1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220
1221
1222
1223
1224
1225
1226
1227
1228
1229
1230
1231
1232
1233
1234
1235
1236
1237
1238
1239
1240
1241
1242
1243
1244
1245
1246
1247
1248
1249
1250
1251
1252
1253
1254
1255
1256
1257
1258
1259
1260
1261
1262
1263
1264
1265
1266
1267
1268
1269
1270
1271
1272
1273
1274
1275
1276
1277
1278
1279
1280
1281
1282
1283
1284
1285
1286
1287
1288
1289
1290
1291
1292
1293
1294
1295
1296
1297
1298
1299
1300
1301
1302
1303
1304
1305
1306
1307
1308
1309
1310
1311
1312
1313
1314
1315
1316
1317
1318
1319
1320
1321
1322
1323
1324
1325
1326
1327
1328
1329
1330
1331
1332
1333
1334
1335
1336
1337
1338
1339
1340
1341
1342
1343
1344
1345
1346
1347
1348
1349
1350
1351
1352
1353
1354
1355
1356
1357
1358
1359
1360
1361
1362
1363
1364
1365
1366
1367
1368
1369
1370
1371
1372
1373
1374
1375
1376
1377
1378
1379
1380
1381
1382
1383
1384
1385
1386
1387
1388
1389
1390
1391
1392
1393
1394
1395
1396
1397
1398
1399
1400
1401
1402
1403
1404
1405
1406
1407
1408
1409
1410
1411
1412
1413
1414
1415
1416
1417
1418
1419
1420
1421
1422
1423
1424
1425
1426
1427
1428
1429
1430
1431
1432
1433
1434
1435
1436
1437
1438
1439
1440
1441
1442
1443
1444
1445
1446
1447
1448
1449
1450
1451
1452
1453
1454
1455
1456
1457
1458
1459
1460
1461
1462
1463
1464
1465
1466
1467
1468
1469
1470
1471
1472
1473
1474
1475
1476
1477
1478
1479
1480
1481
1482
1483
1484
1485
1486
1487
1488
1489
1490
1491
1492
1493
1494
1495
1496
1497
1498
1499
1500
1501
1502
1503
1504
1505
1506
1507
1508
1509
1510
1511
1512
1513
1514
1515
1516
1517
1518
1519
1520
1521
1522
1523
1524
1525
1526
1527
1528
1529
1530
1531
1532
1533
1534
1535
1536
1537
1538
1539
1540
1541
1542
1543
1544
1545
1546
1547
1548
1549
1550
1551
1552
1553
1554
1555
1556
1557
1558
1559
1560
1561
1562
1563
1564
1565
1566
1567
1568
1569
1570
1571
1572
1573
1574
1575
1576
1577
1578
1579
1580
1581
1582
1583
1584
1585
1586
1587
1588
1589
1590
1591
1592
1593
1594
1595
1596
1597
1598
1599
1600
1601
1602
1603
1604
1605
1606
1607
1608
1609
1610
1611
1612
1613
1614
1615
1616
1617
1618
1619
1620
1621
1622
1623
1624
1625
1626
1627
1628
1629
1630
1631
1632
1633
1634
1635
1636
1637
1638
1639
1640
1641
1642
1643
1644
1645
1646
1647
1648
1649
1650
1651
1652
1653
1654
1655
1656
1657
1658
1659
1660
1661
1662
1663
1664
1665
1666
1667
1668
1669
1670
1671
1672
1673
1674
1675
1676
1677
1678
1679
1680
1681
1682
1683
1684
1685
1686
1687
1688
1689
1690
1691
1692
1693
1694
1695
1696
1697
1698
1699
1700
1701
1702
1703
1704
1705
1706
1707
1708
1709
1710
1711
1712
1713
1714
1715
1716
1717
1718
1719
1720
1721
1722
1723
1724
1725
1726
1727
1728
1729
1730
1731
1732
1733
1734
1735
1736
1737
1738
1739
1740
1741
1742
1743
1744
1745
1746
1747
1748
1749
1750
1751
1752
1753
1754
1755
1756
1757
1758
1759
1760
1761
1762
1763
1764
1765
|
=======================================================================
=======================================================================
This file is no longer used for tracking changes for Linux-PAM. For
user visible changes, please look at the NEWS file. A more verbose
list of changes can be found in ChangeLog.
=======================================================================
=======================================================================
-----------------------------
TODO:
- sanitize use of md5 throughout distribution.. Make a static
library for helping to develop modules that contains it and other
stuff. Also add sha-1 and ripemd-160 digest algorithms.
- once above is done. remove hacks from the secret@here module etc..
- document PAM_INCOMPLETE changes
- verify that the PAM_INCOMPLETE interface is sensible. Can we
catch errors? should we permit item changing etc., between
pam_authenticate re-invocations?
- verify that the PAM_INCOMPLETE interface works (auth seems ok..)
- add PAM_INCOMPLETE support to modules (partially added to pam_pwdb)
- work on RFC.
- auth and acct support in pam_cracklib, "yes, I know the password
you just typed was valid, I just don't think it was very strong..."
====================================================================
If you have found a bug in Linux-PAM (including a documentation bug,
or a new feature request and/or patch), please consider filing such a
bug report - outstanding bugs are listed here:
http://sourceforge.net/tracker/?atid=106663&group_id=6663&func=browse
(to file another bug see the 'submit bug' button on that page).
====================================================================
0.81: please submit patches for this section with actual code/doc
patches!
* pam_umask: New module for setting umask from GECOS field, /etc/login.defs
or /etc/default/login (kukuk)
* configure/pam_strerror: Remove old ugly-hack option for pam_strerror
interface change (kukuk)
* configure.in: Fix AC_DEFINE usage for autoheader (kukuk)
* configure.in/_pam_aconf.h.in: Remove feature.h inclusion (kukuk)
* defs: Remove obsolete directory/content (kukuk)
* Rename _pam_aconf.h.in to config.h (kukuk)
* pam_unix: Don't ignore pam_get_item return value (kukuk)
* pam_userdb: Fix regression - crash when crypt param not specified (t8m)
* libpam: Remove pam_authenticate_secondary stub (kukuk)
* Use autoconf/automake/libtool (kukuk)
* pam_securetty: Be fail-close on user lookups, always log failures,
not just with "debug" (Solar Designer)
* Add gettext support
* Add translations for cs, de, es, fr, hu, it, ja, nb, pa, pt_BR,
pt, zh_CN and zh_TW
* pam_limits: Apply ALT Linux/Owl patch
* pam_motd: Apply ALT Linux/Owl patch
* libpam: Cache pam_get_user() failures
* libpam: Add pam_prompt,pam_vprompt,pam_error,pam_verror,pam_info
and pam_vinfo functions for use by modules as extension (kukuk).
* pam_cracklib: Make path to cracklib dicts an option (kukuk).
* libpam: Add pam_syslog function for unified syslog messages from
PAM modules (kukuk).
* pam_tally, pam_time, pam_userdb: use pam_syslog and pam_prompt (ldv)
* pam_issue: major cleanup (ldv)
* pam_echo: New PAM module for message output (kukuk)
* pam_limits: Fix regression from RLIMIT_NICE support (wrong limit
values for other limits are applied) patch by Anton Guda
* pam_unix: Always honor nis flag on password change (by Aaron Hope)
* libpam: Moved functions from pammodutil to libpam (t8m)
* pam_lastlog: Cleanup, fix broken logic in pam_parse,
modify wtmp by default, nowtmp option switches that off (ldv)
0.80: Wed Jul 13 13:23:20 CEST 2005
* pam_tally: test for NULL data before dereferencing them (t8m)
* pam_unix: fix regression introduced in 0.78 - both NIS and local password
should be changed if possible (t8m)
* misc_conv: flush input first then print the prompt - fixes problem
with expect scripts (t8m)
* pam_unix: nis option shouldn't clear the shadow option (t8m)
* cleanups and minor bugfixes by Steve Grubb (t8m)
* pam_private.h: set PAM_DEFAULT_PROMPT to "login: " (kukuk)
* pam_mkhomedir: Create parent directories if they do not already
exist (Bug 600351 - kukuk)
* pam_mkhomedir: Set owner/permissions of home directory after we
created all files (Bug 1032922 - kukuk)
* pam_rhosts: Get rid of static buffer for path (kukuk)
* pam_selinux/pam_unix/pam_rootok: Add SELinux support based on
patch from Red Hat (kukuk)
* pam_limits: Correct support of unlimited limits, use correct type
for rlimit value (Bug 945449 - kukuk, t8m)
* pam_xauth: Unset the XAUTHORITY variable when requesting user is
root and target user is not (t8m)
* pam_access: Add listsep option to set list element separator by
Richard Shaffer (t8m)
* pam_limits: Don't reset process priority if none is specified in
the config file (Novell #81690 - kukuk)
* Fix all occurrence of dereferencing type-punned pointer will break
strict-aliasing rules warnings (kukuk)
* pam_limits: Support new limits in linux 2.6.12 (t8m)
* pam_mkhomedir: change mode datatype (toady)
* pam_limits: Don't lowercase login names (kukuk)
0.79: Thu Mar 31 16:48:45 CEST 2005
* pam_tally: added audit option (toady)
* pam_unix: don't log user unknown failure when he can be properly
authenticated by another module (t8m)
* configure: don't abort if no cracklib dictinaries were found, but
warn user that pam_cracklib will not be built (kukuk)
* modules/pam_unix/support.c: Fix return value if user aborts while
changes the password (Bug 872945 - kukuk)
* modules/pam_unix/support.c: Fix return value for an unknown user
(Bug 872943 - kukuk)
* pam_limits: support for new Linux kernel 2.6 limits (from toby cabot
- t8m)
* pam_tally: major rewrite of the module (t8m)
* libpam: don't return PAM_IGNORE for OK or JUMP actions if using
cached chain (Bug 629251 - t8m)
* pam_nologin: don't overwrite return value with return from
pam_get_item (t8m)
* libpam: Add more checks for broken PAM configuration files to
avoid seg.faults (kukuk)
* pam_shells: correct README
* libpam: Fix debug code (kukuk)
* pam_limits: Fix order of LIMITS_DEF_* priorities (kukuk)
* pam_xauth: preserve DISPLAY variable (Novell #66885 - kukuk)
* libpam: Add prelude ids (http://www.prelude-ids.org) support,
as experimental. (toady)
* configure: Add the directory where new versions of cracklib is
installed (from Jim Gifford - toady)
* libpamc: Use standard u_intX_t types instead of __uX (kukuk)
0.78: Do Nov 18 14:48:36 CET 2004
* pam_unix: change the order of trying password changes - local first,
NIS second (t8m)
* pam_wheel: add option only_root to make it affect authentication
to root account only
* pam_unix: test return values on renaming files and report error to
syslog and to user
* pam_unix: forced password change shouldn't trump account expiration
* pam_unix: remove the use of openlog (from debian - toady)
* pam_unix: NIS cleanup (patch from Philippe Troin)
* pam_access: you can now authenticate an explicit user on an explicit
tty (from debian - toady)
* pam_limits, pam_rhosts, pam_unix: fixed hurd portability issues
(patch from Igor Khavkine)
* pam_env: added comments in the configuration file to avoid errors
(from debian - toady)
* pam_mail: check PAM_NO_ENV to know if we can delete the environment
variable (from debian - toady)
* pam_filter: s/termio/termios/g (from debian - toady)
* pam_mkhomedir: no maxpathlen required (from debian - toady)
* pam_limits: applied patch to allow explicit limits for root
and remove limits on su. (from debian - toady)
* pam_unix: severe denial of service possible with this module since
it locked too aggressively. Bug report and testing help from Sascha
Loetz. (Bug 664290 - agmorgan)
* getlogin was spoofable: "/tmp/" and "/dev/" have the same number of
characters, so 'ln /dev/tty /tmp/tty1 ; bash < /tmp/tty1 ; logname'
attacks could potentially spoof pam_wheel with the 'trust' module
argument into granting access to a luser. Also, pam_unix gave
odd error messages in such a situation (logname != uid). This
problem was found by David Endler of iDefense.com (Bug 667584 -
agmorgan).
