mirror of
https://git.FreeBSD.org/src.git
synced 2024-12-18 10:35:55 +00:00
1397 lines
60 KiB
Plaintext
1397 lines
60 KiB
Plaintext
|
|
$Id: CHANGELOG,v 1.61 2001/04/08 06:17:04 agmorgan Exp $
|
|
|
|
-----------------------------
|
|
|
|
TODO:
|
|
|
|
- sanitize use of md5 throughout distribution.. Make a static
|
|
library for helping to develop modules that contains it and other
|
|
stuff. Also add sha-1 and ripemd-160 digest algorithms.
|
|
- once above is done. remove hacks from the secret@here module etc..
|
|
- remove prototype for gethostname in pam_access.c (Derrick)
|
|
- document PAM_INCOMPLETE changes
|
|
- verify that the PAM_INCOMPLETE interface is sensible. Can we
|
|
catch errors? should we permit item changing etc., between
|
|
pam_authenticate re-invocations?
|
|
- verify that the PAM_INCOMPLETE interface works (auth seems ok..)
|
|
- add PAM_INCOMPLETE support to modules (partially added to pam_pwdb)
|
|
- work on RFC.
|
|
- do we still need to remove openlog/closelog from modules..?
|
|
- auth and acct support in pam_cracklib, "yes, I know the password
|
|
you just typed was valid, I just don't think it was very strong..."
|
|
- add in the pam_cap and pam_netid modules
|
|
|
|
====================================================================
|
|
Note, as of release 0.73, all checkins should be accompanied with a
|
|
Bug ID. The bug IDs relate to sourceforge IDs.. You can query the
|
|
related bug description with the following URL:
|
|
|
|
http://sourceforge.net/tracker/index.php?func=detail&aid=XXXXXX&group_id=6663&atid=106663
|
|
|
|
Where you should replace XXXXXX with a bug-id.
|
|
|
|
If you have found a bug in Linux-PAM, please consider filing such a
|
|
bug report - outstanding bugs are listed here:
|
|
|
|
http://sourceforge.net/tracker/?atid=106663&group_id=6663&func=browse
|
|
|
|
(to file another bug see the 'submit bug' button on this page).
|
|
|
|
====================================================================
|
|
|
|
0.76: please submit patches for this section with actual code/doc
|
|
patches!
|
|
|
|
*
|
|
|
|
0.75: Sat Apr 7 23:10:50 PDT 2001
|
|
|
|
** WARNING **
|
|
|
|
This release contains backwardly incompatible changes to
|
|
libpam. Prior versions were buggy - see bugfix for Bug 129775.
|
|
|
|
** WARNING **
|
|
|
|
* made 0.75 release (Bug 414665 - agmorgan)
|
|
* pam_pwdb has been removed from the suggested pam.conf template. I've
|
|
replaced it with pam_unix. (Bug 227565 - agmorgan)
|
|
* pam_limits - Richard M. Yumul reported that "<domain> -" didn't
|
|
work, first fix suggested by Werner Puschitz (Bug 404953 - agmorgan)
|
|
* Nicolay Pelov suggested a simple fix for freebsd support (Bug 407282
|
|
- agmorgan)
|
|
* Michel D'HOOGE submitted documentation fixes (Bug 408961 - agmorgan)
|
|
* fix for module linking directions (Bug 133545 - agmorgan)
|
|
* fix for glibc-2.2.2 compilation of pam_issue (Bug 133542 - agmorgan)
|
|
* fix pam_userdb to make and link both .o files it needs - converse()
|
|
wasn't being linked! (Bug 132880 - agmorgan)
|
|
* added some sys-admin documentation for the pam_tally module (Bug
|
|
126210 - agmorgan).
|
|
* added a link to module examples from the module writers doc (Bug
|
|
131192 - agmorgan).
|
|
* fixed a small security hole (more of a user confusion issue) with
|
|
the unix and pwdb password helper binaries. The beef is described in
|
|
the bug report, but no uid change was possible so no-one should
|
|
think they need to issue a security bulletin over this one! (Bug
|
|
112540 - agmorgan)
|
|
* pam_lastlog needs to be linked with -lutil, also removed ambiguity
|
|
from sysadmin guide regarding this module being a 'session' module
|
|
(Bug 131549 - agmorgan).
|
|
* pam_cracklib needs to be linked with -lcrypt (old password checking)
|
|
(Bug 131601 - agmorgan).
|
|
* fixes for static library builds and also the examples when linked
|
|
with the debugging build of the libraries. (Bug 131783 - agmorgan)
|
|
* fixed URL for original RFC to a cached kernel.org file. (Bug 131503
|
|
- agmorgan)
|
|
* quoted the $CRACKLIB_DICTPATH test in configure.in (Bug 130130 -
|
|
agmorgan).
|
|
* improved handling of the setcred/close_session and update chauthtok
|
|
stack. *Warning* This is a backwardly incompatable change, but 'more
|
|
sane' than before. (Bug 129775 - agmorgan)
|
|
* bumped the version number, and added some code to assist in making
|
|
documentation releases (Bug 129644 - agmorgan).
|
|
|
|
0.74: Sun Jan 21 22:36:08 PST 2001
|
|
|
|
* made 0.74 release (Bug 129642 - agmorgan)
|
|
* libpam - cleaned up a few non-static functions to be static and added
|
|
support for libpam to enforce things like pam_[gs]et_data() and
|
|
AUTHTOK rules for using the API. Also documented pam_[gs]et_item()
|
|
a little better including return codes (Bugs 129027, 128576 -
|
|
agmorgan).
|
|
* pam_access - fixed the non-default config file option (Bug 127561 -
|
|
agmorgan)
|
|
* pam.8 manual page clarified with respect to the default location for
|
|
finding modules, also added some text describing the [...] control
|
|
syntax. (Bug 127625 - agmorgan)
|
|
* md5.h ia64 fixes for pam_unix and pam_pwdb (Bug 127700 - agmorgan)
|
|
* removed requirement for c++ from the configure{.in,} files (Bug
|
|
128298 - agmorgan)
|
|
* removed subdirectories from man page redirections (124396 - baggins)
|
|
* per David Lee, fixed non-POSIX shell command in modules/pam_filter/Makefile
|
|
(Bug 126440 - vorlon)
|
|
* modify format of pam_unix log messages to include service name
|
|
(Bug 126423 - vorlon)
|
|
* prevent pam_unix from logging unknown usernames (Bug 126431 - vorlon)
|
|
* changed format of pam_unix 'authentication failure' log messages to make
|
|
them clearer and more consistent (Bug 126036 - vorlon)
|
|
* improved portability of pam_unix by eliminating Linux-specific utmp
|
|
defines in PAM_getlogin() (Bug 125704 - vorlon)
|
|
* removed static variables from pam_tally (Bug 117434 - agmorgan)
|
|
* added copyright message to pam_access module from original logdaemon
|
|
sources (Bug 125022 - agmorgan)
|
|
* configure.in - removed the GCC -Wtraditional flag (Bug 124923 - agmorgan)
|
|
* pam_mail - use PAM_PATH_MAILDIR as the location of mail spool
|
|
(Bug 124397 - baggins)
|
|
* _pam_aconf.h.in, configure.in - added PAM_PATH_MAILDIR set via
|
|
--with-mailspool=dir option (default is _PAM_MAILDIR if defined
|
|
in paths.h otherwise /var/spool/mail (Bug 124397 - baggins)
|
|
* removed unnecessary CVS Log tags from all over the source
|
|
(Bug 124391 - baggins)
|
|
* pam_tally - check for PAM_TTY if PAM_RHOST is not set when writing
|
|
to faillog (Bug 124394 - baggins)
|
|
* use O_NOFOLLOW if available when opening debug log (Bug 124385 - baggins)
|
|
* pam_cracklib - removed comments about pam_unix not working with
|
|
pam_cracklib, added information about use_authtok parameter
|
|
(Bug 124388 - baggins)
|
|
* pam_userdb - fixed wrong definition of struct pam_module (was pam_wheel)
|
|
(Bug 124386 - baggins)
|
|
* fixed example/Makefile include path (Bug 124187, 127563(?) - agmorgan)
|
|
* pam_userdb compiles on RH5x. Also removed circular dependency on
|
|
configure.in. Also bumped revision number to 0.74. (Bug 124136 -
|
|
agmorgan)
|
|
|
|
0.73: Sat Dec 2 00:04:04 PST 2000
|
|
|
|
* updated documentaion revisions and added 'make release' support
|
|
to the top level Makefile (Bug 124132 - agmorgan).
|
|
* documented Qmail support in pam_mail (Bug 109219 - baggins)
|
|
* add change_uid option to pam_limits, and set real uid only if
|
|
this option is present (Bug 124062 - baggins)
|
|
* pam_limits - set real uid to the user for who we set limits.
|
|
(Bug 123972 - baggins)
|
|
* removed static variables from pam_limits (thread safe now). (Bug
|
|
117450 - agmorgan).
