1*4c84ab30SSascha WildnerOpenPAM Tabebuia 2019-02-24 2*4c84ab30SSascha Wildner 3*4c84ab30SSascha Wildner - BUGFIX: Fix off-by-one bug in pam_getenv(3) which was introduced in 4*4c84ab30SSascha Wildner OpenPAM Radula. 5*4c84ab30SSascha Wildner 6*4c84ab30SSascha Wildner - ENHANCE: Add unit tests for pam_{get,put,set}env(3). 7*4c84ab30SSascha Wildner============================================================================ 810b5fe87SSascha WildnerOpenPAM Resedacea 2017-04-30 910b5fe87SSascha Wildner 1010b5fe87SSascha Wildner - BUGFIX: Reinstore the NULL check in pam_end(3) which was removed in 1110b5fe87SSascha Wildner OpenPAM Radula, as it breaks common error-handling constructs. 1210b5fe87SSascha Wildner 1310b5fe87SSascha Wildner - BUGFIX: Return PAM_SYMBOL_ERR instead of PAM_SYSTEM_ERR from the 1410b5fe87SSascha Wildner dispatcher when the required service function could not be found. 1510b5fe87SSascha Wildner 1610b5fe87SSascha Wildner - ENHANCE: Introduce the PAM_BAD_HANDLE error code for when pamh is 1710b5fe87SSascha Wildner NULL in API functions that have a NULL check. 1810b5fe87SSascha Wildner 1910b5fe87SSascha Wildner - ENHANCE: Introduce the PAM_BAD_ITEM, PAM_BAD_FEATURE and 2010b5fe87SSascha Wildner PAM_BAD_CONSTANT error codes for situations where we previously 2110b5fe87SSascha Wildner incorrectly used PAM_SYMBOL_ERR to denote that an invalid constant 2210b5fe87SSascha Wildner had been passed to an API function. 2310b5fe87SSascha Wildner 2410b5fe87SSascha Wildner - ENHANCE: Improve the RETURN VALUES section in API man pages, 2510b5fe87SSascha Wildner especially for functions that cannot fail, which were incorrectly 2610b5fe87SSascha Wildner documented as returning -1 on failure. 2710b5fe87SSascha Wildner============================================================================ 2810b5fe87SSascha WildnerOpenPAM Radula 2017-02-19 2910b5fe87SSascha Wildner 3010b5fe87SSascha Wildner - BUGFIX: Fix an inverted test which prevented pam_get_authtok(3) and 3110b5fe87SSascha Wildner pam_get_user(3) from using application-provided custom prompts. 3210b5fe87SSascha Wildner 3310b5fe87SSascha Wildner - BUGFIX: Plug a memory leak in pam_set_item(3). 3410b5fe87SSascha Wildner 3510b5fe87SSascha Wildner - BUGFIX: Plug a potential memory leak in openpam_readlinev(3). 3610b5fe87SSascha Wildner 3710b5fe87SSascha Wildner - BUGFIX: In openpam_readword(3), support line continuations within 3810b5fe87SSascha Wildner whitespace. 3910b5fe87SSascha Wildner 4010b5fe87SSascha Wildner - ENHANCE: Add a feature flag to control fallback to "other" policy. 4110b5fe87SSascha Wildner 4210b5fe87SSascha Wildner - ENHANCE: Add a pam_return(8) module which returns an arbitrary 4310b5fe87SSascha Wildner code specified in the module options. 4410b5fe87SSascha Wildner 4510b5fe87SSascha Wildner - ENHANCE: More and better unit tests. 4610b5fe87SSascha Wildner============================================================================ 4710b5fe87SSascha WildnerOpenPAM Ourouparia 2014-09-12 4810b5fe87SSascha Wildner 4910b5fe87SSascha Wildner - ENHANCE: When executing a chain, require at least one service 5010b5fe87SSascha Wildner function to succeed. This mitigates fail-open scenarios caused by 5110b5fe87SSascha Wildner misconfigurations or missing modules. 5210b5fe87SSascha Wildner 5310b5fe87SSascha Wildner - ENHANCE: Make sure to overwrite buffers which may have contained an 5410b5fe87SSascha Wildner authentication token when they're no longer needed. 5510b5fe87SSascha Wildner 5610b5fe87SSascha Wildner - BUGFIX: Under certain circumstances, specifying a non-existent 5710b5fe87SSascha Wildner module (or misspelling the name of a module) in a policy could 5810b5fe87SSascha Wildner result in a fail-open scenario. (CVE-2014-3879) 5910b5fe87SSascha Wildner 6010b5fe87SSascha Wildner - FEATURE: Add a search path for modules. This was implemented in 6110b5fe87SSascha Wildner Nummularia but inadvertently left out of the release notes. 