3 $FreeBSD: src/contrib/libpam/CHANGELOG,v 1.1.1.1.6.2 2001/06/11 15:28:09 markm Exp $
5 -----------------------------
10 - need to supply a backward compatability path for syslog & friends
11 - need to make pam_system_log() thread safe.
12 - need to make logging fix available to non-Linux PAM libraries
13 - need to change modules to make use of new logging API.
14 - document PAM_INCOMPLETE changes
15 - document pam_system_log() changes
16 - verify that the PAM_INCOMPLETE interface is sensible. Can we
17 catch errors? should we permit item changing etc between
18 pam_authenticate re-invocations?
19 - verify that the PAM_INCOMPLETE interface works
20 - add PAM_INCOMPLETE support to modules
24 0.65: Sun Apr 5 22:29:09 PDT 1998 <morgan@linux.kernel.org>
26 * added event driven programming extensions to libpam
27 - added PAM_INCOMPLETE handling to libpam/pam_dispatch.c
28 - added PAM_CONV_AGAIN which is a new conversation response that
29 should be mapped to PAM_INCOMPLETE by the module.
30 - ensured that the pam_get_user() function can resume
31 - changes to pam_strerror to accommodate above return codes
32 - clean up _pam_former_state at pam_end()
33 - ensured that former state is correctly initialized
34 - added resumption tests to pam_authenticate(), pam_chauthtok()
35 - added PAM_FAIL_DELAY item for pausing on failure
37 * improved _pam_macros.h so that macros can be used as single commands
40 * reimplemented logging to avoid bad interactions with libc. Added
41 new functions, pam_[,v]system_log() to libpam's API. A programmer
42 can check for this function's availablility by checking if
43 HAVE_PAM_SYSTEM_LOG is #defined.
45 * removed the reduce conflict from pam_conv1 creation -- I can sleep
48 * made building of static and dynamic libpam separate. This is
49 towards making it possible to build both under Solaris (for Derrick)
51 * made USE_CRACKLIB a condition in unix module (Luke Kenneth Casson Leighton)
53 * automated (quiet) config installation (Andrey)
55 0.64: Thu Feb 19 23:30:24 PST 1998 Andrew Morgan <morgan@linux.kernel.org>
57 * miscellaneous patches for building under Solaris (Derrick J Brashear)
59 * removed STATIC support from a number of module Makefiles. Notably,
60 these modules are those that use libpwdb and caused difficulties
61 satisfying the build process. (Please submit patches to fix this...;)
63 * reomved the union for binary packet conversations from
64 (_pam_types.h). This is now completely implemented in libpam_client.
66 * Andrey's patch for working environment variable handling in
69 * made the libpam_misc conversation function a bit more flexible with
70 respect to binary conversations.
72 * added top level define (DEBUG_REL) for compiling in the form of
73 a debugging release. I use this on a Red Hat 4.2 system with little
74 chance of crashing the system as a whole. (Andrey has another
75 implementation of this -- with a spec file to match..)
77 0.63: Wed Jan 28 22:55:30 PST 1998 Andrew Morgan <morgan@linux.kernel.org>
79 * added libpam_client "convention" library. This makes explicit the
80 use of PAM_BINARY_PROMPT. It is a first cut, so don't take it too
81 seriously yet. Comments/suggestions for improvements are very
82 welcome. Note, this library does not compile by default. It will
83 be enabled when it is judged stable. The library comes with two
84 module/agent pairs and can be used with ssh using a patch available
85 from my pre-release directory [where you got this file.]
87 * backward compatibility patch for libpam/pam_handlers.c (PAM_IGNORE
88 was working with neither "requistie" nor "required") and a DEBUG'ing
89 compile time bug with pam_dispatch.c (Savochkin Andrey Vladimirovich)
91 * minor Makefile change from (Savochkin Andrey Vladimirovich)
93 * added pam_afsauth, pam_afspass, pam_restrict, and pam_syslog hooks
96 * pam_access use of uname(2) problematic (security problem
97 highlighted by Olaf Kirch).
99 * pam_listfile went a bit crazy reading group membersips (problem
100 highlighted by Olaf Kirch and patched independently by Cristian
101 Gafton and Savochkin Andrey Vladimirovich)
103 * compatibility hooks for solaris and hpux (Derrick J Brashear)
105 * 64 bit Linux/alpha bug fixed in pam_rhosts (Andrew D. Isaacson)
107 0.62: Wed Jan 14 14:10:55 PST 1998 Andrew Morgan <morgan@linux.kernel.org>
109 * Derrick J Brashear's patches: adds the HP stuff missed in the first
110 patch; adds SunOS support; adds support for the Solaris native ld
111 instead of requiring gnu ld.
113 * last line of .rhosts file need not contain a newline. (Bug reported by
116 0.61: Thu Jan 8 22:57:44 PST 1998 Andrew Morgan <morgan@linux.kernel.org>
118 * complete rewrite of the "control flag" logic. Formerly, we were
119 limited to four flags: requisite, required, sufficient, optional.
120 We can now use these keywords _and_ a great deal more besides.
121 The extra logic was inspired by Vipin Samar, a preliminary patch was
122 written by Andy Berkheimer, but I "had some ideas of my own" and
123 that's what I've actually included. The basic idea is to allow the
124 admin to custom build a control flag with a series of token=value
125 pairs inside square brackets. Eg., '[default=die success=ok]' which
126 is pretty close to a synonym for 'requisite'. I'll try to document it
127 better in the sys-admin guide but I'm pretty sure it is a change for
128 the better.... If what is in the sys-admin guide is not good enough
129 for you, just take a look at the source for libpam ;^)
131 0.59: Thu Jan 8 22:27:22 PST 1998 Andrew Morgan <morgan@linux.kernel.org>
133 * better handling of empty lines in .rhosts file. (Formerly, we asked
134 the nameserver about them!) Fix from Hugh Daschbach.