|
|
* removed static variable from pam_wheel (module should be thread safe
|
|
now). (Bug 112906 - agmorgan)
|
|
* added support for '/' symbols in pam_time and pam_group config files
|
|
(support for modern terminal devices). Fixed infinite loop problem
|
|
with '\\[^\n]' in these files. (Bug 116076 - agmorgan)
|
|
* avoid potential SIGPIPE when writing to helper binaries with (Bug
|
|
123399 - agmorgan)
|
|
* replaced bogus logic in the pam_cracklib module for determining if
|
|
the replacement is too similar to the old password (Bug 115055 -
|
|
agmorgan)
|
|
* added accessconf=<filename> feature to pam_access - request from
|
|
Aldrin Martoq and Meelis Roos (Bugs 111927,117240 - agmorgan)
|
|
* fix for pam_limit module not dealing with all limits Adam J. Richter
|
|
(Bug 119554 - agmorgan)
|
|
* comment fix describing fail_delay callback in _pam_types.h (Bug
|
|
112646 - agmorgan)
|
|
* "likeauth" fix for pam_unix and pam_pwdb which (Bug 113596 - agmorgan)
|
|
* fix for pam_unix (support.c) to avoid segfault with NULL password
|
|
(Bug 113238 - vorlon)
|
|
* fix to pam_unix_passwd: try repeatedly to get a lock on the password
|
|
file, instead of failing immediately (Bug 108845 - fix vorlon)
|
|
* fix to pam_shells: logged information was not formatted correctly
|
|
(extra comma) (Bug 111491 - fix vorlon)
|
|
* fix for C++ application support (Bug 111645 - fix agmorgan)
|
|
* fix for typo in pam_client.h (Bug 111648 - fix agmorgan)
|
|
* removal of -lpam from pam_mkhomedir Makefile (Bug 116380 - fix agmorgan)
|
|
* autoconf support [Task ID 15788, Bug ID 108297 - agmorgan with help!]
|
|
- bugfix for libpamc.h include file [Bug ID 117476 - agmorgan]
|
|
- bugfix for pam_filter.h inclusion [Bug ID 117474 - agmorgan]
|
|
|
|
0.72: Mon Dec 13 22:41:11 PST 1999
|
|
|
|
* patches from Debian (Ben Collins): pam_ftp supports event driven
|
|
conversations now; pwdb_chkpwd cleanup; pam_warn static compile fix;
|
|
user_db compiler warnings removed; debian defs file; pam_mail can
|
|
now be used as a session module
|
|
* ndbm compilation option for user_db module (fix explained by Richard Khoo)
|
|
* pam_cracklib bug fix
|
|
* packaging fixes & build from scratch stuff (Konst Bulatnikov & Frodo
|
|
Looijaard)
|
|
* -ldl appended to the libpam.so compilation make rule. (Charles Seeger)
|
|
* Red Hat security patch for pam_pwdb forwarded by Debian! (Ben
|
|
Collins. Fix provided by Andrey as it caught the problem earlier in the
|
|
code.)
|
|
* heuristic to prevent leaking filedescriptors to an agent. [This needs
|
|
to be better supported perhaps by an additional libpamc API function?]
|
|
* pam_userdb segfault fix from (Ben Collins)
|
|
* PAM draft spec extras added at request of 'sen_ml'
|
|
|
|
0.71: Sun Nov 7 20:21:19 PST 1999
|
|
|
|
* added -lc to linker pass for pam_nologin module (glibc is weird).
|
|
* various header changes to lower the number of warnings on glibc
|
|
systems (Dan Yefimov)
|
|
* merged a bunch of Debian fixes/patches/documentation (Ben Collins)
|
|
things touched: libpam (minor); doc/modules/pam_unix.sgml; pam_env
|
|
(plus docs); pam_mkhomedir (new module for new home directories on
|
|
the fly...); pam_motd (new module); pam_limits (adjust to match
|
|
docs); pam_issue (new module + doc) [Some of these were also
|
|
submitted by Thorsten Kukuk]
|
|
* small hack to lower the number of warnings that pam_client.h was
|
|
generating.
|
|
* debian and SuSE apparently can use the pam_ftp module, so
|
|
removed the obsolete comment about this from the docs. (Thorsten
|
|
Kukuk)
|
|
|
|
0.70: Fri Oct 8 22:05:30 PDT 1999
|
|
|
|
* bug fix for parsing of value=action tokens in libpam/pam_misc.c was
|
|
segfaulting (Jan Rekorajski and independently Matthew Melvin)
|
|
* numerous fixes from Thorsten Kukuk (icluding much needed fixes for
|
|
bitrot in modules and some documentation) that got included in SuSE 6.2.
|
|
* reentrancy issues in pam_unix and pam_cracklib resolved (Jan Rekorajski)
|
|
* added hosts_equiv_rootok module option to pam_rhosts module (Tim Berger)
|
|
* added comment about 'expose_account' module argument to admin and
|
|
module writers' docs (request from Michael K Johnson).
|
|
* myriad of bug fixes for libpamc - library now built by default and
|
|
works with the biomouse fingerprint scanner agent/module
|
|
(distributed separately).
|
|
|
|
0.69: Sun Aug 1 20:25:37 PDT 1999
|
|
|
|
* c++ header #ifdef'ing for pam_appl.h (Tuomo Pyhala)
|
|
* added pam_userdb module (Cristian Gafton)
|
|
* minor documentation changes
|
|
* added in revised pam_client library (libpamc). Not installed by
|
|
default yet, since the example agent/module combo is not very secure.
|
|
* glibc fixes (Thorsten Kukuk, Adam J. Richter)
|
|
|
|
0.68: Sun Jul 4 23:04:13 PDT 1999
|
|
|
|
* completely new pam_unix module from Jan Rekorajski and Stephen Langasek
|
|
* Jan Rekorajski pam_mail - support for Maildir format mailboxes
|
|
* Jan Rekorajski pam_cracklib - support for old password comparison
|
|
* Jan Rekorajski bug fix for pam_pwdb setcred reusing auth retval
|
|
* Andrey's pam_tally patch (lstat -> fstat)
|
|
* Robert Milkowski's additional pam_tally patches to **change format of
|
|
/var/log/faillog** to one from shadow-utils, add new option "per_user"
|
|
for pam_tally module, failure time logging, support for fail_line
|
|
field, and support for fail_locktime field with new option
|
|
no_lock_time.
|
|
* pam_tally: clean up the tally application too.
|
|
* Marcin Korzonek added process priority settings to pam_limits (bonus
|
|
points for adding to documentation!)
|
|
* Andrey's pam_pwdb patch (cleanup + md5 endian fubar fix)
|
|
* more binary prompt preparations (make misc conv more compatible with spec)
|
|
* modified callback hook for fail delay to be more useful with event
|
|
driven applications (changed function prototype - suspect no one
|
|
will notice). Documented this in app developer guide.
|
|
* documentation for pam_access from Tim Berger
|
|
* syntax fixes for the documentation - a long time since I've built it :*(
|
|
added some more names to the CREDITS file.
|
|
|
|
0.67: Sat Jun 19 14:01:24 PDT 1999
|
|
|
|
* [dropped libpam_client - libpamc will be in the next release and
|
|
conforms to the developing spec in doc/specs/draft-morgan-pam.raw.
|
|
Sorry if you are keeping a PAM tree in CVS. CVS is a pain for
|
|
directories, but this directory was actually not referenced by
|
|
anything so the disruption should be light.]
|
|
* updates to pam_tally from Tim
|
|
* multiple updates from Stephen Langasek to pam_unix
|
|
* pam_filter had some trouble compiling (bug report from Sridhar)
|
|
* pam_wheel now attempts to identify the wheel group for the local
|
|
system instead of blindly assuming it is gid=0. In the case that
|
|
there is no "wheel" group, we default to assuming gid=0 is what was
|
|
meant - former behavior. (courtesy of Sridhar)
|
|
* NIS+ changes to pam_unix module from Dmitry O Panov
|
|
* hopefully, a fix for redefinition of LOG_AUTHPRIV (bug report Luke
|
|
Kenneth Casson Leighton)
|
|
* fix for minor typo in pam_wheel documentation (Jacek Kopecky)
|
|
* slightly more explanation of the [x=y] pam.conf syntax in the sys
|
|
admin guide.
|
|
|
|
0.66: Mon Dec 28 20:22:23 PST 1998 <morgan@linux.kernel.org>
|
|
|
|
* Started using cvs to keep track of changes to Linux-PAM. This will
|
|
likely break some of the automated building stuff (RPMs etc..).
|
|
* security bug fix to pam_unix and pam_tally from Andrey.
|
|
* modules make file is now more automatic. It should be possible to
|
|
unpack an external module in the modules directory and have it automatically
|
|
added to the build process. Also added a modules/download-all script
|
|
that will make such downloading easier. I'm happy to receive patches to
|
|
this file, informing the distribution of places from which to enrich itself.