6210b5fe87SSascha Wildner 6310b5fe87SSascha Wildner - BUGFIX: The is_upper() predicate only accepted the letter A as an 6410b5fe87SSascha Wildner upper-case character instead of the entire A-Z range. As a result, 6510b5fe87SSascha Wildner service and module names containing upper-case letters other than A 6610b5fe87SSascha Wildner would be rejected. 6710b5fe87SSascha Wildner============================================================================ 6810b5fe87SSascha WildnerOpenPAM Nummularia 2013-09-07 6910b5fe87SSascha Wildner 7010b5fe87SSascha Wildner - ENHANCE: Rewrite the dynamic loader to improve readability and 7110b5fe87SSascha Wildner reliability. Modules can now be listed without the ".so" suffix in 7210b5fe87SSascha Wildner the policy file; OpenPAM will automatically add it, just like it 7310b5fe87SSascha Wildner will automatically add the version number if required. 7410b5fe87SSascha Wildner 7510b5fe87SSascha Wildner - ENHANCE: Allow openpam_straddch(3) to be called without a character 7610b5fe87SSascha Wildner so it can be used to preallocate a string. 7710b5fe87SSascha Wildner 7810b5fe87SSascha Wildner - ENHANCE: Improve portability by adding simple asprintf(3) and 7910b5fe87SSascha Wildner vasprintf(3) implementations for platforms that don't have them. 8010b5fe87SSascha Wildner 8110b5fe87SSascha Wildner - ENHANCE: Move the libpam sources into a separate subdirectory. 8210b5fe87SSascha Wildner 8310b5fe87SSascha Wildner - ENHANCE: Substantial documentation improvements. 8410b5fe87SSascha Wildner 8510b5fe87SSascha Wildner - BUGFIX: When openpam_readword(3) encountered an opening quote, it 8610b5fe87SSascha Wildner would set the first byte in the buffer to '\0', discarding all 8710b5fe87SSascha Wildner existing text and, unless the buffer was empty to begin with, all 8810b5fe87SSascha Wildner subsequent text as well. This went unnoticed because none of the 8910b5fe87SSascha Wildner unit tests for quoted strings had any text preceding the opening 9010b5fe87SSascha Wildner quote. 9110b5fe87SSascha Wildner 9210b5fe87SSascha Wildner - BUGFIX: make --with-modules-dir work the way it was meant to work 9310b5fe87SSascha Wildner (but never did). 9410b5fe87SSascha Wildner============================================================================ 95577efdeeSPeter AvalosOpenPAM Micrampelis 2012-05-26 96577efdeeSPeter Avalos 97577efdeeSPeter Avalos - FEATURE: Add an openpam_readword(3) function which reads the next 98577efdeeSPeter Avalos word from an input stream, applying shell quoting and escaping 99577efdeeSPeter Avalos rules. Add numerous unit tests for openpam_readword(3). 100577efdeeSPeter Avalos 101577efdeeSPeter Avalos - FEATURE: Add an openpam_readlinev(3) function which uses the 102577efdeeSPeter Avalos openpam_readword(3) function to read words from an input stream one 103577efdeeSPeter Avalos at a time until it reaches an unquoted, unescaped newline, and 104577efdeeSPeter Avalos returns an array of those words. Add several unit tests for 105577efdeeSPeter Avalos openpam_readlinev(3). 106577efdeeSPeter Avalos 107577efdeeSPeter Avalos - FEATURE: Add a PAM_HOST item which pam_start(3) initializes to the 108577efdeeSPeter Avalos machine's hostname. This was implemented in Lycopsida but 109577efdeeSPeter Avalos inadvertantly left out of the release notes. 110577efdeeSPeter Avalos 111577efdeeSPeter Avalos - FEATURE: In pam_get_authtok(3), if neither the application nor the 112577efdeeSPeter Avalos module have specified a prompt and PAM_HOST and PAM_RHOST are both 113577efdeeSPeter Avalos defined but not equal, use a different default prompt that includes 114577efdeeSPeter Avalos PAM_USER and PAM_HOST. 115577efdeeSPeter Avalos 116577efdeeSPeter Avalos - ENHANCE: Rewrite the policy parser to used openpam_readlinev(), 117577efdeeSPeter Avalos which greatly simplifies the code. 118577efdeeSPeter Avalos 119577efdeeSPeter Avalos - ENHANCE: The previous implementation of the policy parser relied on 120577efdeeSPeter Avalos the openpam_readline(3) function, which (by design) munges 121577efdeeSPeter Avalos whitespace and understands neither quotes nor backslash escapes. 