Migrated from Trac.

Dag-Erling Smørgrav 2021-10-20 23:28:58 +02:00
commit 23a4732d12
41 changed files with 762 additions and 0 deletions

31
Errata-2011-11-08.md Normal file

@ -0,0 +1,31 @@
## Errata: Service name validation
Date:: 2011-11-08
Affects:: All releases prior to [Lycopsida](Releases-Lycopsida)
References:: http://c-skills.blogspot.com/2011/11/openpam-trickery.html
Description:: Some setuid programs (e.g. KDE's `kcheckpass`) allow the user to specify the service name. Due to insufficient validation in OpenPAM's configuration parser, this can be exploited to load a PAM policy from an arbitrary (user-crafted) file and thus execute arbitrary code with root privileges.
Workaround:: Remove or restrict any program that allows the user to specify the service name.
Fix:: [OpenPAM Lycopsida](Releases-Lycopsida) features a completely rewritten configuration parser. If you are unable or unwilling to upgrade, apply the following patch (courtesy of NetBSD's Matthias Drochner):
{{{
--- lib/openpam_configure.c (revision 228464)
+++ lib/openpam_configure.c (revision 228465)
@@ -285,6 +285,13 @@
size_t len;
int r;
+ /* don't allow to escape from policy_path */
+ if (strchr(service, '/')) {
+ openpam_log(PAM_LOG_ERROR, "invalid service name: %s",
+ service);
+ return (-PAM_SYSTEM_ERR);
+ }
+
for (path = openpam_policy_path; *path != NULL; ++path) {
len = strlen(*path);
if ((*path)[- 1](len) == '/') {
}}}

13
Errata-2013-03-04.md Normal file

@ -0,0 +1,13 @@
# Errata: Configuration parsing
Date:: 2013-03-04
Affects:: [Micrampelis](Releases-Micrampelis)
References:: http://blog.des.no/2013/03/on-testing-part-ii/
Description:: When {{{openpam_readword()}}} encounters a string in which unquoted text precedes quoted text, it will return an empty string. This affects the PAM policy parser as well as any third-party code that relies on {{{openpam_readword()}}} and / or {{{openpam_readlinev()}}}.
Workaround:: Quote the entire string, e.g. {{{"text=hello world"}}} instead of {{{text="hello world"}}}.
Fix:: Apply r634 and r636.

13
Errata-2014-02-26.md Normal file

@ -0,0 +1,13 @@
# Errata: Character classification
Date:: 2014-02-26
Affects:: [Nummularia](Releases-Nummularia)
References:: http://blog.des.no/2013/03/on-testing-part-iii/
Description:: The {{{is_upper()}}} character classification predicate only accepts the letter {{{A}}} as an upper-case character instead of the entire {{{A-Z}}} range. The result is that OpenPAM will not accept service names or module names or paths containing upper-case letters other than {{{A}}}.
Workaround:: Rename affected services and modules.
Fix:: Apply r761, and optionally r760 which adds unit tests for the character classification predicates.

13
Errata-2014-06-02.md Normal file

@ -0,0 +1,13 @@
# Errata: Policy loading
Date:: 2014-06-02
Affects:: [Nummularia](Releases-Nummularia) and [Micrampelis](Releases-Micrampelis)
References:: http://www.freebsd.org/security/advisories/FreeBSD-SA-14:13.pam.asc, http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3879
Description:: When loading a module or processing an include directive, an {{{ENOENT}}} (file not found) error would incorrectly be propagated up the call stack and be interpreted as a missing policy, which is a soft error, rather than an invalid policy, which is a hard error. Depending on the circumstances, this could result in a fail-open scenario.
Workaround:: Verify the spelling of all policies. When updating third-party modules (which will result in a brief window during which the module is missing), shut down affected services.
Fix:: Apply r795.

11
Errata-2014-10-22.md Normal file

@ -0,0 +1,11 @@
# Errata: Line continuation
Date:: 2014-10-22
Affects:: [Ourouparia](Releases-Ourouparia), [Nummularia](Releases-Nummularia) and [Micrampelis](Releases-Micrampelis)
Description:: The {{{openpam_readword()}}} function does not support line continuation within a whitespace sequence.
Workaround:: Place the continuation character at the end of the last word on the line to be continued, with no preceding whitespace.
Fix:: Apply r825, and optionally r826 and r829 which add unit tests for line continuation.

11
Errata-2017-01-18.md Normal file

@ -0,0 +1,11 @@
# Errata: Application-provided login and password prompts
Date:: 2017-01-18
Affects:: [Ourouparia](Releases-Ourouparia), [Nummularia](Releases-Nummularia), [Micrampelis](Releases-Micrampelis) and [Lycopsida](Releases-Lycopsida)
Description:: In the {{{pam_get_authtok()}}} and {{{pam_get_user()}}} functions, when the caller does not provide a prompt, the test for the existence of an application-provided prompt is inverted, causing those functions to fall back to the hard-coded default.
Workaround:: None.
Fix:: Apply r902.

11
Errata-2017-02-19.md Normal file

@ -0,0 +1,11 @@
# Errata: Memory leak in pam_set_item()
Date:: 2017-02-19
Affects:: [Ourouparia](Releases-Ourouparia), [Nummularia](Releases-Nummularia), [Micrampelis](Releases-Micrampelis) and [Lycopsida](Releases-Lycopsida)
Description:: In OpenPAM [Lycopsida](Releases-Lycopsida), code was added to the {{{pam_set_item()}}} function to disallow changing the value of the {{{PAM_SERVICE}}} item, which contains the service name. An unintended side effect of this is that {{{pam_end}}} is no longer able to free the memory allocated to hold the service name. As a consequence, each PAM session leaks a small amount of memory.
Workaround:: None.
Fix:: Apply r918.