136 * _broke_some_binary_compatibility_ with previous versions to become
137 compliant with X/Open's XSSO spec. Specifically, this has been
138 by changing the prototype for pam_strerror().
140 * altered the convention for the conversation mechanism to agree
141 with that of Sun. (number of responses 'now=' number of messages
142 with help from Cristian for finding a bug.. Cristian also found a
143 nasty speradic segfault bug -- Thanks!)
145 * added NIS+ support to pam_unix_*
147 * fixed a "regular file checking" problem with the ~/.rhosts sanity
148 check. Added "privategroup" option to permit group write permission
149 on the ~/.rhosts file in the case that the group owner has the same
150 name as the authenticating user. :*) "promiscuous" and "suppress"
153 * added glibc compatibility to pam_rhosts_auth (protected __USE_MISC
154 with #ifndef since my libc already defines it!).
156 * Security fix from Savochkin Andrey Vladimirovich with suggested
157 modification from Olaf Seibert.
159 * preC contains mostly code clean-ups and a number of changes to
164 * pam_getenvlist() has a more robust definition (XSSO) than was previously
165 thought. It would seem that we no longer need pam_misc_copy_env()
166 which was there to provide the robustness that pam_getenvlist()
169 Accordingly, I have REMOVED the prototype from libpam_misc. (The
170 function, however, will remain in the library as a wrapper for
171 legacy apps, but will likely be removed from libpam_misc-1.0.) PLEASE
172 FIX YOUR APPS *BEFORE* WE GET THERE!
174 * Alexy Nogin reported garbage output from pam_env in the case of
175 a non-existent environment variable.
177 * 'fixed' pwdb compilation for pam_wheel. Not very cleanly
178 done.. Mmmm. Should really clean up the entire source tree...
180 * added prototypes for mapping functions
184 various constants have had there names changed. Numerical values have
185 been retained but be aware some source old modules/applications will
186 need to be fixed before recompilation.
190 * appended documentation to README for pam_rhosts module (Nicolai
193 * verified X/Open compatibility of header files - note, where we differ
194 it is at the level of compilation warnings and the use of 'const char *'
195 instead of 'char *'. Previously, Sun(X/open) have revised their spec
196 to be more 'const'-ervative in the light of comments from Linux-PAM
199 * Ooops! PAM_AUTHTOKEN_REQD should have been PAM_NEW_AUTHTOK_REQD.
201 changed: pam_pwdb(pam_unix_acct) (also bug fix for
202 _shadow_acct_mgmt_exp() return value), pam_stress,
203 libpam/pam_dispatch, blank, xsh.
205 * New: PAM_AUTHTOK_EXPIRED - password has expired.
207 * Ooops! PAM_CRED_ESTABLISH (etc.) should have been PAM_ESTABLISH_CRED
208 etc... (changed - this may break some people's modules - PLEASE TAKE
210 changed: pam_group, pam_mail, blank, xsh; module and appl
211 docs, pam_setcred manual page.
213 * renamed internal _pam_handle structure to be pam_handle as per XSSO.
215 * added PAM_RADIO_TYPE (for multiple choice input method). Also
216 added PAM_BINARY_{MSG,PROMPT} (for interaction out of sight of user
217 - this could be used for RSA type authentication but is currently
218 just there for experimental purposes). The _BINARY_ types are now
219 usable with hooks in the libpam_misc conversation function. Still
220 have to add PAM_RADIO_TYPE.
222 * added pam_access module (Alexei Nogin)
224 * added documentation for pam_lastlog. Also modified the module to
225 not (by default) print "welcome to your new account" when it cannot
226 find a utmp entry for the user (you can turn this on with the
229 * small correction to the pam_fail_delay manual page. Either the appl or
230 the modules header file will prototype this function.
232 * added "bigcrypt" (DEC's C2) algorithm(0) to pam_pwdb. (Andy Phillips)
234 * *BSD tweaking for various #include's etc. (pam_lastlog, pam_rhosts,
235 pam_wheel, libpam/pam_handlers). (Michael Smith)
237 * added configuration directory $SCONFIGED for module specific
240 * added two new "linked" man pages (pam.conf(8) and pam.d(8))
242 * included a reasonable default for /etc/pam.conf (which can be
243 translated to /etc/pam.d/* files with the pam_conv1 binary)
245 * fixed the names of the new configuration files in
246 conf/pam_conv1/pam_conv.y
250 * pam_lastlog fixed to handle UID in virgin part of /var/log/lastlog
251 (bug report from Ronald Wahl).
253 * grammar fix in pam_cracklib
255 * segfault avoided in pam_pwdb (getting user). Updating of passwords
256 that are directed to a "new" database are more robust now (bug noted
257 by Michael K. Johnson). Added "unix" module argument for migrating
258 passwords from another database to /etc/passwd. (documentation
259 updated). Removed "bad username []" warning for empty passwords -
260 on again if you supply the 'debug' module argument.
262 * ctrl-D respected in conversation function (libpam_misc)
264 * Removed -DPAM_FAIL_DELAY_ON from top-level Makefile. Nothing in
265 the distribution uses it. I guess this change happened a while
266 back, basically I'm trying to make the module parts of the
267 distribution "source compatible" with the RFC definition of PAM.