|
|
* removed pam_system_log stuff. Thought about it long and hard: a
|
|
bad idea. If libc cannot guarantee a thread safe syslog, it needs
|
|
to be fixed and compatibility with other PAM libraries was
|
|
unnecessarily strained.
|
|
* SAG documentation changes: Seth Chaiklin
|
|
* rhosts: problems with NIS lookup failures with the root-uid check.
|
|
As a work-around, I've partially eliminated the need for the lookup
|
|
by supplying two new arguments: no_uid_check, superuser=<username>.
|
|
As a general rule this is more pluggable, since this module might be
|
|
used as an authentication scheme for a network service that does not
|
|
need root privilege...
|
|
* authenticate retval -> setcred for pam_pwdb (likeauth arg).
|
|
* pam_pwdb event driven support
|
|
* non openlog pam_listfile logging
|
|
* BUGFIX: close filedescriptor in pam_group and pam_time (Emmanuel Galanos)
|
|
* Chris Adams' mailhash change for pam_mail module
|
|
* fixed malloc failure check in pam_handlers.c (follow up to comment
|
|
by Brad M. Garcia).
|
|
* update to _pam_compat.h (Brad M. Garcia)
|
|
* support static modules in libpam again (Brad M. Garcia)
|
|
* libpam/pam_misc.c for egcs to grok the code (Brad M. Garcia)
|
|
* added a solaris-2.5.1 defs file (revived by Derrick J Brashear)
|
|
* pam_listfile logs failed attempts
|
|
* added a comment (Michael K Johnson pointed it out) about sgml2latex
|
|
having a new syntax. I'll make it the change real when I upgrade...
|
|
* a little more text to the RFC, spelling fix from William J Buffam.
|
|
* minor changes to pam_securetty to accommodate event driven support.
|
|
|
|
0.65: Sun Apr 5 22:29:09 PDT 1998 <morgan@linux.kernel.org>
|
|
|
|
* added event driven programming extensions to libpam
|
|
- added PAM_INCOMPLETE handling to libpam/pam_dispatch.c
|
|
- added PAM_CONV_AGAIN which is a new conversation response that
|
|
should be mapped to PAM_INCOMPLETE by the module.
|
|
- ensured that the pam_get_user() function can resume
|
|
- changes to pam_strerror to accommodate above return codes
|
|
- clean up _pam_former_state at pam_end()
|
|
- ensured that former state is correctly initialized
|
|
- added resumption tests to pam_authenticate(), pam_chauthtok()
|
|
- added PAM_FAIL_DELAY item for pausing on failure
|
|
|
|
* improved _pam_macros.h so that macros can be used as single commands
|
|
(Andrey)
|
|
|
|
* reimplemented logging to avoid bad interactions with libc. Added
|
|
new functions, pam_[,v]system_log() to libpam's API. A programmer
|
|
can check for this function's availablility by checking if
|
|
HAVE_PAM_SYSTEM_LOG is #defined.
|
|
|
|
* removed the reduce conflict from pam_conv1 creation -- I can sleep
|
|
again now. :^]
|
|
|
|
* made building of static and dynamic libpam separate. This is
|
|
towards making it possible to build both under Solaris (for Derrick)
|
|
|
|
* made USE_CRACKLIB a condition in unix module (Luke Kenneth Casson Leighton)
|
|
|
|
* automated (quiet) config installation (Andrey)
|
|
|
|
0.64: Thu Feb 19 23:30:24 PST 1998 Andrew Morgan <morgan@linux.kernel.org>
|
|
|
|
* miscellaneous patches for building under Solaris (Derrick J Brashear)
|
|
|
|
* removed STATIC support from a number of module Makefiles. Notably,
|
|
these modules are those that use libpwdb and caused difficulties
|
|
satisfying the build process. (Please submit patches to fix this...;)
|
|
|
|
* reomved the union for binary packet conversations from
|
|
(_pam_types.h). This is now completely implemented in libpam_client.
|
|
|
|
* Andrey's patch for working environment variable handling in
|
|
sh_secret module.
|
|
|
|
* made the libpam_misc conversation function a bit more flexible with
|
|
respect to binary conversations.
|
|
|
|
* added top level define (DEBUG_REL) for compiling in the form of
|
|
a debugging release. I use this on a Red Hat 4.2 system with little
|
|
chance of crashing the system as a whole. (Andrey has another
|
|
implementation of this -- with a spec file to match..)
|
|
|
|
0.63: Wed Jan 28 22:55:30 PST 1998 Andrew Morgan <morgan@linux.kernel.org>
|
|
|
|
* added libpam_client "convention" library. This makes explicit the
|
|
use of PAM_BINARY_PROMPT. It is a first cut, so don't take it too
|
|
seriously yet. Comments/suggestions for improvements are very
|
|
welcome. Note, this library does not compile by default. It will
|
|
be enabled when it is judged stable. The library comes with two
|
|
module/agent pairs and can be used with ssh using a patch available
|
|
from my pre-release directory [where you got this file.]
|
|
|
|
* backward compatibility patch for libpam/pam_handlers.c (PAM_IGNORE
|
|
was working with neither "requistie" nor "required") and a DEBUG'ing
|
|
compile time bug with pam_dispatch.c (Savochkin Andrey Vladimirovich)
|
|
|
|
* minor Makefile change from (Savochkin Andrey Vladimirovich)
|
|
|
|
* added pam_afsauth, pam_afspass, pam_restrict, and pam_syslog hooks
|
|
(Derrick J Brashear)
|
|
|
|
* pam_access use of uname(2) problematic (security problem
|
|
highlighted by Olaf Kirch).
|
|
|
|
* pam_listfile went a bit crazy reading group membersips (problem
|
|
highlighted by Olaf Kirch and patched independently by Cristian
|
|
Gafton and Savochkin Andrey Vladimirovich)
|
|
|
|
* compatibility hooks for solaris and hpux (Derrick J Brashear)
|
|
|
|
* 64 bit Linux/alpha bug fixed in pam_rhosts (Andrew D. Isaacson)
|
|
|
|
0.62: Wed Jan 14 14:10:55 PST 1998 Andrew Morgan <morgan@linux.kernel.org>
|
|
|
|
* Derrick J Brashear's patches: adds the HP stuff missed in the first
|
|
patch; adds SunOS support; adds support for the Solaris native ld
|
|
instead of requiring gnu ld.
|
|
|
|
* last line of .rhosts file need not contain a newline. (Bug reported by
|
|
Thompson Freeman.)
|
|
|
|
0.61: Thu Jan 8 22:57:44 PST 1998 Andrew Morgan <morgan@linux.kernel.org>
|
|
|
|
* complete rewrite of the "control flag" logic. Formerly, we were
|
|
limited to four flags: requisite, required, sufficient, optional.
|
|
We can now use these keywords _and_ a great deal more besides.
|
|
The extra logic was inspired by Vipin Samar, a preliminary patch was
|
|
written by Andy Berkheimer, but I "had some ideas of my own" and
|
|
that's what I've actually included. The basic idea is to allow the
|
|
admin to custom build a control flag with a series of token=value
|
|
pairs inside square brackets. Eg., '[default=die success=ok]' which
|
|
is pretty close to a synonym for 'requisite'. I'll try to document it
|
|
better in the sys-admin guide but I'm pretty sure it is a change for
|
|
the better.... If what is in the sys-admin guide is not good enough
|
|
for you, just take a look at the source for libpam ;^)
|
|
|
|
0.59: Thu Jan 8 22:27:22 PST 1998 Andrew Morgan <morgan@linux.kernel.org>
|
|
|
|
* better handling of empty lines in .rhosts file. (Formerly, we asked
|
|
the nameserver about them!) Fix from Hugh Daschbach.
|
|
|
|
* _broke_some_binary_compatibility_ with previous versions to become
|
|
compliant with X/Open's XSSO spec. Specifically, this has been
|
|
by changing the prototype for pam_strerror().
|
|
|
|
* altered the convention for the conversation mechanism to agree
|
|
with that of Sun. (number of responses 'now=' number of messages
|
|
with help from Cristian for finding a bug.. Cristian also found a
|
|
nasty speradic segfault bug -- Thanks!)
|
|
|
|
* added NIS+ support to pam_unix_*
|
|
|
|
* fixed a "regular file checking" problem with the ~/.rhosts sanity
|
|
check. Added "privategroup" option to permit group write permission
|
|
on the ~/.rhosts file in the case that the group owner has the same
|
|
name as the authenticating user. :*) "promiscuous" and "suppress"
|
|
were not usable!
|
|
|
|
* added glibc compatibility to pam_rhosts_auth (protected __USE_MISC
|
|
with #ifndef since my libc already defines it!).
|
|
|
|
* Security fix from Savochkin Andrey Vladimirovich with suggested
|
|
modification from Olaf Seibert.
|
|
|
|
* preC contains mostly code clean-ups and a number of changes to
|
|
_pam_macros.