11
Errata-2019-02-22.md Normal file

@ -0,0 +1,11 @@
# Errata: Off-by-one error in pam_getenv()
Date:: 2019-02-22
Affects:: [Resedacea](Releases-Resedacea), [Radula](Releases-Radula)
Description:: An error was introduced in OpenPAM [Radula](Releases-Radula) which causes the {{{pam_getenv()}}} function to return a pointer to the {{{'='}}} character which precedes the value of the requested variable, instead of a pointer to the value itself.
Workaround:: None.
Fix:: Apply a [subset](/changeset/943/openpam/trunk/lib/libpam/pam_getenv.c) of r943.

12
Errata.md Normal file

@ -0,0 +1,12 @@
[[TOC(noheading)]]
# Errata
| **Date** | **Affects** | **Description** |
| 2019-02-22 | [Resedacea](Releases-Resedacea), [Radula](Releases-Radula) | [Off-by-one error in pam_getenv()](Errata-2019-02-22) |
| 2017-02-19 | [Ourouparia](Releases-Ourouparia), [Nummularia](Releases-Nummularia), [Micrampelis](Releases-Micrampelis) and [Lycopsida](Releases-Lycopsida) | [Memory leak in pam_set_item()](Errata-2017-02-19) |
| 2017-01-18 | [Ourouparia](Releases-Ourouparia), [Nummularia](Releases-Nummularia), [Micrampelis](Releases-Micrampelis) and [Lycopsida](Releases-Lycopsida) | [Inverted test for application-provided prompt](Errata-2017-01-18) |
| 2014-10-22 | [Ourouparia](Releases-Ourouparia), [Nummularia](Releases-Nummularia) and [Micrampelis](Releases-Micrampelis) | [Improper handling of line continuation in configuration parser](Errata-2014-10-22) |
| 2014-06-02 | [Nummularia](Releases-Nummularia) and [Micrampelis](Releases-Micrampelis) | [Fail-open when a module is missing](Errata-2014-06-02) |
| 2014-02-26 | [Nummularia](Releases-Nummularia) | [Character classification bug in configuration parser](Errata-2014-02-26) |
| 2013-03-04 | [Micrampelis](Releases-Micrampelis) | [Improper handling of quoted strings in configuration parser](Errata-2013-03-04) |
| 2011-11-08 | All releases prior to [Lycopsida](Releases-Lycopsida) | [Insufficient validation of service names](Errata-2011-11-08) |

17
History.md Normal file

@ -0,0 +1,17 @@
# History
OpenPAM was developed by Dag-Erling Smørgrav (initially as an employee of ThinkSec), with occasional and much-appreciated contributions from [a number of other people](http://svn.des.no/svn/openpam/trunk/CREDITS). Development started in early 2002 with funding from what was then Network Associates Laboratories, the Security Research Division of Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA CHATS research program.
The attendant OpenSSH work was a direct continuation of an earlier effort by ThinkSec's Eivind Eklund, which was funded by the now-defunct Norwegian ISP Enitel.
Dag-Erling's mandate was initially to maintain FreeBSD's [Linux-PAM](http://kernel.org/pub/linux/libs/pam/) port and its existing set of PAM modules, develop additional PAM modules, and add PAM support to FreeBSD's [OpenSSH](http://www.openssh.org/) port. In that context, OpenPAM was intended as a testing and validation framework for PAM applications and modules. However, due to fundamental architectural flaws in Linux-PAM and its extremely poor code quality, the decision was made to develop OpenPAM into a full-fledged PAM implementation.
A number of features, such as module option handling, credential borrowing and ready-made conversation functions, were added to minimize code duplication in modules and applications. With a few intentional exceptions, these extensions are clearly marked as such.
OpenPAM replaced Linux-PAM in FreeBSD in March, 2002. The first official FreeBSD release to ship with OpenPAM was FreeBSD 5.1 in June, 2003 (5.0, which also included OpenPAM was a “technological preview”).
The first official NetBSD release with OpenPAM was NetBSD 3.0 in December, 2005.
Apple started the transition to OpenPAM in 2008; the first MacOS X release to ship with OpenPAM was MacOS X 10.6 “Snow Leopard” in August, 2009.
The OpenSSH PAM integration code which was developed in conjunction with OpenPAM was adopted by the [OpenSSH-portable](http://www.openssh.org/portable.html) maintainers in 2003 and has been included in OpenSSH-portable since 3.7p1.

19
Home.md Normal file

@ -0,0 +1,19 @@
# OpenPAM
OpenPAM is an open source PAM library that focuses on simplicity, correctness, and cleanliness. Its aim is to gather the best features of Solaris PAM, [XSSO](https://publications.opengroup.org/p702) ^[PDF](http://pubs.opengroup.org/onlinepubs/8329799/toc.pdf)^ and Linux-PAM, plus some innovations of its own. In areas where these implementations disagree, OpenPAM tries to remain compatible with Solaris, at the expense of XSSO conformance and Linux-PAM compatibility.
OpenPAM is available under the [3-clause BSD license](http://opensource.org/licenses/BSD-3-Clause). See the [full license and copyright statement](http://svn.des.no/svn/openpam/trunk/LICENSE) for details.
OpenPAM is currently used by [FreeBSD](http://www.freebsd.org), [PC-BSD](http://www.pcbsd.org/), [Dragonfly BSD](http://www.dragonflybsd.org/), [NetBSD](http://www.netbsd.org), [Mac OS X](http://www.apple.com/macosx/) and a few Linux distributions.
Read more about:
- [OpenPAM's history](History)
- [How to obtain and install OpenPAM](ObtainingAndInstalling)
- The current release, **[Tabebuia](Releases-Tabebuia)**, and [past releases](Releases).
- Important information about **[known bugs in OpenPAM releases](Errata)**
- Notes about how I [migrated from Perforce to Subversion](MigrationToSubversionAndTrac) (mostly of historical interest)

