mirror of
https://github.com/linux-pam/linux-pam.git
synced 2024-11-24 10:22:47 +08:00
d9f17b20fb
Purpose of commit: bugfix Commit summary: --------------- latest attempt to deal with the number of rlimits supported by Linux. (Last attempt was the fix for Bug 219554 (ne 119554).
1428 lines
62 KiB
Plaintext
1428 lines
62 KiB
Plaintext
|
|
$Id$
|
|
|
|
-----------------------------
|
|
|
|
TODO:
|
|
|
|
- sanitize use of md5 throughout distribution.. Make a static
|
|
library for helping to develop modules that contains it and other
|
|
stuff. Also add sha-1 and ripemd-160 digest algorithms.
|
|
- once above is done. remove hacks from the secret@here module etc..
|
|
- remove prototype for gethostname in pam_access.c (Derrick)
|
|
- document PAM_INCOMPLETE changes
|
|
- verify that the PAM_INCOMPLETE interface is sensible. Can we
|
|
catch errors? should we permit item changing etc., between
|
|
pam_authenticate re-invocations?
|
|
- verify that the PAM_INCOMPLETE interface works (auth seems ok..)
|
|
- add PAM_INCOMPLETE support to modules (partially added to pam_pwdb)
|
|
- work on RFC.
|
|
- do we still need to remove openlog/closelog from modules..?
|
|
- auth and acct support in pam_cracklib, "yes, I know the password
|
|
you just typed was valid, I just don't think it was very strong..."
|
|
- add in the pam_cap and pam_netid modules
|
|
|
|
====================================================================
|
|
Note, as of release 0.73, all checkins should be accompanied with a
|
|
Bug ID. The bug IDs relate to sourceforge IDs.. (Of course, nothing is
|
|
ever that simple. It turns out that at some point in Sourceforge's
|
|
history all of the bug ids got bumped by 100000, so pretty much if you
|
|
see a bug ID below that begins with a '1' and your attempted query
|
|
fails, try adding 100000 to the number and trying again. I believe
|
|
this only affects bugs before release 0.76.)
|
|
|
|
You can query the related bug description with the following URL:
|
|
|
|
http://sourceforge.net/tracker/index.php?func=detail&aid=XXXXXX&group_id=6663&atid=106663
|
|
|
|
Where you should replace XXXXXX with a bug-id.
|
|
|
|
If you have found a bug in Linux-PAM, please consider filing such a
|
|
bug report - outstanding bugs are listed here:
|
|
|
|
http://sourceforge.net/tracker/?atid=106663&group_id=6663&func=browse
|
|
|
|
(to file another bug see the 'submit bug' button on this page).
|
|
|
|
====================================================================
|
|
|
|
0.76: please submit patches for this section with actual code/doc
|
|
patches!
|
|
|
|
* another fix for the latest number of rlimits available to pam_limits
|
|
(Bug 424060 - agmorgan)
|
|
* removed stale link from pam_pwdb documentation (Bug 433460 - agmorgan)
|
|
* pam_appl.sgml change - more discussion of choosing a service name
|
|
(Bug 417512 - agmorgan)
|
|
* more specific linking requirements for -lndbm for pam_userdb - from
|
|
David Lee (Bug 417339 - agmorgan)
|
|
* a large number of small changes to make AIX support better (Bug
|
|
416229 - agmorgan)
|
|
* $(MAKE) instead of 'make' - from Scott T. Emery (Bug 422144 -
|
|
agmorgan)
|
|
* c++ header fixes for pam_misc.h and pam_client.h - from Alexandre
|
|
Sagala (Bug 420270 - agmorgan)
|
|
* pam_access fixes - looks out for trailing '.' - from Carlo Marcelo
|
|
Arenas Belon (Bug 419631 - agmorgan)
|
|
* don't zero out password strings during pam_unix's password changing
|
|
function (Bug 419803 - vorlon)
|
|
* propagate some definitions to the _pam_aconf.h file - from David Lee
|
|
(Bug 415419 - agmorgan)
|
|
* solaris GCC OS_CFLAGS change from David Lee (Bug 415412 - agmorgan)
|
|
* added a comment to this CHANGELOG to explain why most of the bugids
|
|
used below appear not to be known to sourceforge [try adding 100000
|
|
to the bugid number.] (Bug 414943 - agmorgan)
|
|
* bumped version numbers and also added support for SONAME defines
|
|
that appear not to have survived the great autoconf experiment (Bug
|
|
414669 - agmorgan).
|
|
|
|
0.75: Sat Apr 7 23:10:50 PDT 2001
|
|
|
|
** WARNING **
|
|
|
|
This release contains backwardly incompatible changes to
|
|
libpam. Prior versions were buggy - see bugfix for Bug 129775.
|
|
|
|
** WARNING **
|
|
|
|
* made 0.75 release (Bug 414665 - agmorgan)
|
|
* pam_pwdb has been removed from the suggested pam.conf template. I've
|
|
replaced it with pam_unix. (Bug 227565 - agmorgan)
|
|
* pam_limits - Richard M. Yumul reported that "<domain> -" didn't
|
|
work, first fix suggested by Werner Puschitz (Bug 404953 - agmorgan)
|
|
* Nicolay Pelov suggested a simple fix for freebsd support (Bug 407282
|
|
- agmorgan)
|
|
* Michel D'HOOGE submitted documentation fixes (Bug 408961 - agmorgan)
|
|
* fix for module linking directions (Bug 133545 - agmorgan)
|
|
* fix for glibc-2.2.2 compilation of pam_issue (Bug 133542 - agmorgan)
|
|
* fix pam_userdb to make and link both .o files it needs - converse()
|
|
wasn't being linked! (Bug 132880 - agmorgan)
|
|
* added some sys-admin documentation for the pam_tally module (Bug
|
|
126210 - agmorgan).
|
|
* added a link to module examples from the module writers doc (Bug
|
|
131192 - agmorgan).
|
|
* fixed a small security hole (more of a user confusion issue) with
|
|
the unix and pwdb password helper binaries. The beef is described in
|
|
the bug report, but no uid change was possible so no-one should
|
|
think they need to issue a security bulletin over this one! (Bug
|
|
112540 - agmorgan)
|
|
* pam_lastlog needs to be linked with -lutil, also removed ambiguity
|
|
from sysadmin guide regarding this module being a 'session' module
|
|
(Bug 131549 - agmorgan).
|
|
* pam_cracklib needs to be linked with -lcrypt (old password checking)
|
|
(Bug 131601 - agmorgan).
|
|
* fixes for static library builds and also the examples when linked
|
|
with the debugging build of the libraries. (Bug 131783 - agmorgan)
|
|
* fixed URL for original RFC to a cached kernel.org file. (Bug 131503
|
|
- agmorgan)
|
|
* quoted the $CRACKLIB_DICTPATH test in configure.in (Bug 130130 -
|
|
agmorgan).
|
|
* improved handling of the setcred/close_session and update chauthtok
|
|
stack. *Warning* This is a backwardly incompatable change, but 'more
|
|
sane' than before. (Bug 129775 - agmorgan)
|
|
* bumped the version number, and added some code to assist in making
|
|
documentation releases (Bug 129644 - agmorgan).
|
|
|
|
0.74: Sun Jan 21 22:36:08 PST 2001
|
|
|
|
* made 0.74 release (Bug 129642 - agmorgan)
|
|
* libpam - cleaned up a few non-static functions to be static and added
|
|
support for libpam to enforce things like pam_[gs]et_data() and
|
|
AUTHTOK rules for using the API. Also documented pam_[gs]et_item()
|
|
a little better including return codes (Bugs 129027, 128576 -
|
|
agmorgan).
|
|
* pam_access - fixed the non-default config file option (Bug 127561 -
|
|
agmorgan)
|
|
* pam.8 manual page clarified with respect to the default location for
|
|
finding modules, also added some text describing the [...] control
|
|
syntax. (Bug 127625 - agmorgan)
|
|
* md5.h ia64 fixes for pam_unix and pam_pwdb (Bug 127700 - agmorgan)
|
|
* removed requirement for c++ from the configure{.in,} files (Bug
|
|
128298 - agmorgan)
|
|
* removed subdirectories from man page redirections (124396 - baggins)
|
|
* per David Lee, fixed non-POSIX shell command in modules/pam_filter/Makefile
|
|
(Bug 126440 - vorlon)
|
|
* modify format of pam_unix log messages to include service name
|
|
(Bug 126423 - vorlon)
|
|
* prevent pam_unix from logging unknown usernames (Bug 126431 - vorlon)
|
|
* changed format of pam_unix 'authentication failure' log messages to make
|
|
them clearer and more consistent (Bug 126036 - vorlon)
|
|
* improved portability of pam_unix by eliminating Linux-specific utmp
|
|
defines in PAM_getlogin() (Bug 125704 - vorlon)
|
|
* removed static variables from pam_tally (Bug 117434 - agmorgan)
|
|
* added copyright message to pam_access module from original logdaemon
|
|
sources (Bug 125022 - agmorgan)
|
|
* configure.in - removed the GCC -Wtraditional flag (Bug 124923 - agmorgan)
|
|
* pam_mail - use PAM_PATH_MAILDIR as the location of mail spool
|
|
(Bug 124397 - baggins)
|
|
* _pam_aconf.h.in, configure.in - added PAM_PATH_MAILDIR set via
|
|
--with-mailspool=dir option (default is _PAM_MAILDIR if defined
|
|
in paths.h otherwise /var/spool/mail (Bug 124397 - baggins)
|
|
* removed unnecessary CVS Log tags from all over the source
|
|
(Bug 124391 - baggins)
|
|
* pam_tally - check for PAM_TTY if PAM_RHOST is not set when writing
|
|
to faillog (Bug 124394 - baggins)
|
|
* use O_NOFOLLOW if available when opening debug log (Bug 124385 - baggins)
|
|
* pam_cracklib - removed comments about pam_unix not working with
|
|
pam_cracklib, added information about use_authtok parameter
|
|
(Bug 124388 - baggins)
|
|
* pam_userdb - fixed wrong definition of struct pam_module (was pam_wheel)
|
|
(Bug 124386 - baggins)
|
|
* fixed example/Makefile include path (Bug 124187, 127563(?) - agmorgan)
|
|
* pam_userdb compiles on RH5x. Also removed circular dependency on
|
|
configure.in. Also bumped revision number to 0.74. (Bug 124136 -
|
|
agmorgan)
|
|
|
|
0.73: Sat Dec 2 00:04:04 PST 2000
|
|
|
|
* updated documentaion revisions and added 'make release' support
|
|
to the top level Makefile (Bug 124132 - agmorgan).
