Version 1.91 released ===================== 2004-04-12 Andrew J. Korty <ajk@iu.edu> * pam_ssh.spec: Updated for use with Fedora Core 2 Test. Thanks to Patrice Dumas. * pam_ssh.c (pam_sm_authenticate): We probably shouldn't allow blank passphrases by default. Add option allow_blank_passphrase to re-enable them. Thanks to red0x for the suggestion. Version 1.9 released ==================== 2004-02-20 Andrew J. Korty <ajk@iu.edu> * cipher-3des.c, cipher-bf1.c, cipher-ctr.c, strnvis.c: Include <sys/types.h> and <limits.h> in various places to appease FreeBSD. * pam_ssh.spec (Version): Bump. * acinclude.m4: Use AC_REPLACE_FUNCS to provide OpenPAM cred functions. * strnvis.c, strnvis.h, vis.c, vis.h: Rename vis -> strnvis so AC_REPLACE_FUNCS will pick it up. * pam_ssh.c (pam_sm_authenticate): Simplify conditional complication for code that gets passphrase. * Makefile.am (pam_ssh_la_SOURCES): Move header files for replacement functions to EXTRA_pam_ssh_la_SOURCES. * configure.ac: Use AC_REPLACE_FUNCS to provide strnvis if needed. * log.c: Include the right header for strnvis(). * Makefile.am (EXTRA_DIST): Add bootstrap.sh and pam_test.c. 2004-02-19 Andrew J. Korty <ajk@iu.edu> * pam_test.c: Test dlopening pam_ssh.so and print any resulting error messages. * pam.conf.example: Example PAM configuration. * pam_ssh.c (add_keys, auth_via_key, pam_sm_authenticate): Improve integer handling. * ltconfig: Deleted this file because -avoid-version is all we need. * atomicio.c, authfd.c, authfile.c, bufaux.c, buffer.c, cipher.c, cipher-3des1.c, cipher-bf1.c, cipher-ctr.c, key.c, log.c, openpam_borrow_cred.c, openpam_restore_cred.c, pam_get_pass.c, pam_ssh.c, pam_std_option.c, vis.c, xmalloc.c: Use autoheader. * atomicio.c, atomicio.h, authfd.c, authfd.h, authfile.c, authfile.h, bufaux.c, buffer.c, buffer.h, cipher.c, cipher-3des1.c, cipher-bf1.c, cipher-ctr.c, kex.h, key.c, key.h, log.c, log.h, rijndael.c rijndael.h, vis.c, vis.h, xmalloc.c, xmalloc.h: Updated to OpenSSH 3.7.1p2. * Makefile.am: Use -avoid-version flag to suppress version numbers on installed module. Add more source files from OpenSSH. * openpam_restore_cred.c (openpam_restore_cred), pam_ssh.c: Use some voodoo to suppress strict aliasing warnings. * acinclude.m4: Link against pam_misc if necessary. Square brackets in AC_CHECK_LIB clauses avoid syntax error when running configure. Use full options to AC_DEFINE to make autoheader happy. * configure.ac: Use autoheader. Update with autoupdate. Bump version number. Check for strnvis() and vis.h. * bootstrap.sh: Script to bootstrap configure.ac and friends. Version 1.8 released ==================== 2002-12-04 Andrew J. Korty <ajk@iu.edu> * pam_ssh.c: Add NAI copyright message, which was always there in the manual page but omitted from this source file. When the OpenPAM support code was introduced, we credited the FreeBSD project in general. Specifically, Dag-Erling Smorgrav developed this code with funding from NAI and DARPA. 2002-11-05 Michael Kiernan * pam_ssh.c, configure.ac: Use fork() instead of vfork(), which doesn't like us to call anything before execve() on some systems. 2002-11-04 Patrice Dumas * Makefile.am: Add new files to SOURCES. 2002-11-04 Andrew J. Korty <ajk@iu.edu> * log.h: Define function name macros for systems that don't have them. 2002-11-04 Michael Kiernan * pam_ssh.c: System V won't let us use setuid() unless euid == 0, so we temporarily regain root privileges first with openpam_restore_cred() (which calls seteuid()). 2002-10-30 Andrew J. Korty <ajk@iu.edu> * pam_ssh.c: Change real user ID to that of user before executing ssh-agent. ssh-agent in OpenSSH 3.5 doesn't like the real and effective user IDs to be different but doesn't treat the error as fatal and keeps on running in a weird state. 2002-09-23 Andrew J. Korty <ajk@iu.edu> * pam_ssh.c: Prepare options parsing code for when we have more than one custom option. * authfd.c, strlcpy.h, xmalloc.c: Include strlcpy() declaration on platforms that don't have it. * acinclude.m4, openpam_cred.h, pam_ssh.c: Portability changes. * pam_ssh.h: Obsoleted--moved into pam_ssh.c. 2002-09-23 Patrice DUMAS * pam_ssh.spec: Adjust to work with new install target (which uses libtool). 