@ -0,0 +1,27 @@
# Migration to Subversion and Trac
## Background
At the time when I started writing OpenPAM, I was working on PAM integration and other security-related issues in [FreeBSD](http://www.freebsd.org/), as a subcontractor for [Network Associates](http://www.nai.com/) (since then acquired by [McAfee](http://www.mcafee.com/)) under the [DARPA](http://www.darpa.mil/) CHATS program. This involved maintaining a rather large set of patches to the FreeBSD source tree; the most convenient way to do this was to use the FreeBSD project's [Perforce](http://www.perforce.com/) depot. Thus, OpenPAM, which grew out of this work, was initially maintained in that depot.
I quickly grew annoyed with Perforce, and especially with how little it improved over time. There was also the issue of control: I did not control the Perforce server, nor the hardware it ran on. By virtue of being hosted by it, OpenPAM remained closely tied to FreeBSD, which I believe has been a major obstacle to its adoption by other operating systems.
For a long time, however, there were no clear alternatives to Perforce, especially because I did not want to lose history when I switched version control systems. I had long been interested in Subversion, however, and made several attempts at migrating to it until I finally succeeded in February 2006.
## Converting the repository
I searched for a tool which could extract a set of files from a Perforce depot and add them, with full history, to a Subversion repository, and came across [Ray Miller](http://users.ox.ac.uk/~raym/)'s [p42svn](http://users.ox.ac.uk/~raym/software/misc/p42svn.html).
After much expermientation, I came to the conclusion that I could not use p42svn unmodified, because of a problem with the way it tries to work around a bug in the Perforce client libraries.
The basic problem is that {{{P4::Print()}}} behaves inconsistently for different file types: if the requested file is a text file, it returns its contents as a string; but if it is a binary file, it prints the contents to {{{STDOUT}}} instead. The way {{{p42svn}}} works around this is that for every file it needs to download (which is every file that was changed in every changeset), it forks off a child which opens a server connection, calls {{{P4::Print()}}} and prints the results. The parent simply captures the child's {{{STDOUT}}} and gets the data it needs, regardless of the file type.
This workaround was problematic for me for two reasons: first of all, my access to FreeBSD's Perforce depot was over SSH across 13 hops with a 200 ms RTT, which means that connection setup and teardown alone takes almost a second. Furthermore, the server is fairly heavily congested and apparently implements some kind of SSH connection rate limiting, which meant that sooner or later {{{P4::Init()}}} would fail and {{{p42svn}}} would immediately quit instead of retrying after a short pause.
I ended up making the following changes:
* {{{p4_init()}}} was modified to always return the same client connection, which is cached in a global variable
* All references to {{{P4::Final()}}} were commented out to avoid closing the cached connection.
* {{{p4_get_file_content()}}} was modified to call {{{P4::Print()}}} directly, without forking. This was safe to do for OpenPAM, because it does not contain any binary files.
I admit that it's a hack, but it works. The result can be found [in the repository](source:trunk/misc/p42svn.pl).

@ -0,0 +1,6 @@
There are two ways to obtain OpenPAM:
* Download the latest release from [SourceForge](https://sourceforge.net/projects/openpam/files/openpam/)
* Check out the sources using [Subversion](http://subversion.tigris.org) from svn://svn.openpam.org/openpam/trunk
Installation instructions are included with the source code.

7
Releases-Calamite.md Normal file

@ -0,0 +1,7 @@
# OpenPAM Calamite
OpenPAM Calamite was released on 2002-02-09.
First (beta) release.
[Download from Sourceforge](http://sourceforge.net/projects/openpam/files/openpam/Calamite/)

11
Releases-Caliopsis.md Normal file

@ -0,0 +1,11 @@
# OpenPAM Caliopsis
OpenPAM Caliopsis was released on 2002-02-13.
Fixed a number of bugs in the previous release, including:
- a number of bugs in and related to `pam_[gs]et_item(3)`
- off-by-one bug in `pam_start.c` would trim last character off certain configuration lines
- incorrect ordering of an array in `openpam_load.c` would cause service module functions to get mixed up
- missing `continue` in `openpam_dispatch.c` caused successes to be counted as failures
[Download from Sourceforge](http://sourceforge.net/projects/openpam/files/openpam/Caliopsis/)

25
Releases-Cantaloupe.md Normal file

@ -0,0 +1,25 @@
# OpenPAM Cantaloupe
OpenPAM Cantaloupe was released on 2002-02-22.
- **BUGFIX** The proper use of `PAM_SYMBOL_ERR` is to indicate an invalid argument to pam_[gs]`et_item(3)`, not to indicate `dlsym(3)` failures.
- **ENHANCE** Add in-line documentation in most source files, and a Perl script that generates mdoc code from that.
- **BUGFIX** The environment list was not properly `NULL`-terminated.
- **ENHANCE** Allow the `PAM_AUTHTOK_PROMPT` item to override the prompt specified by the module.
- **BUGFIX** `PAM_NUM_ITEMS` was set too low. It has been moved to `pam_constants.h` to avoid it going stale again.
- **ENHANCE** Move all code related to static modules into a separate file.
- **ENHANCE** `openpam_ttyconv()` now masks most signals while prompting the user, and supports setting a timeout (which defaults to off).
- **BUGFIX** Some manual pages referenced XSSO even though they documented OpenPAM-specific functions.
- **ENHANCE** Added `openpam_get_option()` and `openpam_set_option()`.
- **ENHANCE** `openpam_get_authtok()` now respects the `echo_pass`, `try_first_pass`, and `use_first_pass` options.
[Download from Sourceforge](http://sourceforge.net/projects/openpam/files/openpam/Cantaloupe/)

