This is the change log for our
tcb suite
implementing the alternative password shadowing scheme on
Owl.
2009-04-03 Dmitry V. Levin <ldv at owl.openwall.com>
* tcb.spec: 1.0.3.
2009-04-02 Dmitry V. Levin <ldv at owl.openwall.com>
* LICENSE: Update copyright for 2009 year.
* pam_tcb/pam_unix_passwd.c (update_file): Call fflush(3) and
fsync(2).
Reported by Ermanno Scaglione <erm67 at yahoo.it>.
* pam_tcb/support.c (_unix_fork, unix_run_helper_binary): Replace
all calls to exit(3) in child processes with calls to _exit(2).
Reported by Pascal Terjan <pterjan at mandriva.com>.
2006-10-31 Dmitry V. Levin <ldv at owl.openwall.com>
* tcb.spec: 1.0.2.
* pam_tcb/pam_unix_auth.c (pam_sm_authenticate): Free retval_data
pointer on error path.
* pam_tcb/support.c (user_in_nisdb): Free userinfo string.
* progs/tcb_chkpwd.c (zeroise): New function, zeroises string.
(unix_verify_password): Free stored_hash string, zeroise hash
strings.
Reported by Alexander Kanevskiy.
2006-05-06 Dmitry V. Levin <ldv at owl.openwall.com>
* tcb.spec: 1.0.1.
* LICENSE: Updated copyright for 2006 year.
* pam_tcb/pam_unix_sess.c (pam_sm_open_session): Fail with
PAM_SESSION_ERR for unknown users.
2005-12-28 Dmitry V. Levin <ldv at owl.openwall.com>
* tcb.spec: 1.0.
* LICENSE: Updated copyrights for 2004 and 2005 years.
* pam_tcb/pam_unix_passwd.c (pam_sm_chauthtok): Bump syslog
priorities of three error messages.
2005-09-26 Dmitry V. Levin <ldv at owl.openwall.com>
Update logging code to use pam_syslog.
Update conversation code to use pam_prompt.
* include/attribute.h (TCB_GNUC_PREREQ, TCB_FORMAT, TCB_NONNULL):
New macro.
(unused): Rewrite using TCB_GNUC_PREREQ.
* pam_tcb/compat.c: New file, defines pam_syslog and pam_prompt
if PAM does not provide them.
* pam_tcb/compat.h: New file, defines prototypes for pam_syslog
and pam_prompt if PAM does not provide them.
* pam_tcb/Makefile (LIBSRC): Add compat.c.
* pam_tcb/pam_unix_acct.c (acct_shadow): Add pam handle parameter.
(pam_sm_acct_mgmt): Pass pam handle to functions which now require
it. Replace _log_err with pam_syslog. Replace _make_remark
with pam_error and pam_info.
* pam_tcb/pam_unix_auth.c (pam_sm_authenticate, pam_sm_setcred):
Pass pam handle to functions which now require it.
(pam_sm_authenticate): Replace _log_err with pam_syslog.
* pam_tcb/pam_unix_passwd.c (PASSWD_TMP_FILE): Remove macro.
(update_file): New function, based on update_passwd and
update_shadow.
(update_passwd, update_shadow): Rewrite using update_file.
(get_nis_server, update_nis, do_setpass): Add pam handle
parameter.
(get_nis_server, update_nis, do_setpass, unix_approve_pass,
unix_prelim, pam_sm_chauthtok): Pass pam handle to functions
which now require it. Replace _log_err with pam_syslog.
Replace _make_remark with pam_error.
* pam_tcb/pam_unix_sess.c (pam_sm_open_session,
pam_sm_close_session): Pass pam handle to functions which now
require it. Replace _log_err with pam_syslog.
* pam_tcb/support.c (_log_err, converse, _make_remark): Remove
no longer used functions.
(_unix_fork, user_in_file, _unix_user_in_db,
unix_blankpasswd_plain, _unix_blankpasswd, check_crypt,
unix_verify_password_plain, crypt_wrapper_ra, crypt_wrapper,
do_crypt, parse_opt, _set_ctrl): Add pam handle parameter.
