source: openpam/trunk/HISTORY

Last change on this file was 948, checked in by Dag-Erling Smørgrav, 6 months ago

In openpam_ttyconv(3), wait to print the prompt until after we're ready
to accept input. Otherwise, there is a small but non-zero chance that
input provided after the prompt appears is discarded when we flush the
tty buffer.

Submitted by: Brooks Davis <brooks@…>

  • Property svn:eol-style set to native
  • Property svn:mime-type set to text/plain
File size: 18.7 KB
Line 
1OpenPAM ???                                                     2020-07-??
2
3 - BUGFIX: Fix race condition in openpam_ttyconv(3) when used with
4   expect scripts.
5============================================================================
6OpenPAM Tabebuia                                                2019-02-24
7
8 - BUGFIX: Fix off-by-one bug in pam_getenv(3) which was introduced in
9   OpenPAM Radula.
10
11 - ENHANCE: Add unit tests for pam_{get,put,set}env(3).
12============================================================================
13OpenPAM Resedacea                                               2017-04-30
14
15 - BUGFIX: Reinstore the NULL check in pam_end(3) which was removed in
16   OpenPAM Radula, as it breaks common error-handling constructs.
17
18 - BUGFIX: Return PAM_SYMBOL_ERR instead of PAM_SYSTEM_ERR from the
19   dispatcher when the required service function could not be found.
20
21 - ENHANCE: Introduce the PAM_BAD_HANDLE error code for when pamh is
22   NULL in API functions that have a NULL check.
23
24 - ENHANCE: Introduce the PAM_BAD_ITEM, PAM_BAD_FEATURE and
25   PAM_BAD_CONSTANT error codes for situations where we previously
26   incorrectly used PAM_SYMBOL_ERR to denote that an invalid constant
27   had been passed to an API function.
28
29 - ENHANCE: Improve the RETURN VALUES section in API man pages,
30   especially for functions that cannot fail, which were incorrectly
31   documented as returning -1 on failure.
32============================================================================
33OpenPAM Radula                                                  2017-02-19
34
35 - BUGFIX: Fix an inverted test which prevented pam_get_authtok(3) and
36   pam_get_user(3) from using application-provided custom prompts.
37
38 - BUGFIX: Plug a memory leak in pam_set_item(3).
39
40 - BUGFIX: Plug a potential memory leak in openpam_readlinev(3).
41
42 - BUGFIX: In openpam_readword(3), support line continuations within
43   whitespace.
44
45 - ENHANCE: Add a feature flag to control fallback to "other" policy.
46
47 - ENHANCE: Add a pam_return(8) module which returns an arbitrary
48   code specified in the module options.
49
50 - ENHANCE: More and better unit tests.
51============================================================================
52OpenPAM Ourouparia                                              2014-09-12
53
54 - ENHANCE: When executing a chain, require at least one service
55   function to succeed.  This mitigates fail-open scenarios caused by
56   misconfigurations or missing modules.
57
58 - ENHANCE: Make sure to overwrite buffers which may have contained an
59   authentication token when they're no longer needed.
60
61 - BUGFIX: Under certain circumstances, specifying a non-existent
62   module (or misspelling the name of a module) in a policy could
63   result in a fail-open scenario.  (CVE-2014-3879)
64
65 - FEATURE: Add a search path for modules.  This was implemented in
66   Nummularia but inadvertently left out of the release notes.
67
68 - BUGFIX: The is_upper() predicate only accepted the letter A as an
69   upper-case character instead of the entire A-Z range.  As a result,
70   service and module names containing upper-case letters other than A
71   would be rejected.
72============================================================================
73OpenPAM Nummularia                                              2013-09-07
74
75 - ENHANCE: Rewrite the dynamic loader to improve readability and
76   reliability.  Modules can now be listed without the ".so" suffix in
77   the policy file; OpenPAM will automatically add it, just like it
78   will automatically add the version number if required.
79
80 - ENHANCE: Allow openpam_straddch(3) to be called without a character
81   so it can be used to preallocate a string.
82
83 - ENHANCE: Improve portability by adding simple asprintf(3) and
84   vasprintf(3) implementations for platforms that don't have them.