19
Releases-Celandine.md Normal file

@ -0,0 +1,19 @@
# OpenPAM Celandine
OpenPAM Celandine was released on 2002-03-05.
- **BUGFIX** `PAM_TRY_AGAIN` is a valid return value for `pam_chauthtok()`.
- **BUGFIX** Run passwd chain twice, first with the `PAM_PRELIM_CHECK` flag set, then with the `PAM_UPDATE_AUTHTOK` flag set.
- **BUGFIX** Failure of a "sufficient" module should not terminate the passwd chain if the `PAM_PRELIM_CHECK` flag is set.
- **BUGFIX** Clear `PAM_AUTHTOK` after running the service modules.
- **ENHANCE** Prevent applications from specifying the `PAM_PRELIM_CHECK` or `PAM_UPDATE_AUTHTOK` flags themselves.
- **BUGFIX** `openpam_set_option()` did not support changing the value of an existing option.
- **ENHANCE** Add support for module versioning. OpenPAM will prefer a module with the same version number as the library itself to one with no version number at all.
[Download from Sourceforge](http://sourceforge.net/projects/openpam/files/openpam/Celandine/)

15
Releases-Centaury.md Normal file

@ -0,0 +1,15 @@
# OpenPAM Centaury
OpenPAM Centaury was released on 2002-03-14.
- **BUGFIX** Add missing `#include <string.h>` to `openpam_log.c`.
- **BUGFIX** `s/PAM_REINITIALISE_CRED/PAM_REINITIALIZE_CRED/`. XSSO uses the former, but Solaris and Linux-PAM use the latter.
- **BUGFIX** The dynamic loader and the module cache contained a number of bugs which would cause a segmentation fault if `pam_start(3)` was called again after `pam_end(3)`, as happens in `login(1)`, `xdm(1)` etc. after a failed login.
- **BUGFIX** Refer to a module by the name used in the policy file, even if the module that was actually loaded was versioned.
- **ENHANCE** Suppress debugging logs, unless compiled with `-DDEBUG`.
[Download from Sourceforge](http://sourceforge.net/projects/openpam/files/openpam/Centaury/)

42
Releases-Checklist.md Normal file

@ -0,0 +1,42 @@
# Release checklist
## Source code
* Update `^/trunk/HISTORY`
* Update `^/trunk/RELNOTES`
* Update `OPENPAM_VERSION` and `OPENPAM_RELEASE` in `^/trunk/include/security/openpam_version.h` (use source:trunk/misc/bumpdates.sh, then revert `configure.ac` and the man pages)
* `svn cp trunk tags/openpam-${yyyymmdd}`
* replace `trunk` with `${yyyymmdd}` in `^/tags/openpam-${yyyymmdd}/configure.ac` and update `.Dd` in hand-written man pages (use source:trunk/misc/bumpdates.sh)
* Replace `????????` in `RELNOTES` with the release name
* `gmake distcheck` in `tags/openpam-${yyyymmdd}`
* `svn commit tags/openpam-${yyyymmdd}`
* `gmake dist` in `tags/openpam-${yyyymmdd}` to create the tarball
* `gpg --detach-sign --armor openpam-${yyyymmdd}.tar.gz`
* `sha256 -q openpam-${yyyymmdd}.tar.gz >openpam-${yyyymmdd}.tar.gz.sha256`
## SourceForge
* Create a subdirectory for the new release
* Upload the tarball to the subdirectory
* Mark the tarball as "default download" for all platforms
* Upload the signature (`.asc`) and checksum (`.sha256`)
* Upload `RELNOTES` and rename it to `README`
## Trac
* Create the release page
* Paste in the release notes (use source:trunk/misc/history2wiki.pl)
* Update the [release list](Releases) and the front page
* Make the tarball, checksum and signature available for download:
{{{
trac-admin /home/trac/openpam download add openpam-${yyyymmdd}.tar.gz type=source \
author=des version=${Relname} description="OpenPAM ${Relname}" ;
trac-admin /home/trac/openpam download add openpam-${yyyymmdd}.tar.gz.sha256 type=checksum \
author=des version=${Relname} description="OpenPAM ${Relname}" ;
trac-admin /home/trac/openpam download add openpam-${yyyymmdd}.tar.gz.asc type=signature \
author=des version=${Relname} description="OpenPAM ${Relname}" ;
}}}
## Other
* Update the infobox in the [Wikipedia article](http://en.wikipedia.org/wiki/OpenPAM)