268 This implementation of PAM is a superset of that definition. I have
269 added the following symbols to the Linux-PAM header files:
271 PAM_DATA_SILENT (see _pam_types.h)
272 HAVE_PAM_FAIL_DELAY (see _pam_types.h)
273 PAM_DATA_REPLACE (see _pam_modules.h)
275 Any module (or application) that wants to utilize these features,
276 should check (#ifdef) for these tokens before using the associated
277 functionality. (Credit to Michael K. Johnson for pointing out my
278 earlier omission: not documenting this change :*)
280 * first stab at making modules more independent of full library
281 source. Modules converted:
287 * pam_env.c: #include <errno.h> added to ease GNU libc use. (Michael
290 * pam_unix_passwd fixes to shadow aging code (Eliot Frank)
292 * added README for pam_tally
294 0.57: Fri Apr 4 23:00:45 PST 1997 Andrew Morgan <morgan@parc.power.net>
296 * added "nodelay" argument to pam_pwdb. This can be used to turn off
297 the call to pam_fail_delay that takes effect when the user fails to
298 authenticate themself.
300 * added "suppress" argument to pam_rhosts_auth module. This will stop
301 printing the "rlogin failure message" when the user does not have a
304 * Extra fixes for FAKEROOT in Makefiles (Savochkin Andrey
307 * pam_tally added to tree courtesy of Tim Baverstock
309 * pam_rhosts_auth was failing to read NFS mounted .rhosts
310 files. (Fixed by Peter Allgeyer). Refixed and further enhanced
311 (netgroups) by Nicolai Langfeldt. [Credit also to G.Wilford for some
312 changes that were not actually included..]
314 * optional (#ifdef PAM_READ_BOTH_CONFS) support for parsing of pam.d/
315 AND pam.conf files (Elliot Lee).
317 * Added (and signed) Cristian's PGP key. (I've never met him, but I am
318 convinced the key belongs to the guy that is making the PAM rpms and
319 also producing libpwdb. Please note, I will not be signing anyone
320 else's key without a personal introduction..)
322 * fixed erroneous syslog warning in pam_listfile (Savochkin Andrey
323 Vladimirovich, whole file reformatted by Cristian)
325 * modified pam_securetty to return PAM_IGNORE in the case that the user's
326 name is not known to the system (was previously, PAM_USER_UNKNOWN). The
327 Rationale is that pam_securetty's sole purpose is to prevent superuser
328 login anywhere other than at the console. It is not its concern that the
329 user is unknown - only that they are _not_ root. Returning
330 PAM_IGNORE, however, insures that the pam_securetty can never be used to
331 "authenticate" a non-existent user. (Cristian Gafton with bug report from
334 * Modified pam_nologin to display the no-login message when the user
335 is not known. The return value in this case is still PAM_USER_UNKNOWN.
336 (Bug report from Cristian Gafton)
338 * Added NEED_LCKPWD for pam_unix/ This is used to define the locking
339 functions and should only be turned on if you don't have them in
342 * tidied up pam_lastlog and pam_pwdb: removed function that was never used.
344 * Note for package maintainers: I have added $(FAKEROOT) to the list of
345 environment variables. This should help greatly when you build PAM
346 in a subdirectory. I've gone through the tree and tried to make
347 everything compatible with it.
349 * added pam_env (courtesy of Dave Kinchlea)
351 * removed pam_passwd+ from the tree. It has not been maintained in a
352 long time and running a shell script was basically insecure. I've
353 indicated where you can pick up the source if you want it.
355 * #define HAVE_PAM_FAIL_DELAY . Applications can conditionally compile
356 with this if they want to see if the facility is available. It is
357 now always available. (corresponding compilation cleanups..)
359 * _pam_sanitize() added to pam_misc. It purges the PAM_AUTHTOK and
360 PAM_OLDAUTHTOK items. (calls replaced in pam_auth and pam_password)
362 * pam_rhosts now knows about the '+' entry. Since I think this is a
363 dangerous thing, I have required that the sysadmin supply the
364 "promiscuous" flag for it in the corresponding configuration file
367 * FULL_LINUX_PAM_SOURCE_TREE exported from the top level make file.
368 If you want to build a module, you can test for this to determine if
369 it should take its directions from above or supply default locations
370 for installation. Etc.
372 0.56: Sat Feb 15 12:21:01 PST 1997 <morgan@parc.power.net>
374 * pam_handlers.c can now interpret the pam.d/ service config tree:
375 - if /etc/pam.d/ exists /etc/pam.conf is IGNORED
376 (otherwise /etc/pam.conf is treated as before)
378 . config files are named (in lower case) by service-name
379 . config files have same syntax as /etc/pam.conf except
380 that the "service-name" field is not present. (there
381 are thus three manditory fields (and arguments are
384 module-type control-flag module-path optional-args...
388 * included conf/pam_conv1 for converting pam.conf to a pam.d/ version
389 1.0 directory tree. This program reads a pam.conf file on the
390 standard input stream and creates ./pam.d/ (in the local directory)
391 and fills it with ./pam.d/"service-name" files.
393 *> Note: It will fail if ./pam.d/ already exists.
395 PLEASE REPORT ANY BUGS WITH THIS CONVERSION PROGRAM... It currently
396 cannot retain comments from the old conf file, so take care to do this
397 by hand. Also, please email me with the fix that makes the
398 shift/reduce conflict go away...
400 * Added default module path to libpam for modules (see pam_handlers.c)
401 it makes use of Makfile defined symbol: DEFAULT_MODULE_PATH which is
402 inhereted from the defs/* variable $(SECUREDIR). Removed module
403 paths from the sample pam.conf file as they are no longer needed.
405 * pam_pwdb can now verify read protected passwords when it is not run
406 by root. This is via a helper binary that is setuid root.