* added my new DSA public key to the pgp.keys.asc file. Also included
a signed copy of my new public key (1024D/D41A6DF2) made with my old
key (1024/2A398175).
* added "include" directive to config file syntax.
The whole idea is to create few "systemwide" pam configs and include
parts of them in application pam configs.
(patch by "Dmitry V. Levin" <ldv@altlinux.org>) (Bug 812567 - baggins).
* doc/modules/pam_mkhomedir.sgml: Remove wrong debug options
(Bug 591605 - kukuk)
* pam_unix: Call password checking helper whenever the password field
contains only one character (Bug 1027903 - kukuk)
* libpam/pam_start.c: All service names should be files below /etc/pam.d
and nothing else. Forbid paths. (Bug 1027912 - kukuk)
* pam_cracklib: Fix error in distance algorithm in the 0.9 pam_cracklib
module (Bug 1010142 - toady)
* pam_userdb: applied patch from Paul Walmsley <paul@booyaka.com>
it now indicates whether encrypted or plaintext passwords are stored
in the database needed for pam_userdb (BerliOS - toady)
* pam_group: The module should also ignore PAM_REINITIALIZE_CRED to
avoid spurious errors (from Linux distributors - kukuk)
* pam_cracklib: Clear the entire options structure (from Linux
distributors - kukuk)
* pam_issue: We write a NUL to prompt_tmp[tot_size] later, so make sure
that the destination is part of the allocated block, make do_prompt
static (from Linux distributors - kukuk)
* ldconfig: Only run full ldconfig, if we don't install into a FAKEROOT
environment, else let ldconfig only create the symlinks correct
(from Linux distributors - kukuk)
* pam_unix/pam_pwdb: Use SIG_DFL instead of SIG_IGN for SIGCHLD
(from Linux distributors - kukuk)
* Add most of Steve Grubb's resource leak and other fixes (from
Linux distributors - kukuk)
* doc/Makefile: Don't include .cvsignore files in tar ball (kukuk)
* libpam_misc/misc_conv.c: Differentiate between Ctrl-D and
<Return> (Bug 1032604 - kukuk)
* Make.Rules.in: Add targets for installing man pages for modules
(from Linux distributors - kukuk)
* Add pam_xauth module (Bug 436440 - kukuk)
* Add pam_localuser module (Bug 436444 - kukuk)
* Add pam_succeed_if module (from Linux distributors - kukuk)
* configure.in: Fix check for libcrypt (Bug 417704 - kukuk)
* Add the "broken_shadow" argument to pam_unix, for ignoring errors
reading shadow information (from Linux distributors - kukuk)
* Add patches to make PAM modules reentrant (Bug 440107 - kukuk)
* Merge patches from Red Hat (Bug 477000 and other - kukuk)
* Fix pam_rhosts option parsing (Bug 922648 - kukuk)
* Add $ISA support in config files (from Red Hat - kukuk)
0.77: Mon Sep 23 10:25:42 PDT 2002
* documentation support for pdf files was not quite right -
installation was messed up.
* pam_wheel was too aggressive to grant access (in the case of the
'deny' option you want to pay attention to 'trust'). Fix from
Nalin (Bugs 476951, 476953 - agmorgan)
* account management support for: pam_shells, pam_listfile, pam_wheel
and pam_securetty (+ static module fix for pam_nologin). Patch from
redhat through Harald Welte (Bug 436435 - agmorgan).
* pam_wheel feature from Nalin - can use the module to provide wheel
access to non-root accounts. Also from Nalin, a bugfix related to
the primary group of the applicant is the 'wheel' group. (Bugs
476980, 476941 - agmorgan)
* pam_unix and pam_pwdb: by default turn off the SIGCHLD handler while
running the helper binary (patch from Nalin) added the "noreap"
module argument to both of these modules to turn off this new
default. Bugfix found by Silvan Minghetti for former module and
521314 checkin. (Bugs 476963, 521314 - agmorgan).
* updated CHANGELOG and configure.in for 0.77 work.
0.76: Mon Jul 8 21:44:59 PDT 2002
* pam_unix: fix for legacy crypt() support when the password entered
was long. (Bug 521314 - agmorgan).
* pam_access no longer include gethostname() prototype complaint from
David Lee (Bug 415423 - agmorgan).
* make pam_nologin more secure by default, added two new module
arguments etc. - acting on suggestion from Nico (Bug 419307 -
agmorgan)
* link in libpam to libpam_misc - since the latter uses functions in
the former it makes some sort of sense to do this (although, in the
static library case, I remain to be convinced). (Bug 565470 -
agmorgan).
* absorbed some of the proposed darwin (OS X) changes from Luke Howard
(of PADL software) - hopefully will get the rest (see Rob Braun's
534205) by 0.77 (Bug 491466 - agmorgan).
* README fix for pam_unix from Nalin (Bug 476971 - agmorgan).
* add support for building pdf files from the documentation - request
from 'lolive' (Bug 471377 - agmorgan).
* documented the equivalent '[..]' expressions for "required"
etc. Request from Ross Patterson (Bug 529078 - agmorgan).
* '[...]' parsing: document it and also fix it to support '\]' escape
sequence. Feature request from Russell Kliese (Bug 517064 -
agmorgan).
* pam_rootok: compilation warning noted by Tony den Haan wrt no
prototype for strcmp() (Bug 557322 - agmorgan).
* documentation: (a few of mine in passing) and app documentation
suggestions regarding PAM environment variables and module
documentation changes regarding the conversation function from Jenn
Vesperman (Bug 527821, 527965 - agmorgan)
* documentation: pam_time.sgml typo fixed, pam_motd exists now,
correct Red Hat comment about config files (Bugs 554274, 554261,
554182 - agmorgan)
* pam_limits: added '%' domain for maxlogins limiting, now '*' and @group
have the old meaning (every) and '%' the new one (all)
(Bug 533664 - baggins)
* pam_limits: put not so interesting log messages under debug arg
(Bug 533668 - baggins)
* pam_access: added the 'fieldsep=' argument (Bug 547051 - agmorgan),
made a PAM_RHOST of "" equivalent to NULL (Bug 547521 - agmorgan).
* pam_limits: keep well know behaviour of maxlogins default ('*') limit
(Bug 533664 - baggins)
* pam_unix: more from Nalin log password changes (Bug 517743 - agmorgan)
* pam_limits: make it use the priority value specified in config
(bug 530428 - baggins)
* pam_unix: removed broken code in password update code. Report from
Len Lattanzi (Bug 507379 - agmorgan)
* pam_mkhomedir: recurse directories. Patch from Nalin (Bug 476981 -
agmorgan)
* pam_limits can handle negative priority limits now (which can apply
to the superuser too) - based on patch from Nalin. Also cleanup the
error handling that was very sloppy before. Also, courtesy of Berend
De Schouwe get the math right on login counting (Bug 476990, 476987,
493294 - agmorgan)
* documentation: random typo fixes from Nalin and more stuff from me
(Bug 476949, Tasks 43507, 17426 - agmorgan)
* A Tru64 fix (given other stuff has already resolved this, it
actually just a comment actually) from 'Eddie'. (Bug 418450 -
agmorgan)
* pam_handlers: BSD fix from Dag-Erling Sm�rgrav and Anton Berezin
(Bug 486063 - agmorgan)
* added the dynamic/* directory to the distribution. If you go in
there after building the rest of the tree, you'll make a pam.so
object that can be used by something like a java runtime with
dlopen. Its not very well tested - caveat emptor. (Bug 232194 -
agmorgan)
* somehow pam_unix has started forcing the user prompt to be "login: ".
This is entirely inapropriate as it overrides PAM_USER_PROMPT. (Bug
486361 - agmorgan).
* added a static module helper library object includes a few changes
to examples/xsh.c for testing purposes (added a simple shell wrapper
for running xsh with the sandbox libraries), and also modified the
pam_rhosts_auth module to use this new library. (Bug 490938, 409852
- agmorgan).
* pam_unix: fix 'likeauth' to kill off the memory leak once and for all.