25
Releases-Cinchona.md Normal file

@ -0,0 +1,25 @@
# OpenPAM Cinchona
OpenPAM Cinchona was released on 2002-04-08.
- **ENHANCE** Improved documentation for several API functions.
- **BUGFIX** Fix bug in `pam_set_data()` that would result in corruption of the module data list.
- **BUGFIX** Allocate the correct amount of memory for the environment list in `pam_putenv()`.
- **ENHANCE** Change `pam_get_authtok()`'s prototype so the caller can specify what token it wants. Also introduce `PAM_OLDAUTHTOK_PROMPT`.
- **BUGFIX** Plug memory leak in `pam_get_user()` / `pam_get_authtok()`, and reduce differences between these very similar functions.
- **ENHANCE** Check flags carefully in `pam_authenticate()` and `pam_chauthtok()`.
- **BUGFIX** Fix bugs in portability code; libpam now builds on NetBSD.
- **ENHANCE** In `pam_get_authtok()`, if `PAM_OLDAUTHTOK` is set, we're asked for `PAM_AUTHTOK`, and we have to prompt the user, prompt her twice and compare the responses.
- **ENHANCE** Add `openpam_{borrow,restore}_cred()`, for temporarily switching to user credentials.
- **ENHANCE** Add `openpam_free_data()`, a generic cleanup function for `pam_set_data()` consumers.
[Download from Sourceforge](http://sourceforge.net/projects/openpam/files/openpam/Cinchona/)

17
Releases-Cineraria.md Normal file

@ -0,0 +1,17 @@
# OpenPAM Cineraria
OpenPAM Cineraria was released on 2002-04-14.
- **BUGFIX** Fix confusion between token and prompt in `pam_get_authtok(3)`.
- **ENHANCE** Improved documentation.
- **ENHANCE** Adopt the same preprocessor tricks that were used in FreeBSD's version of Linux-PAM to simplify static linking without requiring dummy primitives.
- **ENHANCE** Move the policy-loading code out of `pam_start.c`.
- **BUGFIX** Fix typo in one of the versions of the `openpam_log` macro.
- **ENHANCE** Add versioning macros.
[Download from Sourceforge](http://sourceforge.net/projects/openpam/files/openpam/Cineraria/)

21
Releases-Cinnamon.md Normal file

@ -0,0 +1,21 @@
# OpenPAM Cinnamon
OpenPAM Cinnamon was released on 2002-05-02.
- **ENHANCE** Add a null conversation function, `openpam_nullconv()`.
- **BUGFIX** Various markup bugs in the documentation.
- **BUGFIX** Document `<security/openpam.h>`.
- **BUGFIX** Duplicate expansion of `openpam_log()` macro arguments.
- **ENHANCE** Restructure the policy-loading code and align our use of the "other" policy with Solaris and Linux-PAM.
- **ENHANCE** Log `dlopen()` and `dlsym()` failures.
- **ENHANCE** In `openpam_ttyconv()`, emit a newline after error and info messages unless the message contains one already.
- **BUGFIX** In `pam_vprompt()`, initialize the response pointer to `NULL` so we can detect whether the conversation function touched it.
[Download from Sourceforge](http://sourceforge.net/projects/openpam/files/openpam/Cinnamon/)

13
Releases-Cinquefoil.md Normal file

@ -0,0 +1,13 @@
# OpenPAM Cinquefoil
OpenPAM Cinquefoil was released on 2002-05-24.
- **BUGFIX** Various warnings uncovered by gcc 3.1.
- **ENHANCE** Add a null conversation function, `openpam_nullconv(3)`.
- **BUGFIX** Initialize the "other" chain to all zeroes.
- **ENHANCE** Document `openpam_ttyconv(3)`.
[Download from Sourceforge](http://sourceforge.net/projects/openpam/files/openpam/Cinquefoil/)

21
Releases-Citronella.md Normal file

@ -0,0 +1,21 @@
# OpenPAM Citronella
OpenPAM Citronella was released on 2002-06-30.
- **ENHANCE** Add the "binding" control flag (from Solaris 9).
- **ENHANCE** Define struct pam_repository and `PAM_REPOSITORY` (from Solaris 9).
- **ENHANCE** Flesh out the `pam(3)` man page.
- **ENHANCE** Add an `openpam(3)` page with cross-references to all the documented OpenPAM API extensions.
- **ENHANCE** Add a `pam_conv(3)` man page describing the conversation system.
- **ENHANCE** Improved sample application.
- **ENHANCE** Added sample `pam_unix` module.
- **BUGFIX** Various documentation nits.
[Download from Sourceforge](http://sourceforge.net/projects/openpam/files/openpam/Citronella/)

17
Releases-Cyclamen.md Normal file

@ -0,0 +1,17 @@
# OpenPAM Cyclamen
OpenPAM Cyclamen was released on 2002-12-12.
- **ENHANCE** Improve recursion detection in `openpam_dispatch()`.
- **ENHANCE** Add debugging messages at entry and exit points of most functions.
- **ENHANCE** Fix some minor style issues.
- **BUGFIX** Add default cases to the switches in `openpam_log.c`.
- **ENHANCE** Add `/usr/local/etc/pam.conf` to policy search path.
- **BUGFIX** In `openpam_ttyconv(3)`, print the prompt to `stdout` rather than `stderr`.
[Download from Sourceforge](http://sourceforge.net/projects/openpam/files/openpam/Cyclamen/)

11
Releases-Daffodil.md Normal file

@ -0,0 +1,11 @@
# OpenPAM Daffodil
OpenPAM Daffodil was released on 2003-01-06.
- **ENHANCE** Document dependency on `<sys/types.h>` (for `size_t`)
- **ENHANCE** Slightly improve error detection in `openpam_ttyconv()`.
- **BUGFIX** Fix several typos in debugging macros.
[Download from Sourceforge](http://sourceforge.net/projects/openpam/files/openpam/Daffodil/)