122577efdeeSPeter Avalos As a result of the aforementioned rewrite, whitespace, quotes and 123577efdeeSPeter Avalos backslash escapes in policy files are now handled in a consistent 124577efdeeSPeter Avalos and predictable manner. 125577efdeeSPeter Avalos 126577efdeeSPeter Avalos - ENHANCE: On platforms that have it, use fdlopen(3) to load modules. 127577efdeeSPeter Avalos This closes the race between the ownership / permission check and 128577efdeeSPeter Avalos the dlopen(3) call. 129577efdeeSPeter Avalos 130577efdeeSPeter Avalos - ENHANCE: Reduce the amount of pointless error messages generated 131577efdeeSPeter Avalos while searching for a module. 132577efdeeSPeter Avalos 133577efdeeSPeter Avalos - ENHANCE: Numerous documentation improvements, both in content and 134577efdeeSPeter Avalos formatting. 135577efdeeSPeter Avalos 136577efdeeSPeter Avalos - BUGFIX: A patch incorporated in Lycopsida inadvertantly changed 137577efdeeSPeter Avalos OpenPAM's behavior when several policies exist for the same 138577efdeeSPeter Avalos service, from ignoring all but the first to concatenating them all. 139577efdeeSPeter Avalos Revert to the original behavior. 140577efdeeSPeter Avalos 141577efdeeSPeter Avalos - BUGFIX: Plug a memory leak in the policy parser. 142577efdeeSPeter Avalos============================================================================ 143a474e9feSPeter AvalosOpenPAM Lycopsida 2011-12-18 144a474e9feSPeter Avalos 145a474e9feSPeter Avalos - ENHANCE: removed static build autodetection, which didn't work 146a474e9feSPeter Avalos anyway. Use an explicit, user-specified preprocessor variable 147a474e9feSPeter Avalos instead. 148a474e9feSPeter Avalos 149a474e9feSPeter Avalos - ENHANCE: cleaned up the documentation a bit. 150a474e9feSPeter Avalos 151a474e9feSPeter Avalos - ENHANCE: added openpam_subst(3), allowing certain PAM items to be 152a474e9feSPeter Avalos embedded in strings such as prompts. Apply it to the prompts used 153a474e9feSPeter Avalos by pam_get_user(3) and pam_get_authtok(3). 154a474e9feSPeter Avalos 155a474e9feSPeter Avalos - ENHANCE: added support for the user_prompt, authtok_prompt and 156a474e9feSPeter Avalos oldauthtok_prompt module options, which override the prompts passed 157a474e9feSPeter Avalos by the module to pam_set_user(3) and pam_get_authtok(3). 158a474e9feSPeter Avalos 159a474e9feSPeter Avalos - ENHANCE: rewrote the policy parser to support quoted option values. 160a474e9feSPeter Avalos 161a474e9feSPeter Avalos - ENHANCE: added pamtest(1), a tool for testing modules and policies. 162a474e9feSPeter Avalos 163a474e9feSPeter Avalos - ENHANCE: added code to check the ownership and permissions of a 164a474e9feSPeter Avalos module before loading it. 165a474e9feSPeter Avalos 166a474e9feSPeter Avalos - ENHANCE: added / improved input validation in many cases, including 16710b5fe87SSascha Wildner the policy file and some function arguments. (CVE-2011-4122) 168a474e9feSPeter Avalos============================================================================ 169f23594ceSHasso TepperOpenPAM Hydrangea 2007-12-21 170f23594ceSHasso Tepper 171f23594ceSHasso Tepper - ENHANCE: when compiling with GCC, mark up API functions with GCC 172f23594ceSHasso Tepper attributes where appropriate. 173f23594ceSHasso Tepper 174f23594ceSHasso Tepper - BUGFIX: fixed numerous warnings uncovered by GCC 4. 175f23594ceSHasso Tepper 176f23594ceSHasso Tepper - ENHANCE: building the documentation is now optional. 177f23594ceSHasso Tepper 178f23594ceSHasso Tepper - ENHANCE: corrected a number of mistakes and style issues in the 179f23594ceSHasso Tepper build system. 180f23594ceSHasso Tepper 181f23594ceSHasso Tepper - ENHANCE: API function arguments are now const where appropriate, to 182f23594ceSHasso Tepper match corresponding changes in the Solaris PAM and Linux-PAM APIs. 183f23594ceSHasso Tepper 184f23594ceSHasso Tepper - ENHANCE: corrected a number of C namespace violations. 