|
|
* documented Qmail support in pam_mail (Bug 109219 - baggins)
|
|
* add change_uid option to pam_limits, and set real uid only if
|
|
this option is present (Bug 124062 - baggins)
|
|
* pam_limits - set real uid to the user for who we set limits.
|
|
(Bug 123972 - baggins)
|
|
* removed static variables from pam_limits (thread safe now). (Bug
|
|
117450 - agmorgan).
|
|
* removed static variable from pam_wheel (module should be thread safe
|
|
now). (Bug 112906 - agmorgan)
|
|
* added support for '/' symbols in pam_time and pam_group config files
|
|
(support for modern terminal devices). Fixed infinite loop problem
|
|
with '\\[^\n]' in these files. (Bug 116076 - agmorgan)
|
|
* avoid potential SIGPIPE when writing to helper binaries with (Bug
|
|
123399 - agmorgan)
|
|
* replaced bogus logic in the pam_cracklib module for determining if
|
|
the replacement is too similar to the old password (Bug 115055 -
|
|
agmorgan)
|
|
* added accessconf=<filename> feature to pam_access - request from
|
|
Aldrin Martoq and Meelis Roos (Bugs 111927,117240 - agmorgan)
|
|
* fix for pam_limit module not dealing with all limits Adam J. Richter
|
|
(Bug 119554 - agmorgan)
|
|
* comment fix describing fail_delay callback in _pam_types.h (Bug
|
|
112646 - agmorgan)
|
|
* "likeauth" fix for pam_unix and pam_pwdb which (Bug 113596 - agmorgan)
|
|
* fix for pam_unix (support.c) to avoid segfault with NULL password
|
|
(Bug 113238 - vorlon)
|
|
* fix to pam_unix_passwd: try repeatedly to get a lock on the password
|
|
file, instead of failing immediately (Bug 108845 - fix vorlon)
|
|
* fix to pam_shells: logged information was not formatted correctly
|
|
(extra comma) (Bug 111491 - fix vorlon)
|
|
* fix for C++ application support (Bug 111645 - fix agmorgan)
|
|
* fix for typo in pam_client.h (Bug 111648 - fix agmorgan)
|
|
* removal of -lpam from pam_mkhomedir Makefile (Bug 116380 - fix agmorgan)
|
|
* autoconf support [Task ID 15788, Bug ID 108297 - agmorgan with help!]
|
|
- bugfix for libpamc.h include file [Bug ID 117476 - agmorgan]
|
|
- bugfix for pam_filter.h inclusion [Bug ID 117474 - agmorgan]
|
|
|
|
0.72: Mon Dec 13 22:41:11 PST 1999
|
|
|
|
* patches from Debian (Ben Collins): pam_ftp supports event driven
|
|
conversations now; pwdb_chkpwd cleanup; pam_warn static compile fix;
|
|
user_db compiler warnings removed; debian defs file; pam_mail can
|
|
now be used as a session module
|
|
* ndbm compilation option for user_db module (fix explained by Richard Khoo)
|
|
* pam_cracklib bug fix
|
|
* packaging fixes & build from scratch stuff (Konst Bulatnikov & Frodo
|
|
Looijaard)
|
|
* -ldl appended to the libpam.so compilation make rule. (Charles Seeger)
|
|
* Red Hat security patch for pam_pwdb forwarded by Debian! (Ben
|
|
Collins. Fix provided by Andrey as it caught the problem earlier in the
|
|
code.)
|
|
* heuristic to prevent leaking filedescriptors to an agent. [This needs
|
|
to be better supported perhaps by an additional libpamc API function?]
|
|
* pam_userdb segfault fix from (Ben Collins)
|
|
* PAM draft spec extras added at request of 'sen_ml'
|
|
|
|
0.71: Sun Nov 7 20:21:19 PST 1999
|
|
|
|
* added -lc to linker pass for pam_nologin module (glibc is weird).
|
|
* various header changes to lower the number of warnings on glibc
|
|
systems (Dan Yefimov)
|
|
* merged a bunch of Debian fixes/patches/documentation (Ben Collins)
|
|
things touched: libpam (minor); doc/modules/pam_unix.sgml; pam_env
|
|
(plus docs); pam_mkhomedir (new module for new home directories on
|
|
the fly...); pam_motd (new module); pam_limits (adjust to match
|
|
docs); pam_issue (new module + doc) [Some of these were also
|
|
submitted by Thorsten Kukuk]
|
|
* small hack to lower the number of warnings that pam_client.h was
|
|
generating.
|
|
* debian and SuSE apparently can use the pam_ftp module, so
|
|
removed the obsolete comment about this from the docs. (Thorsten
|
|
Kukuk)
|
|
|
|
0.70: Fri Oct 8 22:05:30 PDT 1999
|
|
|
|
* bug fix for parsing of value=action tokens in libpam/pam_misc.c was
|
|
segfaulting (Jan Rekorajski and independently Matthew Melvin)
|
|
* numerous fixes from Thorsten Kukuk (icluding much needed fixes for
|
|
bitrot in modules and some documentation) that got included in SuSE 6.2.
|
|
* reentrancy issues in pam_unix and pam_cracklib resolved (Jan Rekorajski)
|
|
* added hosts_equiv_rootok module option to pam_rhosts module (Tim Berger)
|
|
* added comment about 'expose_account' module argument to admin and
|
|
module writers' docs (request from Michael K Johnson).
|
|
* myriad of bug fixes for libpamc - library now built by default and
|
|
works with the biomouse fingerprint scanner agent/module
|
|
(distributed separately).
|
|
|
|
0.69: Sun Aug 1 20:25:37 PDT 1999
|
|
|
|
* c++ header #ifdef'ing for pam_appl.h (Tuomo Pyhala)
|
|
* added pam_userdb module (Cristian Gafton)
|
|
* minor documentation changes
|
|
* added in revised pam_client library (libpamc). Not installed by
|
|
default yet, since the example agent/module combo is not very secure.
|
|
* glibc fixes (Thorsten Kukuk, Adam J. Richter)
|
|
|
|
0.68: Sun Jul 4 23:04:13 PDT 1999
|
|
|
|
* completely new pam_unix module from Jan Rekorajski and Stephen Langasek
|
|
* Jan Rekorajski pam_mail - support for Maildir format mailboxes
|
|
* Jan Rekorajski pam_cracklib - support for old password comparison
|
|
* Jan Rekorajski bug fix for pam_pwdb setcred reusing auth retval
|
|
* Andrey's pam_tally patch (lstat -> fstat)
|
|
* Robert Milkowski's additional pam_tally patches to **change format of
|
|
/var/log/faillog** to one from shadow-utils, add new option "per_user"
|
|
for pam_tally module, failure time logging, support for fail_line
|
|
field, and support for fail_locktime field with new option
|
|
no_lock_time.
|
|
* pam_tally: clean up the tally application too.
|
|
* Marcin Korzonek added process priority settings to pam_limits (bonus
|
|
points for adding to documentation!)
|
|
* Andrey's pam_pwdb patch (cleanup + md5 endian fubar fix)
|
|
* more binary prompt preparations (make misc conv more compatible with spec)
|
|
* modified callback hook for fail delay to be more useful with event
|
|
driven applications (changed function prototype - suspect no one
|
|
will notice). Documented this in app developer guide.
|
|
* documentation for pam_access from Tim Berger
|
|
* syntax fixes for the documentation - a long time since I've built it :*(
|
|
added some more names to the CREDITS file.
|
|
|
|
0.67: Sat Jun 19 14:01:24 PDT 1999
|
|
|
|
* [dropped libpam_client - libpamc will be in the next release and
|
|
conforms to the developing spec in doc/specs/draft-morgan-pam.raw.
|
|
Sorry if you are keeping a PAM tree in CVS. CVS is a pain for
|
|
directories, but this directory was actually not referenced by
|
|
anything so the disruption should be light.]
