1 OpenPAM Ximenia 2023-06-27
3 - BUGFIX: Fix race condition in openpam_ttyconv(3) when used with
6 - BUGFIX: In openpam_set_option(3), when removing an option, properly
7 decrement the option count.
9 - BUGFIX: In openpam_subst(3), avoid incrementing past the end of the
11 ============================================================================
12 OpenPAM Tabebuia 2019-02-24
14 - BUGFIX: Fix off-by-one bug in pam_getenv(3) which was introduced in
17 - ENHANCE: Add unit tests for pam_{get,put,set}env(3).
18 ============================================================================
19 OpenPAM Resedacea 2017-04-30
21 - BUGFIX: Reinstore the NULL check in pam_end(3) which was removed in
22 OpenPAM Radula, as it breaks common error-handling constructs.
24 - BUGFIX: Return PAM_SYMBOL_ERR instead of PAM_SYSTEM_ERR from the
25 dispatcher when the required service function could not be found.
27 - ENHANCE: Introduce the PAM_BAD_HANDLE error code for when pamh is
28 NULL in API functions that have a NULL check.
30 - ENHANCE: Introduce the PAM_BAD_ITEM, PAM_BAD_FEATURE and
31 PAM_BAD_CONSTANT error codes for situations where we previously
32 incorrectly used PAM_SYMBOL_ERR to denote that an invalid constant
33 had been passed to an API function.
35 - ENHANCE: Improve the RETURN VALUES section in API man pages,
36 especially for functions that cannot fail, which were incorrectly
37 documented as returning -1 on failure.
38 ============================================================================
39 OpenPAM Radula 2017-02-19
41 - BUGFIX: Fix an inverted test which prevented pam_get_authtok(3) and
42 pam_get_user(3) from using application-provided custom prompts.
44 - BUGFIX: Plug a memory leak in pam_set_item(3).
46 - BUGFIX: Plug a potential memory leak in openpam_readlinev(3).
48 - BUGFIX: In openpam_readword(3), support line continuations within
51 - ENHANCE: Add a feature flag to control fallback to "other" policy.
53 - ENHANCE: Add a pam_return(8) module which returns an arbitrary
54 code specified in the module options.
56 - ENHANCE: More and better unit tests.
57 ============================================================================
58 OpenPAM Ourouparia 2014-09-12
60 - ENHANCE: When executing a chain, require at least one service
61 function to succeed. This mitigates fail-open scenarios caused by
62 misconfigurations or missing modules.
64 - ENHANCE: Make sure to overwrite buffers which may have contained an
65 authentication token when they're no longer needed.
67 - BUGFIX: Under certain circumstances, specifying a non-existent
68 module (or misspelling the name of a module) in a policy could
69 result in a fail-open scenario. (CVE-2014-3879)
71 - FEATURE: Add a search path for modules. This was implemented in
72 Nummularia but inadvertently left out of the release notes.
74 - BUGFIX: The is_upper() predicate only accepted the letter A as an
75 upper-case character instead of the entire A-Z range. As a result,
76 service and module names containing upper-case letters other than A
78 ============================================================================
79 OpenPAM Nummularia 2013-09-07
81 - ENHANCE: Rewrite the dynamic loader to improve readability and
82 reliability. Modules can now be listed without the ".so" suffix in
83 the policy file; OpenPAM will automatically add it, just like it
84 will automatically add the version number if required.
86 - ENHANCE: Allow openpam_straddch(3) to be called without a character
87 so it can be used to preallocate a string.
89 - ENHANCE: Improve portability by adding simple asprintf(3) and
90 vasprintf(3) implementations for platforms that don't have them.
92 - ENHANCE: Move the libpam sources into a separate subdirectory.
94 - ENHANCE: Substantial documentation improvements.
