up module changes. This also allows multiple 121174832Sdes threads to use PAM simultaneously (as long as they use separate PAM 122174832Sdes contexts), since the module cache was the only part of OpenPAM that 123174832Sdes was not thread-safe. 124174832Sdes============================================================================ 125228692SdesOpenPAM Figwort 2005-06-16 126174832Sdes 127147455Sdes - BUGFIX: Correct several small signedness and initialization bugs 128147455Sdes discovered during review by the NetBSD team. 129147455Sdes 130147455Sdes - BUGFIX: Modify gendoc.pl to sort cross-references in dictionary 131147455Sdes order within each section. 132147455Sdes 133147455Sdes - ENHANCE: if a policy specifies a relative module path, prepend the 134147455Sdes module directory so we never call dlopen(3) with a relative path. 135147455Sdes 136147455Sdes - ENHANCE: add a pam.conf(5) manual page. 137147455Sdes============================================================================ 138141098SdesOpenPAM Feterita 2005-02-01 139141098Sdes 140141098Sdes - BUGFIX: Correct numerous markup errors, invalid cross-references, 141141098Sdes and other issues in the manual pages, with kind assistance from 142141098Sdes Ruslan Ermilov <ru@freebsd.org>. 143141098Sdes 144141098Sdes - BUGFIX: Avoid multiple evaluation of macro arguments in ENTERX() 145141098Sdes and RETURNX() macros. 146141098Sdes 147141098Sdes - BUGFIX: Remove an unnecessary and non-portable pointer cast in 148141098Sdes pam_get_data(3). 149141098Sdes 150141098Sdes - BUGFIX: Fix identical typos in PAM_ACCT_EXPIRED case in 151141098Sdes pam_strerror(3) and gendoc.pl. 152141098Sdes 153141098Sdes - ENHANCE: Minor overhaul of the autoconf / build system. 154141098Sdes 155141098Sdes - ENHANCE: Add openpam_free_envlist(3). 156141098Sdes============================================================================ 157125647SdesOpenPAM Eelgrass 2004-02-10 158125647Sdes 159125647Sdes - BUGFIX: Correct array handling bugs in conversation code. 160125647Sdes 161125647Sdes - BUGFIX: In openpam_ttyconv(3), don't strip trailing linear 162125647Sdes whitespace from the user's response. 163125647Sdes 164125647Sdes - BUGFIX: Many constness issues addressed. 165125647Sdes============================================================================ 166117610SdesOpenPAM Dogwood 2003-07-15 167117610Sdes 168117610Sdes - ENHANCE: Use the GNU autotools. 169117610Sdes 170117610Sdes - ENHANCE: Constify the msg field in struct pam_message. 171117610Sdes 172117610Sdes - BUGFIX: Remove left-over debugging output 173117610Sdes 174117610Sdes - BUGFIX: Avoid side effects in arguments to the FREE() macro 175117610Sdes 176117610Sdes - ENHANCE: Make openpam_ttyconv(3) use read(2) rather than fgets(3). 177117610Sdes 178117610Sdes - BUGFIX: Staticize some variables which shouldn't be global. 179117610Sdes 180117610Sdes - BUGFIX: Correcly anticipate a NULL user in pam_get_user(3). 181117610Sdes 182117610Sdes - ENHANCE: Various minor documentation improvements. 183117610Sdes 184117610SdesThanks to Dmitry V. Levin <ldv@altlinux.org> for considerable 185117610Sdesassistance with this release. 186117610Sdes============================================================================ 187115619SdesOpenPAM Digitalis 2003-06-01 188115619Sdes 189115619Sdes - ENHANCE: Completely rewrite the configuration parser and add 190115619Sdes support for the "include" control flag. 191115619Sdes 192115619Sdes - ENHANCE: Improve portability to NetBSD, OpenBSD and Linux. 193115619Sdes 194115619Sdes - ENHANCE: Lots of additional paranoia. 195115619Sdes 196115619Sdes - BUGFIX: The sample su(1) application dropped privileges before 197115619Sdes forking instead of after. 