|
|
* updates to pam_tally from Tim
|
|
* multiple updates from Stephen Langasek to pam_unix
|
|
* pam_filter had some trouble compiling (bug report from Sridhar)
|
|
* pam_wheel now attempts to identify the wheel group for the local
|
|
system instead of blindly assuming it is gid=0. In the case that
|
|
there is no "wheel" group, we default to assuming gid=0 is what was
|
|
meant - former behavior. (courtesy of Sridhar)
|
|
* NIS+ changes to pam_unix module from Dmitry O Panov
|
|
* hopefully, a fix for redefinition of LOG_AUTHPRIV (bug report Luke
|
|
Kenneth Casson Leighton)
|
|
* fix for minor typo in pam_wheel documentation (Jacek Kopecky)
|
|
* slightly more explanation of the [x=y] pam.conf syntax in the sys
|
|
admin guide.
|
|
|
|
0.66: Mon Dec 28 20:22:23 PST 1998 <morgan@linux.kernel.org>
|
|
|
|
* Started using cvs to keep track of changes to Linux-PAM. This will
|
|
likely break some of the automated building stuff (RPMs etc..).
|
|
* security bug fix to pam_unix and pam_tally from Andrey.
|
|
* modules make file is now more automatic. It should be possible to
|
|
unpack an external module in the modules directory and have it automatically
|
|
added to the build process. Also added a modules/download-all script
|
|
that will make such downloading easier. I'm happy to receive patches to
|
|
this file, informing the distribution of places from which to enrich itself.
|
|
* removed pam_system_log stuff. Thought about it long and hard: a
|
|
bad idea. If libc cannot guarantee a thread safe syslog, it needs
|
|
to be fixed and compatibility with other PAM libraries was
|
|
unnecessarily strained.
|
|
* SAG documentation changes: Seth Chaiklin
|
|
* rhosts: problems with NIS lookup failures with the root-uid check.
|
|
As a work-around, I've partially eliminated the need for the lookup
|
|
by supplying two new arguments: no_uid_check, superuser=<username>.
|
|
As a general rule this is more pluggable, since this module might be
|
|
used as an authentication scheme for a network service that does not
|
|
need root privilege...
|
|
* authenticate retval -> setcred for pam_pwdb (likeauth arg).
|
|
* pam_pwdb event driven support
|
|
* non openlog pam_listfile logging
|
|
* BUGFIX: close filedescriptor in pam_group and pam_time (Emmanuel Galanos)
|
|
* Chris Adams' mailhash change for pam_mail module
|
|
* fixed malloc failure check in pam_handlers.c (follow up to comment
|
|
by Brad M. Garcia).
|
|
* update to _pam_compat.h (Brad M. Garcia)
|
|
* support static modules in libpam again (Brad M. Garcia)
|
|
* libpam/pam_misc.c for egcs to grok the code (Brad M. Garcia)
|
|
* added a solaris-2.5.1 defs file (revived by Derrick J Brashear)
|
|
* pam_listfile logs failed attempts
|
|
* added a comment (Michael K Johnson pointed it out) about sgml2latex
|
|
having a new syntax. I'll make it the change real when I upgrade...
|
|
* a little more text to the RFC, spelling fix from William J Buffam.
|
|
* minor changes to pam_securetty to accommodate event driven support.
|
|
|
|
0.65: Sun Apr 5 22:29:09 PDT 1998 <morgan@linux.kernel.org>
|
|
|
|
* added event driven programming extensions to libpam
|
|
- added PAM_INCOMPLETE handling to libpam/pam_dispatch.c
|
|
- added PAM_CONV_AGAIN which is a new conversation response that
|
|
should be mapped to PAM_INCOMPLETE by the module.
|
|
- ensured that the pam_get_user() function can resume
|
|
- changes to pam_strerror to accommodate above return codes
|
|
- clean up _pam_former_state at pam_end()
|
|
- ensured that former state is correctly initialized
|
|
- added resumption tests to pam_authenticate(), pam_chauthtok()
|
|
- added PAM_FAIL_DELAY item for pausing on failure
|
|
|
|
* improved _pam_macros.h so that macros can be used as single commands
|
|
(Andrey)
|
|
|
|
* reimplemented logging to avoid bad interactions with libc. Added
|
|
new functions, pam_[,v]system_log() to libpam's API. A programmer
|
|
can check for this function's availablility by checking if
|
|
HAVE_PAM_SYSTEM_LOG is #defined.
|
|
|
|
* removed the reduce conflict from pam_conv1 creation -- I can sleep
|
|
again now. :^]
|
|
|
|
* made building of static and dynamic libpam separate. This is
|
|
towards making it possible to build both under Solaris (for Derrick)
|
|
|
|
* made USE_CRACKLIB a condition in unix module (Luke Kenneth Casson Leighton)
|
|
|
|
* automated (quiet) config installation (Andrey)
|
|
|
|
0.64: Thu Feb 19 23:30:24 PST 1998 Andrew Morgan <morgan@linux.kernel.org>
|
|
|
|
* miscellaneous patches for building under Solaris (Derrick J Brashear)
|
|
|
|
* removed STATIC support from a number of module Makefiles. Notably,
|
|
these modules are those that use libpwdb and caused difficulties
|
|
satisfying the build process. (Please submit patches to fix this...;)
|
|
|
|
* reomved the union for binary packet conversations from
|
|
(_pam_types.h). This is now completely implemented in libpam_client.
|
|
|
|
* Andrey's patch for working environment variable handling in
|
|
sh_secret module.
|
|
|
|
* made the libpam_misc conversation function a bit more flexible with
|
|
respect to binary conversations.
|
|
|
|
* added top level define (DEBUG_REL) for compiling in the form of
|
|
a debugging release. I use this on a Red Hat 4.2 system with little
|
|
chance of crashing the system as a whole. (Andrey has another
|
|
implementation of this -- with a spec file to match..)
|
|
|
|
0.63: Wed Jan 28 22:55:30 PST 1998 Andrew Morgan <morgan@linux.kernel.org>
|
|
|
|
* added libpam_client "convention" library. This makes explicit the
|
|
use of PAM_BINARY_PROMPT. It is a first cut, so don't take it too
|
|
seriously yet. Comments/suggestions for improvements are very
|
|
welcome. Note, this library does not compile by default. It will
|
|
be enabled when it is judged stable. The library comes with two
|
|
module/agent pairs and can be used with ssh using a patch available
|
|
from my pre-release directory [where you got this file.]
|
|
|
|
* backward compatibility patch for libpam/pam_handlers.c (PAM_IGNORE
|
|
was working with neither "requistie" nor "required") and a DEBUG'ing
|
|
compile time bug with pam_dispatch.c (Savochkin Andrey Vladimirovich)
|
|
|
|
* minor Makefile change from (Savochkin Andrey Vladimirovich)
|
|
|
|
* added pam_afsauth, pam_afspass, pam_restrict, and pam_syslog hooks
|
|
(Derrick J Brashear)
|
|
|
|
* pam_access use of uname(2) problematic (security problem
|
|
highlighted by Olaf Kirch).
|
|
|
|
* pam_listfile went a bit crazy reading group membersips (problem
|
|
highlighted by Olaf Kirch and patched independently by Cristian
|
|
Gafton and Savochkin Andrey Vladimirovich)
|
|
|
|
* compatibility hooks for solaris and hpux (Derrick J Brashear)
|
|
|
|
* 64 bit Linux/alpha bug fixed in pam_rhosts (Andrew D. Isaacson)
|
|
|
|
0.62: Wed Jan 14 14:10:55 PST 1998 Andrew Morgan <morgan@linux.kernel.org>
|
|
|
|
* Derrick J Brashear's patches: adds the HP stuff missed in the first
|
|
patch; adds SunOS support; adds support for the Solaris native ld
|
|
instead of requiring gnu ld.
|
|
|
|
* last line of .rhosts file need not contain a newline. (Bug reported by
|
|
Thompson Freeman.)
|
|
|
|
0.61: Thu Jan 8 22:57:44 PST 1998 Andrew Morgan <morgan@linux.kernel.org>
|
|
|
|
* complete rewrite of the "control flag" logic. Formerly, we were
|
|
limited to four flags: requisite, required, sufficient, optional.
|
|
We can now use these keywords _and_ a great deal more besides.
|
|
The extra logic was inspired by Vipin Samar, a preliminary patch was
|
|
written by Andy Berkheimer, but I "had some ideas of my own" and
|
|
that's what I've actually included. The basic idea is to allow the
|
|
admin to custom build a control flag with a series of token=value
|
|
pairs inside square brackets. Eg., '[default=die success=ok]' which
|
|
is pretty close to a synonym for 'requisite'. I'll try to document it
|
|
better in the sys-admin guide but I'm pretty sure it is a change for
|
|
the better.... If what is in the sys-admin guide is not good enough
|
|
for you, just take a look at the source for libpam ;^)
|
|
|
|
0.59: Thu Jan 8 22:27:22 PST 1998 Andrew Morgan <morgan@linux.kernel.org>
|
|
|
|
* better handling of empty lines in .rhosts file. (Formerly, we asked
|
|
the nameserver about them!) Fix from Hugh Daschbach.