85
86 - ENHANCE: Move the libpam sources into a separate subdirectory.
87
88 - ENHANCE: Substantial documentation improvements.
89
90 - BUGFIX: When openpam_readword(3) encountered an opening quote, it
91   would set the first byte in the buffer to '\0', discarding all
92   existing text and, unless the buffer was empty to begin with, all
93   subsequent text as well.  This went unnoticed because none of the
94   unit tests for quoted strings had any text preceding the opening
95   quote.
96
97 - BUGFIX: make --with-modules-dir work the way it was meant to work
98   (but never did).
99============================================================================
100OpenPAM Micrampelis                                             2012-05-26
101
102 - FEATURE: Add an openpam_readword(3) function which reads the next
103   word from an input stream, applying shell quoting and escaping
104   rules.  Add numerous unit tests for openpam_readword(3).
105
106 - FEATURE: Add an openpam_readlinev(3) function which uses the
107   openpam_readword(3) function to read words from an input stream one
108   at a time until it reaches an unquoted, unescaped newline, and
109   returns an array of those words.  Add several unit tests for
110   openpam_readlinev(3).
111
112 - FEATURE: Add a PAM_HOST item which pam_start(3) initializes to the
113   machine's hostname.  This was implemented in Lycopsida but
114   inadvertantly left out of the release notes.
115
116 - FEATURE: In pam_get_authtok(3), if neither the application nor the
117   module have specified a prompt and PAM_HOST and PAM_RHOST are both
118   defined but not equal, use a different default prompt that includes
119   PAM_USER and PAM_HOST.
120
121 - ENHANCE: Rewrite the policy parser to used openpam_readlinev(),
122   which greatly simplifies the code.
123
124 - ENHANCE: The previous implementation of the policy parser relied on
125   the openpam_readline(3) function, which (by design) munges
126   whitespace and understands neither quotes nor backslash escapes.
127   As a result of the aforementioned rewrite, whitespace, quotes and
128   backslash escapes in policy files are now handled in a consistent
129   and predictable manner.
130
131 - ENHANCE: On platforms that have it, use fdlopen(3) to load modules.
132   This closes the race between the ownership / permission check and
133   the dlopen(3) call.
134
135 - ENHANCE: Reduce the amount of pointless error messages generated
136   while searching for a module.
137
138 - ENHANCE: Numerous documentation improvements, both in content and
139   formatting.
140
141 - BUGFIX: A patch incorporated in Lycopsida inadvertantly changed
142   OpenPAM's behavior when several policies exist for the same
143   service, from ignoring all but the first to concatenating them all.
144   Revert to the original behavior.
145
146 - BUGFIX: Plug a memory leak in the policy parser.
147============================================================================
148OpenPAM Lycopsida                                               2011-12-18
149
150 - ENHANCE: removed static build autodetection, which didn't work
151   anyway.  Use an explicit, user-specified preprocessor variable
152   instead.
153
154 - ENHANCE: cleaned up the documentation a bit.
155
156 - ENHANCE: added openpam_subst(3), allowing certain PAM items to be
157   embedded in strings such as prompts.  Apply it to the prompts used
158   by pam_get_user(3) and pam_get_authtok(3).
159
160 - ENHANCE: added support for the user_prompt, authtok_prompt and
161   oldauthtok_prompt module options, which override the prompts passed
162   by the module to pam_set_user(3) and pam_get_authtok(3).
163
164 - ENHANCE: rewrote the policy parser to support quoted option values.
165
166 - ENHANCE: added pamtest(1), a tool for testing modules and policies.
167
168 - ENHANCE: added code to check the ownership and permissions of a
169   module before loading it.
170
171 - ENHANCE: added / improved input validation in many cases, including
172   the policy file and some function arguments.  (CVE-2011-4122)
173============================================================================
174OpenPAM Hydrangea                                               2007-12-21
175
176 - ENHANCE: when compiling with GCC, mark up API functions with GCC
177   attributes where appropriate.
178
179 - BUGFIX: fixed numerous warnings uncovered by GCC 4.
180
181 - ENHANCE: building the documentation is now optional.
182
183 - ENHANCE: corrected a number of mistakes and style issues in the
184   build system.