19
Releases-Dianthus.md Normal file

@ -0,0 +1,19 @@
# OpenPAM Dianthus
OpenPAM Dianthus was released on 2003-05-02.
- **BUGFIX** Initialize some potentially uninitialized variables.
- **BUGFIX** Silence some warnings emitted by `gcc -std=iso9899:1999`.
- **BUGFIX** In `pam_getenv()`, return a pointer to the stored variable instead of a freshly allocated copy.
- **ENHANCE** Detect recursion in `openpam_borrow_cred()`
- **ENHANCE** Make borrowing one's own credentials a no-op.
- **ENHANCE** Further improve debugging support.
- **ENHANCE** Clean up some variable names.
[Download from Sourceforge](http://sourceforge.net/projects/openpam/files/openpam/Dianthus/)

20
Releases-Digitalis.md Normal file

@ -0,0 +1,20 @@
# OpenPAM Digitalis
OpenPAM Digitalis was released on 2003-06-01.
- **ENHANCE** Completely rewrite the configuration parser and add support for the "include" control flag.
- **ENHANCE** Improve portability to NetBSD, OpenBSD and Linux.
- **ENHANCE** Lots of additional paranoia.
- **BUGFIX** The sample `su(1)` application dropped privileges before forking instead of after.
- **ENHANCE** Document `openpam_log(3)`.
- **ENHANCE** Other minor documentation fixes.
Thanks to Dmitry V. Levin <ldv@altlinux.org> for considerable
assistance with this release.
[Download from Sourceforge](http://sourceforge.net/projects/openpam/files/openpam/Digitalis/)

24
Releases-Dogwood.md Normal file

@ -0,0 +1,24 @@
# OpenPAM Dogwood
OpenPAM Dogwood was released on 2003-07-15.
- **ENHANCE** Use the GNU autotools.
- **ENHANCE** Constify the msg field in struct pam_message.
- **BUGFIX** Remove left-over debugging output
- **BUGFIX** Avoid side effects in arguments to the `FREE()` macro
- **ENHANCE** Make `openpam_ttyconv(3)` use `read(2)` rather than `fgets(3)`.
- **BUGFIX** Staticize some variables which shouldn't be global.
- **BUGFIX** Correcly anticipate a `NULL` user in `pam_get_user(3)`.
- **ENHANCE** Various minor documentation improvements.
Thanks to Dmitry V. Levin <ldv@altlinux.org> for considerable
assistance with this release.
[Download from Sourceforge](http://sourceforge.net/projects/openpam/files/openpam/Dogwood/)

11
Releases-Eelgrass.md Normal file

@ -0,0 +1,11 @@
# OpenPAM Eelgrass
OpenPAM Eelgrass was released on 2004-02-10.
- **BUGFIX** Correct array handling bugs in conversation code.
- **BUGFIX** In `openpam_ttyconv(3)`, don't strip trailing linear whitespace from the user's response.
- **BUGFIX** Many constness issues addressed.
[Download from Sourceforge](http://sourceforge.net/projects/openpam/files/openpam/Eelgrass/)

21
Releases-Feterita.md Normal file

@ -0,0 +1,21 @@
# OpenPAM Feterita
Known errata:
- [Service name validation](Errata-2011-11-08)
OpenPAM Feterita was released on 2005-02-01.
- **BUGFIX** Correct numerous markup errors, invalid cross-references, and other issues in the manual pages, with kind assistance from Ruslan Ermilov <ru@freebsd.org>.
- **BUGFIX** Avoid multiple evaluation of macro arguments in `ENTERX()` and `RETURNX()` macros.
- **BUGFIX** Remove an unnecessary and non-portable pointer cast in `pam_get_data(3)`.
- **BUGFIX** Fix identical typos in `PAM_ACCT_EXPIRED` case in `pam_strerror(3)` and gendoc.pl.
- **ENHANCE** Minor overhaul of the autoconf / build system.
- **ENHANCE** Add `openpam_free_envlist(3)`.
[Download from Sourceforge](http://sourceforge.net/projects/openpam/files/openpam/Feterita/)

17
Releases-Figwort.md Normal file

@ -0,0 +1,17 @@
# OpenPAM Figwort
Known errata:
- [Service name validation](Errata-2011-11-08)
OpenPAM Figwort was released on 2005-06-16.
- **BUGFIX** Correct several small signedness and initialization bugs discovered during review by the NetBSD team.
- **BUGFIX** Modify gendoc.pl to sort cross-references in dictionary order within each section.
- **ENHANCE** if a policy specifies a relative module path, prepend the module directory so we never call `dlopen(3)` with a relative path.
- **ENHANCE** add a `pam.conf(5)` manual page.
[Download from Sourceforge](http://sourceforge.net/projects/openpam/files/openpam/Figwort/)

23
Releases-Hydrangea.md Normal file

@ -0,0 +1,23 @@
# OpenPAM Hydrangea
Known errata:
- [Service name validation](Errata-2011-11-08)
OpenPAM Hydrangea was released on 2007-12-21.
- **ENHANCE** when compiling with GCC, mark up API functions with GCC attributes where appropriate.
- **BUGFIX** fixed numerous warnings uncovered by GCC 4.
- **ENHANCE** building the documentation is now optional.
- **ENHANCE** corrected a number of mistakes and style issues in the build system.
- **ENHANCE** API function arguments are now const where appropriate, to match corresponding changes in the Solaris PAM and Linux-PAM APIs.
- **ENHANCE** corrected a number of C namespace violations.
- **ENHANCE** the module cache has been removed, allowing long-lived applications to pick up module changes. This also allows multiple threads to use PAM simultaneously (as long as they use separate PAM contexts), since the module cache was the only part of OpenPAM that was not thread-safe.
[Download from Sourceforge](http://sourceforge.net/projects/openpam/files/openpam/Hydrangea/)