96 - BUGFIX: When openpam_readword(3) encountered an opening quote, it
97 would set the first byte in the buffer to '\0', discarding all
98 existing text and, unless the buffer was empty to begin with, all
99 subsequent text as well. This went unnoticed because none of the
100 unit tests for quoted strings had any text preceding the opening
103 - BUGFIX: make --with-modules-dir work the way it was meant to work
105 ============================================================================
106 OpenPAM Micrampelis 2012-05-26
108 - FEATURE: Add an openpam_readword(3) function which reads the next
109 word from an input stream, applying shell quoting and escaping
110 rules. Add numerous unit tests for openpam_readword(3).
112 - FEATURE: Add an openpam_readlinev(3) function which uses the
113 openpam_readword(3) function to read words from an input stream one
114 at a time until it reaches an unquoted, unescaped newline, and
115 returns an array of those words. Add several unit tests for
116 openpam_readlinev(3).
118 - FEATURE: Add a PAM_HOST item which pam_start(3) initializes to the
119 machine's hostname. This was implemented in Lycopsida but
120 inadvertantly left out of the release notes.
122 - FEATURE: In pam_get_authtok(3), if neither the application nor the
123 module have specified a prompt and PAM_HOST and PAM_RHOST are both
124 defined but not equal, use a different default prompt that includes
125 PAM_USER and PAM_HOST.
127 - ENHANCE: Rewrite the policy parser to used openpam_readlinev(),
128 which greatly simplifies the code.
130 - ENHANCE: The previous implementation of the policy parser relied on
131 the openpam_readline(3) function, which (by design) munges
132 whitespace and understands neither quotes nor backslash escapes.
133 As a result of the aforementioned rewrite, whitespace, quotes and
134 backslash escapes in policy files are now handled in a consistent
135 and predictable manner.
137 - ENHANCE: On platforms that have it, use fdlopen(3) to load modules.
138 This closes the race between the ownership / permission check and
141 - ENHANCE: Reduce the amount of pointless error messages generated
142 while searching for a module.
144 - ENHANCE: Numerous documentation improvements, both in content and
147 - BUGFIX: A patch incorporated in Lycopsida inadvertantly changed
148 OpenPAM's behavior when several policies exist for the same
149 service, from ignoring all but the first to concatenating them all.
150 Revert to the original behavior.
152 - BUGFIX: Plug a memory leak in the policy parser.
153 ============================================================================
154 OpenPAM Lycopsida 2011-12-18
156 - ENHANCE: removed static build autodetection, which didn't work
157 anyway. Use an explicit, user-specified preprocessor variable
160 - ENHANCE: cleaned up the documentation a bit.
162 - ENHANCE: added openpam_subst(3), allowing certain PAM items to be
163 embedded in strings such as prompts. Apply it to the prompts used
164 by pam_get_user(3) and pam_get_authtok(3).
166 - ENHANCE: added support for the user_prompt, authtok_prompt and
167 oldauthtok_prompt module options, which override the prompts passed
168 by the module to pam_set_user(3) and pam_get_authtok(3).
170 - ENHANCE: rewrote the policy parser to support quoted option values.
172 - ENHANCE: added pamtest(1), a tool for testing modules and policies.
174 - ENHANCE: added code to check the ownership and permissions of a
175 module before loading it.
177 - ENHANCE: added / improved input validation in many cases, including
178 the policy file and some function arguments. (CVE-2011-4122)
179 ============================================================================
180 OpenPAM Hydrangea 2007-12-21
182 - ENHANCE: when compiling with GCC, mark up API functions with GCC
183 attributes where appropriate.
185 - BUGFIX: fixed numerous warnings uncovered by GCC 4.
187 - ENHANCE: building the documentation is now optional.
189 - ENHANCE: corrected a number of mistakes and style issues in the
192 - ENHANCE: API function arguments are now const where appropriate, to
193 match corresponding changes in the Solaris PAM and Linux-PAM APIs.
195 - ENHANCE: corrected a number of C namespace violations.