198115619Sdes 199115619Sdes - ENHANCE: Document openpam_log(3). 200115619Sdes 201115619Sdes - ENHANCE: Other minor documentation fixes. 202115619Sdes 203115619SdesThanks to Dmitry V. Levin <ldv@altlinux.org> for considerable 204115619Sdesassistance with this release. 205115619Sdes============================================================================ 206114536SdesOpenPAM Dianthus 2003-05-02 207114536Sdes 208114536Sdes - BUGFIX: Initialize some potentially uninitialized variables. 209114536Sdes 210114536Sdes - BUGFIX: Silence some warnings emitted by gcc -std=iso9899:1999. 211114536Sdes 212114536Sdes - BUGFIX: In pam_getenv(), return a pointer to the stored variable 213114536Sdes instead of a freshly allocated copy. 214114536Sdes 215114536Sdes - ENHANCE: Detect recursion in openpam_borrow_cred() 216114536Sdes 217114536Sdes - ENHANCE: Make borrowing one's own credentials a no-op. 218114536Sdes 219114536Sdes - ENHANCE: Further improve debugging support. 220114536Sdes 221114536Sdes - ENHANCE: Clean up some variable names. 222114536Sdes============================================================================ 223108794SdesOpenPAM Daffodil 2003-01-06 224108794Sdes 225108794Sdes - ENHANCE: Document dependency on <sys/types.h> (for size_t) 226108794Sdes 227108794Sdes - ENHANCE: Slightly improve error detection in openpam_ttyconv(). 228108794Sdes 229108794Sdes - BUGFIX: Fix several typos in debugging macros. 230108794Sdes============================================================================ 231107937SdesOpenPAM Cyclamen 2002-12-12 232107937Sdes 233107937Sdes - ENHANCE: Improve recursion detection in openpam_dispatch(). 234107937Sdes 235107937Sdes - ENHANCE: Add debugging messages at entry and exit points of most 236107937Sdes functions. 237107937Sdes 238107937Sdes - ENHANCE: Fix some minor style issues. 239107937Sdes 240107937Sdes - BUGFIX: Add default cases to the switches in openpam_log.c. 241107937Sdes 242107937Sdes - ENHANCE: Add /usr/local/etc/pam.conf to policy search path. 243107937Sdes 244107937Sdes - BUGFIX: In openpam_ttyconv(3), print the prompt to stdout rather 245107937Sdes than stderr. 24691094Sdes============================================================================ 24799158SdesOpenPAM Citronella 2002-06-30 24899158Sdes 24999158Sdes - ENHANCE: Add the "binding" control flag (from Solaris 9). 25099158Sdes 25199158Sdes - ENHANCE: Define struct pam_repository and PAM_REPOSITORY (from 25299158Sdes Solaris 9). 25399158Sdes 254107937Sdes - ENHANCE: Flesh out the pam(3) man page. 25599158Sdes 25699158Sdes - ENHANCE: Add an openpam(3) page with cross-references to all the 25799158Sdes documented OpenPAM API extensions. 25899158Sdes 25999158Sdes - ENHANCE: Add a pam_conv(3) man page describing the conversation 26099158Sdes system. 26199158Sdes 26299158Sdes - ENHANCE: Improved sample application. 26399158Sdes 26499158Sdes - ENHANCE: Added sample pam_unix module. 26599158Sdes 26699158Sdes - BUGFIX: Various documentation nits. 26799158Sdes============================================================================ 26897241SdesOpenPAM Cinquefoil 2002-05-24 26997241Sdes 27097241Sdes - BUGFIX: Various warnings uncovered by gcc 3.1. 27197241Sdes 27297241Sdes - ENHANCE: Add a null conversation function, openpam_nullconv(3). 27397241Sdes 27497241Sdes - BUGFIX: Initialize the "other" chain to all zeroes. 27597241Sdes 27697241Sdes - ENHANCE: Document openpam_ttyconv(3). 27797241Sdes============================================================================ 27895908SdesOpenPAM Cinnamon 2002-05-02 27995908Sdes 28095908Sdes - ENHANCE: Add a null conversation function, openpam_nullconv(). 28195908Sdes 28295908Sdes - BUGFIX: Various markup bugs in the documentation. 