(Bug 483959 - vorlon)
* pam_unix: restore handling of 'likeauth' argument to a known working
state; prettify AUTH_RETURN macro; remove redundant argv checks in
pam_sm_setcred() (Bugs 483959, 113596 - vorlon)
* pam_cracklib: another try at implementing similar() from Harald
Welte and Nalin (Bugs 436053, 476957 - agmorgan)
* pam_access: default access.conf file contained a type (console
instead of LOCAL) fix from Nalin (Bug 476934 - agmorgan)
* pam_unix: fixed bizarre memory leak pointed out by Fernando Trias
(Bug 483959 - agmorgan)
* misc string comparison length checking changes from Nalin. Modules
touched, pam_cracklib, pam_listfile, pam_unix, pam_wheel (Bug 476947 -
agmorgan)
* pam_userdb: require that all of typed password matches that in
database report and fix from Vladimir Pastukhov. (Bug 484252 - agmorgan)
* pam_malloc: revived malloc debugging code, now tied to
--enable-memory-debug and added strdup() support (Bug 485454 - agmorgan)
* pam_tally: Nalin's fix for lastlog corruption (Bug 476985 - agmorgan)
* pam_rhosts: Nalin adds support for '+hostname', and zdd fix
compilation warning. (Bug 476986 - agmorgan)
* pam_motd: Nalin fixed compiler warning. (Bug 476938 - agmorgan)
* pam_pwdb: Solar Designer pointed out that there was a problem with
the compatibility support for md5 password hashing. (Bug 460717,
476961 - agmorgan)
* pam_issue: Nalin found segfaulting problems if the PAM_USER_PROMPT
is unset, found some similar problems with assumptions about
realloc. (Bug 476983 - agmorgan)
* pam_env: 'weichangyang of hotmail' pointed out a wild string with no
valid '\0' was leading to problems with sshd and suggested fix (Bug
473034 - agmorgan)
* MANDIR cleanup. It defaults to /usr/share/man, but can be overridden
using the --enable-mandir ./configure option, similarly for DOCDIR
from Nalin (Bug 476940 - agmorgan)
* pam_filter cleanup (including moving the filter directory) Nalin
and Harald Welte (Bugs 436057, 476970 - agmorgan)
* db3 is now recognized as a libdb candidate (Bug 435764 - agmorgan)
* more changes (extracted from redhat version) courtesy of
Harald Welte (Bugs pam_limits=436061, pam_lastlog=436060,
pam_mkhomedir/pam_env=435991 - agmorgan)
* fix for legacy behavior of pam_setcred and pam_close_session in
the case that pam_authenticate and pam_open_session hadn't been
called - bug report from Seongwan Park. (Bug 468724 - agmorgan)
* some BSD updates and fixes from Mark Murray - including a slightly
more robust conversation function and some minimization of gcc
warnings. (Bugs 449203,463984 - agmorgan)
* verified that the setcred stack didn't suffer from the bug I was
nervous about, add a new module pam_debug to help me test this.
fixed a libpam/pam_dispatch.c instrumentation line that I tripped
over when testing. Also restructured pam_warn to help here (Bug
424315 - agmorgan).
* pam_unix/support.c: sample use of reentrant NSS function. Not yet active,
because modules do not include _pam_aconf_h! (Bug 440107 - vorlon)
* doc/Makefile changes - use $(mandir) [courtesy Harald Welte] (Bug
435760) and add some rules to make/delete the draft rfc I've been
working on (Task 17426 - agmorgan)
* pam_modules.sgml: sourceforge has changed its CVS viewing software
(Bug 460491 - agmorgan)
* pam_unix_passwd: got rid of an annoying warning (Bug 461089 - agmorgan)
* configure.in, _pam_aconf.h.in: set the stage for fully reentrant PAM
modules, with some infrastructure to detect getxxbyxx_r() functions
(Bug 440107 - vorlon)
* pam_unix: removed superfluous use of static variables in md5 and bigcrypt
routines, bringing us a step closer to thread-safeness. Eliminated
some variable indirection along the way. (Bug 440107 - vorlon)
* pam_tally: remove #include of stdlib.h, which isn't needed by anything
found in this module. Can be readded if we find a real need for it at
a later date. (Bug 436432 - vorlon)
* pam_tally: added an #include (was it really needed?) and made the
pam_tally app install (with more pretty printing and a corrected
Makefile dependency) motivated by a (red hat diff) courtesy of Harald
Welte (Bug 436432 - agmorgan)
* configure.in changes to help support non-Linux environments courtesy
of Scott T. Emery (Bug 422563 - agmorgan)
* made a pam_cracklib enhancement to interpret -ve limits in a
sensible fashion contributed by Werner Puschitz (Bug 413162 -
agmorgan)
* another fix for the latest number of rlimits available to pam_limits
(Bug 424060 - agmorgan)
* removed stale link from pam_pwdb documentation (Bug 433460 - agmorgan)
* pam_appl.sgml change - more discussion of choosing a service name
(Bug 417512 - agmorgan)
* more specific linking requirements for -lndbm for pam_userdb - from
David Lee (Bug 417339 - agmorgan)
* a large number of small changes to make AIX support better (Bug
416229 - agmorgan)
* $(MAKE) instead of 'make' - from Scott T. Emery (Bug 422144 -
agmorgan)
* c++ header fixes for pam_misc.h and pam_client.h - from Alexandre
Sagala (Bug 420270 - agmorgan)
* pam_access fixes - looks out for trailing '.' - from Carlo Marcelo
Arenas Belon (Bug 419631 - agmorgan)
* don't zero out password strings during pam_unix's password changing
function (Bug 419803 - vorlon)
* propagate some definitions to the _pam_aconf.h file - from David Lee
(Bug 415419 - agmorgan)
* solaris GCC OS_CFLAGS change from David Lee (Bug 415412 - agmorgan)
* added a comment to this CHANGELOG to explain why most of the bugids
used below appear not to be known to sourceforge [try adding 100000
to the bugid number.] (Bug 414943 - agmorgan)
* bumped version numbers and also added support for SONAME defines
that appear not to have survived the great autoconf experiment (Bug
414669 - agmorgan).
0.75: Sat Apr 7 23:10:50 PDT 2001
** WARNING **
This release contains backwardly incompatible changes to
libpam. Prior versions were buggy - see bugfix for Bug 129775.
** WARNING **
* made 0.75 release (Bug 414665 - agmorgan)
* pam_pwdb has been removed from the suggested pam.conf template. I've
replaced it with pam_unix. (Bug 227565 - agmorgan)
* pam_limits - Richard M. Yumul reported that "<domain> -" didn't
work, first fix suggested by Werner Puschitz (Bug 404953 - agmorgan)
* Nicolay Pelov suggested a simple fix for freebsd support (Bug 407282
- agmorgan)
* Michel D'HOOGE submitted documentation fixes (Bug 408961 - agmorgan)
* fix for module linking directions (Bug 133545 - agmorgan)
* fix for glibc-2.2.2 compilation of pam_issue (Bug 133542 - agmorgan)
* fix pam_userdb to make and link both .o files it needs - converse()
wasn't being linked! (Bug 132880 - agmorgan)
* added some sys-admin documentation for the pam_tally module (Bug
126210 - agmorgan).
* added a link to module examples from the module writers doc (Bug
131192 - agmorgan).
* fixed a small security hole (more of a user confusion issue) with
the unix and pwdb password helper binaries. The beef is described in
the bug report, but no uid change was possible so no-one should
think they need to issue a security bulletin over this one! (Bug
112540 - agmorgan)
* pam_lastlog needs to be linked with -lutil, also removed ambiguity
from sysadmin guide regarding this module being a 'session' module
(Bug 131549 - agmorgan).
* pam_cracklib needs to be linked with -lcrypt (old password checking)
(Bug 131601 - agmorgan).
* fixes for static library builds and also the examples when linked
with the debugging build of the libraries. (Bug 131783 - agmorgan)
* fixed URL for original RFC to a cached kernel.org file. (Bug 131503
- agmorgan)
* quoted the $CRACKLIB_DICTPATH test in configure.in (Bug 130130 -
agmorgan).
* improved handling of the setcred/close_session and update chauthtok
stack. *Warning* This is a backwardly incompatable change, but 'more
sane' than before. (Bug 129775 - agmorgan)
* bumped the version number, and added some code to assist in making
documentation releases (Bug 129644 - agmorgan).
0.74: Sun Jan 21 22:36:08 PST 2001
* made 0.74 release (Bug 129642 - agmorgan)
* libpam - cleaned up a few non-static functions to be static and added
support for libpam to enforce things like pam_[gs]et_data() and
AUTHTOK rules for using the API. Also documented pam_[gs]et_item()
a little better including return codes (Bugs 129027, 128576 -
agmorgan).
* pam_access - fixed the non-default config file option (Bug 127561 -
agmorgan)
* pam.8 manual page clarified with respect to the default location for
finding modules, also added some text describing the [...] control
syntax. (Bug 127625 - agmorgan)
* md5.h ia64 fixes for pam_unix and pam_pwdb (Bug 127700 - agmorgan)
* removed requirement for c++ from the configure{.in,} files (Bug
128298 - agmorgan)
* removed subdirectories from man page redirections (124396 - baggins)
* per David Lee, fixed non-POSIX shell command in modules/pam_filter/Makefile
(Bug 126440 - vorlon)
* modify format of pam_unix log messages to include service name
(Bug 126423 - vorlon)
* prevent pam_unix from logging unknown usernames (Bug 126431 - vorlon)
* changed format of pam_unix 'authentication failure' log messages to make
them clearer and more consistent (Bug 126036 - vorlon)
* improved portability of pam_unix by eliminating Linux-specific utmp
defines in PAM_getlogin() (Bug 125704 - vorlon)
* removed static variables from pam_tally (Bug 117434 - agmorgan)
* added copyright message to pam_access module from original logdaemon
sources (Bug 125022 - agmorgan)
* configure.in - removed the GCC -Wtraditional flag (Bug 124923 - agmorgan)
* pam_mail - use PAM_PATH_MAILDIR as the location of mail spool
(Bug 124397 - baggins)
* _pam_aconf.h.in, configure.in - added PAM_PATH_MAILDIR set via
--with-mailspool=dir option (default is _PAM_MAILDIR if defined
in paths.h otherwise /var/spool/mail (Bug 124397 - baggins)
* removed unnecessary CVS Log tags from all over the source
(Bug 124391 - baggins)
* pam_tally - check for PAM_TTY if PAM_RHOST is not set when writing
to faillog (Bug 124394 - baggins)
* use O_NOFOLLOW if available when opening debug log (Bug 124385 - baggins)
* pam_cracklib - removed comments about pam_unix not working with
pam_cracklib, added information about use_authtok parameter
(Bug 124388 - baggins)
* pam_userdb - fixed wrong definition of struct pam_module (was pam_wheel)
(Bug 124386 - baggins)
* fixed example/Makefile include path (Bug 124187, 127563(?) - agmorgan)
* pam_userdb compiles on RH5x. Also removed circular dependency on
configure.in. Also bumped revision number to 0.74. (Bug 124136 -
agmorgan)
0.73: Sat Dec 2 00:04:04 PST 2000
* updated documentaion revisions and added 'make release' support
to the top level Makefile (Bug 124132 - agmorgan).