185
186 - ENHANCE: API function arguments are now const where appropriate, to
187   match corresponding changes in the Solaris PAM and Linux-PAM APIs.
188
189 - ENHANCE: corrected a number of C namespace violations.
190
191 - ENHANCE: the module cache has been removed, allowing long-lived
192   applications to pick up module changes.  This also allows multiple
193   threads to use PAM simultaneously (as long as they use separate PAM
194   contexts), since the module cache was the only part of OpenPAM that
195   was not thread-safe.
196============================================================================
197OpenPAM Figwort                                                 2005-06-16
198
199 - BUGFIX: Correct several small signedness and initialization bugs
200   discovered during review by the NetBSD team.
201
202 - BUGFIX: Modify gendoc.pl to sort cross-references in dictionary
203   order within each section.
204
205 - ENHANCE: if a policy specifies a relative module path, prepend the
206   module directory so we never call dlopen(3) with a relative path.
207
208 - ENHANCE: add a pam.conf(5) manual page.
209============================================================================
210OpenPAM Feterita                                                2005-02-01
211
212 - BUGFIX: Correct numerous markup errors, invalid cross-references,
213   and other issues in the manual pages, with kind assistance from
214   Ruslan Ermilov <ru@freebsd.org>.
215
216 - BUGFIX: Avoid multiple evaluation of macro arguments in ENTERX()
217   and RETURNX() macros.
218
219 - BUGFIX: Remove an unnecessary and non-portable pointer cast in
220   pam_get_data(3).
221
222 - BUGFIX: Fix identical typos in PAM_ACCT_EXPIRED case in
223   pam_strerror(3) and gendoc.pl.
224
225 - ENHANCE: Minor overhaul of the autoconf / build system.
226
227 - ENHANCE: Add openpam_free_envlist(3).
228============================================================================
229OpenPAM Eelgrass                                                2004-02-10
230
231 - BUGFIX: Correct array handling bugs in conversation code.
232
233 - BUGFIX: In openpam_ttyconv(3), don't strip trailing linear
234   whitespace from the user's response.
235
236 - BUGFIX: Many constness issues addressed.
237============================================================================
238OpenPAM Dogwood                                                 2003-07-15
239
240 - ENHANCE: Use the GNU autotools.
241
242 - ENHANCE: Constify the msg field in struct pam_message.
243
244 - BUGFIX: Remove left-over debugging output
245
246 - BUGFIX: Avoid side effects in arguments to the FREE() macro
247
248 - ENHANCE: Make openpam_ttyconv(3) use read(2) rather than fgets(3).
249
250 - BUGFIX: Staticize some variables which shouldn't be global.
251
252 - BUGFIX: Correcly anticipate a NULL user in pam_get_user(3).
253
254 - ENHANCE: Various minor documentation improvements.
255
256Thanks to Dmitry V. Levin <ldv@altlinux.org> for considerable
257assistance with this release.
258============================================================================
259OpenPAM Digitalis                                               2003-06-01
260
261 - ENHANCE: Completely rewrite the configuration parser and add
262   support for the "include" control flag.
263
264 - ENHANCE: Improve portability to NetBSD, OpenBSD and Linux.
265
266 - ENHANCE: Lots of additional paranoia.
267
268 - BUGFIX: The sample su(1) application dropped privileges before
269   forking instead of after.
270
271 - ENHANCE: Document openpam_log(3).
272
273 - ENHANCE: Other minor documentation fixes.
274
275Thanks to Dmitry V. Levin <ldv@altlinux.org> for considerable
276assistance with this release.
277============================================================================
278OpenPAM Dianthus                                                2003-05-02
279
280 - BUGFIX: Initialize some potentially uninitialized variables.
281
282 - BUGFIX: Silence some warnings emitted by gcc -std=iso9899:1999.
283
284 - BUGFIX: In pam_getenv(), return a pointer to the stored variable
285   instead of a freshly allocated copy.
286
287 - ENHANCE: Detect recursion in openpam_borrow_cred()
288
289 - ENHANCE: Make borrowing one's own credentials a no-op.
290
291 - ENHANCE: Further improve debugging support.
292
293 - ENHANCE: Clean up some variable names.