28395908Sdes 28495908Sdes - BUGFIX: Document <security/openpam.h>. 28595908Sdes 28695908Sdes - BUGFIX: Duplicate expansion of openpam_log() macro arguments. 28795908Sdes 28895908Sdes - ENHANCE: Restructure the policy-loading code and align our use of 28995908Sdes the "other" policy with Solaris and Linux-PAM. 29095908Sdes 29195908Sdes - ENHANCE: Log dlopen() and dlsym() failures. 29295908Sdes 29395908Sdes - ENHANCE: In openpam_ttyconv(), emit a newline after error and info 29495908Sdes messages unless the message contains one already. 29595908Sdes 29695908Sdes - BUGFIX: In pam_vprompt(), initialize the response pointer to NULL 29795908Sdes so we can detect whether the conversation function touched it. 29895908Sdes============================================================================ 29994670SdesOpenPAM Cineraria 2002-04-14 30094670Sdes 30195908Sdes - BUGFIX: Fix confusion between token and prompt in 30295908Sdes pam_get_authtok(3). 30395908Sdes 30494670Sdes - ENHANCE: Improved documentation. 30594670Sdes 30694670Sdes - ENHANCE: Adopt the same preprocessor tricks that were used in 30794670Sdes FreeBSD's version of Linux-PAM to simplify static linking without 30894670Sdes requiring dummy primitives. 30994670Sdes 31095908Sdes - ENHANCE: Move the policy-loading code out of pam_start.c. 31194670Sdes 31294670Sdes - BUGFIX: Fix typo in one of the versions of the openpam_log macro. 31394670Sdes 31494670Sdes - ENHANCE: Add versioning macros. 31594670Sdes============================================================================ 31694209SdesOpenPAM Cinchona 2002-04-08 31794209Sdes 31894209Sdes - ENHANCE: Improved documentation for several API functions. 31994209Sdes 32094209Sdes - BUGFIX: Fix bug in pam_set_data() that would result in corruption 32194209Sdes of the module data list. 32294209Sdes 32394209Sdes - BUGFIX: Allocate the correct amount of memory for the environment 32494209Sdes list in pam_putenv(). 32594209Sdes 32694209Sdes - ENHANCE: Change pam_get_authtok()'s prototype so the caller can 32794209Sdes specify what token it wants. Also introduce PAM_OLDAUTHTOK_PROMPT. 32894209Sdes 32994209Sdes - BUGFIX: Plug memory leak in pam_get_user() / pam_get_authtok(), and 33094209Sdes reduce differences between these very similar functions. 33194209Sdes 33294209Sdes - ENHANCE: Check flags carefully in pam_authenticate() and 33394209Sdes pam_chauthtok(). 33494209Sdes 33594209Sdes - BUGFIX: Fix bugs in portability code; libpam now builds on NetBSD. 33694209Sdes 33794209Sdes - ENHANCE: In pam_get_authtok(), if PAM_OLDAUTHTOK is set, we're 33894209Sdes asked for PAM_AUTHTOK, and we have to prompt the user, prompt her 33994209Sdes twice and compare the responses. 34094209Sdes 34194209Sdes - ENHANCE: Add openpam_{borrow,restore}_cred(), for temporarily 34294209Sdes switching to user credentials. 34394209Sdes 34494209Sdes - ENHANCE: Add openpam_free_data(), a generic cleanup function for 34594209Sdes pam_set_data() consumers. 34694209Sdes============================================================================ 347236109SdesOpenPAM Centaury 2002-03-14 34891684Sdes 34992289Sdes - BUGFIX: Add missing #include <string.h> to openpam_log.c. 35092289Sdes 35192289Sdes - BUGFIX: s/PAM_REINITIALISE_CRED/PAM_REINITIALIZE_CRED/. XSSO uses 35292289Sdes the former, but Solaris and Linux-PAM use the latter. 35392289Sdes 35492289Sdes - BUGFIX: The dynamic loader and the module cache contained a number 35592289Sdes of bugs which would cause a segmentation fault if pam_start(3) was 35692289Sdes called again after pam_end(3), as happens in login(1), xdm(1) etc. 35792289Sdes after a failed login. 35892289Sdes 35992289Sdes - BUGFIX: Refer to a module by the name used in the policy file, even 36092289Sdes if the module that was actually loaded was versioned. 