408 * pam_permit now prompts for a username if it is not already determined
410 * pam_rhosts now honors "debug" and no longer hardwire's "root" as the
413 * pam_securetty now honors the "debug" flag
415 * trouble parsing extra spaces fixed in pam_time and pam_group
417 * added Michael K. Johnson's PGP key to the pgp.keys.asc list
419 * pam_end->env not being free()'d: fixed
421 * manuals relocated to section 3
423 * fixed bug in pam_mail.c, and enhanced to recognize '~' as a prefix
424 to indicate the $HOME of the user (courtesy David
425 Kinchlea). *Changed* from a "session" module to an "auth"
426 module. It cannot be used to authenticate a user, but it can be used
427 in setting credentials.
429 * fixed a stupid bug in pam_warn.. Only PAM_SERVICE was being read :*(
431 * pam_radius rewritten to exclusively make use of libpwdb. (minor fix
432 to Makefile for cleaning up - AGM)
434 * pam_limits extended to limit the total number of logins on a system
437 * libpam and libpam_misc use $(MAJOR_REL) and $(MINOR_REL) to set their
438 version numbers [defined in top level makefile]
440 * bugfix in sed command in defs/redhat.defs (AGM's fault)
442 * The following was related to a possibility of buffer overruns in
443 the syslogging code: removed fixed length array from syslogging
444 function in the following modules [capitalized the log identifier
445 so the sysadmin can "know" these are fixed on the local system],
447 pam_ftp, pam_stress, pam_rootok, pam_securetty,
448 pam_listfile, pam_shells, pam_warn, pam_lastlog
450 pam_unix_passwd (where it was definitely _not_ exploitable)
452 0.55: Sat Jan 4 14:43:02 PST 1997, Andrew Morgan <morgan@parc.power.net>
454 * added "requisite" control_flag to /etc/pam.conf syntax. [See
455 Sys. Admin. Guide for explanation] changes to pam_handlers.c
457 * completely new handling of garbled pam.conf lines. The modus
458 operandi now is to assume that any errors in the line are minor.
459 Errors of this sort should *most definitely* lead to the module
460 failing, however, just ignoring the line (as was the case
461 previously) can lead to gaping security holes(! Not foreseen by the
462 RFC). The "motivation" for the RFC's comments about ignoring garbled
463 lines is present in spirit in the new code: basically a garbled line
464 is treated like an instance of the pam_deny.so module.
465 changes to pam_handlers.c and pam_dispatch.c .
467 * patched libpam, to (a) call _pam_init_handlers from pam_start() and
468 (b) to log a text error if there are no modules defined for a given
469 service when a call to a module is requested. [pam_start() and
470 pam_dispatch() were changed].
472 * patched pam_securetty to deal with "/dev/" prefix on PAM_TTY item.
474 * reorganized the modules/Makefile to include *ALL* modules. It is now
475 the responsibility of the modules themselves to test whether they can
476 be compiled locally or not.
478 * modified pam_group to add to the getgroups() list rather than overwrite
479 it. [In the case of "HAVE_LIBPWDB" we use the pwdb_..() calls to
480 translate the group names.]. Module now pays attention to
483 * identified and removed bugs in field reading code of pam_time and
486 * Cristian's patches to pam_listfile module, corresponding change to
489 * I've discovered &ero; for sgml!
490 Added pam_time documentation to the admin guide.
492 * added manual pages: pam.8, pam_start.2(=pam_end.2),
493 pam_authenticate.2, pam_setcred.2, pam_strerror.2,
494 pam_open_session.2(=pam_close_session.2) and pam_chauthtok.2 .
498 - pam_mail (tells the user if they have any new mail
499 and sets their MAIL env variable)
500 - pam_lastlog (reports on the last time this user called
503 * new module hooks provided.
505 * added a timeout feature to the conversation function in
506 libpam_misc. Documented it in the application developers' guide.
508 * fixed bug in pam_misc_paste_env() function..
510 * slight modifications to wheel and rhosts writeup.
512 * more security issues added to module and application guides.
515 Things present but not mentioned in previous release (sorry)
517 * pam_pwdb module now resets the "last_change" entry before updating a
521 Sat Nov 30 19:30:20 PST 1996, Andrew Morgan <morgan@parc.power.net>
523 * added environment handling to libpam. involved change to _pam_types.h
524 also added supplementary functions to libpam_misc
526 * added pam_radius - Cristian
528 * slight speed up for pam_rhosts
530 * significantly enhanced sys-admin documentation (8 p -> 41 p in
531 PostScript). Added to other documentation too. Mostly the changes
532 in the other docs concern the new PAM-environment support, there is
533 also some coverage of libpam_misc in the App. Developers' guide.
535 * Cristian's patches to pam_limits and pam_pwdb. Fixing bugs. (MORE added)
537 * adopted Cristian's _pam_macros.h file to help with common macros and
538 debugging stuff, gone through tree tidying up debugging lines to use
541 - for consistency replaced DROP() with _pam_drop()
543 * commented memory debugging in top level makefile
545 * added the following modules
547 - pam_warn log information to syslog(3) about service application
548 - pam_ftp if user is 'ftp' then set PAM_RUSER/PAM_RHOST with password
549 (comment about nologin added to last release's notes)
551 * modified the pam_listfile module. It now declares a meaningful static
554 Sun Nov 10 13:26:39 PST 1996, Andrew Morgan <morgan@parc.power.net>
556 **PLEASE *RE*AMEND YOUR PERSONAL LINKS**
558 -------> http://parc.power.net/morgan/Linux-PAM/index.html <-------
560 **PLEASE *RE*AMEND YOUR PERSONAL LINKS**
562 A brief summary of what has changed:
564 * many modules have been modified to accomodate fixing the pam_get_user()
565 change. Please take note if you have a module in this distribution.