197 - ENHANCE: the module cache has been removed, allowing long-lived
198 applications to pick up module changes. This also allows multiple
199 threads to use PAM simultaneously (as long as they use separate PAM
200 contexts), since the module cache was the only part of OpenPAM that
202 ============================================================================
203 OpenPAM Figwort 2005-06-16
205 - BUGFIX: Correct several small signedness and initialization bugs
206 discovered during review by the NetBSD team.
208 - BUGFIX: Modify gendoc.pl to sort cross-references in dictionary
209 order within each section.
211 - ENHANCE: if a policy specifies a relative module path, prepend the
212 module directory so we never call dlopen(3) with a relative path.
214 - ENHANCE: add a pam.conf(5) manual page.
215 ============================================================================
216 OpenPAM Feterita 2005-02-01
218 - BUGFIX: Correct numerous markup errors, invalid cross-references,
219 and other issues in the manual pages, with kind assistance from
220 Ruslan Ermilov <ru@freebsd.org>.
222 - BUGFIX: Avoid multiple evaluation of macro arguments in ENTERX()
223 and RETURNX() macros.
225 - BUGFIX: Remove an unnecessary and non-portable pointer cast in
228 - BUGFIX: Fix identical typos in PAM_ACCT_EXPIRED case in
229 pam_strerror(3) and gendoc.pl.
231 - ENHANCE: Minor overhaul of the autoconf / build system.
233 - ENHANCE: Add openpam_free_envlist(3).
234 ============================================================================
235 OpenPAM Eelgrass 2004-02-10
237 - BUGFIX: Correct array handling bugs in conversation code.
239 - BUGFIX: In openpam_ttyconv(3), don't strip trailing linear
240 whitespace from the user's response.
242 - BUGFIX: Many constness issues addressed.
243 ============================================================================
244 OpenPAM Dogwood 2003-07-15
246 - ENHANCE: Use the GNU autotools.
248 - ENHANCE: Constify the msg field in struct pam_message.
250 - BUGFIX: Remove left-over debugging output
252 - BUGFIX: Avoid side effects in arguments to the FREE() macro
254 - ENHANCE: Make openpam_ttyconv(3) use read(2) rather than fgets(3).
256 - BUGFIX: Staticize some variables which shouldn't be global.
258 - BUGFIX: Correcly anticipate a NULL user in pam_get_user(3).
260 - ENHANCE: Various minor documentation improvements.
262 Thanks to Dmitry V. Levin <ldv@altlinux.org> for considerable
263 assistance with this release.
264 ============================================================================
265 OpenPAM Digitalis 2003-06-01
267 - ENHANCE: Completely rewrite the configuration parser and add
268 support for the "include" control flag.
270 - ENHANCE: Improve portability to NetBSD, OpenBSD and Linux.
272 - ENHANCE: Lots of additional paranoia.
274 - BUGFIX: The sample su(1) application dropped privileges before
275 forking instead of after.
277 - ENHANCE: Document openpam_log(3).
279 - ENHANCE: Other minor documentation fixes.
281 Thanks to Dmitry V. Levin <ldv@altlinux.org> for considerable
282 assistance with this release.
283 ============================================================================
284 OpenPAM Dianthus 2003-05-02
286 - BUGFIX: Initialize some potentially uninitialized variables.
288 - BUGFIX: Silence some warnings emitted by gcc -std=iso9899:1999.
290 - BUGFIX: In pam_getenv(), return a pointer to the stored variable
291 instead of a freshly allocated copy.
293 - ENHANCE: Detect recursion in openpam_borrow_cred()
295 - ENHANCE: Make borrowing one's own credentials a no-op.
297 - ENHANCE: Further improve debugging support.
299 - ENHANCE: Clean up some variable names.
300 ============================================================================
301 OpenPAM Daffodil 2003-01-06
303 - ENHANCE: Document dependency on <sys/types.h> (for size_t)
305 - ENHANCE: Slightly improve error detection in openpam_ttyconv().