36192289Sdes 36292289Sdes - ENHANCE: Suppress debugging logs, unless compiled with -DDEBUG. 36392289Sdes============================================================================ 36494209SdesOpenPAM Celandine 2002-03-05 36592289Sdes 36691684Sdes - BUGFIX: PAM_TRY_AGAIN is a valid return value for pam_chauthtok(). 36791684Sdes 36891684Sdes - BUGFIX: Run passwd chain twice, first with the PAM_PRELIM_CHECK 36991684Sdes flag set, then with the PAM_UPDATE_AUTHTOK flag set. 37091684Sdes 37191684Sdes - BUGFIX: Failure of a "sufficient" module should not terminate the 37291684Sdes passwd chain if the PAM_PRELIM_CHECK flag is set. 37391684Sdes 37491684Sdes - BUGFIX: Clear PAM_AUTHTOK after running the service modules. 37591684Sdes 37691684Sdes - ENHANCE: Prevent applications from specifying the PAM_PRELIM_CHECK 37791684Sdes or PAM_UPDATE_AUTHTOK flags themselves. 37891684Sdes 37991684Sdes - BUGFIX: openpam_set_option() did not support changing the value of 38091684Sdes an existing option. 38191684Sdes 38291684Sdes - ENHANCE: Add support for module versioning. OpenPAM will prefer a 38391684Sdes module with the same version number as the library itself to one 38491684Sdes with no version number at all. 38591684Sdes============================================================================ 386236109SdesOpenPAM Cantaloupe 2002-02-22 38791100Sdes 38891100Sdes - BUGFIX: The proper use of PAM_SYMBOL_ERR is to indicate an invalid 38991100Sdes argument to pam_[gs]et_item(3), not to indicate dlsym(3) failures. 39091100Sdes 39191100Sdes - ENHANCE: Add in-line documentation in most source files, and a Perl 39291100Sdes script that generates mdoc code from that. 39391100Sdes 39491100Sdes - BUGFIX: The environment list was not properly NULL-terminated. 39591100Sdes 39691100Sdes - ENHANCE: Allow the PAM_AUTHTOK_PROMPT item to override the prompt 39791100Sdes specified by the module. 39891100Sdes 39991100Sdes - BUGFIX: PAM_NUM_ITEMS was set too low. It has been moved to 40091100Sdes pam_constants.h to avoid it going stale again. 40191100Sdes 40291100Sdes - ENHANCE: Move all code related to static modules into a separate 40391100Sdes file. 40491100Sdes 40591100Sdes - ENHANCE: openpam_ttyconv() now masks most signals while prompting the 40691100Sdes user, and supports setting a timeout (which defaults to off). 40791100Sdes 40891100Sdes - BUGFIX: Some manual pages referenced XSSO even though they 40991100Sdes documented OpenPAM-specific functions. 41091100Sdes 41191100Sdes - ENHANCE: Added openpam_get_option() and openpam_set_option(). 41291100Sdes 41391100Sdes - ENHANCE: openpam_get_authtok() now respects the echo_pass, 41491100Sdes try_first_pass, and use_first_pass options. 41591100Sdes============================================================================ 416236109SdesOpenPAM Caliopsis 2002-02-13 41791097Sdes 41891097SdesFixed a number of bugs in the previous release, including: 41991097Sdes - a number of bugs in and related to pam_[gs]et_item(3) 42091097Sdes - off-by-one bug in pam_start.c would trim last character off certain 42191097Sdes configuration lines 42291097Sdes - incorrect ordering of an array in openpam_load.c would cause service 42391097Sdes module functions to get mixed up 42491097Sdes - missing 'continue' in openpam_dispatch.c caused successes to be 42591097Sdes counted as failures 42691097Sdes============================================================================ 427236109SdesOpenPAM Calamite 2002-02-09 42891094Sdes 42991094SdesFirst (beta) release. 43091094Sdes============================================================================ 431255376Sdes$Id: HISTORY 737 2013-09-07 12:53:55Z des $ 432