567 * pam_unix is now the pam_unix that Red Hat has been using and which
568 should be fairly well debugged.
570 - I've added some #ifdef's to make it compile for me, and also
571 updated it with respect to the libpam-0.53, so have a look at the
572 .../modules/pam_unix/Makefile to enable cracklib and shadow features
574 ** BECAUSE OF THIS, I cannot guarantee this code works as it **
575 ** did for Red Hat. Please test and report any problems. **
577 * the pam_unix of .52 (renamed to pam_pwdb) has been enhanced and made
578 more flexible with by implementing it with respect to the new
579 "Password Database Library" see
581 http://parc.power.net/morgan/libpwdb/index.html
583 modules included in this release that require this library to
584 function are the following:
586 - pam_pwdb (ne pam_unix-0.52 + some enhancements)
591 * Added some optional code for memory debugging. In order to support
592 this you have to enable MEMORY_DEBUG in the top level makefile and
593 also #define MEMORY_DEBUG in your applications when they are compiled.
594 The extra code resides in libpam (compiled if MEMORY_DEBUG is defined)
595 and the macros for malloc etc. are to be found at the end of
598 * used above code to locate two memory leaks in pam_unix module and two
599 in libpam (pam_handlers.h)
601 * pam_get_user() now sets the PAM_USER item. After reading the Sun
602 manual page again, it was clear that it should do this. Various
603 modules have been assuming this and now I have modified most of them
604 to account for this change. Additionally, pam_get_user() is now
605 located in the module include file; modules are supposed to be the
606 ones that use it(!) [Note, this is explicitly contrary to the Sun
607 manual page, but in the spirit of the Linux distribution to date.]
609 * replaced -D"LINUX" with -D"LINUX_PAM" as this is more explicit and less
610 likely to be confused with -D"linux".
611 Also, modified the libpam #include files to behave more like the Sun
612 ones #ifndef LINUX_PAM.
614 * removed <bf/ .. / from documentation titles. This was not giving
615 politically correct html..
617 ----- My vvvvvvvvvvvvvvvvvvv was a long time ago ;*] -----
619 Wed Sep 4 23:57:19 PDT 1996 (Andrew Morgan <morgan@physics.ucla.edu>
621 0. Before I begin, Linux-PAM has a new primary distribution site (kindly
622 donated by Power Net Inc., Los Angeles)
624 **PLEASE AMMEND YOUR PERSONAL LINKS**
626 -------> http://www.power.net/morgan/Linux-PAM <-------
628 **PLEASE AMMEND YOUR PERSONAL LINKS**
630 1. I'm hoping to make the next release a bug-fix release... So please find
633 2. here are the changes for .52:
635 * minor changes to module documentation [Incidently, it is now
636 available on-line from the WWW page above]. More changes to follow in
637 the next two releases. PLEASE EMAIL me or the list if there is
638 anything that isn't clear!
640 * completely changed the unix module. Now a single module for all four
641 management groups (this meant that I could define all functions as
642 static that were not part of the pam_sm_... scheme. AGM)
644 - Shadow support added
645 PASSWD - Elliot's account management included, and enhanced by Cristian Gafton.
646 - MD5 password support added by Cristian Gafton.
647 - maxtries for authentication now enforced.
648 - Password changing function in pam_unix now works!
649 Although obviously, I'm not going to *guarantee* it ;^) .
650 - stole Marek's locking code from the Red Hat unix module.
651 [ If you like you can #ifdef it in or out ... ]
653 You can configure the module more from its Makefile in
654 0.52/modules/pam_unix/
656 If you are nervous that it will destroy your /etc/passwd or shadow
657 files then EDIT the 0.52/modules/pam_unix/pam_unix_pass.-c file.
658 Here is the warning comment from this file...
660 -------------8<-----------------
663 * Uncomment the following #define if you are paranoid, and do not
664 * want to risk losing your /etc/passwd or shadow files.
665 * It works for me (AGM) but there are no guarantees.
669 /* #define TMP__FILE */
670 ------------->8-----------------
672 *** If anyone has any trouble, please *say*. Your problem will be
673 fixed in the next release. Also please feel free to scour the
674 code for race conditions etc...
676 [* The above change requires that you purge your /usr/lib/security
677 directory of the old pam_unix_XXX.so modules: they will NOT be deleted
678 with a 'make remove'.]
680 * the prototype for the cleanup function supplied to pam_set_data used
681 to return "int". According to Sun it should be "void". CHANGED.
683 * added some definitions for the 'error_status' mask values that are
684 passed to the cleanup function associated with each
685 module-data-item. These numbers were needed to keep up with changing
686 a data item (see for example the code in pam_unix/support.-c that
687 manages the maximum number of retries so far). Will see what Sun says
688 (current indications are positive); this may be undone before 1.0 is
689 released. Here are the definitions (from pam_modules.h).
691 #define PAM_DATA_SILENT 0x40000000 /* used to suppress messages... */
692 #define PAM_DATA_REPLACE 0x20000000 /* used when replacing a data item */
694 * Changed the .../conf/pam.conf file. It now points to the new
695 pam_unix module for 'su' and 'passwd' [can get these as SimpleApps --
696 I use them for testing. A more extensive selection of applications is
697 available from Red Hat...]
699 * corrected a bug in pam_dispatch. Basically, the problem was that if
700 all the modules were "sufficient" then the return value for this
701 function was never set. The net effect was that _pam_dispatch_aux
702 returned success when all the sufficient modules failed. :^( I think
703 this is the correct fix to a problem that the Red Hat folks had
706 sopwith* Removed advisory locking from libpam (thanks for the POSIX patch
707 goes to Josh Wilmes's, my apologies for not using it in the
708 end.). Advisory locking did not seem sufficiently secure for libpam.