|
|
|
|
* _broke_some_binary_compatibility_ with previous versions to become
|
|
compliant with X/Open's XSSO spec. Specifically, this has been
|
|
by changing the prototype for pam_strerror().
|
|
|
|
* altered the convention for the conversation mechanism to agree
|
|
with that of Sun. (number of responses 'now=' number of messages
|
|
with help from Cristian for finding a bug.. Cristian also found a
|
|
nasty speradic segfault bug -- Thanks!)
|
|
|
|
* added NIS+ support to pam_unix_*
|
|
|
|
* fixed a "regular file checking" problem with the ~/.rhosts sanity
|
|
check. Added "privategroup" option to permit group write permission
|
|
on the ~/.rhosts file in the case that the group owner has the same
|
|
name as the authenticating user. :*) "promiscuous" and "suppress"
|
|
were not usable!
|
|
|
|
* added glibc compatibility to pam_rhosts_auth (protected __USE_MISC
|
|
with #ifndef since my libc already defines it!).
|
|
|
|
* Security fix from Savochkin Andrey Vladimirovich with suggested
|
|
modification from Olaf Seibert.
|
|
|
|
* preC contains mostly code clean-ups and a number of changes to
|
|
_pam_macros.
|
|
|
|
0.58: whenever
|
|
|
|
* pam_getenvlist() has a more robust definition (XSSO) than was previously
|
|
thought. It would seem that we no longer need pam_misc_copy_env()
|
|
which was there to provide the robustness that pam_getenvlist()
|
|
lacked before...
|
|
|
|
Accordingly, I have REMOVED the prototype from libpam_misc. (The
|
|
function, however, will remain in the library as a wrapper for
|
|
legacy apps, but will likely be removed from libpam_misc-1.0.) PLEASE
|
|
FIX YOUR APPS *BEFORE* WE GET THERE!
|
|
|
|
* Alexy Nogin reported garbage output from pam_env in the case of
|
|
a non-existent environment variable.
|
|
|
|
* 'fixed' pwdb compilation for pam_wheel. Not very cleanly
|
|
done.. Mmmm. Should really clean up the entire source tree...
|
|
|
|
* added prototypes for mapping functions
|
|
|
|
<**WARNING**>
|
|
|
|
various constants have had there names changed. Numerical values have
|
|
been retained but be aware some source old modules/applications will
|
|
need to be fixed before recompilation.
|
|
|
|
</**WARNING**>
|
|
|
|
* appended documentation to README for pam_rhosts module (Nicolai
|
|
Langfeldt).
|
|
|
|
* verified X/Open compatibility of header files - note, where we differ
|
|
it is at the level of compilation warnings and the use of 'const char *'
|
|
instead of 'char *'. Previously, Sun(X/open) have revised their spec
|
|
to be more 'const'-ervative in the light of comments from Linux-PAM
|
|
development.
|
|
|
|
* Ooops! PAM_AUTHTOKEN_REQD should have been PAM_NEW_AUTHTOK_REQD.
|
|
|
|
changed: pam_pwdb(pam_unix_acct) (also bug fix for
|
|
_shadow_acct_mgmt_exp() return value), pam_stress,
|
|
libpam/pam_dispatch, blank, xsh.
|
|
|
|
* New: PAM_AUTHTOK_EXPIRED - password has expired.
|
|
|
|
* Ooops! PAM_CRED_ESTABLISH (etc.) should have been PAM_ESTABLISH_CRED
|
|
etc... (changed - this may break some people's modules - PLEASE TAKE
|
|
NOTE!)
|
|
changed: pam_group, pam_mail, blank, xsh; module and appl
|
|
docs, pam_setcred manual page.
|
|
|
|
* renamed internal _pam_handle structure to be pam_handle as per XSSO.
|
|
|
|
* added PAM_RADIO_TYPE (for multiple choice input method). Also
|
|
added PAM_BINARY_{MSG,PROMPT} (for interaction out of sight of user
|
|
- this could be used for RSA type authentication but is currently
|
|
just there for experimental purposes). The _BINARY_ types are now
|
|
usable with hooks in the libpam_misc conversation function. Still
|
|
have to add PAM_RADIO_TYPE.
|
|
|
|
* added pam_access module (Alexei Nogin)
|
|
|
|
* added documentation for pam_lastlog. Also modified the module to
|
|
not (by default) print "welcome to your new account" when it cannot
|
|
find a utmp entry for the user (you can turn this on with the
|
|
"never" argument).
|
|
|
|
* small correction to the pam_fail_delay manual page. Either the appl or
|
|
the modules header file will prototype this function.
|
|
|
|
* added "bigcrypt" (DEC's C2) algorithm(0) to pam_pwdb. (Andy Phillips)
|
|
|
|
* *BSD tweaking for various #include's etc. (pam_lastlog, pam_rhosts,
|
|
pam_wheel, libpam/pam_handlers). (Michael Smith)
|
|
|
|
* added configuration directory $SCONFIGED for module specific
|
|
configuration files.
|
|
|
|
* added two new "linked" man pages (pam.conf(8) and pam.d(8))
|
|
|
|
* included a reasonable default for /etc/pam.conf (which can be
|
|
translated to /etc/pam.d/* files with the pam_conv1 binary)
|
|
|
|
* fixed the names of the new configuration files in
|
|
conf/pam_conv1/pam_conv.y
|
|
|
|
* fixed make check.
|
|
|
|
* pam_lastlog fixed to handle UID in virgin part of /var/log/lastlog
|
|
(bug report from Ronald Wahl).
|
|
|
|
* grammar fix in pam_cracklib
|
|
|
|
* segfault avoided in pam_pwdb (getting user). Updating of passwords
|
|
that are directed to a "new" database are more robust now (bug noted
|
|
by Michael K. Johnson). Added "unix" module argument for migrating
|
|
passwords from another database to /etc/passwd. (documentation
|
|
updated). Removed "bad username []" warning for empty passwords -
|
|
on again if you supply the 'debug' module argument.
|
|
|
|
* ctrl-D respected in conversation function (libpam_misc)
|
|
|
|
* Removed -DPAM_FAIL_DELAY_ON from top-level Makefile. Nothing in
|
|
the distribution uses it. I guess this change happened a while
|
|
back, basically I'm trying to make the module parts of the
|
|
distribution "source compatible" with the RFC definition of PAM.
|
|
This implementation of PAM is a superset of that definition. I have
|
|
added the following symbols to the Linux-PAM header files:
|
|
|
|
PAM_DATA_SILENT (see _pam_types.h)
|
|
HAVE_PAM_FAIL_DELAY (see _pam_types.h)
|
|
PAM_DATA_REPLACE (see _pam_modules.h)
|
|
|
|
Any module (or application) that wants to utilize these features,
|
|
should check (#ifdef) for these tokens before using the associated
|
|
functionality. (Credit to Michael K. Johnson for pointing out my
|
|
earlier omission: not documenting this change :*)
|
|
|
|
* first stab at making modules more independent of full library
|
|
source. Modules converted:
|
|
pam_deny
|
|
pam_permit
|
|
pam_lastlog
|
|
pam_pwdb
|
|
|
|
* pam_env.c: #include <errno.h> added to ease GNU libc use. (Michael
|
|
K. Johnson)
|
|
|
|
* pam_unix_passwd fixes to shadow aging code (Eliot Frank)
|
|
|
|
* added README for pam_tally
|
|
|
|
0.57: Fri Apr 4 23:00:45 PST 1997 Andrew Morgan <morgan@parc.power.net>
|
|
|
|
* added "nodelay" argument to pam_pwdb. This can be used to turn off
|
|
the call to pam_fail_delay that takes effect when the user fails to
|
|
authenticate themself.
|
|
|
|
* added "suppress" argument to pam_rhosts_auth module. This will stop
|
|
printing the "rlogin failure message" when the user does not have a
|
|
.rhosts file.
|
|
|
|
* Extra fixes for FAKEROOT in Makefiles (Savochkin Andrey
|
|
Vladimirovich)
|
|
|
|
* pam_tally added to tree courtesy of Tim Baverstock
|
|
|
|
* pam_rhosts_auth was failing to read NFS mounted .rhosts
|
|
files. (Fixed by Peter Allgeyer). Refixed and further enhanced
|
|
(netgroups) by Nicolai Langfeldt. [Credit also to G.Wilford for some
|
|
changes that were not actually included..]
|
|
|
|
* optional (#ifdef PAM_READ_BOTH_CONFS) support for parsing of pam.d/
|
|
AND pam.conf files (Elliot Lee).
|
|
|
|
* Added (and signed) Cristian's PGP key. (I've never met him, but I am
|
|
convinced the key belongs to the guy that is making the PAM rpms and
|
|
also producing libpwdb. Please note, I will not be signing anyone
|
|
else's key without a personal introduction..)
|
|
|
|
* fixed erroneous syslog warning in pam_listfile (Savochkin Andrey
|
|
Vladimirovich, whole file reformatted by Cristian)
|
|
|
|
* modified pam_securetty to return PAM_IGNORE in the case that the user's
|
|
name is not known to the system (was previously, PAM_USER_UNKNOWN). The
|
|
Rationale is that pam_securetty's sole purpose is to prevent superuser
|
|
login anywhere other than at the console. It is not its concern that the
|
|
user is unknown - only that they are _not_ root. Returning
|
|
PAM_IGNORE, however, insures that the pam_securetty can never be used to
|
|
"authenticate" a non-existent user. (Cristian Gafton with bug report from
|
|
Roger Hu)
|
|
|
|
* Modified pam_nologin to display the no-login message when the user
|
|
is not known. The return value in this case is still PAM_USER_UNKNOWN.
