Version 1.97 released ===================== 2009-04-11 Wolfgang Rosenauer * pam_get_pass.c: CVE-2009-1273 pam_ssh used a certain prompt if a user found to exist to ask for the SSH passphrase explicitely depending on whether the username was valid or invalid, which made it easier for remote attackers to enumerate usernames. ********************************************************************** * The pam_ssh maintained on Novell's DeveloperNet got merged back * * to SourceForge with Version 1.96 and syncs both up to the same * * level. The DeveloperNet version isn't going to maintained further * * http://developer.novell.com/wiki/index.php/Pam_ssh * ********************************************************************** Version 1.96 released (Novell DeveloperNet) ===================== 2007-08-03 Wolfgang Rosenauer (merged from SF.net Andrew J. Korty <ajk@iu.edu>) * pam_ssh.c (key_load_private_maybe): New wrapper for key_load_private() that checks whether the private key's passphrase is blank. If so and if allow_blank_passphrase isn't set or the user supplied passphrase isn't empty, this function returns NULL. This approach is necessary because key_load_private() will load a key with a blank passphrase regardless of the passphrase entered. Thanks to Rob Henderson for the report. Version 1.95 released (Novell DeveloperNet) ===================== 2007-04-02 Wolfgang Rosenauer * pam_ssh.c: if PAM returns tty_raw = NULL we shouldn't fiddle with a per-session file. That seems to happen if the session module is used for background system services (like cron). https://bugzilla.novell.com/show_bug.cgi?id=251053 2006-11-24 Wolfgang Rosenauer * pam_ssh.c: fixed double-free issue with file closing https://bugzilla.novell.com/show_bug.cgi?id=223488 (patch by Reinhard Max) Version 1.94 released (Novell DeveloperNet) ===================== 2006-08-03 Wolfgang Rosenauer * pam_ssh.c: fixed some debug output, create the agent file writable for the user to be able to recover from a system crash and fixed a missing credential restore which caused pam to fail for following modules in error case Version 1.93 released (Novell DeveloperNet) ===================== 2006-06-24 Wolfgang Rosenauer * pam_ssh.c, pam_ssh.8: nullok option to allow blank passphrases replaces allow_blank_passphrases (which is still available for compat reasons) * pam_ssh.c, pam_std_option.c, pam_ssh_log.c, pam_ssh_log.h: fixed logging and separated into a logging module PAM option 'debug' is supported now added more syslog output in debug mode * pam_ssh.c: we should be able to recover now correctly after system crashes where we are not able to run the close_session using the machine's uptime Version 1.92 released (Novell DeveloperNet) ===================== 2006-05-31 Wolfgang Rosenauer * cipher.c, openpam_borrow_cred.c, openpam_restore_cred.c, pam_ssh.c: added some needed includes * pam_ssh.c: don't rely on authentication for the session functions and don't save the passwd entry for them Version 1.92 released (SourceForge) ===================== 2007-02-06 Andrew J. Korty <ajk@iu.edu> * pam_ssh.c (key_load_private_maybe): New wrapper for key_load_private() that checks whether the private key's passphrase is blank. If so and if allow_blank_passphrase is set, this function returns NULL. This approach is necessary because key_load_private() will load a key with a blank passphrase regardless of the passphrase entered. Thanks to Rob Henderson for the report. Version 1.91 released ===================== 2004-04-12 Andrew J. Korty <ajk@iu.edu> * pam_ssh.spec: Updated for use with Fedora Core 2 Test. Thanks to Patrice Dumas. * pam_ssh.c (pam_sm_authenticate): We probably shouldn't allow blank passphrases by default. Add option allow_blank_passphrase to re-enable them. Thanks to red0x for the suggestion. Version 1.9 released ==================== 2004-02-20 Andrew J. Korty <ajk@iu.edu> * cipher-3des.c, cipher-bf1.c, cipher-ctr.c, strnvis.c: Include <sys/types.h> and <limits.h> in various places to appease FreeBSD. * pam_ssh.spec (Version): Bump. * acinclude.m4: Use AC_REPLACE_FUNCS to provide OpenPAM cred functions. * strnvis.c, strnvis.h, vis.c, vis.h: Rename vis -> strnvis so AC_REPLACE_FUNCS will pick it up. * pam_ssh.c (pam_sm_authenticate): Simplify conditional complication for code that gets passphrase. * Makefile.am (pam_ssh_la_SOURCES): Move header files for replacement functions to EXTRA_pam_ssh_la_SOURCES. * configure.ac: Use AC_REPLACE_FUNCS to provide strnvis if needed. * log.c: Include the right header for strnvis(). * Makefile.am (EXTRA_DIST): Add bootstrap.sh and pam_test.c. 2004-02-19 Andrew J. Korty <ajk@iu.edu> * pam_test.c: Test dlopening pam_ssh.so and print any resulting error messages. * pam.conf.example: Example PAM configuration. * pam_ssh.c (add_keys, auth_via_key, pam_sm_authenticate): Improve integer handling. * ltconfig: Deleted this file because -avoid-version is all we need. * atomicio.c, authfd.c, authfile.c, bufaux.c, buffer.c, cipher.c, cipher-3des1.c, cipher-bf1.c, cipher-ctr.c, key.c, log.c, openpam_borrow_cred.c, openpam_restore_cred.c, pam_get_pass.c, pam_ssh.c, pam_std_option.c, vis.c, xmalloc.c: Use autoheader. * atomicio.c, atomicio.h, authfd.c, authfd.h, authfile.c, authfile.h, bufaux.c, buffer.c, buffer.h, cipher.c, cipher-3des1.c, cipher-bf1.c, cipher-ctr.c, kex.h, key.c, key.h, log.c, log.h, rijndael.c rijndael.h, vis.c, vis.h, xmalloc.c, xmalloc.h: Updated to OpenSSH 3.7.1p2. * Makefile.am: Use -avoid-version flag to suppress version numbers on installed module. Add more source files from OpenSSH. * openpam_restore_cred.c (openpam_restore_cred), pam_ssh.c: Use some voodoo to suppress strict aliasing warnings. * acinclude.m4: Link against pam_misc if necessary. Square brackets in AC_CHECK_LIB clauses avoid syntax error when running configure. Use full options to AC_DEFINE to make autoheader happy. * configure.ac: Use autoheader. Update with autoupdate. Bump version number. Check for strnvis() and vis.h. * bootstrap.sh: Script to bootstrap configure.ac and friends. Version 1.8 released ==================== 2002-12-04 Andrew J. Korty <ajk@iu.edu> * pam_ssh.c: Add NAI copyright message, which was always there in the manual page but omitted from this source file. When the OpenPAM support code was introduced, we credited the FreeBSD project in general. Specifically, Dag-Erling Smorgrav developed this code with funding from NAI and DARPA. 2002-11-05 Michael Kiernan * pam_ssh.c, configure.ac: Use fork() instead of vfork(), which doesn't like us to call anything before execve() on some systems. 2002-11-04 Patrice Dumas * Makefile.am: Add new files to SOURCES. 2002-11-04 Andrew J. Korty <ajk@iu.edu> * log.h: Define function name macros for systems that don't have them. 2002-11-04 Michael Kiernan * pam_ssh.c: System V won't let us use setuid() unless euid == 0, so we temporarily regain root privileges first with openpam_restore_cred() (which calls seteuid()). 2002-10-30 Andrew J. Korty <ajk@iu.edu> * pam_ssh.c: Change real user ID to that of user before executing ssh-agent. ssh-agent in OpenSSH 3.5 doesn't like the real and effective user IDs to be different but doesn't treat the error as fatal and keeps on running in a weird state. 2002-09-23 Andrew J. Korty <ajk@iu.edu> * pam_ssh.c: Prepare options parsing code for when we have more than one custom option. * authfd.c, strlcpy.h, xmalloc.c: Include strlcpy() declaration on platforms that don't have it. * acinclude.m4, openpam_cred.h, pam_ssh.c: Portability changes. * pam_ssh.h: Obsoleted--moved into pam_ssh.c. 2002-09-23 Patrice DUMAS * pam_ssh.spec: Adjust to work with new install target (which uses libtool). 2002-09-23 Andrew J. Korty <ajk@iu.edu> * Makefile.am, acinclude.m4, configure.ac, openpam_borrow_cred.c, openpam_cred.h, openpam_restore_cred.c, pam_get_pass.c, pam_get_pass.h, pam_option.h, pam_opttab.h, pam_ssh.c, pam_std_option.c: Now builds and seems to work on Mac OS X. 2002-09-13 Andrew J. Korty <ajk@iu.edu> * Makefile.am, configure.ac, ltconfig: Let libtool install the PAM module. 