294============================================================================
295OpenPAM Daffodil                                                2003-01-06
296
297 - ENHANCE: Document dependency on <sys/types.h> (for size_t)
298
299 - ENHANCE: Slightly improve error detection in openpam_ttyconv().
300
301 - BUGFIX: Fix several typos in debugging macros.
302============================================================================
303OpenPAM Cyclamen                                                2002-12-12
304
305 - ENHANCE: Improve recursion detection in openpam_dispatch().
306
307 - ENHANCE: Add debugging messages at entry and exit points of most
308   functions.
309
310 - ENHANCE: Fix some minor style issues.
311
312 - BUGFIX: Add default cases to the switches in openpam_log.c.
313
314 - ENHANCE: Add /usr/local/etc/pam.conf to policy search path.
315
316 - BUGFIX: In openpam_ttyconv(3), print the prompt to stdout rather
317   than stderr.
318============================================================================
319OpenPAM Citronella                                              2002-06-30
320
321 - ENHANCE: Add the "binding" control flag (from Solaris 9).
322
323 - ENHANCE: Define struct pam_repository and PAM_REPOSITORY (from
324   Solaris 9).
325
326 - ENHANCE: Flesh out the pam(3) man page.
327
328 - ENHANCE: Add an openpam(3) page with cross-references to all the
329   documented OpenPAM API extensions.
330
331 - ENHANCE: Add a pam_conv(3) man page describing the conversation
332   system.
333
334 - ENHANCE: Improved sample application.
335
336 - ENHANCE: Added sample pam_unix module.
337
338 - BUGFIX: Various documentation nits.
339============================================================================
340OpenPAM Cinquefoil                                              2002-05-24
341
342 - BUGFIX: Various warnings uncovered by gcc 3.1.
343
344 - ENHANCE: Add a null conversation function, openpam_nullconv(3).
345
346 - BUGFIX: Initialize the "other" chain to all zeroes.
347
348 - ENHANCE: Document openpam_ttyconv(3).
349============================================================================
350OpenPAM Cinnamon                                                2002-05-02
351
352 - ENHANCE: Add a null conversation function, openpam_nullconv().
353
354 - BUGFIX: Various markup bugs in the documentation.
355
356 - BUGFIX: Document <security/openpam.h>.
357
358 - BUGFIX: Duplicate expansion of openpam_log() macro arguments.
359
360 - ENHANCE: Restructure the policy-loading code and align our use of
361   the "other" policy with Solaris and Linux-PAM.
362
363 - ENHANCE: Log dlopen() and dlsym() failures.
364
365 - ENHANCE: In openpam_ttyconv(), emit a newline after error and info
366   messages unless the message contains one already.
367
368 - BUGFIX: In pam_vprompt(), initialize the response pointer to NULL
369   so we can detect whether the conversation function touched it.
370============================================================================
371OpenPAM Cineraria                                               2002-04-14
372
373 - BUGFIX: Fix confusion between token and prompt in
374   pam_get_authtok(3).
375
376 - ENHANCE: Improved documentation.
377
378 - ENHANCE: Adopt the same preprocessor tricks that were used in
379   FreeBSD's version of Linux-PAM to simplify static linking without
380   requiring dummy primitives.
381
382 - ENHANCE: Move the policy-loading code out of pam_start.c.
383
384 - BUGFIX: Fix typo in one of the versions of the openpam_log macro.
385
386 - ENHANCE: Add versioning macros.
387============================================================================
388OpenPAM Cinchona                                                2002-04-08
389
390 - ENHANCE: Improved documentation for several API functions.
391
392 - BUGFIX: Fix bug in pam_set_data() that would result in corruption
393   of the module data list.
394
395 - BUGFIX: Allocate the correct amount of memory for the environment
396   list in pam_putenv().
397
398 - ENHANCE: Change pam_get_authtok()'s prototype so the caller can
399   specify what token it wants.  Also introduce PAM_OLDAUTHTOK_PROMPT.
400
401 - BUGFIX: Plug memory leak in pam_get_user() / pam_get_authtok(), and
402   reduce differences between these very similar functions.
403
404 - ENHANCE: Check flags carefully in pam_authenticate() and
405   pam_chauthtok().
406
407 - BUGFIX: Fix bugs in portability code; libpam now builds on NetBSD.