|
|
|
|
0.58: whenever
|
|
|
|
* pam_getenvlist() has a more robust definition (XSSO) than was previously
|
|
thought. It would seem that we no longer need pam_misc_copy_env()
|
|
which was there to provide the robustness that pam_getenvlist()
|
|
lacked before...
|
|
|
|
Accordingly, I have REMOVED the prototype from libpam_misc. (The
|
|
function, however, will remain in the library as a wrapper for
|
|
legacy apps, but will likely be removed from libpam_misc-1.0.) PLEASE
|
|
FIX YOUR APPS *BEFORE* WE GET THERE!
|
|
|
|
* Alexy Nogin reported garbage output from pam_env in the case of
|
|
a non-existent environment variable.
|
|
|
|
* 'fixed' pwdb compilation for pam_wheel. Not very cleanly
|
|
done.. Mmmm. Should really clean up the entire source tree...
|
|
|
|
* added prototypes for mapping functions
|
|
|
|
<**WARNING**>
|
|
|
|
various constants have had there names changed. Numerical values have
|
|
been retained but be aware some source old modules/applications will
|
|
need to be fixed before recompilation.
|
|
|
|
</**WARNING**>
|
|
|
|
* appended documentation to README for pam_rhosts module (Nicolai
|
|
Langfeldt).
|
|
|
|
* verified X/Open compatibility of header files - note, where we differ
|
|
it is at the level of compilation warnings and the use of 'const char *'
|
|
instead of 'char *'. Previously, Sun(X/open) have revised their spec
|
|
to be more 'const'-ervative in the light of comments from Linux-PAM
|
|
development.
|
|
|
|
* Ooops! PAM_AUTHTOKEN_REQD should have been PAM_NEW_AUTHTOK_REQD.
|
|
|
|
changed: pam_pwdb(pam_unix_acct) (also bug fix for
|
|
_shadow_acct_mgmt_exp() return value), pam_stress,
|
|
libpam/pam_dispatch, blank, xsh.
|
|
|
|
* New: PAM_AUTHTOK_EXPIRED - password has expired.
|
|
|
|
* Ooops! PAM_CRED_ESTABLISH (etc.) should have been PAM_ESTABLISH_CRED
|
|
etc... (changed - this may break some people's modules - PLEASE TAKE
|
|
NOTE!)
|
|
changed: pam_group, pam_mail, blank, xsh; module and appl
|
|
docs, pam_setcred manual page.
|
|
|
|
* renamed internal _pam_handle structure to be pam_handle as per XSSO.
|
|
|
|
* added PAM_RADIO_TYPE (for multiple choice input method). Also
|
|
added PAM_BINARY_{MSG,PROMPT} (for interaction out of sight of user
|
|
- this could be used for RSA type authentication but is currently
|
|
just there for experimental purposes). The _BINARY_ types are now
|
|
usable with hooks in the libpam_misc conversation function. Still
|
|
have to add PAM_RADIO_TYPE.
|
|
|
|
* added pam_access module (Alexei Nogin)
|
|
|
|
* added documentation for pam_lastlog. Also modified the module to
|
|
not (by default) print "welcome to your new account" when it cannot
|
|
find a utmp entry for the user (you can turn this on with the
|
|
"never" argument).
|
|
|
|
* small correction to the pam_fail_delay manual page. Either the appl or
|
|
the modules header file will prototype this function.
|
|
|
|
* added "bigcrypt" (DEC's C2) algorithm(0) to pam_pwdb. (Andy Phillips)
|
|
|
|
* *BSD tweaking for various #include's etc. (pam_lastlog, pam_rhosts,
|
|
pam_wheel, libpam/pam_handlers). (Michael Smith)
|
|
|
|
* added configuration directory $SCONFIGED for module specific
|
|
configuration files.
|
|
|
|
* added two new "linked" man pages (pam.conf(8) and pam.d(8))
|
|
|
|
* included a reasonable default for /etc/pam.conf (which can be
|
|
translated to /etc/pam.d/* files with the pam_conv1 binary)
|
|
|
|
* fixed the names of the new configuration files in
|
|
conf/pam_conv1/pam_conv.y
|
|
|
|
* fixed make check.
|
|
|
|
* pam_lastlog fixed to handle UID in virgin part of /var/log/lastlog
|
|
(bug report from Ronald Wahl).
|
|
|
|
* grammar fix in pam_cracklib
|
|
|
|
* segfault avoided in pam_pwdb (getting user). Updating of passwords
|
|
that are directed to a "new" database are more robust now (bug noted
|
|
by Michael K. Johnson). Added "unix" module argument for migrating
|
|
passwords from another database to /etc/passwd. (documentation
|
|
updated). Removed "bad username []" warning for empty passwords -
|
|
on again if you supply the 'debug' module argument.
|
|
|
|
* ctrl-D respected in conversation function (libpam_misc)
|
|
|
|
* Removed -DPAM_FAIL_DELAY_ON from top-level Makefile. Nothing in
|
|
the distribution uses it. I guess this change happened a while
|
|
back, basically I'm trying to make the module parts of the
|
|
distribution "source compatible" with the RFC definition of PAM.
|
|
This implementation of PAM is a superset of that definition. I have
|
|
added the following symbols to the Linux-PAM header files:
|
|
|
|
PAM_DATA_SILENT (see _pam_types.h)
|
|
HAVE_PAM_FAIL_DELAY (see _pam_types.h)
|
|
PAM_DATA_REPLACE (see _pam_modules.h)
|
|
|
|
Any module (or application) that wants to utilize these features,
|
|
should check (#ifdef) for these tokens before using the associated
|
|
functionality. (Credit to Michael K. Johnson for pointing out my
|
|
earlier omission: not documenting this change :*)
|
|
|
|
* first stab at making modules more independent of full library
|
|
source. Modules converted:
|
|
pam_deny
|
|
pam_permit
|
|
pam_lastlog
|
|
pam_pwdb
|
|
|
|
* pam_env.c: #include <errno.h> added to ease GNU libc use. (Michael
|
|
K. Johnson)
|
|
|
|
* pam_unix_passwd fixes to shadow aging code (Eliot Frank)
|
|
|
|
* added README for pam_tally
|
|
|
|
0.57: Fri Apr 4 23:00:45 PST 1997 Andrew Morgan <morgan@parc.power.net>
|
|
|
|
* added "nodelay" argument to pam_pwdb. This can be used to turn off
|
|
the call to pam_fail_delay that takes effect when the user fails to
|
|
authenticate themself.
|
|
|
|
* added "suppress" argument to pam_rhosts_auth module. This will stop
|
|
printing the "rlogin failure message" when the user does not have a
|
|
.rhosts file.
|
|
|
|
* Extra fixes for FAKEROOT in Makefiles (Savochkin Andrey
|
|
Vladimirovich)
|
|
|
|
* pam_tally added to tree courtesy of Tim Baverstock
|
|
|
|
* pam_rhosts_auth was failing to read NFS mounted .rhosts
|
|
files. (Fixed by Peter Allgeyer). Refixed and further enhanced
|
|
(netgroups) by Nicolai Langfeldt. [Credit also to G.Wilford for some
|
|
changes that were not actually included..]
|
|
|
|
* optional (#ifdef PAM_READ_BOTH_CONFS) support for parsing of pam.d/
|
|
AND pam.conf files (Elliot Lee).
|
|
|
|
* Added (and signed) Cristian's PGP key. (I've never met him, but I am
|
|
convinced the key belongs to the guy that is making the PAM rpms and
|
|
also producing libpwdb. Please note, I will not be signing anyone
|
|
else's key without a personal introduction..)
|
|
|
|
* fixed erroneous syslog warning in pam_listfile (Savochkin Andrey
|
|
Vladimirovich, whole file reformatted by Cristian)
|
|
|
|
* modified pam_securetty to return PAM_IGNORE in the case that the user's
|
|
name is not known to the system (was previously, PAM_USER_UNKNOWN). The
|
|
Rationale is that pam_securetty's sole purpose is to prevent superuser
|
|
login anywhere other than at the console. It is not its concern that the
|
|
user is unknown - only that they are _not_ root. Returning
|
|
PAM_IGNORE, however, insures that the pam_securetty can never be used to
|
|
"authenticate" a non-existent user. (Cristian Gafton with bug report from
|
|
Roger Hu)
|
|
|
|
* Modified pam_nologin to display the no-login message when the user
|
|
is not known. The return value in this case is still PAM_USER_UNKNOWN.
|
|
(Bug report from Cristian Gafton)
|
|
|
|
* Added NEED_LCKPWD for pam_unix/ This is used to define the locking
|
|
functions and should only be turned on if you don't have them in
|
|
your libc.
|
|
|
|
* tidied up pam_lastlog and pam_pwdb: removed function that was never used.
|
|
|
|
* Note for package maintainers: I have added $(FAKEROOT) to the list of
|
|
environment variables. This should help greatly when you build PAM
|
|
in a subdirectory. I've gone through the tree and tried to make
|
|
everything compatible with it.