26
Releases-Lycopsida.md Normal file

@ -0,0 +1,26 @@
# OpenPAM Lycopsida
Known errata:
- [Application-provided login and password prompts](Errata-2017-01-18)
- [Memory leak in pam_set_item()](Errata-2017-02-19)
OpenPAM Lycopsida was released on 2011-12-18.
- **ENHANCE** removed static build autodetection, which didn't work anyway. Use an explicit, user-specified preprocessor variable instead.
- **ENHANCE** cleaned up the documentation a bit.
- **ENHANCE** added `openpam_subst(3)`, allowing certain `PAM` items to be embedded in strings such as prompts. Apply it to the prompts used by `pam_get_user(3)` and `pam_get_authtok(3)`.
- **ENHANCE** added support for the user_prompt, authtok_prompt and oldauthtok_prompt module options, which override the prompts passed by the module to `pam_set_user(3)` and `pam_get_authtok(3)`.
- **ENHANCE** rewrote the policy parser to support quoted option values.
- **ENHANCE** added `pamtest(1)`, a tool for testing modules and policies.
- **ENHANCE** added code to check the ownership and permissions of a module before loading it.
- **ENHANCE** added / improved input validation in many cases, including the policy file and some function arguments. ([CVE-2011-4122](http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4122))
[Download from Sourceforge](http://sourceforge.net/projects/openpam/files/openpam/Lycopsida/)

35
Releases-Micrampelis.md Normal file

@ -0,0 +1,35 @@
# OpenPAM Micrampelis
Known errata:
- [Configuration parsing](Errata-2013-03-04)
- [Policy loading](Errata-2014-06-02)
- [Line continuation](Errata-2014-10-22)
- [Application-provided login and password prompts](Errata-2017-01-18)
- [Memory leak in pam_set_item()](Errata-2017-02-19)
OpenPAM Micrampelis was released on 2012-05-26.
- **FEATURE** Add an `openpam_readword(3)` function which reads the next word from an input stream, applying shell quoting and escaping rules. Add numerous unit tests for `openpam_readword(3)`.
- **FEATURE** Add an `openpam_readlinev(3)` function which uses the `openpam_readword(3)` function to read words from an input stream one at a time until it reaches an unquoted, unescaped newline, and returns an array of those words. Add several unit tests for `openpam_readlinev(3)`.
- **FEATURE** Add a `PAM_HOST` item which `pam_start(3)` initializes to the machine's hostname. This was implemented in Lycopsida but inadvertantly left out of the release notes.
- **FEATURE** In `pam_get_authtok(3)`, if neither the application nor the module have specified a prompt and `PAM_HOST` and `PAM_RHOST` are both defined but not equal, use a different default prompt that includes `PAM_USER` and `PAM_HOST`.
- **ENHANCE** Rewrite the policy parser to used `openpam_readlinev()`, which greatly simplifies the code.
- **ENHANCE** The previous implementation of the policy parser relied on the `openpam_readline(3)` function, which (by design) munges whitespace and understands neither quotes nor backslash escapes. As a result of the aforementioned rewrite, whitespace, quotes and backslash escapes in policy files are now handled in a consistent and predictable manner.
- **ENHANCE** On platforms that have it, use `fdlopen(3)` to load modules. This closes the race between the ownership / permission check and the `dlopen(3)` call.
- **ENHANCE** Reduce the amount of pointless error messages generated while searching for a module.
- **ENHANCE** Numerous documentation improvements, both in content and formatting.
- **BUGFIX** A patch incorporated in Lycopsida inadvertantly changed OpenPAM's behavior when several policies exist for the same service, from ignoring all but the first to concatenating them all. Revert to the original behavior.
- **BUGFIX** Plug a memory leak in the policy parser.
[Download from Sourceforge](http://sourceforge.net/projects/openpam/files/openpam/Micrampelis/)

27
Releases-Nummularia.md Normal file

@ -0,0 +1,27 @@
# OpenPAM Nummularia
Known errata:
- [Character classification](Errata-2014-02-26)
- [Policy loading](Errata-2014-06-02)
- [Line continuation](Errata-2014-10-22)
- [Application-provided login and password prompts](Errata-2017-01-18)
- [Memory leak in pam_end()](Errata-2017-02-19)
OpenPAM Nummularia was released on 2013-09-07.
- **ENHANCE** Rewrite the dynamic loader to improve readability and reliability. Modules can now be listed without the ".so" suffix in the policy file; OpenPAM will automatically add it, just like it will automatically add the version number if required.
- **ENHANCE** Allow `openpam_straddch(3)` to be called without a character so it can be used to preallocate a string.
- **ENHANCE** Improve portability by adding simple `asprintf(3)` and `vasprintf(3)` implementations for platforms that don't have them.
- **ENHANCE** Move the libpam sources into a separate subdirectory.
- **ENHANCE** Substantial documentation improvements.
- **BUGFIX** When `openpam_readword(3)` encountered an opening quote, it would set the first byte in the buffer to '\0', discarding all existing text and, unless the buffer was empty to begin with, all subsequent text as well. This went unnoticed because none of the unit tests for quoted strings had any text preceding the opening quote.
- **BUGFIX** make --with-modules-dir work the way it was meant to work (but never did).
[Download from Sourceforge](http://sourceforge.net/projects/openpam/files/openpam/Nummularia/)

