1 OpenPAM Zingiber 2025-05-31 2 3 - BUGFIX: In openpam_borrow_cred(3), the wrong debugging macro was 4 being used, which resulted in an attempt to interpret the target 5 UID as an item identifier. 6 7 - ENHANCE: Allow missing modules or subpolicies to be ignored. 8 9 - ENHANCE: Previously, OpenPAM was hardcoded to look for policies in 10 /usr/local/etc in addition to /etc and modules in /usr/local/lib in 11 addition to /usr/lib. This is now configurable at compile time. 12 ============================================================================ 13 OpenPAM Ximenia 2023-06-27 14 15 - BUGFIX: Fix race condition in openpam_ttyconv(3) when used with 16 expect scripts. 17 18 - BUGFIX: In openpam_set_option(3), when removing an option, properly 19 decrement the option count. 20 21 - BUGFIX: In openpam_subst(3), avoid incrementing past the end of the 22 template. 23 ============================================================================ 24 OpenPAM Tabebuia 2019-02-24 25 26 - BUGFIX: Fix off-by-one bug in pam_getenv(3) which was introduced in 27 OpenPAM Radula. 28 29 - ENHANCE: Add unit tests for pam_{get,put,set}env(3). 30 ============================================================================ 31 OpenPAM Resedacea 2017-04-30 32 33 - BUGFIX: Reinstore the NULL check in pam_end(3) which was removed in 34 OpenPAM Radula, as it breaks common error-handling constructs. 35 36 - BUGFIX: Return PAM_SYMBOL_ERR instead of PAM_SYSTEM_ERR from the 37 dispatcher when the required service function could not be found. 38 39 - ENHANCE: Introduce the PAM_BAD_HANDLE error code for when pamh is 40 NULL in API functions that have a NULL check. 41 42 - ENHANCE: Introduce the PAM_BAD_ITEM, PAM_BAD_FEATURE and 43 PAM_BAD_CONSTANT error codes for situations where we previously 44 incorrectly used PAM_SYMBOL_ERR to denote that an invalid constant 45 had been passed to an API function. 46 47 - ENHANCE: Improve the RETURN VALUES section in API man pages, 48 especially for functions that cannot fail, which were incorrectly 49 documented as returning -1 on failure. 50 ============================================================================ 51 OpenPAM Radula 2017-02-19 52 53 - BUGFIX: Fix an inverted test which prevented pam_get_authtok(3) and 54 pam_get_user(3) from using application-provided custom prompts. 55 56 - BUGFIX: Plug a memory leak in pam_set_item(3). 57 58 - BUGFIX: Plug a potential memory leak in openpam_readlinev(3). 59 60 - BUGFIX: In openpam_readword(3), support line continuations within 61 whitespace. 62 63 - ENHANCE: Add a feature flag to control fallback to "other" policy. 64 65 - ENHANCE: Add a pam_return(8) module which returns an arbitrary 66 code specified in the module options. 67 68 - ENHANCE: More and better unit tests. 69 ============================================================================ 70 OpenPAM Ourouparia 2014-09-12 71 72 - ENHANCE: When executing a chain, require at least one service 73 function to succeed. This mitigates fail-open scenarios caused by 74 misconfigurations or missing modules. 75 76 - ENHANCE: Make sure to overwrite buffers which may have contained an 77 authentication token when they're no longer needed. 78 79 - BUGFIX: Under certain circumstances, specifying a non-existent 80 module (or misspelling the name of a module) in a policy could 81 result in a fail-open scenario. (CVE-2014-3879) 82 83 - FEATURE: Add a search path for modules. This was implemented in 84 Nummularia but inadvertently left out of the release notes. 85 86 - BUGFIX: The is_upper() predicate only accepted the letter A as an 87 upper-case character instead of the entire A-Z range. As a result, 88 service and module names containing upper-case letters other than A 89 would be rejected. 90 ============================================================================ 91 OpenPAM Nummularia 2013-09-07 92 93 - ENHANCE: Rewrite the dynamic loader to improve readability and 94 reliability. Modules can now be listed without the ".so" suffix in 95 the policy file; OpenPAM will automatically add it, just like it 96 will automatically add the version number if required. 97 98 - ENHANCE: Allow openpam_straddch(3) to be called without a character 99 so it can be used to preallocate a string. 