|
|
|
|
* added pam_env (courtesy of Dave Kinchlea)
|
|
|
|
* removed pam_passwd+ from the tree. It has not been maintained in a
|
|
long time and running a shell script was basically insecure. I've
|
|
indicated where you can pick up the source if you want it.
|
|
|
|
* #define HAVE_PAM_FAIL_DELAY . Applications can conditionally compile
|
|
with this if they want to see if the facility is available. It is
|
|
now always available. (corresponding compilation cleanups..)
|
|
|
|
* _pam_sanitize() added to pam_misc. It purges the PAM_AUTHTOK and
|
|
PAM_OLDAUTHTOK items. (calls replaced in pam_auth and pam_password)
|
|
|
|
* pam_rhosts now knows about the '+' entry. Since I think this is a
|
|
dangerous thing, I have required that the sysadmin supply the
|
|
"promiscuous" flag for it in the corresponding configuration file
|
|
before it will work.
|
|
|
|
* FULL_LINUX_PAM_SOURCE_TREE exported from the top level make file.
|
|
If you want to build a module, you can test for this to determine if
|
|
it should take its directions from above or supply default locations
|
|
for installation. Etc.
|
|
|
|
0.56: Sat Feb 15 12:21:01 PST 1997 <morgan@parc.power.net>
|
|
|
|
* pam_handlers.c can now interpret the pam.d/ service config tree:
|
|
- if /etc/pam.d/ exists /etc/pam.conf is IGNORED
|
|
(otherwise /etc/pam.conf is treated as before)
|
|
- given /etc/pam.d/
|
|
. config files are named (in lower case) by service-name
|
|
. config files have same syntax as /etc/pam.conf except
|
|
that the "service-name" field is not present. (there
|
|
are thus three manditory fields (and arguments are
|
|
optional):
|
|
|
|
module-type control-flag module-path optional-args...
|
|
|
|
)
|
|
|
|
* included conf/pam_conv1 for converting pam.conf to a pam.d/ version
|
|
1.0 directory tree. This program reads a pam.conf file on the
|
|
standard input stream and creates ./pam.d/ (in the local directory)
|
|
and fills it with ./pam.d/"service-name" files.
|
|
|
|
*> Note: It will fail if ./pam.d/ already exists.
|
|
|
|
PLEASE REPORT ANY BUGS WITH THIS CONVERSION PROGRAM... It currently
|
|
cannot retain comments from the old conf file, so take care to do this
|
|
by hand. Also, please email me with the fix that makes the
|
|
shift/reduce conflict go away...
|
|
|
|
* Added default module path to libpam for modules (see pam_handlers.c)
|
|
it makes use of Makfile defined symbol: DEFAULT_MODULE_PATH which is
|
|
inhereted from the defs/* variable $(SECUREDIR). Removed module
|
|
paths from the sample pam.conf file as they are no longer needed.
|
|
|
|
* pam_pwdb can now verify read protected passwords when it is not run
|
|
by root. This is via a helper binary that is setuid root.
|
|
|
|
* pam_permit now prompts for a username if it is not already determined
|
|
|
|
* pam_rhosts now honors "debug" and no longer hardwire's "root" as the
|
|
superuser's name.
|
|
|
|
* pam_securetty now honors the "debug" flag
|
|
|
|
* trouble parsing extra spaces fixed in pam_time and pam_group
|
|
|
|
* added Michael K. Johnson's PGP key to the pgp.keys.asc list
|
|
|
|
* pam_end->env not being free()'d: fixed
|
|
|
|
* manuals relocated to section 3
|
|
|
|
* fixed bug in pam_mail.c, and enhanced to recognize '~' as a prefix
|
|
to indicate the $HOME of the user (courtesy David
|
|
Kinchlea). *Changed* from a "session" module to an "auth"
|
|
module. It cannot be used to authenticate a user, but it can be used
|
|
in setting credentials.
|
|
|
|
* fixed a stupid bug in pam_warn.. Only PAM_SERVICE was being read :*(
|
|
|
|
* pam_radius rewritten to exclusively make use of libpwdb. (minor fix
|
|
to Makefile for cleaning up - AGM)
|
|
|
|
* pam_limits extended to limit the total number of logins on a system
|
|
at any given time.
|
|
|
|
* libpam and libpam_misc use $(MAJOR_REL) and $(MINOR_REL) to set their
|
|
version numbers [defined in top level makefile]
|
|
|
|
* bugfix in sed command in defs/redhat.defs (AGM's fault)
|
|
|
|
* The following was related to a possibility of buffer overruns in
|
|
the syslogging code: removed fixed length array from syslogging
|
|
function in the following modules [capitalized the log identifier
|
|
so the sysadmin can "know" these are fixed on the local system],
|
|
|
|
pam_ftp, pam_stress, pam_rootok, pam_securetty,
|
|
pam_listfile, pam_shells, pam_warn, pam_lastlog
|
|
and
|
|
pam_unix_passwd (where it was definitely _not_ exploitable)
|
|
|
|
0.55: Sat Jan 4 14:43:02 PST 1997, Andrew Morgan <morgan@parc.power.net>
|
|
|
|
* added "requisite" control_flag to /etc/pam.conf syntax. [See
|
|
Sys. Admin. Guide for explanation] changes to pam_handlers.c
|
|
|
|
* completely new handling of garbled pam.conf lines. The modus
|
|
operandi now is to assume that any errors in the line are minor.
|
|
Errors of this sort should *most definitely* lead to the module
|
|
failing, however, just ignoring the line (as was the case
|
|
previously) can lead to gaping security holes(! Not foreseen by the
|
|
RFC). The "motivation" for the RFC's comments about ignoring garbled
|
|
lines is present in spirit in the new code: basically a garbled line
|
|
is treated like an instance of the pam_deny.so module.
|
|
changes to pam_handlers.c and pam_dispatch.c .
|
|
|
|
* patched libpam, to (a) call _pam_init_handlers from pam_start() and
|
|
(b) to log a text error if there are no modules defined for a given
|
|
service when a call to a module is requested. [pam_start() and
|
|
pam_dispatch() were changed].
|
|
|
|
* patched pam_securetty to deal with "/dev/" prefix on PAM_TTY item.
|
|
|
|
* reorganized the modules/Makefile to include *ALL* modules. It is now
|
|
the responsibility of the modules themselves to test whether they can
|
|
be compiled locally or not.
|
|
|
|
* modified pam_group to add to the getgroups() list rather than overwrite
|
|
it. [In the case of "HAVE_LIBPWDB" we use the pwdb_..() calls to
|
|
translate the group names.]. Module now pays attention to
|
|
PAM_CRED_.. flag(!)
|
|
|
|
* identified and removed bugs in field reading code of pam_time and
|
|
(thus) pam_group.
|
|
|
|
* Cristian's patches to pam_listfile module, corresponding change to
|
|
documentation.
|
|
|
|
* I've discovered &ero; for sgml!
|
|
Added pam_time documentation to the admin guide.
|
|
|
|
* added manual pages: pam.8, pam_start.2(=pam_end.2),
|
|
pam_authenticate.2, pam_setcred.2, pam_strerror.2,
|
|
pam_open_session.2(=pam_close_session.2) and pam_chauthtok.2 .
|
|
|
|
* added new modules:
|
|
|
|
- pam_mail (tells the user if they have any new mail
|
|
and sets their MAIL env variable)
|
|
- pam_lastlog (reports on the last time this user called
|
|
this module)
|
|
|
|
* new module hooks provided.
|
|
|
|
* added a timeout feature to the conversation function in
|
|
libpam_misc. Documented it in the application developers' guide.
|
|
|
|
* fixed bug in pam_misc_paste_env() function..
|
|
|
|
* slight modifications to wheel and rhosts writeup.
|
|
|
|
* more security issues added to module and application guides.
|
|
|
|
--
|
|
Things present but not mentioned in previous release (sorry)
|
|
|
|
* pam_pwdb module now resets the "last_change" entry before updating a
|
|
password.
|
|
--
|
|
|
|
Sat Nov 30 19:30:20 PST 1996, Andrew Morgan <morgan@parc.power.net>
|
|
|
|
* added environment handling to libpam. involved change to _pam_types.h
|
|
also added supplementary functions to libpam_misc
|
|
|
|
* added pam_radius - Cristian
|
|
|
|
* slight speed up for pam_rhosts
|
|
|
|
* significantly enhanced sys-admin documentation (8 p -> 41 p in
|
|
PostScript). Added to other documentation too. Mostly the changes
|
|
in the other docs concern the new PAM-environment support, there is
|
|
also some coverage of libpam_misc in the App. Developers' guide.
|
|
|
|
* Cristian's patches to pam_limits and pam_pwdb. Fixing bugs. (MORE added)
|
|
|
|
* adopted Cristian's _pam_macros.h file to help with common macros and
|
|
debugging stuff, gone through tree tidying up debugging lines to use
|
|
this [not complete].