408
409 - ENHANCE: In pam_get_authtok(), if PAM_OLDAUTHTOK is set, we're
410   asked for PAM_AUTHTOK, and we have to prompt the user, prompt her
411   twice and compare the responses.
412
413 - ENHANCE: Add openpam_{borrow,restore}_cred(), for temporarily
414   switching to user credentials.
415
416 - ENHANCE: Add openpam_free_data(), a generic cleanup function for
417   pam_set_data() consumers.
418============================================================================
419OpenPAM Centaury                                                2002-03-14
420
421 - BUGFIX: Add missing #include <string.h> to openpam_log.c.
422
423 - BUGFIX: s/PAM_REINITIALISE_CRED/PAM_REINITIALIZE_CRED/.  XSSO uses
424   the former, but Solaris and Linux-PAM use the latter.
425
426 - BUGFIX: The dynamic loader and the module cache contained a number
427   of bugs which would cause a segmentation fault if pam_start(3) was
428   called again after pam_end(3), as happens in login(1), xdm(1) etc.
429   after a failed login.
430
431 - BUGFIX: Refer to a module by the name used in the policy file, even
432   if the module that was actually loaded was versioned.
433
434 - ENHANCE: Suppress debugging logs, unless compiled with -DDEBUG.
435============================================================================
436OpenPAM Celandine                                               2002-03-05
437
438 - BUGFIX: PAM_TRY_AGAIN is a valid return value for pam_chauthtok().
439
440 - BUGFIX: Run passwd chain twice, first with the PAM_PRELIM_CHECK
441   flag set, then with the PAM_UPDATE_AUTHTOK flag set.
442
443 - BUGFIX: Failure of a "sufficient" module should not terminate the
444   passwd chain if the PAM_PRELIM_CHECK flag is set.
445
446 - BUGFIX: Clear PAM_AUTHTOK after running the service modules.
447
448 - ENHANCE: Prevent applications from specifying the PAM_PRELIM_CHECK
449   or PAM_UPDATE_AUTHTOK flags themselves.
450
451 - BUGFIX: openpam_set_option() did not support changing the value of
452   an existing option.
453
454 - ENHANCE: Add support for module versioning.  OpenPAM will prefer a
455   module with the same version number as the library itself to one
456   with no version number at all.
457============================================================================
458OpenPAM Cantaloupe                                              2002-02-22
459
460 - BUGFIX: The proper use of PAM_SYMBOL_ERR is to indicate an invalid
461   argument to pam_[gs]et_item(3), not to indicate dlsym(3) failures.
462
463 - ENHANCE: Add in-line documentation in most source files, and a Perl
464   script that generates mdoc code from that.
465
466 - BUGFIX: The environment list was not properly NULL-terminated.
467
468 - ENHANCE: Allow the PAM_AUTHTOK_PROMPT item to override the prompt
469   specified by the module.
470
471 - BUGFIX: PAM_NUM_ITEMS was set too low.  It has been moved to
472   pam_constants.h to avoid it going stale again.
473
474 - ENHANCE: Move all code related to static modules into a separate
475   file.
476
477 - ENHANCE: openpam_ttyconv() now masks most signals while prompting the
478   user, and supports setting a timeout (which defaults to off).
479
480 - BUGFIX: Some manual pages referenced XSSO even though they
481   documented OpenPAM-specific functions.
482
483 - ENHANCE: Added openpam_get_option() and openpam_set_option().
484
485 - ENHANCE: openpam_get_authtok() now respects the echo_pass,
486   try_first_pass, and use_first_pass options.
487============================================================================
488OpenPAM Caliopsis                                               2002-02-13
489
490Fixed a number of bugs in the previous release, including:
491  - a number of bugs in and related to pam_[gs]et_item(3)
492  - off-by-one bug in pam_start.c would trim last character off certain
493    configuration lines
494  - incorrect ordering of an array in openpam_load.c would cause service
495    module functions to get mixed up
496  - missing 'continue' in openpam_dispatch.c caused successes to be
497    counted as failures
498============================================================================
499OpenPAM Calamite                                                2002-02-09
500
501First (beta) release.
Note: See TracBrowser for help on using the repository browser.