100 101 - ENHANCE: Improve portability by adding simple asprintf(3) and 102 vasprintf(3) implementations for platforms that don't have them. 103 104 - ENHANCE: Move the libpam sources into a separate subdirectory. 105 106 - ENHANCE: Substantial documentation improvements. 107 108 - BUGFIX: When openpam_readword(3) encountered an opening quote, it 109 would set the first byte in the buffer to '\0', discarding all 110 existing text and, unless the buffer was empty to begin with, all 111 subsequent text as well. This went unnoticed because none of the 112 unit tests for quoted strings had any text preceding the opening 113 quote. 114 115 - BUGFIX: make --with-modules-dir work the way it was meant to work 116 (but never did). 117 ============================================================================ 118 OpenPAM Micrampelis 2012-05-26 119 120 - FEATURE: Add an openpam_readword(3) function which reads the next 121 word from an input stream, applying shell quoting and escaping 122 rules. Add numerous unit tests for openpam_readword(3). 123 124 - FEATURE: Add an openpam_readlinev(3) function which uses the 125 openpam_readword(3) function to read words from an input stream one 126 at a time until it reaches an unquoted, unescaped newline, and 127 returns an array of those words. Add several unit tests for 128 openpam_readlinev(3). 129 130 - FEATURE: Add a PAM_HOST item which pam_start(3) initializes to the 131 machine's hostname. This was implemented in Lycopsida but 132 inadvertantly left out of the release notes. 133 134 - FEATURE: In pam_get_authtok(3), if neither the application nor the 135 module have specified a prompt and PAM_HOST and PAM_RHOST are both 136 defined but not equal, use a different default prompt that includes 137 PAM_USER and PAM_HOST. 138 139 - ENHANCE: Rewrite the policy parser to used openpam_readlinev(), 140 which greatly simplifies the code. 141 142 - ENHANCE: The previous implementation of the policy parser relied on 143 the openpam_readline(3) function, which (by design) munges 144 whitespace and understands neither quotes nor backslash escapes. 145 As a result of the aforementioned rewrite, whitespace, quotes and 146 backslash escapes in policy files are now handled in a consistent 147 and predictable manner. 148 149 - ENHANCE: On platforms that have it, use fdlopen(3) to load modules. 150 This closes the race between the ownership / permission check and 151 the dlopen(3) call. 152 153 - ENHANCE: Reduce the amount of pointless error messages generated 154 while searching for a module. 155 156 - ENHANCE: Numerous documentation improvements, both in content and 157 formatting. 158 159 - BUGFIX: A patch incorporated in Lycopsida inadvertantly changed 160 OpenPAM's behavior when several policies exist for the same 161 service, from ignoring all but the first to concatenating them all. 162 Revert to the original behavior. 163 164 - BUGFIX: Plug a memory leak in the policy parser. 165 ============================================================================ 166 OpenPAM Lycopsida 2011-12-18 167 168 - ENHANCE: removed static build autodetection, which didn't work 169 anyway. Use an explicit, user-specified preprocessor variable 170 instead. 171 172 - ENHANCE: cleaned up the documentation a bit. 173 174 - ENHANCE: added openpam_subst(3), allowing certain PAM items to be 175 embedded in strings such as prompts. Apply it to the prompts used 176 by pam_get_user(3) and pam_get_authtok(3). 177 178 - ENHANCE: added support for the user_prompt, authtok_prompt and 179 oldauthtok_prompt module options, which override the prompts passed 180 by the module to pam_set_user(3) and pam_get_authtok(3). 181 182 - ENHANCE: rewrote the policy parser to support quoted option values. 183 184 - ENHANCE: added pamtest(1), a tool for testing modules and policies. 185 186 - ENHANCE: added code to check the ownership and permissions of a 187 module before loading it. 188 189 - ENHANCE: added / improved input validation in many cases, including 190 the policy file and some function arguments. (CVE-2011-4122) 191 ============================================================================ 192 OpenPAM Hydrangea 2007-12-21 193 194 - ENHANCE: when compiling with GCC, mark up API functions with GCC 195 attributes where appropriate. 