Pass pam handle to functions which now require it.
Replace _log_err with pam_syslog.
(_unix_read_password): Rewrite prompt handling to use pam_info
and pam_prompt.
* pam_tcb/support.h: Include "attribute.h" and "compat.h".
(cmdline_opts): Add const qualifier to optname variable.
(cb_func, _unix_user_in_db, _unix_fork, _set_ctrl,
_unix_blankpasswd, _unix_read_password, crypt_wrapper, do_crypt):
Update function prototypes.
(_log_err, _make_remark): Remove prototypes of removed functions.
2005-09-12 Dmitry V. Levin <ldv at owl.openwall.com>
Implement OpenPAM build support.
* Make.defs (CFLAGS): Remove -DLINUX_PAM.
* pam_tcb/pam_unix_acct.c: Include <syslog.h>.
Include <security/pam_appl.h> if and only if
[!__LIBPAM_VERSION && !__LINUX_PAM__].
* pam_tcb/pam_unix_auth.c: Likewise.
* pam_tcb/pam_unix_passwd.c: Likewise.
* pam_tcb/pam_unix_sess.c: Likewise.
* pam_tcb/support.c: Likewise.
* pam_tcb/support.h: Define pam_item_t and pam_data_t.
* pam_tcb/pam_unix_acct.c (pam_sm_acct_mgmt): Change type of
item variable.
* pam_tcb/pam_unix_auth.c (pam_sm_authenticate, pam_sm_setcred):
Likewise.
* pam_tcb/pam_unix_passwd.c (unix_prelim, pam_sm_chauthtok):
Likewise.
* pam_tcb/pam_unix_sess.c (pam_sm_open_session,
pam_sm_close_session): Likewise.
* pam_tcb/support.c (converse, failures_cleanup,
do_record_failure, _unix_read_password): Likewise.
* pam_tcb/pam_unix_auth.c (pam_sm_authenticate): Protect code
which uses PAM_CONV_AGAIN and PAM_INCOMPLETE with appropriate
ifdefs.
* pam_tcb/support.c (converse): Likewise.
2005-09-11 Dmitry V. Levin <ldv at owl.openwall.com>
* pam_tcb/pam_unix_auth.c (pam_sm_authenticate): Do not override
user prompt in calls to pam_get_user, recent PAM releases provide
better default.
* pam_tcb/pam_unix_passwd.c (pam_sm_chauthtok): Likewise.
* pam_tcb/support.h: Remove PROMPT_USER.
* pam_tcb/pam_unix_passwd.c (pam_sm_chauthtok): Fix password
string check to avoid potential NULL dereference.
* pam_tcb/support.c (unix_verify_password_plain): Check password
string to avoid potential NULL dereference.
(unix_run_helper_binary): Remove redundant password string check.
* progs/tcb_unconvert.c (copy_user_from_tcb): Add const qualifier
to msg variable, to fix warning reported by "gcc -Wwrite-strings".
2005-08-23 Dmitry V. Levin <ldv at altlinux.org>
Package pam_pwdb.so symlink and pam_pwdb(8) manual page link.
* pam_tcb/pam_pwdb.8: New file.
* Makefile, pam_tcb/Makefile, tcb.spec:
Install pam_pwdb.so and pam_pwdb.8.
* tcb.spec: 0.9.9.
2005-08-19 Dmitry V. Levin <ldv at altlinux.org>
In the PAM module, implement "openlog" option and disable
openlog/closelog calls for each logging function invocation
by default.
* pam_tcb/support.h: Rename UNIX_NOOPENLOG to UNIX_OPENLOG.
* pam_tcb/support.c (_log_err): When UNIX_OPENLOG is not set,
prefix log line with the module name.
(bool_names): Add negate field.
(unix_bools): Add "openlog" option.
(parse_opt): Handle negate field.
(_set_ctrl) [ENABLE_OPENLOG]: Set UNIX_OPENLOG.