307 - BUGFIX: Fix several typos in debugging macros.
308 ============================================================================
309 OpenPAM Cyclamen 2002-12-12
311 - ENHANCE: Improve recursion detection in openpam_dispatch().
313 - ENHANCE: Add debugging messages at entry and exit points of most
316 - ENHANCE: Fix some minor style issues.
318 - BUGFIX: Add default cases to the switches in openpam_log.c.
320 - ENHANCE: Add /usr/local/etc/pam.conf to policy search path.
322 - BUGFIX: In openpam_ttyconv(3), print the prompt to stdout rather
324 ============================================================================
325 OpenPAM Citronella 2002-06-30
327 - ENHANCE: Add the "binding" control flag (from Solaris 9).
329 - ENHANCE: Define struct pam_repository and PAM_REPOSITORY (from
332 - ENHANCE: Flesh out the pam(3) man page.
334 - ENHANCE: Add an openpam(3) page with cross-references to all the
335 documented OpenPAM API extensions.
337 - ENHANCE: Add a pam_conv(3) man page describing the conversation
340 - ENHANCE: Improved sample application.
342 - ENHANCE: Added sample pam_unix module.
344 - BUGFIX: Various documentation nits.
345 ============================================================================
346 OpenPAM Cinquefoil 2002-05-24
348 - BUGFIX: Various warnings uncovered by gcc 3.1.
350 - ENHANCE: Add a null conversation function, openpam_nullconv(3).
352 - BUGFIX: Initialize the "other" chain to all zeroes.
354 - ENHANCE: Document openpam_ttyconv(3).
355 ============================================================================
356 OpenPAM Cinnamon 2002-05-02
358 - ENHANCE: Add a null conversation function, openpam_nullconv().
360 - BUGFIX: Various markup bugs in the documentation.
362 - BUGFIX: Document <security/openpam.h>.
364 - BUGFIX: Duplicate expansion of openpam_log() macro arguments.
366 - ENHANCE: Restructure the policy-loading code and align our use of
367 the "other" policy with Solaris and Linux-PAM.
369 - ENHANCE: Log dlopen() and dlsym() failures.
371 - ENHANCE: In openpam_ttyconv(), emit a newline after error and info
372 messages unless the message contains one already.
374 - BUGFIX: In pam_vprompt(), initialize the response pointer to NULL
375 so we can detect whether the conversation function touched it.
376 ============================================================================
377 OpenPAM Cineraria 2002-04-14
379 - BUGFIX: Fix confusion between token and prompt in
382 - ENHANCE: Improved documentation.
384 - ENHANCE: Adopt the same preprocessor tricks that were used in
385 FreeBSD's version of Linux-PAM to simplify static linking without
386 requiring dummy primitives.
388 - ENHANCE: Move the policy-loading code out of pam_start.c.
390 - BUGFIX: Fix typo in one of the versions of the openpam_log macro.
392 - ENHANCE: Add versioning macros.
393 ============================================================================
394 OpenPAM Cinchona 2002-04-08
396 - ENHANCE: Improved documentation for several API functions.
398 - BUGFIX: Fix bug in pam_set_data() that would result in corruption
399 of the module data list.
401 - BUGFIX: Allocate the correct amount of memory for the environment
402 list in pam_putenv().
404 - ENHANCE: Change pam_get_authtok()'s prototype so the caller can
405 specify what token it wants. Also introduce PAM_OLDAUTHTOK_PROMPT.
407 - BUGFIX: Plug memory leak in pam_get_user() / pam_get_authtok(), and
408 reduce differences between these very similar functions.
410 - ENHANCE: Check flags carefully in pam_authenticate() and
413 - BUGFIX: Fix bugs in portability code; libpam now builds on NetBSD.