196 197 - BUGFIX: fixed numerous warnings uncovered by GCC 4. 198 199 - ENHANCE: building the documentation is now optional. 200 201 - ENHANCE: corrected a number of mistakes and style issues in the 202 build system. 203 204 - ENHANCE: API function arguments are now const where appropriate, to 205 match corresponding changes in the Solaris PAM and Linux-PAM APIs. 206 207 - ENHANCE: corrected a number of C namespace violations. 208 209 - ENHANCE: the module cache has been removed, allowing long-lived 210 applications to pick up module changes. This also allows multiple 211 threads to use PAM simultaneously (as long as they use separate PAM 212 contexts), since the module cache was the only part of OpenPAM that 213 was not thread-safe. 214 ============================================================================ 215 OpenPAM Figwort 2005-06-16 216 217 - BUGFIX: Correct several small signedness and initialization bugs 218 discovered during review by the NetBSD team. 219 220 - BUGFIX: Modify gendoc.pl to sort cross-references in dictionary 221 order within each section. 222 223 - ENHANCE: if a policy specifies a relative module path, prepend the 224 module directory so we never call dlopen(3) with a relative path. 225 226 - ENHANCE: add a pam.conf(5) manual page. 227 ============================================================================ 228 OpenPAM Feterita 2005-02-01 229 230 - BUGFIX: Correct numerous markup errors, invalid cross-references, 231 and other issues in the manual pages, with kind assistance from 232 Ruslan Ermilov <ru (a] freebsd.org>. 233 234 - BUGFIX: Avoid multiple evaluation of macro arguments in ENTERX() 235 and RETURNX() macros. 236 237 - BUGFIX: Remove an unnecessary and non-portable pointer cast in 238 pam_get_data(3). 239 240 - BUGFIX: Fix identical typos in PAM_ACCT_EXPIRED case in 241 pam_strerror(3) and gendoc.pl. 242 243 - ENHANCE: Minor overhaul of the autoconf / build system. 244 245 - ENHANCE: Add openpam_free_envlist(3). 246 ============================================================================ 247 OpenPAM Eelgrass 2004-02-10 248 249 - BUGFIX: Correct array handling bugs in conversation code. 250 251 - BUGFIX: In openpam_ttyconv(3), don't strip trailing linear 252 whitespace from the user's response. 253 254 - BUGFIX: Many constness issues addressed. 255 ============================================================================ 256 OpenPAM Dogwood 2003-07-15 257 258 - ENHANCE: Use the GNU autotools. 259 260 - ENHANCE: Constify the msg field in struct pam_message. 261 262 - BUGFIX: Remove left-over debugging output 263 264 - BUGFIX: Avoid side effects in arguments to the FREE() macro 265 266 - ENHANCE: Make openpam_ttyconv(3) use read(2) rather than fgets(3). 267 268 - BUGFIX: Staticize some variables which shouldn't be global. 269 270 - BUGFIX: Correcly anticipate a NULL user in pam_get_user(3). 271 272 - ENHANCE: Various minor documentation improvements. 273 274 Thanks to Dmitry V. Levin <ldv (a] altlinux.org> for considerable 275 assistance with this release. 276 ============================================================================ 277 OpenPAM Digitalis 2003-06-01 278 279 - ENHANCE: Completely rewrite the configuration parser and add 280 support for the "include" control flag. 281 282 - ENHANCE: Improve portability to NetBSD, OpenBSD and Linux. 283 284 - ENHANCE: Lots of additional paranoia. 285 286 - BUGFIX: The sample su(1) application dropped privileges before 287 forking instead of after. 288 289 - ENHANCE: Document openpam_log(3). 290 291 - ENHANCE: Other minor documentation fixes. 292 293 Thanks to Dmitry V. Levin <ldv (a] altlinux.org> for considerable 294 assistance with this release. 295 ============================================================================ 296 OpenPAM Dianthus 2003-05-02 297 298 - BUGFIX: Initialize some potentially uninitialized variables. 299 300 - BUGFIX: Silence some warnings emitted by gcc -std=iso9899:1999. 