2002-09-12 Andrew J. Korty <ajk@iu.edu> * Makefile.am, acinclude.m4, openpam_borrow_cred.c, openpam_restore_cred.c, pam_get_pass.c, pam_ssh.c, pam_std_option.c, pam_test_option.c: Minor changes for Mac OS X compatibility (support for Mac OS X still doesn't quite work). 2002-09-09 Andrew J. Korty <ajk@iu.edu> * pam_ssh.c: Try to stay on borrowed creds as long as possible. 2002-09-01 Andrew J. Korty <ajk@iu.edu> * pam_ssh.c: Make the agent only produce Bourne-style shell commands. Unfortunately that makes the environment file useless for users of other csh-style shells, but since we're parsing the file now, we need it to be consistent. Maybe we should learn how to parse either file, or to translate the commands into those appropriate for the user's shell. 2002-08-22 Patrice DUMAS * Makefile.am, pam_ssh.spec: RPM specfile. 2002-08-14 Patrice DUMAS * pam_ssh.c: Do the fork/exec ourselves instead of calling popen(). 2002-08-11 Roderick Schertler * pam_ssh.8: Document the "keyfiles" option. * pam_ssh.c: Check strdup() return values and avoid errno when it can't be trusted). Also, don't use openpam_log() even if its available. 2002-08-10 Roderick Schertler * pam_ssh.c: Two bug fixes: handle asprintf error values correctly and substitute for slashes in tty names when creating the agent environment file. Version 1.7 released ==================== 2002-08-09 Andrew J. Korty <ajk@iu.edu> * authfd.c, authfd.h, authfile.c, authfile.h bufaux.c, bufaux.h, buffer.c, buffer.h, cipher.c, cipher.h, getput.h, kex.h, key.c, key.h, log.c, log.h, pam_ssh.c, rijndael.c, rijndael.h: Import changes from OpenSSH 3.4p1. * pam_ssh.c: Import changes from FreeBSD: remove extraneous free()s, add __unused qualifiers, add support for OpenPAM, add support for pam_std_option(). Retire old options mechanism. * pam_std_option.c: Import from FreeBSD for platforms that need it. * pam_get_pass.c, pam_mod_misc.h: Imported changes from FreeBSD. * openpam_borrow_cred.c, openpam_restore_cred.c: Imported from FreeBSD--use these functions for dropping and restoring privileges. * acinclude.m4: Provide pam_std_option() if needed. * Makefile.am, acinclude.m4: Support modern versions of automake and autoconf. 2002-04-09 Andrew J. Korty <ajk@iu.edu> * pam_ssh.h: FreeBSD changed the keyfile separator to ",". I don't know why they did this, but I don't really care, so I'll change it too to remain consistent. * pam_ssh.8: Import of manual page from FreeBSD. * pam_ssh.c: Import changes from FreeBSD--mostly bugfixes. Define null PAM methods for phases we don't support. Also, avoid freeing data referenced by PAM--thanks to Michael Tokarev and Thomas Moestl for pointing out this bug. 2002-04-07 Andrew J. Korty <ajk@iu.edu> * Makefile: Makefile is no longer needed--we use Autoconf and Automake. * pam_get_pass.c, pam_mod_misc.h, strlcpy.c: Provided for systems which lack these facilities. * acinclude.m4: Our own M4 macros for Autoconf. Just one macro for checking PAM, actually. * Makefile.am, configure.in: Input files for Automake and Autoconf. * AUTHORS, COPYING, INSTALL, README: Documentation files required by GNU Coding Standards. * pam_ssh.h: Add copyright notice. * pam_ssh.c: For portability, check for existence of certain header files and macros before trying to use them. Version 1.6 released ==================== 2001-08-19 Andrew J. Korty <ajk@iu.edu> * authfd.c: Remove code that dealt with environment variables (obsoleted by argument passing) which had previously been ifdeffed out. * pam_ssh.c, pam_ssh.h: Added keyfiles option to specify which key files to use for authentication. Only these keys will be given to the agent in the session phase. * log-client.c, log-client.h: Removed--moved functionality into log.c and log.h. * authfd.c, authfd.h, authfile.c, authfile.h, cipher.c, key.c, key.h, log.c, log.h, rijndael.c, rijndael.h, xmalloc.c: Updated OpenSSH files to version 2.9p2. 2001-08-19 Andrew J. Korty <ajk@iu.edu> * pam_ssh.c: Only start one agent per user per host. Thanks to hmh@debian.org for the idea. Keep a reference count by hard linking files to the env file.