185f23594ceSHasso Tepper 186f23594ceSHasso Tepper - ENHANCE: the module cache has been removed, allowing long-lived 187f23594ceSHasso Tepper applications to pick up module changes. This also allows multiple 188f23594ceSHasso Tepper threads to use PAM simultaneously (as long as they use separate PAM 189f23594ceSHasso Tepper contexts), since the module cache was the only part of OpenPAM that 190f23594ceSHasso Tepper was not thread-safe. 191f23594ceSHasso Tepper============================================================================ 192ade90846SJoerg SonnenbergerOpenPAM Figwort 2005-06-16 193ade90846SJoerg Sonnenberger 194ade90846SJoerg Sonnenberger - BUGFIX: Correct several small signedness and initialization bugs 195ade90846SJoerg Sonnenberger discovered during review by the NetBSD team. 196ade90846SJoerg Sonnenberger 197ade90846SJoerg Sonnenberger - BUGFIX: Modify gendoc.pl to sort cross-references in dictionary 198ade90846SJoerg Sonnenberger order within each section. 199ade90846SJoerg Sonnenberger 200ade90846SJoerg Sonnenberger - ENHANCE: if a policy specifies a relative module path, prepend the 201ade90846SJoerg Sonnenberger module directory so we never call dlopen(3) with a relative path. 202ade90846SJoerg Sonnenberger 203ade90846SJoerg Sonnenberger - ENHANCE: add a pam.conf(5) manual page. 204ade90846SJoerg Sonnenberger============================================================================ 205ade90846SJoerg SonnenbergerOpenPAM Feterita 2005-02-01 206ade90846SJoerg Sonnenberger 207ade90846SJoerg Sonnenberger - BUGFIX: Correct numerous markup errors, invalid cross-references, 208ade90846SJoerg Sonnenberger and other issues in the manual pages, with kind assistance from 209ade90846SJoerg Sonnenberger Ruslan Ermilov <ru@freebsd.org>. 210ade90846SJoerg Sonnenberger 211ade90846SJoerg Sonnenberger - BUGFIX: Avoid multiple evaluation of macro arguments in ENTERX() 212ade90846SJoerg Sonnenberger and RETURNX() macros. 213ade90846SJoerg Sonnenberger 214ade90846SJoerg Sonnenberger - BUGFIX: Remove an unnecessary and non-portable pointer cast in 215ade90846SJoerg Sonnenberger pam_get_data(3). 216ade90846SJoerg Sonnenberger 217ade90846SJoerg Sonnenberger - BUGFIX: Fix identical typos in PAM_ACCT_EXPIRED case in 218ade90846SJoerg Sonnenberger pam_strerror(3) and gendoc.pl. 219ade90846SJoerg Sonnenberger 220ade90846SJoerg Sonnenberger - ENHANCE: Minor overhaul of the autoconf / build system. 221ade90846SJoerg Sonnenberger 222ade90846SJoerg Sonnenberger - ENHANCE: Add openpam_free_envlist(3). 223ade90846SJoerg Sonnenberger============================================================================ 224ade90846SJoerg SonnenbergerOpenPAM Eelgrass 2004-02-10 225ade90846SJoerg Sonnenberger 226ade90846SJoerg Sonnenberger - BUGFIX: Correct array handling bugs in conversation code. 227ade90846SJoerg Sonnenberger 228ade90846SJoerg Sonnenberger - BUGFIX: In openpam_ttyconv(3), don't strip trailing linear 229ade90846SJoerg Sonnenberger whitespace from the user's response. 230ade90846SJoerg Sonnenberger 231ade90846SJoerg Sonnenberger - BUGFIX: Many constness issues addressed. 232ade90846SJoerg Sonnenberger============================================================================ 233ade90846SJoerg SonnenbergerOpenPAM Dogwood 2003-07-15 234ade90846SJoerg Sonnenberger 235ade90846SJoerg Sonnenberger - ENHANCE: Use the GNU autotools. 236ade90846SJoerg Sonnenberger 237ade90846SJoerg Sonnenberger - ENHANCE: Constify the msg field in struct pam_message. 238ade90846SJoerg Sonnenberger 239ade90846SJoerg Sonnenberger - BUGFIX: Remove left-over debugging output 240ade90846SJoerg Sonnenberger 241ade90846SJoerg Sonnenberger - BUGFIX: Avoid side effects in arguments to the FREE() macro 242ade90846SJoerg Sonnenberger 243ade90846SJoerg Sonnenberger - ENHANCE: Make openpam_ttyconv(3) use read(2) rather than fgets(3). 244ade90846SJoerg Sonnenberger 245ade90846SJoerg Sonnenberger - BUGFIX: Staticize some variables which shouldn't be global. 246ade90846SJoerg Sonnenberger 247ade90846SJoerg Sonnenberger - BUGFIX: Correcly anticipate a NULL user in pam_get_user(3). 