709 Thanks to Werner Almesberger for identifying the corresponding "denial
710 of service attack". :*(
712 * related to fix, have introduced a lock file /var/lock/subsys/PAM
713 that can be used to indicate the system should pay attention to
714 advisory locking on /etc/pam.conf file. To implement this you need to
715 define PAM_LOCKING though. (see .52/libpam)
717 * modified pam_fail_delay() function. Couldn't find the "not working"
718 problem indicated by Michael, but modified it to do pseudo-random
719 delays based on the values indicated by pam_fail_delay() -- the
720 function "that may eventually go away"... Although Sun is warming to
723 * new modules include:
725 pam_shells - authentication for users with a shell listed in
726 /etc/shells. Erik Troan <ewt@redhat.com>
728 pam_listfile - authentication based on the contents of files.
729 Set to be more general than the above in the
730 future. UNTESTED. Elliot Lee <@redhat.com>
731 [Note, this module compiles with a non-trivial
734 Thu Aug 8 22:32:15 PDT 1996 (Andrew Morgan <morgan@physics.ucla.edu>)
736 * modified makefiles to take more of their installation instructions
737 from the top level makefile. Desired for integration into the Debian
738 distribution, and generally a good idea.
740 * fixed memory arithmetic in pam_handlers
741 -- still need to track down why failure to load modules can lead to
742 authentication succeding..
744 * added tags for new modules (smartcards from Alex -- just a promise
745 at this stage) and a new module from Elliot Lee; pam_securetty
747 * I have not had time to smooth out the wrinkles with it, but Alex's
748 pam_unix modifications are provided in pam_unix-alex (in the modules
749 directory) they will not be compiled by 'make all' and I can't even
750 say if they do compile... I will try to look at them for .52 but, in
751 the mean time please feel free to study/fix/discuss what is there.
753 * pam_rhosts module. Removed code for manually setting the ruser
754 etc. This was not very secure.
756 * [remade .ps docs to be in letter format -- my printer complains
759 Sunday July, 7 12:45:00 PST 1996 (Andrew Morgan <morgan@physics.ucla.edu>)
761 * No longer accompanying the Linux-PAM release with apps installed.
762 [Will provide what was here in a separate package.. (soon)
763 lib Also see http://www.redhat.com/pam for some more (in .rpm form...)]
765 * renamed libmisc to libpam_misc. It is currently configured to only compile
766 the static library. For some strange reason (perhaps someone can
767 investigate) my Linux 2.0.0 kernel with RedHat 3.0.3 system
768 segfaults when I compile it to be a dynamic library. The segfault
769 seems to be inside the call to the ** dl_XXX ** function...!?
771 There is a simple flag in the libpam_misc/Makefile to turn on dynamic
774 * Added a little unofficial code for delay support in libpam (will probably
775 disappear later..) There is some documentation for it in the pam_modules
776 doc now. That will obviously go too.
778 * rewritten pam_time to use *logic* to specify the stringing together of
779 users/times/terminals etc.. (what was there before was superficially
780 logical but basically un-predictable!)
782 * added pam_group. Its syntax is almost identical to pam_time but it
783 has another field added; a list of groups to make the user a member
784 of if they pass the previous tests. It seems to not co-exist too well
785 with the groups in the /etc/group but I hope to have that fixed by
788 * minor re-formatting of pam_modules documentation
790 * removed ...// since it wasn't being used and didn't look like it
793 GCCSunday 23 22:35:00 PST 1996 (Andrew Morgan <morgan@physics.ucla.edu>)
795 * The major change is the addition of a new module: pam_time for
796 restricting access on terminals at given times for indicated users
797 it comes with its own configuration file /etc/security/time.conf
798 and the sample file simply restricts 'you' from satisfying the blank
799 application if they try to use blank from any tty*
801 * Small changes include
802 - altered pam.conf to demonstrate above new module (try typing username: you)
803 - very minor changes to the docs (pam_appl and pam_modules)
805 Saturday June 2 01:40:00 PST 1996 (Andrew Morgan <morgan@physics.ucla.edu>)
807 *** PLEASE READ THE README, it has changed ***
809 * NOTE, 'su' exhibits a "system error", when static linking is
810 used. This is because the pam_unix_... module currently only has
811 partial static linking support. This is likely to change on Monday
812 June 3, when Alex makes his latest version availible. I will include
813 the updated module in next release.
817 * modified the way in which libpam/pam_modules.h defines prototypes for
818 the pam_sm_ functions. Now the module must declare which functions it
819 is to provide *before* the #include <security/pam_modules.h> line.
820 (for contrasting examples, see the pam_deny and pam_rootok modules)
821 This removed the ugly hack of defining functions that are never called
822 to overcome warnings... This seems much tidier.
823 insterted* updated the TODO list. (changed mailing list address)
824 * updated README in .../modules to reflect modifications to static
826 * modified the pam_modules documentation to describe this.
827 * corrected last argument of pam_get_item( ... ) in
828 pam_appl/modules.sgml, to "const void **".
829 * altered GNU GPL's in the documentation, and various other parts of
830 the distribution. *Please check* that any code you are responsible for
832 * Added ./Copyright (please check that it is acceptable)
833 * updated ./README to make current and indicate the new mailing list
835 * have completely rewritten pam_filter. It now runs modular filter
836 executables (stored in /usr/sbin/pam_filter/) This should make it
837 trivial for others to write their own filters.. If you want yours
838 included in the distribution please email the list/me.