301 302 - BUGFIX: In pam_getenv(), return a pointer to the stored variable 303 instead of a freshly allocated copy. 304 305 - ENHANCE: Detect recursion in openpam_borrow_cred() 306 307 - ENHANCE: Make borrowing one's own credentials a no-op. 308 309 - ENHANCE: Further improve debugging support. 310 311 - ENHANCE: Clean up some variable names. 312 ============================================================================ 313 OpenPAM Daffodil 2003-01-06 314 315 - ENHANCE: Document dependency on <sys/types.h> (for size_t) 316 317 - ENHANCE: Slightly improve error detection in openpam_ttyconv(). 318 319 - BUGFIX: Fix several typos in debugging macros. 320 ============================================================================ 321 OpenPAM Cyclamen 2002-12-12 322 323 - ENHANCE: Improve recursion detection in openpam_dispatch(). 324 325 - ENHANCE: Add debugging messages at entry and exit points of most 326 functions. 327 328 - ENHANCE: Fix some minor style issues. 329 330 - BUGFIX: Add default cases to the switches in openpam_log.c. 331 332 - ENHANCE: Add /usr/local/etc/pam.conf to policy search path. 333 334 - BUGFIX: In openpam_ttyconv(3), print the prompt to stdout rather 335 than stderr. 336 ============================================================================ 337 OpenPAM Citronella 2002-06-30 338 339 - ENHANCE: Add the "binding" control flag (from Solaris 9). 340 341 - ENHANCE: Define struct pam_repository and PAM_REPOSITORY (from 342 Solaris 9). 343 344 - ENHANCE: Flesh out the pam(3) man page. 345 346 - ENHANCE: Add an openpam(3) page with cross-references to all the 347 documented OpenPAM API extensions. 348 349 - ENHANCE: Add a pam_conv(3) man page describing the conversation 350 system. 351 352 - ENHANCE: Improved sample application. 353 354 - ENHANCE: Added sample pam_unix module. 355 356 - BUGFIX: Various documentation nits. 357 ============================================================================ 358 OpenPAM Cinquefoil 2002-05-24 359 360 - BUGFIX: Various warnings uncovered by gcc 3.1. 361 362 - ENHANCE: Add a null conversation function, openpam_nullconv(3). 363 364 - BUGFIX: Initialize the "other" chain to all zeroes. 365 366 - ENHANCE: Document openpam_ttyconv(3). 367 ============================================================================ 368 OpenPAM Cinnamon 2002-05-02 369 370 - ENHANCE: Add a null conversation function, openpam_nullconv(). 371 372 - BUGFIX: Various markup bugs in the documentation. 373 374 - BUGFIX: Document <security/openpam.h>. 375 376 - BUGFIX: Duplicate expansion of openpam_log() macro arguments. 377 378 - ENHANCE: Restructure the policy-loading code and align our use of 379 the "other" policy with Solaris and Linux-PAM. 380 381 - ENHANCE: Log dlopen() and dlsym() failures. 382 383 - ENHANCE: In openpam_ttyconv(), emit a newline after error and info 384 messages unless the message contains one already. 385 386 - BUGFIX: In pam_vprompt(), initialize the response pointer to NULL 387 so we can detect whether the conversation function touched it. 388 ============================================================================ 389 OpenPAM Cineraria 2002-04-14 390 391 - BUGFIX: Fix confusion between token and prompt in 392 pam_get_authtok(3). 393 394 - ENHANCE: Improved documentation. 395 396 - ENHANCE: Adopt the same preprocessor tricks that were used in 397 FreeBSD's version of Linux-PAM to simplify static linking without 398 requiring dummy primitives. 399 400 - ENHANCE: Move the policy-loading code out of pam_start.c. 401 402 - BUGFIX: Fix typo in one of the versions of the openpam_log macro. 403 404 - ENHANCE: Add versioning macros. 405 ============================================================================ 406 OpenPAM Cinchona 2002-04-08 407 408 - ENHANCE: Improved documentation for several API functions. 409 410 - BUGFIX: Fix bug in pam_set_data() that would result in corruption 411 of the module data list. 412 413 - BUGFIX: Allocate the correct amount of memory for the environment 414 list in pam_putenv(). 415 416 - ENHANCE: Change pam_get_authtok()'s prototype so the caller can 417 specify what token it wants. Also introduce PAM_OLDAUTHTOK_PROMPT. 418 419 - BUGFIX: Plug memory leak in pam_get_user() / pam_get_authtok(), and 420 reduce differences between these very similar functions. 