|
|
(Bug report from Cristian Gafton)
|
|
|
|
* Added NEED_LCKPWD for pam_unix/ This is used to define the locking
|
|
functions and should only be turned on if you don't have them in
|
|
your libc.
|
|
|
|
* tidied up pam_lastlog and pam_pwdb: removed function that was never used.
|
|
|
|
* Note for package maintainers: I have added $(FAKEROOT) to the list of
|
|
environment variables. This should help greatly when you build PAM
|
|
in a subdirectory. I've gone through the tree and tried to make
|
|
everything compatible with it.
|
|
|
|
* added pam_env (courtesy of Dave Kinchlea)
|
|
|
|
* removed pam_passwd+ from the tree. It has not been maintained in a
|
|
long time and running a shell script was basically insecure. I've
|
|
indicated where you can pick up the source if you want it.
|
|
|
|
* #define HAVE_PAM_FAIL_DELAY . Applications can conditionally compile
|
|
with this if they want to see if the facility is available. It is
|
|
now always available. (corresponding compilation cleanups..)
|
|
|
|
* _pam_sanitize() added to pam_misc. It purges the PAM_AUTHTOK and
|
|
PAM_OLDAUTHTOK items. (calls replaced in pam_auth and pam_password)
|
|
|
|
* pam_rhosts now knows about the '+' entry. Since I think this is a
|
|
dangerous thing, I have required that the sysadmin supply the
|
|
"promiscuous" flag for it in the corresponding configuration file
|
|
before it will work.
|
|
|
|
* FULL_LINUX_PAM_SOURCE_TREE exported from the top level make file.
|
|
If you want to build a module, you can test for this to determine if
|
|
it should take its directions from above or supply default locations
|
|
for installation. Etc.
|
|
|
|
0.56: Sat Feb 15 12:21:01 PST 1997 <morgan@parc.power.net>
|
|
|
|
* pam_handlers.c can now interpret the pam.d/ service config tree:
|
|
- if /etc/pam.d/ exists /etc/pam.conf is IGNORED
|
|
(otherwise /etc/pam.conf is treated as before)
|
|
- given /etc/pam.d/
|
|
. config files are named (in lower case) by service-name
|
|
. config files have same syntax as /etc/pam.conf except
|
|
that the "service-name" field is not present. (there
|
|
are thus three manditory fields (and arguments are
|
|
optional):
|
|
|
|
module-type control-flag module-path optional-args...
|
|
|
|
)
|
|
|
|
* included conf/pam_conv1 for converting pam.conf to a pam.d/ version
|
|
1.0 directory tree. This program reads a pam.conf file on the
|
|
standard input stream and creates ./pam.d/ (in the local directory)
|
|
and fills it with ./pam.d/"service-name" files.
|
|
|
|
*> Note: It will fail if ./pam.d/ already exists.
|
|
|
|
PLEASE REPORT ANY BUGS WITH THIS CONVERSION PROGRAM... It currently
|
|
cannot retain comments from the old conf file, so take care to do this
|
|
by hand. Also, please email me with the fix that makes the
|
|
shift/reduce conflict go away...
|
|
|
|
* Added default module path to libpam for modules (see pam_handlers.c)
|
|
it makes use of Makfile defined symbol: DEFAULT_MODULE_PATH which is
|
|
inhereted from the defs/* variable $(SECUREDIR). Removed module
|
|
paths from the sample pam.conf file as they are no longer needed.
|
|
|
|
* pam_pwdb can now verify read protected passwords when it is not run
|
|
by root. This is via a helper binary that is setuid root.
|
|
|
|
* pam_permit now prompts for a username if it is not already determined
|
|
|
|
* pam_rhosts now honors "debug" and no longer hardwire's "root" as the
|
|
superuser's name.
|
|
|
|
* pam_securetty now honors the "debug" flag
|
|
|
|
* trouble parsing extra spaces fixed in pam_time and pam_group
|
|
|
|
* added Michael K. Johnson's PGP key to the pgp.keys.asc list
|
|
|
|
* pam_end->env not being free()'d: fixed
|
|
|
|
* manuals relocated to section 3
|
|
|
|
* fixed bug in pam_mail.c, and enhanced to recognize '~' as a prefix
|
|
to indicate the $HOME of the user (courtesy David
|
|
Kinchlea). *Changed* from a "session" module to an "auth"
|
|
module. It cannot be used to authenticate a user, but it can be used
|
|
in setting credentials.
|
|
|
|
* fixed a stupid bug in pam_warn.. Only PAM_SERVICE was being read :*(
|
|
|
|
* pam_radius rewritten to exclusively make use of libpwdb. (minor fix
|
|
to Makefile for cleaning up - AGM)
|
|
|
|
* pam_limits extended to limit the total number of logins on a system
|
|
at any given time.
|
|
|
|
* libpam and libpam_misc use $(MAJOR_REL) and $(MINOR_REL) to set their
|
|
version numbers [defined in top level makefile]
|
|
|
|
* bugfix in sed command in defs/redhat.defs (AGM's fault)
|
|
|
|
* The following was related to a possibility of buffer overruns in
|
|
the syslogging code: removed fixed length array from syslogging
|
|
function in the following modules [capitalized the log identifier
|
|
so the sysadmin can "know" these are fixed on the local system],
|
|
|
|
pam_ftp, pam_stress, pam_rootok, pam_securetty,
|
|
pam_listfile, pam_shells, pam_warn, pam_lastlog
|
|
and
|
|
pam_unix_passwd (where it was definitely _not_ exploitable)
|
|
|
|
0.55: Sat Jan 4 14:43:02 PST 1997, Andrew Morgan <morgan@parc.power.net>
|
|
|
|
* added "requisite" control_flag to /etc/pam.conf syntax. [See
|
|
Sys. Admin. Guide for explanation] changes to pam_handlers.c
|
|
|
|
* completely new handling of garbled pam.conf lines. The modus
|
|
operandi now is to assume that any errors in the line are minor.
|
|
Errors of this sort should *most definitely* lead to the module
|
|
failing, however, just ignoring the line (as was the case
|
|
previously) can lead to gaping security holes(! Not foreseen by the
|
|
RFC). The "motivation" for the RFC's comments about ignoring garbled
|
|
lines is present in spirit in the new code: basically a garbled line
|
|
is treated like an instance of the pam_deny.so module.
|
|
changes to pam_handlers.c and pam_dispatch.c .
|
|
|
|
* patched libpam, to (a) call _pam_init_handlers from pam_start() and
|
|
(b) to log a text error if there are no modules defined for a given
|
|
service when a call to a module is requested. [pam_start() and
|
|
pam_dispatch() were changed].
|
|
|
|
* patched pam_securetty to deal with "/dev/" prefix on PAM_TTY item.
|
|
|
|
* reorganized the modules/Makefile to include *ALL* modules. It is now
|
|
the responsibility of the modules themselves to test whether they can
|
|
be compiled locally or not.
|
|
|
|
* modified pam_group to add to the getgroups() list rather than overwrite
|
|
it. [In the case of "HAVE_LIBPWDB" we use the pwdb_..() calls to
|
|
translate the group names.]. Module now pays attention to
|
|
PAM_CRED_.. flag(!)
|
|
|
|
* identified and removed bugs in field reading code of pam_time and
|
|
(thus) pam_group.
|
|
|
|
* Cristian's patches to pam_listfile module, corresponding change to
|
|
documentation.
|
|
|
|
* I've discovered &ero; for sgml!
|
|
Added pam_time documentation to the admin guide.
|
|
|
|
* added manual pages: pam.8, pam_start.2(=pam_end.2),
|
|
pam_authenticate.2, pam_setcred.2, pam_strerror.2,
|
|
pam_open_session.2(=pam_close_session.2) and pam_chauthtok.2 .
|
|
|
|
* added new modules:
|
|
|
|
- pam_mail (tells the user if they have any new mail
|
|
and sets their MAIL env variable)
|
|
- pam_lastlog (reports on the last time this user called
|
|
this module)
|
|
|
|
* new module hooks provided.
|
|
|
|
* added a timeout feature to the conversation function in
|
|
libpam_misc. Documented it in the application developers' guide.
|
|
|
|
* fixed bug in pam_misc_paste_env() function..
|
|
|
|
* slight modifications to wheel and rhosts writeup.
|
|
|
|
* more security issues added to module and application guides.
|
|
|
|
--
|
|
Things present but not mentioned in previous release (sorry)
|
|
|
|
* pam_pwdb module now resets the "last_change" entry before updating a
|
|
password.