2002-09-23 Andrew J. Korty <ajk@iu.edu> * Makefile.am, acinclude.m4, configure.ac, openpam_borrow_cred.c, openpam_cred.h, openpam_restore_cred.c, pam_get_pass.c, pam_get_pass.h, pam_option.h, pam_opttab.h, pam_ssh.c, pam_std_option.c: Now builds and seems to work on Mac OS X. 2002-09-13 Andrew J. Korty <ajk@iu.edu> * Makefile.am, configure.ac, ltconfig: Let libtool install the PAM module. 2002-09-12 Andrew J. Korty <ajk@iu.edu> * Makefile.am, acinclude.m4, openpam_borrow_cred.c, openpam_restore_cred.c, pam_get_pass.c, pam_ssh.c, pam_std_option.c, pam_test_option.c: Minor changes for Mac OS X compatibility (support for Mac OS X still doesn't quite work). 2002-09-09 Andrew J. Korty <ajk@iu.edu> * pam_ssh.c: Try to stay on borrowed creds as long as possible. 2002-09-01 Andrew J. Korty <ajk@iu.edu> * pam_ssh.c: Make the agent only produce Bourne-style shell commands. Unfortunately that makes the environment file useless for users of other csh-style shells, but since we're parsing the file now, we need it to be consistent. Maybe we should learn how to parse either file, or to translate the commands into those appropriate for the user's shell. 2002-08-22 Patrice DUMAS * Makefile.am, pam_ssh.spec: RPM specfile. 2002-08-14 Patrice DUMAS * pam_ssh.c: Do the fork/exec ourselves instead of calling popen(). 2002-08-11 Roderick Schertler * pam_ssh.8: Document the "keyfiles" option. * pam_ssh.c: Check strdup() return values and avoid errno when it can't be trusted). Also, don't use openpam_log() even if its available. 2002-08-10 Roderick Schertler * pam_ssh.c: Two bug fixes: handle asprintf error values correctly and substitute for slashes in tty names when creating the agent environment file. Version 1.7 released ==================== 2002-08-09 Andrew J. Korty <ajk@iu.edu> * authfd.c, authfd.h, authfile.c, authfile.h bufaux.c, bufaux.h, buffer.c, buffer.h, cipher.c, cipher.h, getput.h, kex.h, key.c, key.h, log.c, log.h, pam_ssh.c, rijndael.c, rijndael.h: Import changes from OpenSSH 3.4p1. * pam_ssh.c: Import changes from FreeBSD: remove extraneous free()s, add __unused qualifiers, add support for OpenPAM, add support for pam_std_option(). Retire old options mechanism. * pam_std_option.c: Import from FreeBSD for platforms that need it. * pam_get_pass.c, pam_mod_misc.h: Imported changes from FreeBSD. * openpam_borrow_cred.c, openpam_restore_cred.c: Imported from FreeBSD--use these functions for dropping and restoring privileges. * acinclude.m4: Provide pam_std_option() if needed. * Makefile.am, acinclude.m4: Support modern versions of automake and autoconf. 2002-04-09 Andrew J. Korty <ajk@iu.edu> * pam_ssh.h: FreeBSD changed the keyfile separator to ",". I don't know why they did this, but I don't really care, so I'll change it too to remain consistent. * pam_ssh.8: Import of manual page from FreeBSD. * pam_ssh.c: Import changes from FreeBSD--mostly bugfixes. Define null PAM methods for phases we don't support. Also, avoid freeing data referenced by PAM--thanks to Michael Tokarev and Thomas Moestl for pointing out this bug. 2002-04-07 Andrew J. Korty <ajk@iu.edu> * Makefile: Makefile is no longer needed--we use Autoconf and Automake. * pam_get_pass.c, pam_mod_misc.h, strlcpy.c: Provided for systems which lack these facilities. * acinclude.m4: Our own M4 macros for Autoconf. Just one macro for checking PAM, actually. * Makefile.am, configure.in: Input files for Automake and Autoconf. * AUTHORS, COPYING, INSTALL, README: Documentation files required by GNU Coding Standards. * pam_ssh.h: Add copyright notice. * pam_ssh.c: For portability, check for existence of certain header files and macros before trying to use them. Version 1.6 released ==================== 2001-08-19 Andrew J. Korty <ajk@iu.edu> * authfd.c: Remove code that dealt with environment variables (obsoleted by argument passing) which had previously been ifdeffed out. * pam_ssh.c, pam_ssh.h: Added keyfiles option to specify which key files to use for authentication. Only these keys will be given to the agent in the session phase. * log-client.c, log-client.h: Removed--moved functionality into log.c and log.h. * authfd.c, authfd.h, authfile.c, authfile.h, cipher.c, key.c, key.h, log.c, log.h, rijndael.c, rijndael.h, xmalloc.c: Updated OpenSSH files to version 2.9p2. 2001-08-19 Andrew J. Korty <ajk@iu.edu> * pam_ssh.c: Only start one agent per user per host. Thanks to hmh@debian.org for the idea. Keep a reference count by hard linking files to the env file.