248ade90846SJoerg Sonnenberger 249ade90846SJoerg Sonnenberger - ENHANCE: Various minor documentation improvements. 250ade90846SJoerg Sonnenberger 251ade90846SJoerg SonnenbergerThanks to Dmitry V. Levin <ldv@altlinux.org> for considerable 252ade90846SJoerg Sonnenbergerassistance with this release. 253ade90846SJoerg Sonnenberger============================================================================ 254ade90846SJoerg SonnenbergerOpenPAM Digitalis 2003-06-01 255ade90846SJoerg Sonnenberger 256ade90846SJoerg Sonnenberger - ENHANCE: Completely rewrite the configuration parser and add 257ade90846SJoerg Sonnenberger support for the "include" control flag. 258ade90846SJoerg Sonnenberger 259ade90846SJoerg Sonnenberger - ENHANCE: Improve portability to NetBSD, OpenBSD and Linux. 260ade90846SJoerg Sonnenberger 261ade90846SJoerg Sonnenberger - ENHANCE: Lots of additional paranoia. 262ade90846SJoerg Sonnenberger 263ade90846SJoerg Sonnenberger - BUGFIX: The sample su(1) application dropped privileges before 264ade90846SJoerg Sonnenberger forking instead of after. 265ade90846SJoerg Sonnenberger 266ade90846SJoerg Sonnenberger - ENHANCE: Document openpam_log(3). 267ade90846SJoerg Sonnenberger 268ade90846SJoerg Sonnenberger - ENHANCE: Other minor documentation fixes. 269ade90846SJoerg Sonnenberger 270ade90846SJoerg SonnenbergerThanks to Dmitry V. Levin <ldv@altlinux.org> for considerable 271ade90846SJoerg Sonnenbergerassistance with this release. 272ade90846SJoerg Sonnenberger============================================================================ 273ade90846SJoerg SonnenbergerOpenPAM Dianthus 2003-05-02 274ade90846SJoerg Sonnenberger 275ade90846SJoerg Sonnenberger - BUGFIX: Initialize some potentially uninitialized variables. 276ade90846SJoerg Sonnenberger 277ade90846SJoerg Sonnenberger - BUGFIX: Silence some warnings emitted by gcc -std=iso9899:1999. 278ade90846SJoerg Sonnenberger 279ade90846SJoerg Sonnenberger - BUGFIX: In pam_getenv(), return a pointer to the stored variable 280ade90846SJoerg Sonnenberger instead of a freshly allocated copy. 281ade90846SJoerg Sonnenberger 282ade90846SJoerg Sonnenberger - ENHANCE: Detect recursion in openpam_borrow_cred() 283ade90846SJoerg Sonnenberger 284ade90846SJoerg Sonnenberger - ENHANCE: Make borrowing one's own credentials a no-op. 285ade90846SJoerg Sonnenberger 286ade90846SJoerg Sonnenberger - ENHANCE: Further improve debugging support. 287ade90846SJoerg Sonnenberger 288ade90846SJoerg Sonnenberger - ENHANCE: Clean up some variable names. 289ade90846SJoerg Sonnenberger============================================================================ 290ade90846SJoerg SonnenbergerOpenPAM Daffodil 2003-01-06 291ade90846SJoerg Sonnenberger 292ade90846SJoerg Sonnenberger - ENHANCE: Document dependency on <sys/types.h> (for size_t) 293ade90846SJoerg Sonnenberger 294ade90846SJoerg Sonnenberger - ENHANCE: Slightly improve error detection in openpam_ttyconv(). 295ade90846SJoerg Sonnenberger 296ade90846SJoerg Sonnenberger - BUGFIX: Fix several typos in debugging macros. 297ade90846SJoerg Sonnenberger============================================================================ 298ade90846SJoerg SonnenbergerOpenPAM Cyclamen 2002-12-12 299ade90846SJoerg Sonnenberger 300ade90846SJoerg Sonnenberger - ENHANCE: Improve recursion detection in openpam_dispatch(). 301ade90846SJoerg Sonnenberger 302ade90846SJoerg Sonnenberger - ENHANCE: Add debugging messages at entry and exit points of most 303ade90846SJoerg Sonnenberger functions. 304ade90846SJoerg Sonnenberger 305ade90846SJoerg Sonnenberger - ENHANCE: Fix some minor style issues. 306ade90846SJoerg Sonnenberger 307ade90846SJoerg Sonnenberger - BUGFIX: Add default cases to the switches in openpam_log.c. 308ade90846SJoerg Sonnenberger 309ade90846SJoerg Sonnenberger - ENHANCE: Add /usr/local/etc/pam.conf to policy search path. 310ade90846SJoerg Sonnenberger 311ade90846SJoerg Sonnenberger - BUGFIX: In openpam_ttyconv(3), print the prompt to stdout rather 312ade90846SJoerg Sonnenberger than stderr. 