839 * changes to libpam; there was a silly bug with multiple arguments on a
840 pam.conf line that was broken with a '\<LF>'.
841 * 'su' rearranged code (to make better use of PAM)
842 *Also* now uses POSIX signals--this should help the Alpha port.
843 * 'passwd' now uses getlogin() to determine who's passwords to change.
845 Sunday May 26 9:00:00 PST 1996 (Andrew Morgan <morgan@physics.ucla.edu>)
847 * fixed module makefiles to create needed dynamic/static subdirectories
849 Saturday May 25 20:30:27.8 PST 1996 (Andrew Morgan <morgan@physics.ucla.edu>)
851 * LOTS has changed regarding how the modules/libpam are built.
852 * Michael's mostly complete changes for static support--see below
853 (Andrew got a little carried away and automated the static linking
854 of modules---bugs are likely mine ;( )
855 * Thanks mostly to Michael, libpam now compiles without a single warning :^]
856 * made static modules/library optional.
857 CFLAGS* added 'make sterile' to top level makefile. This does extraclean and remove
858 * added Michael and Joseph to documentation credits (and a subsection for
859 future documentation of static module support in pam_modules.sgml)
860 * libpam; many changes to makefiles and also automated the inclusion of
861 static module objects in pam_static.c
862 * modified modules for automated static/dynamic support. Added static &
863 dynamic subdirectories, as instructed by Michael
864 * removed an annoying syslog message from pam_filter: "parent exited.."
865 * updated todo list (anyone know anything about svgalib/X? we probably should
866 have some support for these...)
868 Friday May 24 16:30:15 EDT 1996 (Michael K. Johnson <johnsonm@redhat.com>)
870 * Added first (incomplete) cut at static support.
872 . changes in libpam, including a new file, pam_static.c
873 . changes to modules including exporting struct of function pointers
874 . static and dynamic linking can be combined
875 . right now, the only working combinations are just dynamic
876 linking and dynamic libpam.so with static modules linked
877 into libpam.so. That's on the list of things to fix...
878 . modules are built differently depending on whether they
879 are static or dynamic. Therefore, there are two directories
880 under each module directory, one for static, and one for
882 * Fixed random brokenness in the Makefiles. [ foo -nt bar ] is
883 rather redundant in a makefile, for instance. Also, passing
884 on the command line is broken because it cannot be
885 overridden in any way (even adding important parts) in lower-level
887 * Unfortunately, fixing some of the brokenness meant that I used
888 GNU-specific stuff. However, I *think* that there was GNU-specific
889 stuff already. And I think that we should just use the GNU
890 extensions, because any platform that GNU make doesn't port to
891 easily will be hard to port to anyway. It also won't be likely
892 passwd to handle autoconf, which was Ted's suggestion for getting
893 around limitations in standard make...
894 For now, I suggest that we just use some simple GNU-specific
897 Monday May 20 22:00:00 PST 1996 (Andrew Morgan <morgan@physics.ucla.edu>)
899 * added some text to pam_modules.sgml
900 * corrected Marek's name in all documentation
901 * made pam_stress conform to chauthtok conventions -- ie can now request
902 old password before proceeding.
903 * included Alex's latest unix module
904 * included Al's + password strength checking module
905 * included pam_rootok module
906 * fixed too many bugs in libpam.. all subtly related to the argument lists
907 or use of syslog. Added more debugging lines here too.
908 * fixed the pam.conf file
909 * deleted pam_test module. It is pretty old and basically superceeded
912 Friday May 9 1:00:00 PST 1996 (Andrew Morgan <morgan@physics.ucla.edu>)
914 * updated documentaion, added Al Longyear to credits and corrected the
915 spelling of Jeff's name(!). Most changes to pam.sgml (even added a figure!)
916 * new module pam_rhosts_auth (from Al Longyear)
917 * new apps rlogind and ftpd (a patch) from Al.
918 * modified 'passwd' to not call pam_authenticate (note, none of the
919 modules respect this convention yet!)
920 * fixed bug in libpam that caused trouble if the last line of a
921 pam.conf file ends with a module name and no newline character
922 * also made more compatable with documentation, in that bad lines in
923 pam.conf are now ignored rather than causing libpam to return an
925 * libpam now overwrites the AUTHTOKs when returning from
926 pam_authenticate and pam_chauthtok calls (as per Sun/RFC too)
927 * libpam is now installed as libpam.so.XXX in a way that ldconfig can
931 Wednesday May 1 22:00:00 PST 1996 (Andrew Morgan <morgan@physics.ucla.edu>)
933 * removed .../test directory, use .../examples from now on.
934 * added .../apps directory for fully functional applications
935 - the apps directory contains directories that actually contain the apps.
936 the idea is to make application compilation conditional on the presence
937 of the directory. Note, there are entries in the Makefile for
938 'login' and 'ftpd' that are ready for installation... Email me if
939 you want to reserve a directory name for an application you are
941 * similar changes to .../modules makefile [entries for pam_skey and
942 pam_kerberos created---awaiting the directories.] Email me if you
943 want to register another module...
944 * minor changes to docs.. Not really worth reprinting them quite yet!
946 * added misc_conv to libmisc. it is a generic conversation function
947 for text based applications. [would be nice to see someone create
948 an Xlib and/or svgalib version]
949 * fixed ctrl-z/c bug with pam_filter module [try xsh with the default
951 * added 'required' argument to 'pam_stress' module.
952 * added a TODO list... other suggestions to the list please.