415 - ENHANCE: In pam_get_authtok(), if PAM_OLDAUTHTOK is set, we're
416 asked for PAM_AUTHTOK, and we have to prompt the user, prompt her
417 twice and compare the responses.
419 - ENHANCE: Add openpam_{borrow,restore}_cred(), for temporarily
420 switching to user credentials.
422 - ENHANCE: Add openpam_free_data(), a generic cleanup function for
423 pam_set_data() consumers.
424 ============================================================================
425 OpenPAM Centaury 2002-03-14
427 - BUGFIX: Add missing #include <string.h> to openpam_log.c.
429 - BUGFIX: s/PAM_REINITIALISE_CRED/PAM_REINITIALIZE_CRED/. XSSO uses
430 the former, but Solaris and Linux-PAM use the latter.
432 - BUGFIX: The dynamic loader and the module cache contained a number
433 of bugs which would cause a segmentation fault if pam_start(3) was
434 called again after pam_end(3), as happens in login(1), xdm(1) etc.
435 after a failed login.
437 - BUGFIX: Refer to a module by the name used in the policy file, even
438 if the module that was actually loaded was versioned.
440 - ENHANCE: Suppress debugging logs, unless compiled with -DDEBUG.
441 ============================================================================
442 OpenPAM Celandine 2002-03-05
444 - BUGFIX: PAM_TRY_AGAIN is a valid return value for pam_chauthtok().
446 - BUGFIX: Run passwd chain twice, first with the PAM_PRELIM_CHECK
447 flag set, then with the PAM_UPDATE_AUTHTOK flag set.
449 - BUGFIX: Failure of a "sufficient" module should not terminate the
450 passwd chain if the PAM_PRELIM_CHECK flag is set.
452 - BUGFIX: Clear PAM_AUTHTOK after running the service modules.
454 - ENHANCE: Prevent applications from specifying the PAM_PRELIM_CHECK
455 or PAM_UPDATE_AUTHTOK flags themselves.
457 - BUGFIX: openpam_set_option() did not support changing the value of
460 - ENHANCE: Add support for module versioning. OpenPAM will prefer a
461 module with the same version number as the library itself to one
462 with no version number at all.
463 ============================================================================
464 OpenPAM Cantaloupe 2002-02-22
466 - BUGFIX: The proper use of PAM_SYMBOL_ERR is to indicate an invalid
467 argument to pam_[gs]et_item(3), not to indicate dlsym(3) failures.
469 - ENHANCE: Add in-line documentation in most source files, and a Perl
470 script that generates mdoc code from that.
472 - BUGFIX: The environment list was not properly NULL-terminated.
474 - ENHANCE: Allow the PAM_AUTHTOK_PROMPT item to override the prompt
475 specified by the module.
477 - BUGFIX: PAM_NUM_ITEMS was set too low. It has been moved to
478 pam_constants.h to avoid it going stale again.
480 - ENHANCE: Move all code related to static modules into a separate
483 - ENHANCE: openpam_ttyconv() now masks most signals while prompting the
484 user, and supports setting a timeout (which defaults to off).
486 - BUGFIX: Some manual pages referenced XSSO even though they
487 documented OpenPAM-specific functions.
489 - ENHANCE: Added openpam_get_option() and openpam_set_option().
491 - ENHANCE: openpam_get_authtok() now respects the echo_pass,
492 try_first_pass, and use_first_pass options.
493 ============================================================================
494 OpenPAM Caliopsis 2002-02-13
496 Fixed a number of bugs in the previous release, including:
497 - a number of bugs in and related to pam_[gs]et_item(3)
498 - off-by-one bug in pam_start.c would trim last character off certain
500 - incorrect ordering of an array in openpam_load.c would cause service
501 module functions to get mixed up
502 - missing 'continue' in openpam_dispatch.c caused successes to be
504 ============================================================================
505 OpenPAM Calamite 2002-02-09
507 First (beta) release.