313ade90846SJoerg Sonnenberger============================================================================ 314ade90846SJoerg SonnenbergerOpenPAM Citronella 2002-06-30 315ade90846SJoerg Sonnenberger 316ade90846SJoerg Sonnenberger - ENHANCE: Add the "binding" control flag (from Solaris 9). 317ade90846SJoerg Sonnenberger 318ade90846SJoerg Sonnenberger - ENHANCE: Define struct pam_repository and PAM_REPOSITORY (from 319ade90846SJoerg Sonnenberger Solaris 9). 320ade90846SJoerg Sonnenberger 321ade90846SJoerg Sonnenberger - ENHANCE: Flesh out the pam(3) man page. 322ade90846SJoerg Sonnenberger 323ade90846SJoerg Sonnenberger - ENHANCE: Add an openpam(3) page with cross-references to all the 324ade90846SJoerg Sonnenberger documented OpenPAM API extensions. 325ade90846SJoerg Sonnenberger 326ade90846SJoerg Sonnenberger - ENHANCE: Add a pam_conv(3) man page describing the conversation 327ade90846SJoerg Sonnenberger system. 328ade90846SJoerg Sonnenberger 329ade90846SJoerg Sonnenberger - ENHANCE: Improved sample application. 330ade90846SJoerg Sonnenberger 331ade90846SJoerg Sonnenberger - ENHANCE: Added sample pam_unix module. 332ade90846SJoerg Sonnenberger 333ade90846SJoerg Sonnenberger - BUGFIX: Various documentation nits. 334ade90846SJoerg Sonnenberger============================================================================ 335ade90846SJoerg SonnenbergerOpenPAM Cinquefoil 2002-05-24 336ade90846SJoerg Sonnenberger 337ade90846SJoerg Sonnenberger - BUGFIX: Various warnings uncovered by gcc 3.1. 338ade90846SJoerg Sonnenberger 339ade90846SJoerg Sonnenberger - ENHANCE: Add a null conversation function, openpam_nullconv(3). 340ade90846SJoerg Sonnenberger 341ade90846SJoerg Sonnenberger - BUGFIX: Initialize the "other" chain to all zeroes. 342ade90846SJoerg Sonnenberger 343ade90846SJoerg Sonnenberger - ENHANCE: Document openpam_ttyconv(3). 344ade90846SJoerg Sonnenberger============================================================================ 345ade90846SJoerg SonnenbergerOpenPAM Cinnamon 2002-05-02 346ade90846SJoerg Sonnenberger 347ade90846SJoerg Sonnenberger - ENHANCE: Add a null conversation function, openpam_nullconv(). 348ade90846SJoerg Sonnenberger 349ade90846SJoerg Sonnenberger - BUGFIX: Various markup bugs in the documentation. 350ade90846SJoerg Sonnenberger 351ade90846SJoerg Sonnenberger - BUGFIX: Document <security/openpam.h>. 352ade90846SJoerg Sonnenberger 353ade90846SJoerg Sonnenberger - BUGFIX: Duplicate expansion of openpam_log() macro arguments. 354ade90846SJoerg Sonnenberger 355ade90846SJoerg Sonnenberger - ENHANCE: Restructure the policy-loading code and align our use of 356ade90846SJoerg Sonnenberger the "other" policy with Solaris and Linux-PAM. 357ade90846SJoerg Sonnenberger 358ade90846SJoerg Sonnenberger - ENHANCE: Log dlopen() and dlsym() failures. 359ade90846SJoerg Sonnenberger 360ade90846SJoerg Sonnenberger - ENHANCE: In openpam_ttyconv(), emit a newline after error and info 361ade90846SJoerg Sonnenberger messages unless the message contains one already. 362ade90846SJoerg Sonnenberger 363ade90846SJoerg Sonnenberger - BUGFIX: In pam_vprompt(), initialize the response pointer to NULL 364ade90846SJoerg Sonnenberger so we can detect whether the conversation function touched it. 365ade90846SJoerg Sonnenberger============================================================================ 366ade90846SJoerg SonnenbergerOpenPAM Cineraria 2002-04-14 367ade90846SJoerg Sonnenberger 368ade90846SJoerg Sonnenberger - BUGFIX: Fix confusion between token and prompt in 369ade90846SJoerg Sonnenberger pam_get_authtok(3). 370ade90846SJoerg Sonnenberger 371ade90846SJoerg Sonnenberger - ENHANCE: Improved documentation. 372ade90846SJoerg Sonnenberger 373ade90846SJoerg Sonnenberger - ENHANCE: Adopt the same preprocessor tricks that were used in 374ade90846SJoerg Sonnenberger FreeBSD's version of Linux-PAM to simplify static linking without 375ade90846SJoerg Sonnenberger requiring dummy primitives. 376ade90846SJoerg Sonnenberger 377ade90846SJoerg Sonnenberger - ENHANCE: Move the policy-loading code out of pam_start.c. 378ade90846SJoerg Sonnenberger 379ade90846SJoerg Sonnenberger - BUGFIX: Fix typo in one of the versions of the openpam_log macro. 