421 422 - ENHANCE: Check flags carefully in pam_authenticate() and 423 pam_chauthtok(). 424 425 - BUGFIX: Fix bugs in portability code; libpam now builds on NetBSD. 426 427 - ENHANCE: In pam_get_authtok(), if PAM_OLDAUTHTOK is set, we're 428 asked for PAM_AUTHTOK, and we have to prompt the user, prompt her 429 twice and compare the responses. 430 431 - ENHANCE: Add openpam_{borrow,restore}_cred(), for temporarily 432 switching to user credentials. 433 434 - ENHANCE: Add openpam_free_data(), a generic cleanup function for 435 pam_set_data() consumers. 436 ============================================================================ 437 OpenPAM Centaury 2002-03-14 438 439 - BUGFIX: Add missing #include <string.h> to openpam_log.c. 440 441 - BUGFIX: s/PAM_REINITIALISE_CRED/PAM_REINITIALIZE_CRED/. XSSO uses 442 the former, but Solaris and Linux-PAM use the latter. 443 444 - BUGFIX: The dynamic loader and the module cache contained a number 445 of bugs which would cause a segmentation fault if pam_start(3) was 446 called again after pam_end(3), as happens in login(1), xdm(1) etc. 447 after a failed login. 448 449 - BUGFIX: Refer to a module by the name used in the policy file, even 450 if the module that was actually loaded was versioned. 451 452 - ENHANCE: Suppress debugging logs, unless compiled with -DDEBUG. 453 ============================================================================ 454 OpenPAM Celandine 2002-03-05 455 456 - BUGFIX: PAM_TRY_AGAIN is a valid return value for pam_chauthtok(). 457 458 - BUGFIX: Run passwd chain twice, first with the PAM_PRELIM_CHECK 459 flag set, then with the PAM_UPDATE_AUTHTOK flag set. 460 461 - BUGFIX: Failure of a "sufficient" module should not terminate the 462 passwd chain if the PAM_PRELIM_CHECK flag is set. 463 464 - BUGFIX: Clear PAM_AUTHTOK after running the service modules. 465 466 - ENHANCE: Prevent applications from specifying the PAM_PRELIM_CHECK 467 or PAM_UPDATE_AUTHTOK flags themselves. 468 469 - BUGFIX: openpam_set_option() did not support changing the value of 470 an existing option. 471 472 - ENHANCE: Add support for module versioning. OpenPAM will prefer a 473 module with the same version number as the library itself to one 474 with no version number at all. 475 ============================================================================ 476 OpenPAM Cantaloupe 2002-02-22 477 478 - BUGFIX: The proper use of PAM_SYMBOL_ERR is to indicate an invalid 479 argument to pam_[gs]et_item(3), not to indicate dlsym(3) failures. 480 481 - ENHANCE: Add in-line documentation in most source files, and a Perl 482 script that generates mdoc code from that. 483 484 - BUGFIX: The environment list was not properly NULL-terminated. 485 486 - ENHANCE: Allow the PAM_AUTHTOK_PROMPT item to override the prompt 487 specified by the module. 488 489 - BUGFIX: PAM_NUM_ITEMS was set too low. It has been moved to 490 pam_constants.h to avoid it going stale again. 491 492 - ENHANCE: Move all code related to static modules into a separate 493 file. 494 495 - ENHANCE: openpam_ttyconv() now masks most signals while prompting the 496 user, and supports setting a timeout (which defaults to off). 497 498 - BUGFIX: Some manual pages referenced XSSO even though they 499 documented OpenPAM-specific functions. 500 501 - ENHANCE: Added openpam_get_option() and openpam_set_option(). 502 503 - ENHANCE: openpam_get_authtok() now respects the echo_pass, 504 try_first_pass, and use_first_pass options. 505 ============================================================================ 506 OpenPAM Caliopsis 2002-02-13 507 508 Fixed a number of bugs in the previous release, including: 509 - a number of bugs in and related to pam_[gs]et_item(3) 510 - off-by-one bug in pam_start.c would trim last character off certain 511 configuration lines 512 - incorrect ordering of an array in openpam_load.c would cause service 513 module functions to get mixed up 514 - missing 'continue' in openpam_dispatch.c caused successes to be 515 counted as failures 516 ============================================================================ 517 OpenPAM Calamite 2002-02-09 518 519 First (beta) release. 520
Indexes created Fri Jun 19 00:25:02 UTC 2026