21
Releases-Ourouparia.md Normal file

@ -0,0 +1,21 @@
# OpenPAM Ourouparia
Known errata:
- [Line continuation](Errata-2014-10-22)
- [Application-provided login and password prompts](Errata-2017-01-18)
- [Memory leak in pam_set_item()](Errata-2017-02-19)
OpenPAM Ourouparia was released on 2014-09-12.
- **ENHANCE** When executing a chain, require at least one service function to succeed. This mitigates fail-open scenarios caused by misconfigurations or missing modules.
- **ENHANCE** Make sure to overwrite buffers which may have contained an authentication token when they're no longer needed.
- **BUGFIX** Under certain circumstances, specifying a non-existent module (or misspelling the name of a module) in a policy could result in a fail-open scenario. ([CVE-2014-3879](http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3879))
- **FEATURE** Add a search path for modules. This was implemented in Nummularia but inadvertently left out of the release notes.
- **BUGFIX** The `is_upper()` predicate only accepted the letter A as an upper-case character instead of the entire A-Z range. As a result, service and module names containing upper-case letters other than A would be rejected.
[Download from Sourceforge](http://sourceforge.net/projects/openpam/files/openpam/Ourouparia/)

19
Releases-Radula.md Normal file

@ -0,0 +1,19 @@
# OpenPAM Radula
OpenPAM Radula was released on 2017-02-19.
- **BUGFIX** Fix an inverted test which prevented `pam_get_authtok(3)` and `pam_get_user(3)` from using application-provided custom prompts.
- **BUGFIX** Plug a memory leak in `pam_set_item(3)`.
- **BUGFIX** Plug a potential memory leak in `openpam_readlinev(3)`.
- **BUGFIX** In `openpam_readword(3)`, support line continuations within whitespace.
- **ENHANCE** Add a feature flag to control fallback to "other" policy.
- **ENHANCE** Add a `pam_return(8)` module which returns an arbitrary code specified in the module options.
- **ENHANCE** More and better unit tests.
Download from [here](/downloads) or [Sourceforge](http://sourceforge.net/projects/openpam/files/openpam/Radula/)

15
Releases-Resedacea.md Normal file

@ -0,0 +1,15 @@
# OpenPAM Resedacea
OpenPAM Resedacea was released on 2017-04-30.
- **BUGFIX** Reinstore the `NULL` check in `pam_end(3)` which was removed in OpenPAM Radula, as it breaks common error-handling constructs.
- **BUGFIX** Return `PAM_SYMBOL_ERR` instead of `PAM_SYSTEM_ERR` from the dispatcher when the required service function could not be found.
- **ENHANCE** Introduce the `PAM_BAD_HANDLE` error code for when pamh is `NULL` in API functions that have a `NULL` check.
- **ENHANCE** Introduce the `PAM_BAD_ITEM`, `PAM_BAD_FEATURE` and `PAM_BAD_CONSTANT` error codes for situations where we previously incorrectly used `PAM_SYMBOL_ERR` to denote that an invalid constant had been passed to an API function.
- **ENHANCE** Improve the `RETURN VALUES` section in API man pages, especially for functions that cannot fail, which were incorrectly documented as returning -1 on failure.
Download from [here](/downloads) or [Sourceforge](http://sourceforge.net/projects/openpam/files/openpam/Resedacea/)

9
Releases-Tabebuia.md Normal file

@ -0,0 +1,9 @@
# OpenPAM Tabebuia
OpenPAM Tabebuia was released on 2019-02-24.
- **BUGFIX** Fix off-by-one bug in `pam_getenv(3)` which was introduced in OpenPAM Radula.
- **ENHANCE** Add unit tests for `pam_{get,put,set}env(3)`.
Download from [here](/downloads) or [Sourceforge](http://sourceforge.net/projects/openpam/files/openpam/Tabebuia/)

36
Releases.md Normal file

@ -0,0 +1,36 @@
# OpenPAM releases
## Current release
| 2019-02-24 | [Tabebuia](Releases-Tabebuia) |
## Past releases
| 2017-04-30 | [Resedacea](Releases-Resedacea) |
| 2017-02-19 | [Radula](Releases-Radula) |
| 2014-09-12 | [Ourouparia](Releases-Ourouparia) |
| 2013-09-07 | [Nummularia](Releases-Nummularia) |
| 2012-05-26 | [Micrampelis](Releases-Micrampelis) |
| 2011-12-18 | [Lycopsida](Releases-Lycopsida) |
| 2007-12-21 | [Hydrangea](Releases-Hydrangea) |
| 2005-06-16 | [Figwort](Releases-Figwort) |
| 2005-02-01 | [Feterita](Releases-Feterita) |
| 2004-02-10 | [Eelgrass](Releases-Eelgrass) |
| 2003-07-15 | [Dogwood](Releases-Dogwood) |
| 2003-06-01 | [Digitalis](Releases-Digitalis) |
| 2003-05-02 | [Dianthus](Releases-Dianthus) |
| 2003-01-06 | [Daffodil](Releases-Daffodil) |
| 2002-12-12 | [Cyclamen](Releases-Cyclamen) |
| 2002-06-30 | [Citronella](Releases-Citronella) |
| 2002-05-24 | [Cinquefoil](Releases-Cinquefoil) |
| 2002-05-02 | [Cinnamon](Releases-Cinnamon) |
| 2002-04-14 | [Cineraria](Releases-Cineraria) |
| 2002-04-08 | [Cinchona](Releases-Cinchona) |
| 2002-03-14 | [Centaury](Releases-Centaury) |
| 2002-03-05 | [Celandine](Releases-Celandine) |
| 2002-02-22 | [Cantaloupe](Releases-Cantaloupe) |
| 2002-02-13 | [Caliopsis](Releases-Caliopsis) |
| 2002-02-09 | [Calamite](Releases-Calamite) |
[Checklist](Releases-Checklist) for rolling new releases