380ade90846SJoerg Sonnenberger 381ade90846SJoerg Sonnenberger - ENHANCE: Add versioning macros. 382ade90846SJoerg Sonnenberger============================================================================ 383ade90846SJoerg SonnenbergerOpenPAM Cinchona 2002-04-08 384ade90846SJoerg Sonnenberger 385ade90846SJoerg Sonnenberger - ENHANCE: Improved documentation for several API functions. 386ade90846SJoerg Sonnenberger 387ade90846SJoerg Sonnenberger - BUGFIX: Fix bug in pam_set_data() that would result in corruption 388ade90846SJoerg Sonnenberger of the module data list. 389ade90846SJoerg Sonnenberger 390ade90846SJoerg Sonnenberger - BUGFIX: Allocate the correct amount of memory for the environment 391ade90846SJoerg Sonnenberger list in pam_putenv(). 392ade90846SJoerg Sonnenberger 393ade90846SJoerg Sonnenberger - ENHANCE: Change pam_get_authtok()'s prototype so the caller can 394ade90846SJoerg Sonnenberger specify what token it wants. Also introduce PAM_OLDAUTHTOK_PROMPT. 395ade90846SJoerg Sonnenberger 396ade90846SJoerg Sonnenberger - BUGFIX: Plug memory leak in pam_get_user() / pam_get_authtok(), and 397ade90846SJoerg Sonnenberger reduce differences between these very similar functions. 398ade90846SJoerg Sonnenberger 399ade90846SJoerg Sonnenberger - ENHANCE: Check flags carefully in pam_authenticate() and 400ade90846SJoerg Sonnenberger pam_chauthtok(). 401ade90846SJoerg Sonnenberger 402ade90846SJoerg Sonnenberger - BUGFIX: Fix bugs in portability code; libpam now builds on NetBSD. 403ade90846SJoerg Sonnenberger 404ade90846SJoerg Sonnenberger - ENHANCE: In pam_get_authtok(), if PAM_OLDAUTHTOK is set, we're 405ade90846SJoerg Sonnenberger asked for PAM_AUTHTOK, and we have to prompt the user, prompt her 406ade90846SJoerg Sonnenberger twice and compare the responses. 407ade90846SJoerg Sonnenberger 408ade90846SJoerg Sonnenberger - ENHANCE: Add openpam_{borrow,restore}_cred(), for temporarily 409ade90846SJoerg Sonnenberger switching to user credentials. 410ade90846SJoerg Sonnenberger 411ade90846SJoerg Sonnenberger - ENHANCE: Add openpam_free_data(), a generic cleanup function for 412ade90846SJoerg Sonnenberger pam_set_data() consumers. 413ade90846SJoerg Sonnenberger============================================================================ 414ade90846SJoerg SonnenbergerOpenPAM Centaury 2002-03-14 415ade90846SJoerg Sonnenberger 416ade90846SJoerg Sonnenberger - BUGFIX: Add missing #include <string.h> to openpam_log.c. 417ade90846SJoerg Sonnenberger 418ade90846SJoerg Sonnenberger - BUGFIX: s/PAM_REINITIALISE_CRED/PAM_REINITIALIZE_CRED/. XSSO uses 419ade90846SJoerg Sonnenberger the former, but Solaris and Linux-PAM use the latter. 420ade90846SJoerg Sonnenberger 421ade90846SJoerg Sonnenberger - BUGFIX: The dynamic loader and the module cache contained a number 422ade90846SJoerg Sonnenberger of bugs which would cause a segmentation fault if pam_start(3) was 423ade90846SJoerg Sonnenberger called again after pam_end(3), as happens in login(1), xdm(1) etc. 424ade90846SJoerg Sonnenberger after a failed login. 425ade90846SJoerg Sonnenberger 426ade90846SJoerg Sonnenberger - BUGFIX: Refer to a module by the name used in the policy file, even 427ade90846SJoerg Sonnenberger if the module that was actually loaded was versioned. 428ade90846SJoerg Sonnenberger 429ade90846SJoerg Sonnenberger - ENHANCE: Suppress debugging logs, unless compiled with -DDEBUG. 430ade90846SJoerg Sonnenberger============================================================================ 431ade90846SJoerg SonnenbergerOpenPAM Celandine 2002-03-05 432ade90846SJoerg Sonnenberger 433ade90846SJoerg Sonnenberger - BUGFIX: PAM_TRY_AGAIN is a valid return value for pam_chauthtok(). 434ade90846SJoerg Sonnenberger 435ade90846SJoerg Sonnenberger - BUGFIX: Run passwd chain twice, first with the PAM_PRELIM_CHECK 436ade90846SJoerg Sonnenberger flag set, then with the PAM_UPDATE_AUTHTOK flag set. 437ade90846SJoerg Sonnenberger 438ade90846SJoerg Sonnenberger - BUGFIX: Failure of a "sufficient" module should not terminate the 439ade90846SJoerg Sonnenberger passwd chain if the PAM_PRELIM_CHECK flag is set. 440ade90846SJoerg Sonnenberger 441ade90846SJoerg Sonnenberger - BUGFIX: Clear PAM_AUTHTOK after running the service modules. 