* documented Qmail support in pam_mail (Bug 109219 - baggins)
* add change_uid option to pam_limits, and set real uid only if
this option is present (Bug 124062 - baggins)
* pam_limits - set real uid to the user for who we set limits.
(Bug 123972 - baggins)
* removed static variables from pam_limits (thread safe now). (Bug
117450 - agmorgan).
* removed static variable from pam_wheel (module should be thread safe
now). (Bug 112906 - agmorgan)
* added support for '/' symbols in pam_time and pam_group config files
(support for modern terminal devices). Fixed infinite loop problem
with '\\[^\n]' in these files. (Bug 116076 - agmorgan)
* avoid potential SIGPIPE when writing to helper binaries with (Bug
123399 - agmorgan)
* replaced bogus logic in the pam_cracklib module for determining if
the replacement is too similar to the old password (Bug 115055 -
agmorgan)
* added accessconf=<filename> feature to pam_access - request from
Aldrin Martoq and Meelis Roos (Bugs 111927,117240 - agmorgan)
* fix for pam_limit module not dealing with all limits Adam J. Richter
(Bug 119554 - agmorgan)
* comment fix describing fail_delay callback in _pam_types.h (Bug
112646 - agmorgan)
* "likeauth" fix for pam_unix and pam_pwdb which (Bug 113596 - agmorgan)
* fix for pam_unix (support.c) to avoid segfault with NULL password
(Bug 113238 - vorlon)
* fix to pam_unix_passwd: try repeatedly to get a lock on the password
file, instead of failing immediately (Bug 108845 - fix vorlon)
* fix to pam_shells: logged information was not formatted correctly
(extra comma) (Bug 111491 - fix vorlon)
* fix for C++ application support (Bug 111645 - fix agmorgan)
* fix for typo in pam_client.h (Bug 111648 - fix agmorgan)
* removal of -lpam from pam_mkhomedir Makefile (Bug 116380 - fix agmorgan)
* autoconf support [Task ID 15788, Bug ID 108297 - agmorgan with help!]
- bugfix for libpamc.h include file [Bug ID 117476 - agmorgan]
- bugfix for pam_filter.h inclusion [Bug ID 117474 - agmorgan]
0.72: Mon Dec 13 22:41:11 PST 1999
* patches from Debian (Ben Collins): pam_ftp supports event driven
conversations now; pwdb_chkpwd cleanup; pam_warn static compile fix;
user_db compiler warnings removed; debian defs file; pam_mail can
now be used as a session module
* ndbm compilation option for user_db module (fix explained by Richard Khoo)
* pam_cracklib bug fix
* packaging fixes & build from scratch stuff (Konst Bulatnikov & Frodo
Looijaard)
* -ldl appended to the libpam.so compilation make rule. (Charles Seeger)
* Red Hat security patch for pam_pwdb forwarded by Debian! (Ben
Collins. Fix provided by Andrey as it caught the problem earlier in the
code.)
* heuristic to prevent leaking filedescriptors to an agent. [This needs
to be better supported perhaps by an additional libpamc API function?]
* pam_userdb segfault fix from (Ben Collins)
* PAM draft spec extras added at request of 'sen_ml'
0.71: Sun Nov 7 20:21:19 PST 1999
* added -lc to linker pass for pam_nologin module (glibc is weird).
* various header changes to lower the number of warnings on glibc
systems (Dan Yefimov)
* merged a bunch of Debian fixes/patches/documentation (Ben Collins)
things touched: libpam (minor); doc/modules/pam_unix.sgml; pam_env
(plus docs); pam_mkhomedir (new module for new home directories on
the fly...); pam_motd (new module); pam_limits (adjust to match
docs); pam_issue (new module + doc) [Some of these were also
submitted by Thorsten Kukuk]
* small hack to lower the number of warnings that pam_client.h was
generating.
* debian and SuSE apparently can use the pam_ftp module, so
removed the obsolete comment about this from the docs. (Thorsten
Kukuk)
0.70: Fri Oct 8 22:05:30 PDT 1999
* bug fix for parsing of value=action tokens in libpam/pam_misc.c was
segfaulting (Jan Rekorajski and independently Matthew Melvin)
* numerous fixes from Thorsten Kukuk (icluding much needed fixes for
bitrot in modules and some documentation) that got included in SuSE 6.2.
* reentrancy issues in pam_unix and pam_cracklib resolved (Jan Rekorajski)
* added hosts_equiv_rootok module option to pam_rhosts module (Tim Berger)
* added comment about 'expose_account' module argument to admin and
module writers' docs (request from Michael K Johnson).
* myriad of bug fixes for libpamc - library now built by default and
works with the biomouse fingerprint scanner agent/module
(distributed separately).
0.69: Sun Aug 1 20:25:37 PDT 1999
* c++ header #ifdef'ing for pam_appl.h (Tuomo Pyhala)
* added pam_userdb module (Cristian Gafton)
* minor documentation changes
* added in revised pam_client library (libpamc). Not installed by
default yet, since the example agent/module combo is not very secure.
* glibc fixes (Thorsten Kukuk, Adam J. Richter)
0.68: Sun Jul 4 23:04:13 PDT 1999
* completely new pam_unix module from Jan Rekorajski and Stephen Langasek
* Jan Rekorajski pam_mail - support for Maildir format mailboxes
* Jan Rekorajski pam_cracklib - support for old password comparison
* Jan Rekorajski bug fix for pam_pwdb setcred reusing auth retval
* Andrey's pam_tally patch (lstat -> fstat)
* Robert Milkowski's additional pam_tally patches to **change format of
/var/log/faillog** to one from shadow-utils, add new option "per_user"
for pam_tally module, failure time logging, support for fail_line
field, and support for fail_locktime field with new option
no_lock_time.
* pam_tally: clean up the tally application too.
* Marcin Korzonek added process priority settings to pam_limits (bonus
points for adding to documentation!)
* Andrey's pam_pwdb patch (cleanup + md5 endian fubar fix)
* more binary prompt preparations (make misc conv more compatible with spec)
* modified callback hook for fail delay to be more useful with event
driven applications (changed function prototype - suspect no one
will notice). Documented this in app developer guide.
* documentation for pam_access from Tim Berger
* syntax fixes for the documentation - a long time since I've built it :*(
added some more names to the CREDITS file.
0.67: Sat Jun 19 14:01:24 PDT 1999
* [dropped libpam_client - libpamc will be in the next release and
conforms to the developing spec in doc/specs/draft-morgan-pam.raw.
Sorry if you are keeping a PAM tree in CVS. CVS is a pain for
directories, but this directory was actually not referenced by
anything so the disruption should be light.]
* updates to pam_tally from Tim
* multiple updates from Stephen Langasek to pam_unix
* pam_filter had some trouble compiling (bug report from Sridhar)
* pam_wheel now attempts to identify the wheel group for the local
system instead of blindly assuming it is gid=0. In the case that
there is no "wheel" group, we default to assuming gid=0 is what was
meant - former behavior. (courtesy of Sridhar)
* NIS+ changes to pam_unix module from Dmitry O Panov
* hopefully, a fix for redefinition of LOG_AUTHPRIV (bug report Luke
Kenneth Casson Leighton)
* fix for minor typo in pam_wheel documentation (Jacek Kopecky)
* slightly more explanation of the [x=y] pam.conf syntax in the sys
admin guide.
0.66: Mon Dec 28 20:22:23 PST 1998 <morgan@linux.kernel.org>
* Started using cvs to keep track of changes to Linux-PAM. This will
likely break some of the automated building stuff (RPMs etc..).
* security bug fix to pam_unix and pam_tally from Andrey.
* modules make file is now more automatic. It should be possible to
unpack an external module in the modules directory and have it automatically
added to the build process. Also added a modules/download-all script
that will make such downloading easier. I'm happy to receive patches to
this file, informing the distribution of places from which to enrich itself.
* removed pam_system_log stuff. Thought about it long and hard: a
bad idea. If libc cannot guarantee a thread safe syslog, it needs
to be fixed and compatibility with other PAM libraries was
unnecessarily strained.
* SAG documentation changes: Seth Chaiklin
* rhosts: problems with NIS lookup failures with the root-uid check.
As a work-around, I've partially eliminated the need for the lookup
by supplying two new arguments: no_uid_check, superuser=<username>.
As a general rule this is more pluggable, since this module might be
used as an authentication scheme for a network service that does not
need root privilege...
* authenticate retval -> setcred for pam_pwdb (likeauth arg).
* pam_pwdb event driven support
* non openlog pam_listfile logging
* BUGFIX: close filedescriptor in pam_group and pam_time (Emmanuel Galanos)
* Chris Adams' mailhash change for pam_mail module
* fixed malloc failure check in pam_handlers.c (follow up to comment
by Brad M. Garcia).
* update to _pam_compat.h (Brad M. Garcia)
* support static modules in libpam again (Brad M. Garcia)
* libpam/pam_misc.c for egcs to grok the code (Brad M. Garcia)
* added a solaris-2.5.1 defs file (revived by Derrick J Brashear)
* pam_listfile logs failed attempts
* added a comment (Michael K Johnson pointed it out) about sgml2latex
having a new syntax. I'll make it the change real when I upgrade...
* a little more text to the RFC, spelling fix from William J Buffam.
* minor changes to pam_securetty to accommodate event driven support.
0.65: Sun Apr 5 22:29:09 PDT 1998 <morgan@linux.kernel.org>
* added event driven programming extensions to libpam
- added PAM_INCOMPLETE handling to libpam/pam_dispatch.c
- added PAM_CONV_AGAIN which is a new conversation response that
should be mapped to PAM_INCOMPLETE by the module.