|
|
--
|
|
|
|
Sat Nov 30 19:30:20 PST 1996, Andrew Morgan <morgan@parc.power.net>
|
|
|
|
* added environment handling to libpam. involved change to _pam_types.h
|
|
also added supplementary functions to libpam_misc
|
|
|
|
* added pam_radius - Cristian
|
|
|
|
* slight speed up for pam_rhosts
|
|
|
|
* significantly enhanced sys-admin documentation (8 p -> 41 p in
|
|
PostScript). Added to other documentation too. Mostly the changes
|
|
in the other docs concern the new PAM-environment support, there is
|
|
also some coverage of libpam_misc in the App. Developers' guide.
|
|
|
|
* Cristian's patches to pam_limits and pam_pwdb. Fixing bugs. (MORE added)
|
|
|
|
* adopted Cristian's _pam_macros.h file to help with common macros and
|
|
debugging stuff, gone through tree tidying up debugging lines to use
|
|
this [not complete].
|
|
|
|
- for consistency replaced DROP() with _pam_drop()
|
|
|
|
* commented memory debugging in top level makefile
|
|
|
|
* added the following modules
|
|
|
|
- pam_warn log information to syslog(3) about service application
|
|
- pam_ftp if user is 'ftp' then set PAM_RUSER/PAM_RHOST with password
|
|
(comment about nologin added to last release's notes)
|
|
|
|
* modified the pam_listfile module. It now declares a meaningful static
|
|
structure name.
|
|
|
|
Sun Nov 10 13:26:39 PST 1996, Andrew Morgan <morgan@parc.power.net>
|
|
|
|
**PLEASE *RE*AMEND YOUR PERSONAL LINKS**
|
|
|
|
-------> http://parc.power.net/morgan/Linux-PAM/index.html <-------
|
|
|
|
**PLEASE *RE*AMEND YOUR PERSONAL LINKS**
|
|
|
|
A brief summary of what has changed:
|
|
|
|
* many modules have been modified to accomodate fixing the pam_get_user()
|
|
change. Please take note if you have a module in this distribution.
|
|
|
|
* pam_unix is now the pam_unix that Red Hat has been using and which
|
|
should be fairly well debugged.
|
|
|
|
- I've added some #ifdef's to make it compile for me, and also
|
|
updated it with respect to the libpam-0.53, so have a look at the
|
|
.../modules/pam_unix/Makefile to enable cracklib and shadow features
|
|
|
|
** BECAUSE OF THIS, I cannot guarantee this code works as it **
|
|
** did for Red Hat. Please test and report any problems. **
|
|
|
|
* the pam_unix of .52 (renamed to pam_pwdb) has been enhanced and made
|
|
more flexible with by implementing it with respect to the new
|
|
"Password Database Library" see
|
|
|
|
http://parc.power.net/morgan/libpwdb/index.html
|
|
|
|
modules included in this release that require this library to
|
|
function are the following:
|
|
|
|
- pam_pwdb (ne pam_unix-0.52 + some enhancements)
|
|
- pam_wheel
|
|
- pam_limits
|
|
- pam_nologin
|
|
|
|
* Added some optional code for memory debugging. In order to support
|
|
this you have to enable MEMORY_DEBUG in the top level makefile and
|
|
also #define MEMORY_DEBUG in your applications when they are compiled.
|
|
The extra code resides in libpam (compiled if MEMORY_DEBUG is defined)
|
|
and the macros for malloc etc. are to be found at the end of
|
|
_pam_types.h
|
|
|
|
* used above code to locate two memory leaks in pam_unix module and two
|
|
in libpam (pam_handlers.h)
|
|
|
|
* pam_get_user() now sets the PAM_USER item. After reading the Sun
|
|
manual page again, it was clear that it should do this. Various
|
|
modules have been assuming this and now I have modified most of them
|
|
to account for this change. Additionally, pam_get_user() is now
|
|
located in the module include file; modules are supposed to be the
|
|
ones that use it(!) [Note, this is explicitly contrary to the Sun
|
|
manual page, but in the spirit of the Linux distribution to date.]
|
|
|
|
* replaced -D"LINUX" with -D"LINUX_PAM" as this is more explicit and less
|
|
likely to be confused with -D"linux".
|
|
Also, modified the libpam #include files to behave more like the Sun
|
|
ones #ifndef LINUX_PAM.
|
|
|
|
* removed <bf/ .. / from documentation titles. This was not giving
|
|
politically correct html..
|
|
|
|
----- My vvvvvvvvvvvvvvvvvvv was a long time ago ;*] -----
|
|
|
|
Wed Sep 4 23:57:19 PDT 1996 (Andrew Morgan <morgan@physics.ucla.edu>
|
|
|
|
0. Before I begin, Linux-PAM has a new primary distribution site (kindly
|
|
donated by Power Net Inc., Los Angeles)
|
|
|
|
**PLEASE AMMEND YOUR PERSONAL LINKS**
|
|
|
|
-------> http://www.power.net/morgan/Linux-PAM <-------
|
|
|
|
**PLEASE AMMEND YOUR PERSONAL LINKS**
|
|
|
|
1. I'm hoping to make the next release a bug-fix release... So please find
|
|
all the bugs(! ;^)
|
|
|
|
2. here are the changes for .52:
|
|
|
|
* minor changes to module documentation [Incidently, it is now
|
|
available on-line from the WWW page above]. More changes to follow in
|
|
the next two releases. PLEASE EMAIL me or the list if there is
|
|
anything that isn't clear!
|
|
|
|
* completely changed the unix module. Now a single module for all four
|
|
management groups (this meant that I could define all functions as
|
|
static that were not part of the pam_sm_... scheme. AGM)
|
|
|
|
- Shadow support added
|
|
PASSWD - Elliot's account management included, and enhanced by Cristian Gafton.
|
|
- MD5 password support added by Cristian Gafton.
|
|
- maxtries for authentication now enforced.
|
|
- Password changing function in pam_unix now works!
|
|
Although obviously, I'm not going to *guarantee* it ;^) .
|
|
- stole Marek's locking code from the Red Hat unix module.
|
|
[ If you like you can #ifdef it in or out ... ]
|
|
|
|
You can configure the module more from its Makefile in
|
|
0.52/modules/pam_unix/
|
|
|
|
If you are nervous that it will destroy your /etc/passwd or shadow
|
|
files then EDIT the 0.52/modules/pam_unix/pam_unix_pass.-c file.
|
|
Here is the warning comment from this file...
|
|
|
|
-------------8<-----------------
|
|
/* <WARNING>
|
|
*
|
|
* Uncomment the following #define if you are paranoid, and do not
|
|
* want to risk losing your /etc/passwd or shadow files.
|
|
* It works for me (AGM) but there are no guarantees.
|
|
*
|
|
* </WARNING>
|
|
*/
|
|
/* #define TMP__FILE */
|
|
------------->8-----------------
|
|
|
|
*** If anyone has any trouble, please *say*. Your problem will be
|
|
fixed in the next release. Also please feel free to scour the
|
|
code for race conditions etc...
|
|
|
|
[* The above change requires that you purge your /usr/lib/security
|
|
directory of the old pam_unix_XXX.so modules: they will NOT be deleted
|
|
with a 'make remove'.]
|
|
|
|
* the prototype for the cleanup function supplied to pam_set_data used
|
|
to return "int". According to Sun it should be "void". CHANGED.
|
|
|
|
* added some definitions for the 'error_status' mask values that are
|
|
passed to the cleanup function associated with each
|
|
module-data-item. These numbers were needed to keep up with changing
|
|
a data item (see for example the code in pam_unix/support.-c that
|
|
manages the maximum number of retries so far). Will see what Sun says
|
|
(current indications are positive); this may be undone before 1.0 is
|
|
released. Here are the definitions (from pam_modules.h).
|
|
|
|
#define PAM_DATA_SILENT 0x40000000 /* used to suppress messages... */
|
|
#define PAM_DATA_REPLACE 0x20000000 /* used when replacing a data item */
|
|
|
|
* Changed the .../conf/pam.conf file. It now points to the new
|
|
pam_unix module for 'su' and 'passwd' [can get these as SimpleApps --
|
|
I use them for testing. A more extensive selection of applications is
|
|
available from Red Hat...]
|
|
|
|
* corrected a bug in pam_dispatch. Basically, the problem was that if
|
|
all the modules were "sufficient" then the return value for this
|
|
function was never set. The net effect was that _pam_dispatch_aux
|
|
returned success when all the sufficient modules failed. :^( I think
|
|
this is the correct fix to a problem that the Red Hat folks had
|
|
found...
|
|
|
|
sopwith* Removed advisory locking from libpam (thanks for the POSIX patch
|
|
goes to Josh Wilmes's, my apologies for not using it in the
|
|
end.). Advisory locking did not seem sufficiently secure for libpam.
|
|
Thanks to Werner Almesberger for identifying the corresponding "denial
|
|
of service attack". :*(
|
|
|
|
* related to fix, have introduced a lock file /var/lock/subsys/PAM
|
|
that can be used to indicate the system should pay attention to
|
|
advisory locking on /etc/pam.conf file. To implement this you need to
|
|
define PAM_LOCKING though. (see .52/libpam)
|
|
|
|
* modified pam_fail_delay() function. Couldn't find the "not working"
|
|
problem indicated by Michael, but modified it to do pseudo-random
|
|
delays based on the values indicated by pam_fail_delay() -- the
|
|
function "that may eventually go away"... Although Sun is warming to
|
|
the idea.