442ade90846SJoerg Sonnenberger 443ade90846SJoerg Sonnenberger - ENHANCE: Prevent applications from specifying the PAM_PRELIM_CHECK 444ade90846SJoerg Sonnenberger or PAM_UPDATE_AUTHTOK flags themselves. 445ade90846SJoerg Sonnenberger 446ade90846SJoerg Sonnenberger - BUGFIX: openpam_set_option() did not support changing the value of 447ade90846SJoerg Sonnenberger an existing option. 448ade90846SJoerg Sonnenberger 449ade90846SJoerg Sonnenberger - ENHANCE: Add support for module versioning. OpenPAM will prefer a 450ade90846SJoerg Sonnenberger module with the same version number as the library itself to one 451ade90846SJoerg Sonnenberger with no version number at all. 452ade90846SJoerg Sonnenberger============================================================================ 453ade90846SJoerg SonnenbergerOpenPAM Cantaloupe 2002-02-22 454ade90846SJoerg Sonnenberger 455ade90846SJoerg Sonnenberger - BUGFIX: The proper use of PAM_SYMBOL_ERR is to indicate an invalid 456ade90846SJoerg Sonnenberger argument to pam_[gs]et_item(3), not to indicate dlsym(3) failures. 457ade90846SJoerg Sonnenberger 458ade90846SJoerg Sonnenberger - ENHANCE: Add in-line documentation in most source files, and a Perl 459ade90846SJoerg Sonnenberger script that generates mdoc code from that. 460ade90846SJoerg Sonnenberger 461ade90846SJoerg Sonnenberger - BUGFIX: The environment list was not properly NULL-terminated. 462ade90846SJoerg Sonnenberger 463ade90846SJoerg Sonnenberger - ENHANCE: Allow the PAM_AUTHTOK_PROMPT item to override the prompt 464ade90846SJoerg Sonnenberger specified by the module. 465ade90846SJoerg Sonnenberger 466ade90846SJoerg Sonnenberger - BUGFIX: PAM_NUM_ITEMS was set too low. It has been moved to 467ade90846SJoerg Sonnenberger pam_constants.h to avoid it going stale again. 468ade90846SJoerg Sonnenberger 469ade90846SJoerg Sonnenberger - ENHANCE: Move all code related to static modules into a separate 470ade90846SJoerg Sonnenberger file. 471ade90846SJoerg Sonnenberger 472ade90846SJoerg Sonnenberger - ENHANCE: openpam_ttyconv() now masks most signals while prompting the 473ade90846SJoerg Sonnenberger user, and supports setting a timeout (which defaults to off). 474ade90846SJoerg Sonnenberger 475ade90846SJoerg Sonnenberger - BUGFIX: Some manual pages referenced XSSO even though they 476ade90846SJoerg Sonnenberger documented OpenPAM-specific functions. 477ade90846SJoerg Sonnenberger 478ade90846SJoerg Sonnenberger - ENHANCE: Added openpam_get_option() and openpam_set_option(). 479ade90846SJoerg Sonnenberger 480ade90846SJoerg Sonnenberger - ENHANCE: openpam_get_authtok() now respects the echo_pass, 481ade90846SJoerg Sonnenberger try_first_pass, and use_first_pass options. 482ade90846SJoerg Sonnenberger============================================================================ 483ade90846SJoerg SonnenbergerOpenPAM Caliopsis 2002-02-13 484ade90846SJoerg Sonnenberger 485ade90846SJoerg SonnenbergerFixed a number of bugs in the previous release, including: 486ade90846SJoerg Sonnenberger - a number of bugs in and related to pam_[gs]et_item(3) 487ade90846SJoerg Sonnenberger - off-by-one bug in pam_start.c would trim last character off certain 488ade90846SJoerg Sonnenberger configuration lines 489ade90846SJoerg Sonnenberger - incorrect ordering of an array in openpam_load.c would cause service 490ade90846SJoerg Sonnenberger module functions to get mixed up 491ade90846SJoerg Sonnenberger - missing 'continue' in openpam_dispatch.c caused successes to be 492ade90846SJoerg Sonnenberger counted as failures 493ade90846SJoerg Sonnenberger============================================================================ 494ade90846SJoerg SonnenbergerOpenPAM Calamite 2002-02-09 495ade90846SJoerg Sonnenberger 496ade90846SJoerg SonnenbergerFirst (beta) release. 497