- ensured that the pam_get_user() function can resume
- changes to pam_strerror to accommodate above return codes
- clean up _pam_former_state at pam_end()
- ensured that former state is correctly initialized
- added resumption tests to pam_authenticate(), pam_chauthtok()
- added PAM_FAIL_DELAY item for pausing on failure
* improved _pam_macros.h so that macros can be used as single commands
(Andrey)
* reimplemented logging to avoid bad interactions with libc. Added
new functions, pam_[,v]system_log() to libpam's API. A programmer
can check for this function's availablility by checking if
HAVE_PAM_SYSTEM_LOG is #defined.
* removed the reduce conflict from pam_conv1 creation -- I can sleep
again now. :^]
* made building of static and dynamic libpam separate. This is
towards making it possible to build both under Solaris (for Derrick)
* made USE_CRACKLIB a condition in unix module (Luke Kenneth Casson Leighton)
* automated (quiet) config installation (Andrey)
0.64: Thu Feb 19 23:30:24 PST 1998 Andrew Morgan <morgan@linux.kernel.org>
* miscellaneous patches for building under Solaris (Derrick J Brashear)
* removed STATIC support from a number of module Makefiles. Notably,
these modules are those that use libpwdb and caused difficulties
satisfying the build process. (Please submit patches to fix this...;)
* reomved the union for binary packet conversations from
(_pam_types.h). This is now completely implemented in libpam_client.
* Andrey's patch for working environment variable handling in
sh_secret module.
* made the libpam_misc conversation function a bit more flexible with
respect to binary conversations.
* added top level define (DEBUG_REL) for compiling in the form of
a debugging release. I use this on a Red Hat 4.2 system with little
chance of crashing the system as a whole. (Andrey has another
implementation of this -- with a spec file to match..)
0.63: Wed Jan 28 22:55:30 PST 1998 Andrew Morgan <morgan@linux.kernel.org>
* added libpam_client "convention" library. This makes explicit the
use of PAM_BINARY_PROMPT. It is a first cut, so don't take it too
seriously yet. Comments/suggestions for improvements are very
welcome. Note, this library does not compile by default. It will
be enabled when it is judged stable. The library comes with two
module/agent pairs and can be used with ssh using a patch available
from my pre-release directory [where you got this file.]
* backward compatibility patch for libpam/pam_handlers.c (PAM_IGNORE
was working with neither "requistie" nor "required") and a DEBUG'ing
compile time bug with pam_dispatch.c (Savochkin Andrey Vladimirovich)
* minor Makefile change from (Savochkin Andrey Vladimirovich)
* added pam_afsauth, pam_afspass, pam_restrict, and pam_syslog hooks
(Derrick J Brashear)
* pam_access use of uname(2) problematic (security problem
highlighted by Olaf Kirch).
* pam_listfile went a bit crazy reading group membersips (problem
highlighted by Olaf Kirch and patched independently by Cristian
Gafton and Savochkin Andrey Vladimirovich)
* compatibility hooks for solaris and hpux (Derrick J Brashear)
* 64 bit Linux/alpha bug fixed in pam_rhosts (Andrew D. Isaacson)
0.62: Wed Jan 14 14:10:55 PST 1998 Andrew Morgan <morgan@linux.kernel.org>
* Derrick J Brashear's patches: adds the HP stuff missed in the first
patch; adds SunOS support; adds support for the Solaris native ld
instead of requiring gnu ld.
* last line of .rhosts file need not contain a newline. (Bug reported by
Thompson Freeman.)
0.61: Thu Jan 8 22:57:44 PST 1998 Andrew Morgan <morgan@linux.kernel.org>
* complete rewrite of the "control flag" logic. Formerly, we were
limited to four flags: requisite, required, sufficient, optional.
We can now use these keywords _and_ a great deal more besides.
The extra logic was inspired by Vipin Samar, a preliminary patch was
written by Andy Berkheimer, but I "had some ideas of my own" and
that's what I've actually included. The basic idea is to allow the
admin to custom build a control flag with a series of token=value
pairs inside square brackets. Eg., '[default=die success=ok]' which
is pretty close to a synonym for 'requisite'. I'll try to document it
better in the sys-admin guide but I'm pretty sure it is a change for
the better.... If what is in the sys-admin guide is not good enough
for you, just take a look at the source for libpam ;^)
0.59: Thu Jan 8 22:27:22 PST 1998 Andrew Morgan <morgan@linux.kernel.org>
* better handling of empty lines in .rhosts file. (Formerly, we asked
the nameserver about them!) Fix from Hugh Daschbach.
* _broke_some_binary_compatibility_ with previous versions to become
compliant with X/Open's XSSO spec. Specifically, this has been
by changing the prototype for pam_strerror().
* altered the convention for the conversation mechanism to agree
with that of Sun. (number of responses 'now=' number of messages
with help from Cristian for finding a bug.. Cristian also found a
nasty speradic segfault bug -- Thanks!)
* added NIS+ support to pam_unix_*
* fixed a "regular file checking" problem with the ~/.rhosts sanity
check. Added "privategroup" option to permit group write permission
on the ~/.rhosts file in the case that the group owner has the same
name as the authenticating user. :*) "promiscuous" and "suppress"
were not usable!
* added glibc compatibility to pam_rhosts_auth (protected __USE_MISC
with #ifndef since my libc already defines it!).
* Security fix from Savochkin Andrey Vladimirovich with suggested
modification from Olaf Seibert.
* preC contains mostly code clean-ups and a number of changes to
_pam_macros.
0.58: whenever
* pam_getenvlist() has a more robust definition (XSSO) than was previously
thought. It would seem that we no longer need pam_misc_copy_env()
which was there to provide the robustness that pam_getenvlist()
lacked before...
Accordingly, I have REMOVED the prototype from libpam_misc. (The
function, however, will remain in the library as a wrapper for
legacy apps, but will likely be removed from libpam_misc-1.0.) PLEASE
FIX YOUR APPS *BEFORE* WE GET THERE!
* Alexy Nogin reported garbage output from pam_env in the case of
a non-existent environment variable.
* 'fixed' pwdb compilation for pam_wheel. Not very cleanly
done.. Mmmm. Should really clean up the entire source tree...
* added prototypes for mapping functions
<**WARNING**>
various constants have had there names changed. Numerical values have
been retained but be aware some source old modules/applications will
need to be fixed before recompilation.
</**WARNING**>
* appended documentation to README for pam_rhosts module (Nicolai
Langfeldt).
* verified X/Open compatibility of header files - note, where we differ
it is at the level of compilation warnings and the use of 'const char *'
instead of 'char *'. Previously, Sun(X/open) have revised their spec
to be more 'const'-ervative in the light of comments from Linux-PAM
development.
* Ooops! PAM_AUTHTOKEN_REQD should have been PAM_NEW_AUTHTOK_REQD.
changed: pam_pwdb(pam_unix_acct) (also bug fix for
_shadow_acct_mgmt_exp() return value), pam_stress,
libpam/pam_dispatch, blank, xsh.
* New: PAM_AUTHTOK_EXPIRED - password has expired.
* Ooops! PAM_CRED_ESTABLISH (etc.) should have been PAM_ESTABLISH_CRED
etc... (changed - this may break some people's modules - PLEASE TAKE
NOTE!)
changed: pam_group, pam_mail, blank, xsh; module and appl
docs, pam_setcred manual page.
* renamed internal _pam_handle structure to be pam_handle as per XSSO.
* added PAM_RADIO_TYPE (for multiple choice input method). Also
added PAM_BINARY_{MSG,PROMPT} (for interaction out of sight of user
- this could be used for RSA type authentication but is currently
just there for experimental purposes). The _BINARY_ types are now
usable with hooks in the libpam_misc conversation function. Still
have to add PAM_RADIO_TYPE.
* added pam_access module (Alexei Nogin)
* added documentation for pam_lastlog. Also modified the module to
not (by default) print "welcome to your new account" when it cannot
find a utmp entry for the user (you can turn this on with the
"never" argument).
* small correction to the pam_fail_delay manual page. Either the appl or
the modules header file will prototype this function.
* added "bigcrypt" (DEC's C2) algorithm(0) to pam_pwdb. (Andy Phillips)
* *BSD tweaking for various #include's etc. (pam_lastlog, pam_rhosts,
pam_wheel, libpam/pam_handlers). (Michael Smith)
* added configuration directory $SCONFIGED for module specific
configuration files.
* added two new "linked" man pages (pam.conf(8) and pam.d(8))
* included a reasonable default for /etc/pam.conf (which can be
translated to /etc/pam.d/* files with the pam_conv1 binary)
* fixed the names of the new configuration files in
conf/pam_conv1/pam_conv.y
* fixed make check.
* pam_lastlog fixed to handle UID in virgin part of /var/log/lastlog
(bug report from Ronald Wahl).
* grammar fix in pam_cracklib
* segfault avoided in pam_pwdb (getting user). Updating of passwords
that are directed to a "new" database are more robust now (bug noted
by Michael K. Johnson). Added "unix" module argument for migrating
passwords from another database to /etc/passwd. (documentation
updated). Removed "bad username []" warning for empty passwords -
on again if you supply the 'debug' module argument.
* ctrl-D respected in conversation function (libpam_misc)
* Removed -DPAM_FAIL_DELAY_ON from top-level Makefile. Nothing in
the distribution uses it. I guess this change happened a while
back, basically I'm trying to make the module parts of the
distribution "source compatible" with the RFC definition of PAM.
This implementation of PAM is a superset of that definition. I have
added the following symbols to the Linux-PAM header files:
PAM_DATA_SILENT (see _pam_types.h)
HAVE_PAM_FAIL_DELAY (see _pam_types.h)
PAM_DATA_REPLACE (see _pam_modules.h)
Any module (or application) that wants to utilize these features,
should check (#ifdef) for these tokens before using the associated
functionality. (Credit to Michael K. Johnson for pointing out my
earlier omission: not documenting this change :*)
* first stab at making modules more independent of full library
source. Modules converted:
pam_deny
pam_permit
pam_lastlog
pam_pwdb
* pam_env.c: #include <errno.h> added to ease GNU libc use. (Michael
K. Johnson)
* pam_unix_passwd fixes to shadow aging code (Eliot Frank)
* added README for pam_tally
0.57: Fri Apr 4 23:00:45 PST 1997 Andrew Morgan <morgan@parc.power.net>
* added "nodelay" argument to pam_pwdb. This can be used to turn off
the call to pam_fail_delay that takes effect when the user fails to
authenticate themself.