|
|
|
|
* new modules include:
|
|
|
|
pam_shells - authentication for users with a shell listed in
|
|
/etc/shells. Erik Troan <ewt@redhat.com>
|
|
|
|
pam_listfile - authentication based on the contents of files.
|
|
Set to be more general than the above in the
|
|
future. UNTESTED. Elliot Lee <@redhat.com>
|
|
[Note, this module compiles with a non-trivial
|
|
warning: AGM]
|
|
|
|
Thu Aug 8 22:32:15 PDT 1996 (Andrew Morgan <morgan@physics.ucla.edu>)
|
|
|
|
* modified makefiles to take more of their installation instructions
|
|
from the top level makefile. Desired for integration into the Debian
|
|
distribution, and generally a good idea.
|
|
|
|
* fixed memory arithmetic in pam_handlers
|
|
-- still need to track down why failure to load modules can lead to
|
|
authentication succeding..
|
|
|
|
* added tags for new modules (smartcards from Alex -- just a promise
|
|
at this stage) and a new module from Elliot Lee; pam_securetty
|
|
|
|
* I have not had time to smooth out the wrinkles with it, but Alex's
|
|
pam_unix modifications are provided in pam_unix-alex (in the modules
|
|
directory) they will not be compiled by 'make all' and I can't even
|
|
say if they do compile... I will try to look at them for .52 but, in
|
|
the mean time please feel free to study/fix/discuss what is there.
|
|
|
|
* pam_rhosts module. Removed code for manually setting the ruser
|
|
etc. This was not very secure.
|
|
|
|
* [remade .ps docs to be in letter format -- my printer complains
|
|
about a4]
|
|
|
|
Sunday July, 7 12:45:00 PST 1996 (Andrew Morgan <morgan@physics.ucla.edu>)
|
|
|
|
* No longer accompanying the Linux-PAM release with apps installed.
|
|
[Will provide what was here in a separate package.. (soon)
|
|
lib Also see http://www.redhat.com/pam for some more (in .rpm form...)]
|
|
|
|
* renamed libmisc to libpam_misc. It is currently configured to only compile
|
|
the static library. For some strange reason (perhaps someone can
|
|
investigate) my Linux 2.0.0 kernel with RedHat 3.0.3 system
|
|
segfaults when I compile it to be a dynamic library. The segfault
|
|
seems to be inside the call to the ** dl_XXX ** function...!?
|
|
|
|
There is a simple flag in the libpam_misc/Makefile to turn on dynamic
|
|
compiles.
|
|
|
|
* Added a little unofficial code for delay support in libpam (will probably
|
|
disappear later..) There is some documentation for it in the pam_modules
|
|
doc now. That will obviously go too.
|
|
|
|
* rewritten pam_time to use *logic* to specify the stringing together of
|
|
users/times/terminals etc.. (what was there before was superficially
|
|
logical but basically un-predictable!)
|
|
|
|
* added pam_group. Its syntax is almost identical to pam_time but it
|
|
has another field added; a list of groups to make the user a member
|
|
of if they pass the previous tests. It seems to not co-exist too well
|
|
with the groups in the /etc/group but I hope to have that fixed by
|
|
the next release...
|
|
|
|
* minor re-formatting of pam_modules documentation
|
|
|
|
* removed ...// since it wasn't being used and didn't look like it
|
|
would be!
|
|
|
|
GCCSunday 23 22:35:00 PST 1996 (Andrew Morgan <morgan@physics.ucla.edu>)
|
|
|
|
* The major change is the addition of a new module: pam_time for
|
|
restricting access on terminals at given times for indicated users
|
|
it comes with its own configuration file /etc/security/time.conf
|
|
and the sample file simply restricts 'you' from satisfying the blank
|
|
application if they try to use blank from any tty*
|
|
|
|
* Small changes include
|
|
- altered pam.conf to demonstrate above new module (try typing username: you)
|
|
- very minor changes to the docs (pam_appl and pam_modules)
|
|
|
|
Saturday June 2 01:40:00 PST 1996 (Andrew Morgan <morgan@physics.ucla.edu>)
|
|
|
|
*** PLEASE READ THE README, it has changed ***
|
|
|
|
* NOTE, 'su' exhibits a "system error", when static linking is
|
|
used. This is because the pam_unix_... module currently only has
|
|
partial static linking support. This is likely to change on Monday
|
|
June 3, when Alex makes his latest version availible. I will include
|
|
the updated module in next release.
|
|
|
|
changes for .42:
|
|
|
|
* modified the way in which libpam/pam_modules.h defines prototypes for
|
|
the pam_sm_ functions. Now the module must declare which functions it
|
|
is to provide *before* the #include <security/pam_modules.h> line.
|
|
(for contrasting examples, see the pam_deny and pam_rootok modules)
|
|
This removed the ugly hack of defining functions that are never called
|
|
to overcome warnings... This seems much tidier.
|
|
insterted* updated the TODO list. (changed mailing list address)
|
|
* updated README in .../modules to reflect modifications to static
|
|
compliation protocol
|
|
* modified the pam_modules documentation to describe this.
|
|
* corrected last argument of pam_get_item( ... ) in
|
|
pam_appl/modules.sgml, to "const void **".
|
|
* altered GNU GPL's in the documentation, and various other parts of
|
|
the distribution. *Please check* that any code you are responsible for
|
|
is corrected.
|
|
* Added ./Copyright (please check that it is acceptable)
|
|
* updated ./README to make current and indicate the new mailing list
|
|
address
|
|
* have completely rewritten pam_filter. It now runs modular filter
|
|
executables (stored in /usr/sbin/pam_filter/) This should make it
|
|
trivial for others to write their own filters.. If you want yours
|
|
included in the distribution please email the list/me.
|
|
* changes to libpam; there was a silly bug with multiple arguments on a
|
|
pam.conf line that was broken with a '\<LF>'.
|
|
* 'su' rearranged code (to make better use of PAM)
|
|
*Also* now uses POSIX signals--this should help the Alpha port.
|
|
* 'passwd' now uses getlogin() to determine who's passwords to change.
|
|
|
|
Sunday May 26 9:00:00 PST 1996 (Andrew Morgan <morgan@physics.ucla.edu>)
|
|
|
|
* fixed module makefiles to create needed dynamic/static subdirectories
|
|
|
|
Saturday May 25 20:30:27.8 PST 1996 (Andrew Morgan <morgan@physics.ucla.edu>)
|
|
|
|
* LOTS has changed regarding how the modules/libpam are built.
|
|
* Michael's mostly complete changes for static support--see below
|
|
(Andrew got a little carried away and automated the static linking
|
|
of modules---bugs are likely mine ;( )
|
|
* Thanks mostly to Michael, libpam now compiles without a single warning :^]
|
|
* made static modules/library optional.
|
|
CFLAGS* added 'make sterile' to top level makefile. This does extraclean and remove
|
|
* added Michael and Joseph to documentation credits (and a subsection for
|
|
future documentation of static module support in pam_modules.sgml)
|
|
* libpam; many changes to makefiles and also automated the inclusion of
|
|
static module objects in pam_static.c
|
|
* modified modules for automated static/dynamic support. Added static &
|
|
dynamic subdirectories, as instructed by Michael
|
|
* removed an annoying syslog message from pam_filter: "parent exited.."
|
|
* updated todo list (anyone know anything about svgalib/X? we probably should
|
|
have some support for these...)
|
|
|
|
Friday May 24 16:30:15 EDT 1996 (Michael K. Johnson <johnsonm@redhat.com>)
|
|
|
|
* Added first (incomplete) cut at static support.
|
|
This includes:
|
|
. changes in libpam, including a new file, pam_static.c
|
|
. changes to modules including exporting struct of function pointers
|
|
. static and dynamic linking can be combined
|
|
. right now, the only working combinations are just dynamic
|
|
linking and dynamic libpam.so with static modules linked
|
|
into libpam.so. That's on the list of things to fix...
|
|
. modules are built differently depending on whether they
|
|
are static or dynamic. Therefore, there are two directories
|
|
under each module directory, one for static, and one for
|
|
dynamic modules.
|
|
* Fixed random brokenness in the Makefiles. [ foo -nt bar ] is
|
|
rather redundant in a makefile, for instance. Also, passing
|
|
on the command line is broken because it cannot be
|
|
overridden in any way (even adding important parts) in lower-level
|
|
makefiles.
|
|
* Unfortunately, fixing some of the brokenness meant that I used
|
|
GNU-specific stuff. However, I *think* that there was GNU-specific
|
|
stuff already. And I think that we should just use the GNU
|
|
extensions, because any platform that GNU make doesn't port to
|
|
easily will be hard to port to anyway. It also won't be likely
|
|
passwd to handle autoconf, which was Ted's suggestion for getting
|
|
around limitations in standard make...
|
|
For now, I suggest that we just use some simple GNU-specific
|
|
extensions.
|
|
|
|
Monday May 20 22:00:00 PST 1996 (Andrew Morgan <morgan@physics.ucla.edu>)
|
|
|
|
* added some text to pam_modules.sgml
|
|
* corrected Marek's name in all documentation
|
|
* made pam_stress conform to chauthtok conventions -- ie can now request
|
|
old password before proceeding.