954 Saturday April 7 00:00:00 PST 1996 ( Andrew Morgan <morgan@physics.ucla.edu> )
956 * Alex and Marek please note I have altered _pam_auth_unix a little, to
957 make it get the passwords with the "proper method" (and also fixed it
958 to not have as many compiler warnings)
959 * updated the conf/pam.conf file
960 * added new example application examples/xsh.c (like blank but invokes
962 * Marc's patches for examples/blank.c (and AGM's too)
963 * fixed stacking of modules in libpam/pam_handlers.c
964 * fixed RESETing in libpam/pam_item.c
965 * added new module modules/pam_filter/ to demonstrate the possibility
966 of inserting an arbitrary filter between the terminal and the
967 application that could do customized logging etc... (see use of
968 bin/xsh as defined in conf/pam.conf)
971 Saturday March 16 19:00:00 PST 1996 ( Andrew Morgan <morgan@physics.ucla.edu> )
973 These notes are for 0.3 I don't think I've left anything important
974 out, but I will use emacs 'C-x v a' next time! (Thanks Jeff)
976 * not much has changed with the functionality of the Linux-PAM lib
978 - pam_password calls module twice with different arguments
979 - added const to some of the function arguments
980 - added PAM_MAX_MES_ to <security/_pam_types.h>
981 - was a lot over zealous about purging old passwords...
982 I have removed much of this from source to make it
983 more compatible with SUN.
984 - moved some PAM_... tokens to pam_modules.h from _pam_types.h
985 (no-one should notice)
987 * added three modules: pam_permit pam_deny pam_stress
988 no prizes for guessing what the first two do. The third is
989 a reasonably complete (functional) module. Is intended for testing
992 * fixed a few pieces of examples/blank.c so that it works (with
995 * ammended the documentation. Looking better, but suggestions/comments
998 Sunday March 10 10:50:00 PST 1996 ( Andrew Morgan <morgan@physics.ucla.edu> )
1000 These notes are for Linux-PAM release 0.21. They cover what's changed
1001 since I relased 0.2.
1004 * substantially changed ./README
1005 * fixed bug reading \\\n in pam.conf file
1006 * small changes to documentation
1007 * added `blank' application to ./examples (could be viewed as
1008 a `Linux-PAM aware' application template.)
1009 * oops. now including pam_passwd.o and pam_session.o in pamlib.so
1010 * compute md5 checksums for all the source when making a release
1011 - added `make check' and `make RCScheck' to compute md5 checksums
1012 * create a second tar file with all the RCS files in.
1013 * removed the .html and .txt docs, supplying sgml sources instead.
1014 - see README for info on where to get .ps files
1016 Thursday March 6 0:44:?? PST 1996 ( Andrew Morgan <morgan@physics.ucla.edu> )
1018 These notes are for Linux-PAM release 0.2. They cover what's changed
1019 since Marc Ewing relased 0.1.
1021 **** Please note. All of the directories in this release have been modified
1022 **** slightly to conform to the new pamlib. A couple of new directories have
1023 **** been added. As well as some documentation. If some of your code
1024 **** was in the previous release. Feel free to update it, but please
1025 **** try to conform to the new headers and Makefiles.
1027 * Andrew Morgan (morgan@physics.ucla.edu) is making this release
1028 availible, Marc has been busy...!
1030 * Marc's pam-0.1/lib has been (quietly) enhanced and integrated into
1031 Alex Yurie's collected tree of library and module code
1032 (linux-pam.prop.1.tar.gz). Most of the changes are to do with error
1033 checking. Some more robustness in the reading of the pam.conf file
1034 and the addition of the pam_get_user() function.
1036 * The pam_*.h files have been reorganized to logically enforce the
1037 separation of modules from applications. [Don't panic! Apart from
1038 changing references of the form
1040 #include "pam_appl.h"
1044 #include <security/pam_appl.h>
1046 The reorganization should be backwardly compatable (ie. a module
1047 written for SUN will be as compatable as it was before with the
1048 previous version ;)~ ]
1050 (All of the source in this tree now conforms to this scheme...)
1052 The new reorganization means that modules can be compiled with a
1053 single header, <security/pam_modules.h>, and applications with
1054 <security/pam_appl.h>.
1056 * I have tried to remove all the compiler warnings from the updated
1057 "pamlib/*.c" files. On my system, (with a slightly modified <dlfcn.h>
1058 email me if it interests you..) there are only two warnings that
1059 remain: they are that ansi does not permit void --> fn ptr
1060 assignment. K&Rv2 doesn't mention this....? As a matter of principle,
1061 if anyone knows how to get rid of that warning... please
1062 tell. Thanks! "-pedantic"
1064 * you can "make all" as a plain user, but
1066 * to "make install" you must be root. The include files are placed in
1067 /usr/include/security. The libpam.so library is installed in /usr/lib
1068 and the modules in /usr/lib/security. The two test binaries
1069 are installed in the Linux-PAM-0.2/bin directory and a chance is given to
1070 replace your /etc/pam.conf file with the one in Linux-PAM-0.2/conf.
1072 * I have included some documentation (pretty preliminary at the
1073 moment) which I have been working on in .../doc .
1075 I have had a little trouble with the modules, but atleast there are no
1076 segfaults! Please try it out and discuss your results... I actually
1077 hope it all works for you. But, Email any bugs/suggestions to the
1078 Linux-PAM list: linux-pam@mit.edu .....
1083 (morgan@physics.ucla.edu)
1086 Sat Feb 17 17:30:24 EST 1996 (Alexander O. Yuriev alex@bach.cis.temple.edu)
1088 * conf directory created with example of pam_conf
1089 * stable code from pam_unix is added to modules/pam_unix
1090 * test/test.c now requests username and password and attempts
1091 to perform authentication