* added "suppress" argument to pam_rhosts_auth module. This will stop
printing the "rlogin failure message" when the user does not have a
.rhosts file.
* Extra fixes for FAKEROOT in Makefiles (Savochkin Andrey
Vladimirovich)
* pam_tally added to tree courtesy of Tim Baverstock
* pam_rhosts_auth was failing to read NFS mounted .rhosts
files. (Fixed by Peter Allgeyer). Refixed and further enhanced
(netgroups) by Nicolai Langfeldt. [Credit also to G.Wilford for some
changes that were not actually included..]
* optional (#ifdef PAM_READ_BOTH_CONFS) support for parsing of pam.d/
AND pam.conf files (Elliot Lee).
* Added (and signed) Cristian's PGP key. (I've never met him, but I am
convinced the key belongs to the guy that is making the PAM rpms and
also producing libpwdb. Please note, I will not be signing anyone
else's key without a personal introduction..)
* fixed erroneous syslog warning in pam_listfile (Savochkin Andrey
Vladimirovich, whole file reformatted by Cristian)
* modified pam_securetty to return PAM_IGNORE in the case that the user's
name is not known to the system (was previously, PAM_USER_UNKNOWN). The
Rationale is that pam_securetty's sole purpose is to prevent superuser
login anywhere other than at the console. It is not its concern that the
user is unknown - only that they are _not_ root. Returning
PAM_IGNORE, however, insures that the pam_securetty can never be used to
"authenticate" a non-existent user. (Cristian Gafton with bug report from
Roger Hu)
* Modified pam_nologin to display the no-login message when the user
is not known. The return value in this case is still PAM_USER_UNKNOWN.
(Bug report from Cristian Gafton)
* Added NEED_LCKPWD for pam_unix/ This is used to define the locking
functions and should only be turned on if you don't have them in
your libc.
* tidied up pam_lastlog and pam_pwdb: removed function that was never used.
* Note for package maintainers: I have added $(FAKEROOT) to the list of
environment variables. This should help greatly when you build PAM
in a subdirectory. I've gone through the tree and tried to make
everything compatible with it.
* added pam_env (courtesy of Dave Kinchlea)
* removed pam_passwd+ from the tree. It has not been maintained in a
long time and running a shell script was basically insecure. I've
indicated where you can pick up the source if you want it.
* #define HAVE_PAM_FAIL_DELAY . Applications can conditionally compile
with this if they want to see if the facility is available. It is
now always available. (corresponding compilation cleanups..)
* _pam_sanitize() added to pam_misc. It purges the PAM_AUTHTOK and
PAM_OLDAUTHTOK items. (calls replaced in pam_auth and pam_password)
* pam_rhosts now knows about the '+' entry. Since I think this is a
dangerous thing, I have required that the sysadmin supply the
"promiscuous" flag for it in the corresponding configuration file
before it will work.
* FULL_LINUX_PAM_SOURCE_TREE exported from the top level make file.
If you want to build a module, you can test for this to determine if
it should take its directions from above or supply default locations
for installation. Etc.
0.56: Sat Feb 15 12:21:01 PST 1997 <morgan@parc.power.net>
* pam_handlers.c can now interpret the pam.d/ service config tree:
- if /etc/pam.d/ exists /etc/pam.conf is IGNORED
(otherwise /etc/pam.conf is treated as before)
- given /etc/pam.d/
. config files are named (in lower case) by service-name
. config files have same syntax as /etc/pam.conf except
that the "service-name" field is not present. (there
are thus three manditory fields (and arguments are
optional):
module-type control-flag module-path optional-args...
)
* included conf/pam_conv1 for converting pam.conf to a pam.d/ version
1.0 directory tree. This program reads a pam.conf file on the
standard input stream and creates ./pam.d/ (in the local directory)
and fills it with ./pam.d/"service-name" files.
*> Note: It will fail if ./pam.d/ already exists.
PLEASE REPORT ANY BUGS WITH THIS CONVERSION PROGRAM... It currently
cannot retain comments from the old conf file, so take care to do this
by hand. Also, please email me with the fix that makes the
shift/reduce conflict go away...
* Added default module path to libpam for modules (see pam_handlers.c)
it makes use of Makfile defined symbol: DEFAULT_MODULE_PATH which is
inhereted from the defs/* variable $(SECUREDIR). Removed module
paths from the sample pam.conf file as they are no longer needed.
* pam_pwdb can now verify read protected passwords when it is not run
by root. This is via a helper binary that is setuid root.
* pam_permit now prompts for a username if it is not already determined
* pam_rhosts now honors "debug" and no longer hardwire's "root" as the
superuser's name.
* pam_securetty now honors the "debug" flag
* trouble parsing extra spaces fixed in pam_time and pam_group
* added Michael K. Johnson's PGP key to the pgp.keys.asc list
* pam_end->env not being free()'d: fixed
* manuals relocated to section 3
* fixed bug in pam_mail.c, and enhanced to recognize '~' as a prefix
to indicate the $HOME of the user (courtesy David
Kinchlea). *Changed* from a "session" module to an "auth"
module. It cannot be used to authenticate a user, but it can be used
in setting credentials.
* fixed a stupid bug in pam_warn.. Only PAM_SERVICE was being read :*(
* pam_radius rewritten to exclusively make use of libpwdb. (minor fix
to Makefile for cleaning up - AGM)
* pam_limits extended to limit the total number of logins on a system
at any given time.
* libpam and libpam_misc use $(MAJOR_REL) and $(MINOR_REL) to set their
version numbers [defined in top level makefile]
* bugfix in sed command in defs/redhat.defs (AGM's fault)
* The following was related to a possibility of buffer overruns in
the syslogging code: removed fixed length array from syslogging
function in the following modules [capitalized the log identifier
so the sysadmin can "know" these are fixed on the local system],
pam_ftp, pam_stress, pam_rootok, pam_securetty,
pam_listfile, pam_shells, pam_warn, pam_lastlog
and
pam_unix_passwd (where it was definitely _not_ exploitable)
0.55: Sat Jan 4 14:43:02 PST 1997, Andrew Morgan <morgan@parc.power.net>
* added "requisite" control_flag to /etc/pam.conf syntax. [See
Sys. Admin. Guide for explanation] changes to pam_handlers.c
* completely new handling of garbled pam.conf lines. The modus
operandi now is to assume that any errors in the line are minor.
Errors of this sort should *most definitely* lead to the module
failing, however, just ignoring the line (as was the case
previously) can lead to gaping security holes(! Not foreseen by the
RFC). The "motivation" for the RFC's comments about ignoring garbled
lines is present in spirit in the new code: basically a garbled line
is treated like an instance of the pam_deny.so module.
changes to pam_handlers.c and pam_dispatch.c .
* patched libpam, to (a) call _pam_init_handlers from pam_start() and
(b) to log a text error if there are no modules defined for a given
service when a call to a module is requested. [pam_start() and
pam_dispatch() were changed].
* patched pam_securetty to deal with "/dev/" prefix on PAM_TTY item.
* reorganized the modules/Makefile to include *ALL* modules. It is now
the responsibility of the modules themselves to test whether they can
be compiled locally or not.
* modified pam_group to add to the getgroups() list rather than overwrite
it. [In the case of "HAVE_LIBPWDB" we use the pwdb_..() calls to
translate the group names.]. Module now pays attention to
PAM_CRED_.. flag(!)
* identified and removed bugs in field reading code of pam_time and
(thus) pam_group.
* Cristian's patches to pam_listfile module, corresponding change to
documentation.
* I've discovered &ero; for sgml!
Added pam_time documentation to the admin guide.
* added manual pages: pam.8, pam_start.2(=pam_end.2),
pam_authenticate.2, pam_setcred.2, pam_strerror.2,
pam_open_session.2(=pam_close_session.2) and pam_chauthtok.2 .
* added new modules:
- pam_mail (tells the user if they have any new mail
and sets their MAIL env variable)
- pam_lastlog (reports on the last time this user called
this module)
* new module hooks provided.
* added a timeout feature to the conversation function in
libpam_misc. Documented it in the application developers' guide.
* fixed bug in pam_misc_paste_env() function..
* slight modifications to wheel and rhosts writeup.
* more security issues added to module and application guides.
--
Things present but not mentioned in previous release (sorry)
* pam_pwdb module now resets the "last_change" entry before updating a
password.
--
Sat Nov 30 19:30:20 PST 1996, Andrew Morgan <morgan@parc.power.net>
* added environment handling to libpam. involved change to _pam_types.h
also added supplementary functions to libpam_misc
* added pam_radius - Cristian
* slight speed up for pam_rhosts
* significantly enhanced sys-admin documentation (8 p -> 41 p in
PostScript). Added to other documentation too. Mostly the changes
in the other docs concern the new PAM-environment support, there is
also some coverage of libpam_misc in the App. Developers' guide.
* Cristian's patches to pam_limits and pam_pwdb. Fixing bugs. (MORE added)
* adopted Cristian's _pam_macros.h file to help with common macros and
debugging stuff, gone through tree tidying up debugging lines to use
this [not complete].
- for consistency replaced DROP() with _pam_drop()
* commented memory debugging in top level makefile
* added the following modules
- pam_warn log information to syslog(3) about service application
- pam_ftp if user is 'ftp' then set PAM_RUSER/PAM_RHOST with password
(comment about nologin added to last release's notes)
* modified the pam_listfile module. It now declares a meaningful static
structure name.
Sun Nov 10 13:26:39 PST 1996, Andrew Morgan <morgan@parc.power.net>
**PLEASE *RE*AMEND YOUR PERSONAL LINKS**
-------> http://parc.power.net/morgan/Linux-PAM/index.html <-------
**PLEASE *RE*AMEND YOUR PERSONAL LINKS**
A brief summary of what has changed:
* many modules have been modified to accomodate fixing the pam_get_user()
change. Please take note if you have a module in this distribution.
* pam_unix is now the pam_unix that Red Hat has been using and which
should be fairly well debugged.