|
|
|
|
- for consistency replaced DROP() with _pam_drop()
|
|
|
|
* commented memory debugging in top level makefile
|
|
|
|
* added the following modules
|
|
|
|
- pam_warn log information to syslog(3) about service application
|
|
- pam_ftp if user is 'ftp' then set PAM_RUSER/PAM_RHOST with password
|
|
(comment about nologin added to last release's notes)
|
|
|
|
* modified the pam_listfile module. It now declares a meaningful static
|
|
structure name.
|
|
|
|
Sun Nov 10 13:26:39 PST 1996, Andrew Morgan <morgan@parc.power.net>
|
|
|
|
**PLEASE *RE*AMEND YOUR PERSONAL LINKS**
|
|
|
|
-------> http://parc.power.net/morgan/Linux-PAM/index.html <-------
|
|
|
|
**PLEASE *RE*AMEND YOUR PERSONAL LINKS**
|
|
|
|
A brief summary of what has changed:
|
|
|
|
* many modules have been modified to accomodate fixing the pam_get_user()
|
|
change. Please take note if you have a module in this distribution.
|
|
|
|
* pam_unix is now the pam_unix that Red Hat has been using and which
|
|
should be fairly well debugged.
|
|
|
|
- I've added some #ifdef's to make it compile for me, and also
|
|
updated it with respect to the libpam-0.53, so have a look at the
|
|
.../modules/pam_unix/Makefile to enable cracklib and shadow features
|
|
|
|
** BECAUSE OF THIS, I cannot guarantee this code works as it **
|
|
** did for Red Hat. Please test and report any problems. **
|
|
|
|
* the pam_unix of .52 (renamed to pam_pwdb) has been enhanced and made
|
|
more flexible with by implementing it with respect to the new
|
|
"Password Database Library" see
|
|
|
|
http://parc.power.net/morgan/libpwdb/index.html
|
|
|
|
modules included in this release that require this library to
|
|
function are the following:
|
|
|
|
- pam_pwdb (ne pam_unix-0.52 + some enhancements)
|
|
- pam_wheel
|
|
- pam_limits
|
|
- pam_nologin
|
|
|
|
* Added some optional code for memory debugging. In order to support
|
|
this you have to enable MEMORY_DEBUG in the top level makefile and
|
|
also #define MEMORY_DEBUG in your applications when they are compiled.
|
|
The extra code resides in libpam (compiled if MEMORY_DEBUG is defined)
|
|
and the macros for malloc etc. are to be found at the end of
|
|
_pam_types.h
|
|
|
|
* used above code to locate two memory leaks in pam_unix module and two
|
|
in libpam (pam_handlers.h)
|
|
|
|
* pam_get_user() now sets the PAM_USER item. After reading the Sun
|
|
manual page again, it was clear that it should do this. Various
|
|
modules have been assuming this and now I have modified most of them
|
|
to account for this change. Additionally, pam_get_user() is now
|
|
located in the module include file; modules are supposed to be the
|
|
ones that use it(!) [Note, this is explicitly contrary to the Sun
|
|
manual page, but in the spirit of the Linux distribution to date.]
|
|
|
|
* replaced -D"LINUX" with -D"LINUX_PAM" as this is more explicit and less
|
|
likely to be confused with -D"linux".
|
|
Also, modified the libpam #include files to behave more like the Sun
|
|
ones #ifndef LINUX_PAM.
|
|
|
|
* removed <bf/ .. / from documentation titles. This was not giving
|
|
politically correct html..
|
|
|
|
----- My vvvvvvvvvvvvvvvvvvv was a long time ago ;*] -----
|
|
|
|
Wed Sep 4 23:57:19 PDT 1996 (Andrew Morgan <morgan@physics.ucla.edu>
|
|
|
|
0. Before I begin, Linux-PAM has a new primary distribution site (kindly
|
|
donated by Power Net Inc., Los Angeles)
|
|
|
|
**PLEASE AMMEND YOUR PERSONAL LINKS**
|
|
|
|
-------> http://www.power.net/morgan/Linux-PAM <-------
|
|
|
|
**PLEASE AMMEND YOUR PERSONAL LINKS**
|
|
|
|
1. I'm hoping to make the next release a bug-fix release... So please find
|
|
all the bugs(! ;^)
|
|
|
|
2. here are the changes for .52:
|
|
|
|
* minor changes to module documentation [Incidently, it is now
|
|
available on-line from the WWW page above]. More changes to follow in
|
|
the next two releases. PLEASE EMAIL me or the list if there is
|
|
anything that isn't clear!
|
|
|
|
* completely changed the unix module. Now a single module for all four
|
|
management groups (this meant that I could define all functions as
|
|
static that were not part of the pam_sm_... scheme. AGM)
|
|
|
|
- Shadow support added
|
|
PASSWD - Elliot's account management included, and enhanced by Cristian Gafton.
|
|
- MD5 password support added by Cristian Gafton.
|
|
- maxtries for authentication now enforced.
|
|
- Password changing function in pam_unix now works!
|
|
Although obviously, I'm not going to *guarantee* it ;^) .
|
|
- stole Marek's locking code from the Red Hat unix module.
|
|
[ If you like you can #ifdef it in or out ... ]
|
|
|
|
You can configure the module more from its Makefile in
|
|
0.52/modules/pam_unix/
|
|
|
|
If you are nervous that it will destroy your /etc/passwd or shadow
|
|
files then EDIT the 0.52/modules/pam_unix/pam_unix_pass.-c file.
|
|
Here is the warning comment from this file...
|
|
|
|
-------------8<-----------------
|
|
/* <WARNING>
|
|
*
|
|
* Uncomment the following #define if you are paranoid, and do not
|
|
* want to risk losing your /etc/passwd or shadow files.
|
|
* It works for me (AGM) but there are no guarantees.
|
|
*
|
|
* </WARNING>
|
|
*/
|
|
/* #define TMP__FILE */
|
|
------------->8-----------------
|
|
|
|
*** If anyone has any trouble, please *say*. Your problem will be
|
|
fixed in the next release. Also please feel free to scour the
|
|
code for race conditions etc...
|
|
|
|
[* The above change requires that you purge your /usr/lib/security
|
|
directory of the old pam_unix_XXX.so modules: they will NOT be deleted
|
|
with a 'make remove'.]
|
|
|
|
* the prototype for the cleanup function supplied to pam_set_data used
|
|
to return "int". According to Sun it should be "void". CHANGED.
|
|
|
|
* added some definitions for the 'error_status' mask values that are
|
|
passed to the cleanup function associated with each
|
|
module-data-item. These numbers were needed to keep up with changing
|
|
a data item (see for example the code in pam_unix/support.-c that
|
|
manages the maximum number of retries so far). Will see what Sun says
|
|
(current indications are positive); this may be undone before 1.0 is
|
|
released. Here are the definitions (from pam_modules.h).
|
|
|
|
#define PAM_DATA_SILENT 0x40000000 /* used to suppress messages... */
|
|
#define PAM_DATA_REPLACE 0x20000000 /* used when replacing a data item */
|
|
|
|
* Changed the .../conf/pam.conf file. It now points to the new
|
|
pam_unix module for 'su' and 'passwd' [can get these as SimpleApps --
|
|
I use them for testing. A more extensive selection of applications is
|
|
available from Red Hat...]
|
|
|
|
* corrected a bug in pam_dispatch. Basically, the problem was that if
|
|
all the modules were "sufficient" then the return value for this
|
|
function was never set. The net effect was that _pam_dispatch_aux
|
|
returned success when all the sufficient modules failed. :^( I think
|
|
this is the correct fix to a problem that the Red Hat folks had
|
|
found...
|
|
|
|
sopwith* Removed advisory locking from libpam (thanks for the POSIX patch
|
|
goes to Josh Wilmes's, my apologies for not using it in the
|
|
end.). Advisory locking did not seem sufficiently secure for libpam.
|
|
Thanks to Werner Almesberger for identifying the corresponding "denial
|
|
of service attack". :*(
|
|
|
|
* related to fix, have introduced a lock file /var/lock/subsys/PAM
|
|
that can be used to indicate the system should pay attention to
|
|
advisory locking on /etc/pam.conf file. To implement this you need to
|
|
define PAM_LOCKING though. (see .52/libpam)
|
|
|
|
* modified pam_fail_delay() function. Couldn't find the "not working"
|
|
problem indicated by Michael, but modified it to do pseudo-random
|
|
delays based on the values indicated by pam_fail_delay() -- the
|
|
function "that may eventually go away"... Although Sun is warming to
|
|
the idea.
|
|
|
|
* new modules include:
|
|
|
|
pam_shells - authentication for users with a shell listed in
|
|
/etc/shells. Erik Troan <ewt@redhat.com>
|
|
|
|
pam_listfile - authentication based on the contents of files.
|
|
Set to be more general than the above in the
|
|
future. UNTESTED. Elliot Lee <@redhat.com>
|
|
[Note, this module compiles with a non-trivial
|
|
warning: AGM]
|
|
|
|
Thu Aug 8 22:32:15 PDT 1996 (Andrew Morgan <morgan@physics.ucla.edu>)
|
|
|
|
* modified makefiles to take more of their installation instructions
|
|
from the top level makefile. Desired for integration into the Debian
|
|
distribution, and generally a good idea.