|
|
* included Alex's latest unix module
|
|
* included Al's + password strength checking module
|
|
* included pam_rootok module
|
|
* fixed too many bugs in libpam.. all subtly related to the argument lists
|
|
or use of syslog. Added more debugging lines here too.
|
|
* fixed the pam.conf file
|
|
* deleted pam_test module. It is pretty old and basically superceeded
|
|
by pam_stress
|
|
|
|
Friday May 9 1:00:00 PST 1996 (Andrew Morgan <morgan@physics.ucla.edu>)
|
|
|
|
* updated documentaion, added Al Longyear to credits and corrected the
|
|
spelling of Jeff's name(!). Most changes to pam.sgml (even added a figure!)
|
|
* new module pam_rhosts_auth (from Al Longyear)
|
|
* new apps rlogind and ftpd (a patch) from Al.
|
|
* modified 'passwd' to not call pam_authenticate (note, none of the
|
|
modules respect this convention yet!)
|
|
* fixed bug in libpam that caused trouble if the last line of a
|
|
pam.conf file ends with a module name and no newline character
|
|
* also made more compatable with documentation, in that bad lines in
|
|
pam.conf are now ignored rather than causing libpam to return an
|
|
error to the app.
|
|
* libpam now overwrites the AUTHTOKs when returning from
|
|
pam_authenticate and pam_chauthtok calls (as per Sun/RFC too)
|
|
* libpam is now installed as libpam.so.XXX in a way that ldconfig can
|
|
handle!
|
|
|
|
|
|
Wednesday May 1 22:00:00 PST 1996 (Andrew Morgan <morgan@physics.ucla.edu>)
|
|
|
|
* removed .../test directory, use .../examples from now on.
|
|
* added .../apps directory for fully functional applications
|
|
- the apps directory contains directories that actually contain the apps.
|
|
the idea is to make application compilation conditional on the presence
|
|
of the directory. Note, there are entries in the Makefile for
|
|
'login' and 'ftpd' that are ready for installation... Email me if
|
|
you want to reserve a directory name for an application you are
|
|
working on...
|
|
* similar changes to .../modules makefile [entries for pam_skey and
|
|
pam_kerberos created---awaiting the directories.] Email me if you
|
|
want to register another module...
|
|
* minor changes to docs.. Not really worth reprinting them quite yet!
|
|
[save the trees]
|
|
* added misc_conv to libmisc. it is a generic conversation function
|
|
for text based applications. [would be nice to see someone create
|
|
an Xlib and/or svgalib version]
|
|
* fixed ctrl-z/c bug with pam_filter module [try xsh with the default
|
|
pam.conf file]
|
|
* added 'required' argument to 'pam_stress' module.
|
|
* added a TODO list... other suggestions to the list please.
|
|
|
|
Saturday April 7 00:00:00 PST 1996 ( Andrew Morgan <morgan@physics.ucla.edu> )
|
|
|
|
* Alex and Marek please note I have altered _pam_auth_unix a little, to
|
|
make it get the passwords with the "proper method" (and also fixed it
|
|
to not have as many compiler warnings)
|
|
* updated the conf/pam.conf file
|
|
* added new example application examples/xsh.c (like blank but invokes
|
|
/bin/sh)
|
|
* Marc's patches for examples/blank.c (and AGM's too)
|
|
* fixed stacking of modules in libpam/pam_handlers.c
|
|
* fixed RESETing in libpam/pam_item.c
|
|
* added new module modules/pam_filter/ to demonstrate the possibility
|
|
of inserting an arbitrary filter between the terminal and the
|
|
application that could do customized logging etc... (see use of
|
|
bin/xsh as defined in conf/pam.conf)
|
|
|
|
|
|
Saturday March 16 19:00:00 PST 1996 ( Andrew Morgan <morgan@physics.ucla.edu> )
|
|
|
|
These notes are for 0.3 I don't think I've left anything important
|
|
out, but I will use emacs 'C-x v a' next time! (Thanks Jeff)
|
|
|
|
* not much has changed with the functionality of the Linux-PAM lib
|
|
.../libpam
|
|
- pam_password calls module twice with different arguments
|
|
- added const to some of the function arguments
|
|
- added PAM_MAX_MES_ to <security/_pam_types.h>
|
|
- was a lot over zealous about purging old passwords...
|
|
I have removed much of this from source to make it
|
|
more compatible with SUN.
|
|
- moved some PAM_... tokens to pam_modules.h from _pam_types.h
|
|
(no-one should notice)
|
|
|
|
* added three modules: pam_permit pam_deny pam_stress
|
|
no prizes for guessing what the first two do. The third is
|
|
a reasonably complete (functional) module. Is intended for testing
|
|
applications with.
|
|
|
|
* fixed a few pieces of examples/blank.c so that it works (with
|
|
pam_stress)
|
|
|
|
* ammended the documentation. Looking better, but suggestions/comments
|
|
very welcome!
|
|
|
|
Sunday March 10 10:50:00 PST 1996 ( Andrew Morgan <morgan@physics.ucla.edu> )
|
|
|
|
These notes are for Linux-PAM release 0.21. They cover what's changed
|
|
since I relased 0.2.
|
|
|
|
* am now using RCS
|
|
* substantially changed ./README
|
|
* fixed bug reading \\\n in pam.conf file
|
|
* small changes to documentation
|
|
* added `blank' application to ./examples (could be viewed as
|
|
a `Linux-PAM aware' application template.)
|
|
* oops. now including pam_passwd.o and pam_session.o in pamlib.so
|
|
* compute md5 checksums for all the source when making a release
|
|
- added `make check' and `make RCScheck' to compute md5 checksums
|
|
* create a second tar file with all the RCS files in.
|
|
* removed the .html and .txt docs, supplying sgml sources instead.
|
|
- see README for info on where to get .ps files
|
|
|
|
Thursday March 6 0:44:?? PST 1996 ( Andrew Morgan <morgan@physics.ucla.edu> )
|
|
|
|
These notes are for Linux-PAM release 0.2. They cover what's changed
|
|
since Marc Ewing relased 0.1.
|
|
|
|
**** Please note. All of the directories in this release have been modified
|
|
**** slightly to conform to the new pamlib. A couple of new directories have
|
|
**** been added. As well as some documentation. If some of your code
|
|
**** was in the previous release. Feel free to update it, but please
|
|
**** try to conform to the new headers and Makefiles.
|
|
|
|
* Andrew Morgan (morgan@physics.ucla.edu) is making this release
|
|
availible, Marc has been busy...!
|
|
|
|
* Marc's pam-0.1/lib has been (quietly) enhanced and integrated into
|
|
Alex Yurie's collected tree of library and module code
|
|
(linux-pam.prop.1.tar.gz). Most of the changes are to do with error
|
|
checking. Some more robustness in the reading of the pam.conf file
|
|
and the addition of the pam_get_user() function.
|
|
|
|
* The pam_*.h files have been reorganized to logically enforce the
|
|
separation of modules from applications. [Don't panic! Apart from
|
|
changing references of the form
|
|
|
|
#include "pam_appl.h"
|
|
|
|
to
|
|
|
|
#include <security/pam_appl.h>
|
|
|
|
The reorganization should be backwardly compatable (ie. a module
|
|
written for SUN will be as compatable as it was before with the
|
|
previous version ;)~ ]
|
|
|
|
(All of the source in this tree now conforms to this scheme...)
|
|
|
|
The new reorganization means that modules can be compiled with a
|
|
single header, <security/pam_modules.h>, and applications with
|
|
<security/pam_appl.h>.
|
|
|
|
* I have tried to remove all the compiler warnings from the updated
|
|
"pamlib/*.c" files. On my system, (with a slightly modified <dlfcn.h>
|
|
email me if it interests you..) there are only two warnings that
|
|
remain: they are that ansi does not permit void --> fn ptr
|
|
assignment. K&Rv2 doesn't mention this....? As a matter of principle,
|
|
if anyone knows how to get rid of that warning... please
|
|
tell. Thanks! "-pedantic"
|
|
|
|
* you can "make all" as a plain user, but
|
|
|
|
* to "make install" you must be root. The include files are placed in
|
|
/usr/include/security. The libpam.so library is installed in /usr/lib
|
|
and the modules in /usr/lib/security. The two test binaries
|
|
are installed in the Linux-PAM-0.2/bin directory and a chance is given to
|
|
replace your /etc/pam.conf file with the one in Linux-PAM-0.2/conf.
|
|
|
|
* I have included some documentation (pretty preliminary at the
|
|
moment) which I have been working on in .../doc .
|
|
|
|
I have had a little trouble with the modules, but atleast there are no
|
|
segfaults! Please try it out and discuss your results... I actually
|
|
hope it all works for you. But, Email any bugs/suggestions to the
|
|
Linux-PAM list: linux-pam@mit.edu .....
|
|
|
|
Regards,
|
|
|
|
Andrew Morgan
|
|
(morgan@physics.ucla.edu)
|
|
|
|
|
|
Sat Feb 17 17:30:24 EST 1996 (Alexander O. Yuriev alex@bach.cis.temple.edu)
|
|
|
|
* conf directory created with example of pam_conf
|
|
* stable code from pam_unix is added to modules/pam_unix
|
|
* test/test.c now requests username and password and attempts
|
|
to perform authentication
|
|
|