* pam_tcb/pam_tcb.8: Document "openlog" option.
2005-08-18 Dmitry V. Levin <ldv at altlinux.org>
Restrict list of global symbols exported by the library,
NSS and PAM modules.
* libs/Makefile: New variables: LIB_MAP and NSS_MAP. Pass
--version-script argument when linking shared library and the
NSS module.
* libs/libnss_tcb.map: New file, version script for the NSS module.
* libs/libtcb.c (ch_uid, ch_gid): Make static.
* libs/libtcb.map: New file, version script for the library.
* pam_tcb/Makefile: New variable: PAM_MAP. Pass --version-script
argument when linking the PAM module.
* pam_tcb/pam_tcb.map: New file, version script for the PAM module.
2005-04-22 Dmitry V. Levin <ldv at altlinux.org>
Enhance multilib support.
* Make.defs: New variables: SLIBDIR and LIBDIR.
* libs/Makefile, pam_tcb/Makefile, tcb.spec: Use them.
* libs/Makefile, pam_tcb/Makefile, misc/Makefile, progs/Makefile:
Create all necessary directories in the beginning of install target.
2005-04-22 Dmitry V. Levin <ldv at altlinux.org>
Deal with compilation warnings generated by new gcc compiler.
* include/attribute.h: New file.
* libs/libtcb.c, pam_tcb/pam_unix_passwd.c,
pam_tcb/pam_unix_auth.c, pam_tcb/support.c, pam_tcb/support.h:
Include it.
* include/attribute.h, pam_tcb/support.h (_log_err): Add
workaround for those systems which lack support for __attribute__
directive.
* pam_tcb/support.c (_log_err): Remove no longer needed
__attribute__ directive.
* libs/libtcb.c (alarm_catch), pam_tcb/pam_unix_auth.c
(retval_cleanup), pam_tcb/pam_unix_passwd.c (update_nis),
pam_tcb/support.c (data_cleanup):
Mark unused arguments with "unused" attribute.
* libs/libtcb.c (ch_uid, ch_gid, tcb_drop_priv_r),
progs/tcb_chkpwd.c (is_two_strings),
pam_tcb/support.c (_set_ctrl):
Avoid comparison between signed and unsigned.
* pam_tcb/support.c (unix_run_helper_binary,
unix_verify_password_plain): Eliminate unused variable pamh.
* pam_tcb/pam_unix_acct.c (pam_sm_acct_mgmt),
pam_tcb/pam_unix_auth.c (pam_sm_authenticate, pam_sm_setcred),
pam_tcb/pam_unix_passwd.c (update_nis, do_setpass, unix_prelim,
pam_sm_chauthtok), pam_tcb/pam_unix_sess.c (pam_sm_open_session,
pam_sm_close_session), pam_tcb/support.c (converse,
failures_cleanup, do_record_failure, _unix_read_password):
Fix the strict aliasing issues.
* tcb.spec: 0.9.8.9.
2004-06-25 Dmitry V. Levin <ldv at altlinux.org>
* progs/tcb_unconvert.c (copy_from_tcb):
Zero errno before each readdir(3) call.
* tcb.spec: 0.9.8.8.
2003-11-02 Solar Designer <solar at owl.openwall.com>
* pam_tcb/Makefile: Use -fPIC.
* libs/Makefile, misc/Makefile, pam_tcb/Makefile, progs/Makefile,
tcb.spec: Renamed FAKEROOT to DESTDIR.
* tcb.spec: 0.9.8.7.
2003-10-29 Solar Designer <solar at owl.openwall.com>
* libs/nss.c, libs/libtcb.c, pam_tcb/support.c,
pam_tcb/pam_unix_passwd.c, pam_tcb/pam_unix_acct.c,
progs/tcb_convert.c, progs/tcb_unconvert.c: Don't depend on
*BSD-style asprintf(3) semantics as Ulrich has rejected that
patch.
* README: New file, explains how tcb may be built on non-Owl.