- I've added some #ifdef's to make it compile for me, and also
updated it with respect to the libpam-0.53, so have a look at the
.../modules/pam_unix/Makefile to enable cracklib and shadow features
** BECAUSE OF THIS, I cannot guarantee this code works as it **
** did for Red Hat. Please test and report any problems. **
* the pam_unix of .52 (renamed to pam_pwdb) has been enhanced and made
more flexible with by implementing it with respect to the new
"Password Database Library" see
http://parc.power.net/morgan/libpwdb/index.html
modules included in this release that require this library to
function are the following:
- pam_pwdb (ne pam_unix-0.52 + some enhancements)
- pam_wheel
- pam_limits
- pam_nologin
* Added some optional code for memory debugging. In order to support
this you have to enable MEMORY_DEBUG in the top level makefile and
also #define MEMORY_DEBUG in your applications when they are compiled.
The extra code resides in libpam (compiled if MEMORY_DEBUG is defined)
and the macros for malloc etc. are to be found at the end of
_pam_types.h
* used above code to locate two memory leaks in pam_unix module and two
in libpam (pam_handlers.h)
* pam_get_user() now sets the PAM_USER item. After reading the Sun
manual page again, it was clear that it should do this. Various
modules have been assuming this and now I have modified most of them
to account for this change. Additionally, pam_get_user() is now
located in the module include file; modules are supposed to be the
ones that use it(!) [Note, this is explicitly contrary to the Sun
manual page, but in the spirit of the Linux distribution to date.]
* replaced -D"LINUX" with -D"LINUX_PAM" as this is more explicit and less
likely to be confused with -D"linux".
Also, modified the libpam #include files to behave more like the Sun
ones #ifndef LINUX_PAM.
* removed <bf/ .. / from documentation titles. This was not giving
politically correct html..
----- My vvvvvvvvvvvvvvvvvvv was a long time ago ;*] -----
Wed Sep 4 23:57:19 PDT 1996 (Andrew Morgan <morgan@physics.ucla.edu>
0. Before I begin, Linux-PAM has a new primary distribution site (kindly
donated by Power Net Inc., Los Angeles)
**PLEASE AMMEND YOUR PERSONAL LINKS**
-------> http://www.power.net/morgan/Linux-PAM <-------
**PLEASE AMMEND YOUR PERSONAL LINKS**
1. I'm hoping to make the next release a bug-fix release... So please find
all the bugs(! ;^)
2. here are the changes for .52:
* minor changes to module documentation [Incidently, it is now
available on-line from the WWW page above]. More changes to follow in
the next two releases. PLEASE EMAIL me or the list if there is
anything that isn't clear!
* completely changed the unix module. Now a single module for all four
management groups (this meant that I could define all functions as
static that were not part of the pam_sm_... scheme. AGM)
- Shadow support added
PASSWD - Elliot's account management included, and enhanced by Cristian Gafton.
- MD5 password support added by Cristian Gafton.
- maxtries for authentication now enforced.
- Password changing function in pam_unix now works!
Although obviously, I'm not going to *guarantee* it ;^) .
- stole Marek's locking code from the Red Hat unix module.
[ If you like you can #ifdef it in or out ... ]
You can configure the module more from its Makefile in
0.52/modules/pam_unix/
If you are nervous that it will destroy your /etc/passwd or shadow
files then EDIT the 0.52/modules/pam_unix/pam_unix_pass.-c file.
Here is the warning comment from this file...
-------------8<-----------------
/* <WARNING>
*
* Uncomment the following #define if you are paranoid, and do not
* want to risk losing your /etc/passwd or shadow files.
* It works for me (AGM) but there are no guarantees.
*
* </WARNING>
*/
/* #define TMP__FILE */
------------->8-----------------
*** If anyone has any trouble, please *say*. Your problem will be
fixed in the next release. Also please feel free to scour the
code for race conditions etc...
[* The above change requires that you purge your /usr/lib/security
directory of the old pam_unix_XXX.so modules: they will NOT be deleted
with a 'make remove'.]
* the prototype for the cleanup function supplied to pam_set_data used
to return "int". According to Sun it should be "void". CHANGED.
* added some definitions for the 'error_status' mask values that are
passed to the cleanup function associated with each
module-data-item. These numbers were needed to keep up with changing
a data item (see for example the code in pam_unix/support.-c that
manages the maximum number of retries so far). Will see what Sun says
(current indications are positive); this may be undone before 1.0 is
released. Here are the definitions (from pam_modules.h).
#define PAM_DATA_SILENT 0x40000000 /* used to suppress messages... */
#define PAM_DATA_REPLACE 0x20000000 /* used when replacing a data item */
* Changed the .../conf/pam.conf file. It now points to the new
pam_unix module for 'su' and 'passwd' [can get these as SimpleApps --
I use them for testing. A more extensive selection of applications is
available from Red Hat...]
* corrected a bug in pam_dispatch. Basically, the problem was that if
all the modules were "sufficient" then the return value for this
function was never set. The net effect was that _pam_dispatch_aux
returned success when all the sufficient modules failed. :^( I think
this is the correct fix to a problem that the Red Hat folks had
found...
sopwith* Removed advisory locking from libpam (thanks for the POSIX patch
goes to Josh Wilmes's, my apologies for not using it in the
end.). Advisory locking did not seem sufficiently secure for libpam.
Thanks to Werner Almesberger for identifying the corresponding "denial
of service attack". :*(
* related to fix, have introduced a lock file /var/lock/subsys/PAM
that can be used to indicate the system should pay attention to
advisory locking on /etc/pam.conf file. To implement this you need to
define PAM_LOCKING though. (see .52/libpam)
* modified pam_fail_delay() function. Couldn't find the "not working"
problem indicated by Michael, but modified it to do pseudo-random
delays based on the values indicated by pam_fail_delay() -- the
function "that may eventually go away"... Although Sun is warming to
the idea.
* new modules include:
pam_shells - authentication for users with a shell listed in
/etc/shells. Erik Troan <ewt@redhat.com>
pam_listfile - authentication based on the contents of files.
Set to be more general than the above in the
future. UNTESTED. Elliot Lee <@redhat.com>
[Note, this module compiles with a non-trivial
warning: AGM]
Thu Aug 8 22:32:15 PDT 1996 (Andrew Morgan <morgan@physics.ucla.edu>)
* modified makefiles to take more of their installation instructions
from the top level makefile. Desired for integration into the Debian
distribution, and generally a good idea.
* fixed memory arithmetic in pam_handlers
-- still need to track down why failure to load modules can lead to
authentication succeding..
* added tags for new modules (smartcards from Alex -- just a promise
at this stage) and a new module from Elliot Lee; pam_securetty
* I have not had time to smooth out the wrinkles with it, but Alex's
pam_unix modifications are provided in pam_unix-alex (in the modules
directory) they will not be compiled by 'make all' and I can't even
say if they do compile... I will try to look at them for .52 but, in
the mean time please feel free to study/fix/discuss what is there.
* pam_rhosts module. Removed code for manually setting the ruser
etc. This was not very secure.
* [remade .ps docs to be in letter format -- my printer complains
about a4]
Sunday July, 7 12:45:00 PST 1996 (Andrew Morgan <morgan@physics.ucla.edu>)
* No longer accompanying the Linux-PAM release with apps installed.
[Will provide what was here in a separate package.. (soon)
lib Also see http://www.redhat.com/pam for some more (in .rpm form...)]
* renamed libmisc to libpam_misc. It is currently configured to only compile
the static library. For some strange reason (perhaps someone can
investigate) my Linux 2.0.0 kernel with RedHat 3.0.3 system
segfaults when I compile it to be a dynamic library. The segfault
seems to be inside the call to the ** dl_XXX ** function...!?
There is a simple flag in the libpam_misc/Makefile to turn on dynamic
compiles.
* Added a little unofficial code for delay support in libpam (will probably
disappear later..) There is some documentation for it in the pam_modules
doc now. That will obviously go too.
* rewritten pam_time to use *logic* to specify the stringing together of
users/times/terminals etc.. (what was there before was superficially
logical but basically un-predictable!)
* added pam_group. Its syntax is almost identical to pam_time but it
has another field added; a list of groups to make the user a member
of if they pass the previous tests. It seems to not co-exist too well
with the groups in the /etc/group but I hope to have that fixed by
the next release...
* minor re-formatting of pam_modules documentation
* removed ...// since it wasn't being used and didn't look like it
would be!
GCCSunday 23 22:35:00 PST 1996 (Andrew Morgan <morgan@physics.ucla.edu>)
* The major change is the addition of a new module: pam_time for
restricting access on terminals at given times for indicated users
it comes with its own configuration file /etc/security/time.conf
and the sample file simply restricts 'you' from satisfying the blank
application if they try to use blank from any tty*
* Small changes include
- altered pam.conf to demonstrate above new module (try typing username: you)
- very minor changes to the docs (pam_appl and pam_modules)
Saturday June 2 01:40:00 PST 1996 (Andrew Morgan <morgan@physics.ucla.edu>)
*** PLEASE READ THE README, it has changed ***
* NOTE, 'su' exhibits a "system error", when static linking is
used. This is because the pam_unix_... module currently only has
partial static linking support. This is likely to change on Monday
June 3, when Alex makes his latest version availible. I will include
the updated module in next release.
changes for .42:
* modified the way in which libpam/pam_modules.h defines prototypes for
the pam_sm_ functions. Now the module must declare which functions it
is to provide *before* the #include <security/pam_modules.h> line.
(for contrasting examples, see the pam_deny and pam_rootok modules)
This removed the ugly hack of defining functions that are never called
to overcome warnings... This seems much tidier.
insterted* updated the TODO list. (changed mailing list address)
* updated README in .../modules to reflect modifications to static
compliation protocol
* modified the pam_modules documentation to describe this.
* corrected last argument of pam_get_item( ... ) in
pam_appl/modules.sgml, to "const void **".
* altered GNU GPL's in the documentation, and various other parts of
the distribution. *Please check* that any code you are responsible for
is corrected.
* Added ./Copyright (please check that it is acceptable)
* updated ./README to make current and indicate the new mailing list
address
* have completely rewritten pam_filter. It now runs modular filter
executables (stored in /usr/sbin/pam_filter/) This should make it
trivial for others to write their own filters.. If you want yours
included in the distribution please email the list/me.