|
|
|
|
* fixed memory arithmetic in pam_handlers
|
|
-- still need to track down why failure to load modules can lead to
|
|
authentication succeding..
|
|
|
|
* added tags for new modules (smartcards from Alex -- just a promise
|
|
at this stage) and a new module from Elliot Lee; pam_securetty
|
|
|
|
* I have not had time to smooth out the wrinkles with it, but Alex's
|
|
pam_unix modifications are provided in pam_unix-alex (in the modules
|
|
directory) they will not be compiled by 'make all' and I can't even
|
|
say if they do compile... I will try to look at them for .52 but, in
|
|
the mean time please feel free to study/fix/discuss what is there.
|
|
|
|
* pam_rhosts module. Removed code for manually setting the ruser
|
|
etc. This was not very secure.
|
|
|
|
* [remade .ps docs to be in letter format -- my printer complains
|
|
about a4]
|
|
|
|
Sunday July, 7 12:45:00 PST 1996 (Andrew Morgan <morgan@physics.ucla.edu>)
|
|
|
|
* No longer accompanying the Linux-PAM release with apps installed.
|
|
[Will provide what was here in a separate package.. (soon)
|
|
lib Also see http://www.redhat.com/pam for some more (in .rpm form...)]
|
|
|
|
* renamed libmisc to libpam_misc. It is currently configured to only compile
|
|
the static library. For some strange reason (perhaps someone can
|
|
investigate) my Linux 2.0.0 kernel with RedHat 3.0.3 system
|
|
segfaults when I compile it to be a dynamic library. The segfault
|
|
seems to be inside the call to the ** dl_XXX ** function...!?
|
|
|
|
There is a simple flag in the libpam_misc/Makefile to turn on dynamic
|
|
compiles.
|
|
|
|
* Added a little unofficial code for delay support in libpam (will probably
|
|
disappear later..) There is some documentation for it in the pam_modules
|
|
doc now. That will obviously go too.
|
|
|
|
* rewritten pam_time to use *logic* to specify the stringing together of
|
|
users/times/terminals etc.. (what was there before was superficially
|
|
logical but basically un-predictable!)
|
|
|
|
* added pam_group. Its syntax is almost identical to pam_time but it
|
|
has another field added; a list of groups to make the user a member
|
|
of if they pass the previous tests. It seems to not co-exist too well
|
|
with the groups in the /etc/group but I hope to have that fixed by
|
|
the next release...
|
|
|
|
* minor re-formatting of pam_modules documentation
|
|
|
|
* removed ...// since it wasn't being used and didn't look like it
|
|
would be!
|
|
|
|
GCCSunday 23 22:35:00 PST 1996 (Andrew Morgan <morgan@physics.ucla.edu>)
|
|
|
|
* The major change is the addition of a new module: pam_time for
|
|
restricting access on terminals at given times for indicated users
|
|
it comes with its own configuration file /etc/security/time.conf
|
|
and the sample file simply restricts 'you' from satisfying the blank
|
|
application if they try to use blank from any tty*
|
|
|
|
* Small changes include
|
|
- altered pam.conf to demonstrate above new module (try typing username: you)
|
|
- very minor changes to the docs (pam_appl and pam_modules)
|
|
|
|
Saturday June 2 01:40:00 PST 1996 (Andrew Morgan <morgan@physics.ucla.edu>)
|
|
|
|
*** PLEASE READ THE README, it has changed ***
|
|
|
|
* NOTE, 'su' exhibits a "system error", when static linking is
|
|
used. This is because the pam_unix_... module currently only has
|
|
partial static linking support. This is likely to change on Monday
|
|
June 3, when Alex makes his latest version availible. I will include
|
|
the updated module in next release.
|
|
|
|
changes for .42:
|
|
|
|
* modified the way in which libpam/pam_modules.h defines prototypes for
|
|
the pam_sm_ functions. Now the module must declare which functions it
|
|
is to provide *before* the #include <security/pam_modules.h> line.
|
|
(for contrasting examples, see the pam_deny and pam_rootok modules)
|
|
This removed the ugly hack of defining functions that are never called
|
|
to overcome warnings... This seems much tidier.
|
|
insterted* updated the TODO list. (changed mailing list address)
|
|
* updated README in .../modules to reflect modifications to static
|
|
compliation protocol
|
|
* modified the pam_modules documentation to describe this.
|
|
* corrected last argument of pam_get_item( ... ) in
|
|
pam_appl/modules.sgml, to "const void **".
|
|
* altered GNU GPL's in the documentation, and various other parts of
|
|
the distribution. *Please check* that any code you are responsible for
|
|
is corrected.
|
|
* Added ./Copyright (please check that it is acceptable)
|
|
* updated ./README to make current and indicate the new mailing list
|
|
address
|
|
* have completely rewritten pam_filter. It now runs modular filter
|
|
executables (stored in /usr/sbin/pam_filter/) This should make it
|
|
trivial for others to write their own filters.. If you want yours
|
|
included in the distribution please email the list/me.
|
|
* changes to libpam; there was a silly bug with multiple arguments on a
|
|
pam.conf line that was broken with a '\<LF>'.
|
|
* 'su' rearranged code (to make better use of PAM)
|
|
*Also* now uses POSIX signals--this should help the Alpha port.
|
|
* 'passwd' now uses getlogin() to determine who's passwords to change.
|
|
|
|
Sunday May 26 9:00:00 PST 1996 (Andrew Morgan <morgan@physics.ucla.edu>)
|
|
|
|
* fixed module makefiles to create needed dynamic/static subdirectories
|
|
|
|
Saturday May 25 20:30:27.8 PST 1996 (Andrew Morgan <morgan@physics.ucla.edu>)
|
|
|
|
* LOTS has changed regarding how the modules/libpam are built.
|
|
* Michael's mostly complete changes for static support--see below
|
|
(Andrew got a little carried away and automated the static linking
|
|
of modules---bugs are likely mine ;( )
|
|
* Thanks mostly to Michael, libpam now compiles without a single warning :^]
|
|
* made static modules/library optional.
|
|
CFLAGS* added 'make sterile' to top level makefile. This does extraclean and remove
|
|
* added Michael and Joseph to documentation credits (and a subsection for
|
|
future documentation of static module support in pam_modules.sgml)
|
|
* libpam; many changes to makefiles and also automated the inclusion of
|
|
static module objects in pam_static.c
|
|
* modified modules for automated static/dynamic support. Added static &
|
|
dynamic subdirectories, as instructed by Michael
|
|
* removed an annoying syslog message from pam_filter: "parent exited.."
|
|
* updated todo list (anyone know anything about svgalib/X? we probably should
|
|
have some support for these...)
|
|
|
|
Friday May 24 16:30:15 EDT 1996 (Michael K. Johnson <johnsonm@redhat.com>)
|
|
|
|
* Added first (incomplete) cut at static support.
|
|
This includes:
|
|
. changes in libpam, including a new file, pam_static.c
|
|
. changes to modules including exporting struct of function pointers
|
|
. static and dynamic linking can be combined
|
|
. right now, the only working combinations are just dynamic
|
|
linking and dynamic libpam.so with static modules linked
|
|
into libpam.so. That's on the list of things to fix...
|
|
. modules are built differently depending on whether they
|
|
are static or dynamic. Therefore, there are two directories
|
|
under each module directory, one for static, and one for
|
|
dynamic modules.
|
|
* Fixed random brokenness in the Makefiles. [ foo -nt bar ] is
|
|
rather redundant in a makefile, for instance. Also, passing
|
|
on the command line is broken because it cannot be
|
|
overridden in any way (even adding important parts) in lower-level
|
|
makefiles.
|
|
* Unfortunately, fixing some of the brokenness meant that I used
|
|
GNU-specific stuff. However, I *think* that there was GNU-specific
|
|
stuff already. And I think that we should just use the GNU
|
|
extensions, because any platform that GNU make doesn't port to
|
|
easily will be hard to port to anyway. It also won't be likely
|
|
passwd to handle autoconf, which was Ted's suggestion for getting
|
|
around limitations in standard make...
|
|
For now, I suggest that we just use some simple GNU-specific
|
|
extensions.
|
|
|
|
Monday May 20 22:00:00 PST 1996 (Andrew Morgan <morgan@physics.ucla.edu>)
|
|
|
|
* added some text to pam_modules.sgml
|
|
* corrected Marek's name in all documentation
|
|
* made pam_stress conform to chauthtok conventions -- ie can now request
|
|
old password before proceeding.
|
|
* included Alex's latest unix module
|
|
* included Al's + password strength checking module
|
|
* included pam_rootok module
|
|
* fixed too many bugs in libpam.. all subtly related to the argument lists
|
|
or use of syslog. Added more debugging lines here too.