* tcb.spec: 0.9.8.6.
2003-04-18 Solar Designer <solar at owl.openwall.com>
* misc/tcb.5, pam_tcb/pam_tcb.8, progs/tcb_convert.8: Use bold
face for component names in .SH NAME, but avoid *roff commands
to not confuse makewhatis and apropos(1).
* LICENSE: Updated copyrights for year 2003.
* tcb.spec: 0.9.8.5.
2003-04-16 Dmitry V. Levin <ldv at altlinux.org>
* pam_tcb/support.c: Implemented proper fake salt creation
to avoid a timing attack.
* tcb.spec: 0.9.8.4.
2002-10-31 Solar Designer <solar at owl.openwall.com>
* progs/tcb_chkpwd.c: Optimized unix_verify_password() a bit,
from Dmitry V. Levin <ldv at altlinux.org>.
* tcb.spec: 0.9.8.3.
2002-10-30 Solar Designer <solar at owl.openwall.com>
* progs/tcb_convert.8: Noted that /etc/shadow backups need to be
removed as well, with /etc/shadow- as the particular example.
* tcb.spec: 0.9.8.2.
2002-10-24 Solar Designer <solar at owl.openwall.com>
* libs/nss.c, libs/libtcb.c, pam_tcb/support.c,
progs/tcb_chkpwd.c, progs/tcb_unconvert.c, misc/tcb.5: Cleaned
up the recent changes.
* tcb.spec: Set version to 0.9.8.1.
2002-08-20 Rafal Wojtczuk <nergal at owl.openwall.com>
* libs/nss.c, progs/tcb_unconvert.c, misc/tcb.5: Merged
enhancements which remove 32K users limit.
* libs/libtcb.c, include/tcb.h: Added ENABLE_SETFSUGID.
* pam_tcb/support.c, progs/tcb_chkpwd.c: Pass the username to
the helper binary such that it can handle non-unique UIDs.
* tcb.spec, libs/Makefile: Set version to 0.9.8.
2002-08-19 Solar Designer <solar at owl.openwall.com>
* tcb.spec, libs/Makefile: Moved libtcb.so symlink to /usr/lib
(patch from Dmitry V. Levin).
2002-08-04 Solar Designer <solar at owl.openwall.com>
* pam_tcb/pam_tcb.5, pam_tcb/pam_unix.5: Moved these manual
pages to section 8 (the files are now gone).
* pam_tcb/pam_tcb.8, pam_tcb/pam_unix.8: New files, based on
the section 5 manual pages with minor changes.
* tcb.spec, misc/tcb.5, progs/tcb_convert.8, pam_tcb/Makefile:
Updates to reflect the above change.
* libs/Makefile: Use trailing slashes after directories with
install commands.
2002-07-07 Solar Designer <solar at owl.openwall.com>
* pam_tcb/pam_unix_acct.c, pam_tcb/pam_unix_passwd.c: No
longer let root enforced password changes (sp_lstchg == 0)
take precedence over expired accounts (sp_expire).
2002-05-19 Solar Designer <solar at owl.openwall.com>
* Make.defs: Renamed SYSBIN to SBINDIR, define LIBEXECDIR.
* tcb.spec, progs/Makefile, pam_tcb/Makefile,
pam_tcb/pam_tcb.5, misc/tcb.5: Moved the chkpwd directory to
/usr/libexec.
* misc/Makefile: Deal with SBINDIR and LIBEXECDIR.
2001-11-28 Dmitry V. Levin <ldv at altlinux.org>
* pam_tcb/support.c: Replaced signal call with sigaction call.
* pam_tcb/support.c: Fixed possible "dereferencing NULL" typo.
* progs/tcb_chkpwd.c: Test also stdout for isatty.
* progs/Makefile: Create relative symlink instead of absolute.
* libs/nss.c: Fixed glibc-2.2.4 compilation warning.
* pam_tcb/pam_unix_passwd.c: Likewise.
* progs/tcb_unconvert.c: Likewise.