* changes to libpam; there was a silly bug with multiple arguments on a
pam.conf line that was broken with a '\<LF>'.
* 'su' rearranged code (to make better use of PAM)
*Also* now uses POSIX signals--this should help the Alpha port.
* 'passwd' now uses getlogin() to determine who's passwords to change.
Sunday May 26 9:00:00 PST 1996 (Andrew Morgan <morgan@physics.ucla.edu>)
* fixed module makefiles to create needed dynamic/static subdirectories
Saturday May 25 20:30:27.8 PST 1996 (Andrew Morgan <morgan@physics.ucla.edu>)
* LOTS has changed regarding how the modules/libpam are built.
* Michael's mostly complete changes for static support--see below
(Andrew got a little carried away and automated the static linking
of modules---bugs are likely mine ;( )
* Thanks mostly to Michael, libpam now compiles without a single warning :^]
* made static modules/library optional.
CFLAGS* added 'make sterile' to top level makefile. This does extraclean and remove
* added Michael and Joseph to documentation credits (and a subsection for
future documentation of static module support in pam_modules.sgml)
* libpam; many changes to makefiles and also automated the inclusion of
static module objects in pam_static.c
* modified modules for automated static/dynamic support. Added static &
dynamic subdirectories, as instructed by Michael
* removed an annoying syslog message from pam_filter: "parent exited.."
* updated todo list (anyone know anything about svgalib/X? we probably should
have some support for these...)
Friday May 24 16:30:15 EDT 1996 (Michael K. Johnson <johnsonm@redhat.com>)
* Added first (incomplete) cut at static support.
This includes:
. changes in libpam, including a new file, pam_static.c
. changes to modules including exporting struct of function pointers
. static and dynamic linking can be combined
. right now, the only working combinations are just dynamic
linking and dynamic libpam.so with static modules linked
into libpam.so. That's on the list of things to fix...
. modules are built differently depending on whether they
are static or dynamic. Therefore, there are two directories
under each module directory, one for static, and one for
dynamic modules.
* Fixed random brokenness in the Makefiles. [ foo -nt bar ] is
rather redundant in a makefile, for instance. Also, passing
on the command line is broken because it cannot be
overridden in any way (even adding important parts) in lower-level
makefiles.
* Unfortunately, fixing some of the brokenness meant that I used
GNU-specific stuff. However, I *think* that there was GNU-specific
stuff already. And I think that we should just use the GNU
extensions, because any platform that GNU make doesn't port to
easily will be hard to port to anyway. It also won't be likely
passwd to handle autoconf, which was Ted's suggestion for getting
around limitations in standard make...
For now, I suggest that we just use some simple GNU-specific
extensions.
Monday May 20 22:00:00 PST 1996 (Andrew Morgan <morgan@physics.ucla.edu>)
* added some text to pam_modules.sgml
* corrected Marek's name in all documentation
* made pam_stress conform to chauthtok conventions -- ie can now request
old password before proceeding.
* included Alex's latest unix module
* included Al's + password strength checking module
* included pam_rootok module
* fixed too many bugs in libpam.. all subtly related to the argument lists
or use of syslog. Added more debugging lines here too.
* fixed the pam.conf file
* deleted pam_test module. It is pretty old and basically superceeded
by pam_stress
Friday May 9 1:00:00 PST 1996 (Andrew Morgan <morgan@physics.ucla.edu>)
* updated documentaion, added Al Longyear to credits and corrected the
spelling of Jeff's name(!). Most changes to pam.sgml (even added a figure!)
* new module pam_rhosts_auth (from Al Longyear)
* new apps rlogind and ftpd (a patch) from Al.
* modified 'passwd' to not call pam_authenticate (note, none of the
modules respect this convention yet!)
* fixed bug in libpam that caused trouble if the last line of a
pam.conf file ends with a module name and no newline character
* also made more compatable with documentation, in that bad lines in
pam.conf are now ignored rather than causing libpam to return an
error to the app.
* libpam now overwrites the AUTHTOKs when returning from
pam_authenticate and pam_chauthtok calls (as per Sun/RFC too)
* libpam is now installed as libpam.so.XXX in a way that ldconfig can
handle!
Wednesday May 1 22:00:00 PST 1996 (Andrew Morgan <morgan@physics.ucla.edu>)
* removed .../test directory, use .../examples from now on.
* added .../apps directory for fully functional applications
- the apps directory contains directories that actually contain the apps.
the idea is to make application compilation conditional on the presence
of the directory. Note, there are entries in the Makefile for
'login' and 'ftpd' that are ready for installation... Email me if
you want to reserve a directory name for an application you are
working on...
* similar changes to .../modules makefile [entries for pam_skey and
pam_kerberos created---awaiting the directories.] Email me if you
want to register another module...
* minor changes to docs.. Not really worth reprinting them quite yet!
[save the trees]
* added misc_conv to libmisc. it is a generic conversation function
for text based applications. [would be nice to see someone create
an Xlib and/or svgalib version]
* fixed ctrl-z/c bug with pam_filter module [try xsh with the default
pam.conf file]
* added 'required' argument to 'pam_stress' module.
* added a TODO list... other suggestions to the list please.
Saturday April 7 00:00:00 PST 1996 ( Andrew Morgan <morgan@physics.ucla.edu> )
* Alex and Marek please note I have altered _pam_auth_unix a little, to
make it get the passwords with the "proper method" (and also fixed it
to not have as many compiler warnings)
* updated the conf/pam.conf file
* added new example application examples/xsh.c (like blank but invokes
/bin/sh)
* Marc's patches for examples/blank.c (and AGM's too)
* fixed stacking of modules in libpam/pam_handlers.c
* fixed RESETing in libpam/pam_item.c
* added new module modules/pam_filter/ to demonstrate the possibility
of inserting an arbitrary filter between the terminal and the
application that could do customized logging etc... (see use of
bin/xsh as defined in conf/pam.conf)
Saturday March 16 19:00:00 PST 1996 ( Andrew Morgan <morgan@physics.ucla.edu> )
These notes are for 0.3 I don't think I've left anything important
out, but I will use emacs 'C-x v a' next time! (Thanks Jeff)
* not much has changed with the functionality of the Linux-PAM lib
.../libpam
- pam_password calls module twice with different arguments
- added const to some of the function arguments
- added PAM_MAX_MES_ to <security/_pam_types.h>
- was a lot over zealous about purging old passwords...
I have removed much of this from source to make it
more compatible with SUN.
- moved some PAM_... tokens to pam_modules.h from _pam_types.h
(no-one should notice)
* added three modules: pam_permit pam_deny pam_stress
no prizes for guessing what the first two do. The third is
a reasonably complete (functional) module. Is intended for testing
applications with.
* fixed a few pieces of examples/blank.c so that it works (with
pam_stress)
* ammended the documentation. Looking better, but suggestions/comments
very welcome!
Sunday March 10 10:50:00 PST 1996 ( Andrew Morgan <morgan@physics.ucla.edu> )
These notes are for Linux-PAM release 0.21. They cover what's changed
since I relased 0.2.
* am now using RCS
* substantially changed ./README
* fixed bug reading \\\n in pam.conf file
* small changes to documentation
* added `blank' application to ./examples (could be viewed as
a `Linux-PAM aware' application template.)
* oops. now including pam_passwd.o and pam_session.o in pamlib.so
* compute md5 checksums for all the source when making a release
- added `make check' and `make RCScheck' to compute md5 checksums
* create a second tar file with all the RCS files in.
* removed the .html and .txt docs, supplying sgml sources instead.
- see README for info on where to get .ps files
Thursday March 6 0:44:?? PST 1996 ( Andrew Morgan <morgan@physics.ucla.edu> )
These notes are for Linux-PAM release 0.2. They cover what's changed
since Marc Ewing relased 0.1.
**** Please note. All of the directories in this release have been modified
**** slightly to conform to the new pamlib. A couple of new directories have
**** been added. As well as some documentation. If some of your code
**** was in the previous release. Feel free to update it, but please
**** try to conform to the new headers and Makefiles.
* Andrew Morgan (morgan@physics.ucla.edu) is making this release
availible, Marc has been busy...!
* Marc's pam-0.1/lib has been (quietly) enhanced and integrated into
Alex Yurie's collected tree of library and module code
(linux-pam.prop.1.tar.gz). Most of the changes are to do with error
checking. Some more robustness in the reading of the pam.conf file
and the addition of the pam_get_user() function.
* The pam_*.h files have been reorganized to logically enforce the
separation of modules from applications. [Don't panic! Apart from
changing references of the form
#include "pam_appl.h"
to
#include <security/pam_appl.h>
The reorganization should be backwardly compatable (ie. a module
written for SUN will be as compatable as it was before with the
previous version ;)~ ]
(All of the source in this tree now conforms to this scheme...)
The new reorganization means that modules can be compiled with a
single header, <security/pam_modules.h>, and applications with
<security/pam_appl.h>.
* I have tried to remove all the compiler warnings from the updated
"pamlib/*.c" files. On my system, (with a slightly modified <dlfcn.h>
email me if it interests you..) there are only two warnings that
remain: they are that ansi does not permit void --> fn ptr
assignment. K&Rv2 doesn't mention this....? As a matter of principle,
if anyone knows how to get rid of that warning... please
tell. Thanks! "-pedantic"
* you can "make all" as a plain user, but
* to "make install" you must be root. The include files are placed in
/usr/include/security. The libpam.so library is installed in /usr/lib
and the modules in /usr/lib/security. The two test binaries
are installed in the Linux-PAM-0.2/bin directory and a chance is given to
replace your /etc/pam.conf file with the one in Linux-PAM-0.2/conf.
* I have included some documentation (pretty preliminary at the
moment) which I have been working on in .../doc .
I have had a little trouble with the modules, but atleast there are no
segfaults! Please try it out and discuss your results... I actually
hope it all works for you. But, Email any bugs/suggestions to the
Linux-PAM list: linux-pam@mit.edu .....
Regards,
Andrew Morgan
(morgan@physics.ucla.edu)
Sat Feb 17 17:30:24 EST 1996 (Alexander O. Yuriev alex@bach.cis.temple.edu)
* conf directory created with example of pam_conf
* stable code from pam_unix is added to modules/pam_unix
* test/test.c now requests username and password and attempts
to perform authentication
|