|
|
* fixed the pam.conf file
|
|
* deleted pam_test module. It is pretty old and basically superceeded
|
|
by pam_stress
|
|
|
|
Friday May 9 1:00:00 PST 1996 (Andrew Morgan <morgan@physics.ucla.edu>)
|
|
|
|
* updated documentaion, added Al Longyear to credits and corrected the
|
|
spelling of Jeff's name(!). Most changes to pam.sgml (even added a figure!)
|
|
* new module pam_rhosts_auth (from Al Longyear)
|
|
* new apps rlogind and ftpd (a patch) from Al.
|
|
* modified 'passwd' to not call pam_authenticate (note, none of the
|
|
modules respect this convention yet!)
|
|
* fixed bug in libpam that caused trouble if the last line of a
|
|
pam.conf file ends with a module name and no newline character
|
|
* also made more compatable with documentation, in that bad lines in
|
|
pam.conf are now ignored rather than causing libpam to return an
|
|
error to the app.
|
|
* libpam now overwrites the AUTHTOKs when returning from
|
|
pam_authenticate and pam_chauthtok calls (as per Sun/RFC too)
|
|
* libpam is now installed as libpam.so.XXX in a way that ldconfig can
|
|
handle!
|
|
|
|
|
|
Wednesday May 1 22:00:00 PST 1996 (Andrew Morgan <morgan@physics.ucla.edu>)
|
|
|
|
* removed .../test directory, use .../examples from now on.
|
|
* added .../apps directory for fully functional applications
|
|
- the apps directory contains directories that actually contain the apps.
|
|
the idea is to make application compilation conditional on the presence
|
|
of the directory. Note, there are entries in the Makefile for
|
|
'login' and 'ftpd' that are ready for installation... Email me if
|
|
you want to reserve a directory name for an application you are
|
|
working on...
|
|
* similar changes to .../modules makefile [entries for pam_skey and
|
|
pam_kerberos created---awaiting the directories.] Email me if you
|
|
want to register another module...
|
|
* minor changes to docs.. Not really worth reprinting them quite yet!
|
|
[save the trees]
|
|
* added misc_conv to libmisc. it is a generic conversation function
|
|
for text based applications. [would be nice to see someone create
|
|
an Xlib and/or svgalib version]
|
|
* fixed ctrl-z/c bug with pam_filter module [try xsh with the default
|
|
pam.conf file]
|
|
* added 'required' argument to 'pam_stress' module.
|
|
* added a TODO list... other suggestions to the list please.
|
|
|
|
Saturday April 7 00:00:00 PST 1996 ( Andrew Morgan <morgan@physics.ucla.edu> )
|
|
|
|
* Alex and Marek please note I have altered _pam_auth_unix a little, to
|
|
make it get the passwords with the "proper method" (and also fixed it
|
|
to not have as many compiler warnings)
|
|
* updated the conf/pam.conf file
|
|
* added new example application examples/xsh.c (like blank but invokes
|
|
/bin/sh)
|
|
* Marc's patches for examples/blank.c (and AGM's too)
|
|
* fixed stacking of modules in libpam/pam_handlers.c
|
|
* fixed RESETing in libpam/pam_item.c
|
|
* added new module modules/pam_filter/ to demonstrate the possibility
|
|
of inserting an arbitrary filter between the terminal and the
|
|
application that could do customized logging etc... (see use of
|
|
bin/xsh as defined in conf/pam.conf)
|
|
|
|
|
|
Saturday March 16 19:00:00 PST 1996 ( Andrew Morgan <morgan@physics.ucla.edu> )
|
|
|
|
These notes are for 0.3 I don't think I've left anything important
|
|
out, but I will use emacs 'C-x v a' next time! (Thanks Jeff)
|
|
|
|
* not much has changed with the functionality of the Linux-PAM lib
|
|
.../libpam
|
|
- pam_password calls module twice with different arguments
|
|
- added const to some of the function arguments
|
|
- added PAM_MAX_MES_ to <security/_pam_types.h>
|
|
- was a lot over zealous about purging old passwords...
|
|
I have removed much of this from source to make it
|
|
more compatible with SUN.
|
|
- moved some PAM_... tokens to pam_modules.h from _pam_types.h
|
|
(no-one should notice)
|
|
|
|
* added three modules: pam_permit pam_deny pam_stress
|
|
no prizes for guessing what the first two do. The third is
|
|
a reasonably complete (functional) module. Is intended for testing
|
|
applications with.
|
|
|
|
* fixed a few pieces of examples/blank.c so that it works (with
|
|
pam_stress)
|
|
|
|
* ammended the documentation. Looking better, but suggestions/comments
|
|
very welcome!
|
|
|
|
Sunday March 10 10:50:00 PST 1996 ( Andrew Morgan <morgan@physics.ucla.edu> )
|
|
|
|
These notes are for Linux-PAM release 0.21. They cover what's changed
|
|
since I relased 0.2.
|
|
|
|
* am now using RCS
|
|
* substantially changed ./README
|
|
* fixed bug reading \\\n in pam.conf file
|
|
* small changes to documentation
|
|
* added `blank' application to ./examples (could be viewed as
|
|
a `Linux-PAM aware' application template.)
|
|
* oops. now including pam_passwd.o and pam_session.o in pamlib.so
|
|
* compute md5 checksums for all the source when making a release
|
|
- added `make check' and `make RCScheck' to compute md5 checksums
|
|
* create a second tar file with all the RCS files in.
|
|
* removed the .html and .txt docs, supplying sgml sources instead.
|
|
- see README for info on where to get .ps files
|
|
|
|
Thursday March 6 0:44:?? PST 1996 ( Andrew Morgan <morgan@physics.ucla.edu> )
|
|
|
|
These notes are for Linux-PAM release 0.2. They cover what's changed
|
|
since Marc Ewing relased 0.1.
|
|
|
|
**** Please note. All of the directories in this release have been modified
|
|
**** slightly to conform to the new pamlib. A couple of new directories have
|
|
**** been added. As well as some documentation. If some of your code
|
|
**** was in the previous release. Feel free to update it, but please
|
|
**** try to conform to the new headers and Makefiles.
|
|
|
|
* Andrew Morgan (morgan@physics.ucla.edu) is making this release
|
|
availible, Marc has been busy...!
|
|
|
|
* Marc's pam-0.1/lib has been (quietly) enhanced and integrated into
|
|
Alex Yurie's collected tree of library and module code
|
|
(linux-pam.prop.1.tar.gz). Most of the changes are to do with error
|
|
checking. Some more robustness in the reading of the pam.conf file
|
|
and the addition of the pam_get_user() function.
|
|
|
|
* The pam_*.h files have been reorganized to logically enforce the
|
|
separation of modules from applications. [Don't panic! Apart from
|
|
changing references of the form
|
|
|
|
#include "pam_appl.h"
|
|
|
|
to
|
|
|
|
#include <security/pam_appl.h>
|
|
|
|
The reorganization should be backwardly compatable (ie. a module
|
|
written for SUN will be as compatable as it was before with the
|
|
previous version ;)~ ]
|
|
|
|
(All of the source in this tree now conforms to this scheme...)
|
|
|
|
The new reorganization means that modules can be compiled with a
|
|
single header, <security/pam_modules.h>, and applications with
|
|
<security/pam_appl.h>.
|
|
|
|
* I have tried to remove all the compiler warnings from the updated
|
|
"pamlib/*.c" files. On my system, (with a slightly modified <dlfcn.h>
|
|
email me if it interests you..) there are only two warnings that
|
|
remain: they are that ansi does not permit void --> fn ptr
|
|
assignment. K&Rv2 doesn't mention this....? As a matter of principle,
|
|
if anyone knows how to get rid of that warning... please
|
|
tell. Thanks! "-pedantic"
|
|
|
|
* you can "make all" as a plain user, but
|
|
|
|
* to "make install" you must be root. The include files are placed in
|
|
/usr/include/security. The libpam.so library is installed in /usr/lib
|
|
and the modules in /usr/lib/security. The two test binaries
|
|
are installed in the Linux-PAM-0.2/bin directory and a chance is given to
|
|
replace your /etc/pam.conf file with the one in Linux-PAM-0.2/conf.
|
|
|
|
* I have included some documentation (pretty preliminary at the
|
|
moment) which I have been working on in .../doc .
|
|
|
|
I have had a little trouble with the modules, but atleast there are no
|
|
segfaults! Please try it out and discuss your results... I actually
|
|
hope it all works for you. But, Email any bugs/suggestions to the
|
|
Linux-PAM list: linux-pam@mit.edu .....
|
|
|
|
Regards,
|
|
|
|
Andrew Morgan
|
|
(morgan@physics.ucla.edu)
|
|
|
|
|
|
Sat Feb 17 17:30:24 EST 1996 (Alexander O. Yuriev alex@bach.cis.temple.edu)
|
|
|
|
* conf directory created with example of pam_conf
|
|
* stable code from pam_unix is added to modules/pam_unix
|
|
* test/test.c now requests username and password and attempts
|
|
to perform authentication
|
|
|