forked from aluzzardi/pam_usb
-
Notifications
You must be signed in to change notification settings - Fork 20
/
ChangeLog
305 lines (255 loc) · 13.6 KB
/
ChangeLog
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
* 0.8.5
[Feature] Support multiple devices per user
[Enhancement] Misc. memory and string handling stuff
[Enhancement] Deny if pads can't be updated
[Enhancement] SELinux! There is now a profile for Fedora 40 (not installed automatically!) and a doc on how to create your own (see Wiki)
[Bugfix] LC_ALL usage
* 0.8.4
[Bugfix] loginctl usage was not sh compatible
[Bugfix] Misc. fixes related to memory handling
[Enhancement] Don't check every element of ut_addr_v6
[Enhancement] Service whitelist is now user configurable
[Enhancement] Whitelist additions: lxdm, xscreensaver, klockscreen
[Enhancement] Support build on arm and m68k
* 0.8.3
[Enhancement] Install pam-auth-update config only on systems having it
[Feature] pamusb-conf now has a --reset-pads=username option
[Bugfix] Fix RHOST check triggering on empty value
[Packaging] Add make targets for Fedora/RPM builds
[Packaging] Add make targets for source distribution
[Packaging] Add make targets for Arch/ZST builds
[Packaging] Improve PKGBUILD for Arch (thx @IslandC0der)
[Packaging] Fix debian autoconfig picking up serials as devices if they have no revision set
[Makefile] make install no longer overwrites the config if it already exists
[Makefile] Add target to update doc/ textfiles from wiki
[Bugfix] Whitelist pamusb-agent for remoteness-check
[Bugfix] Fix "tty from displayserver" remoteness-check method
[CI/Tests] Many additions, fixes and automatic nighly builds
[CI/Tests] Add testcase ensuring pamusb-agent properly triggers
[Docs] Update manpages and text files
[Bugfix] Fix some usages of tmux being able to circumvent localcheck
[Bugfix] Fix a very tiny memleak
* 0.8.2
[Tools/Docs] Add pamusb-keyring-unlock-gnome, to allow unlocking the GNOME keyring (#11)
[Bugfix] Whitelist "login" service name to prevent insta-logout on TTY shells (#115)
[Bugfix] Check PAM_RHOST if deny_remote is enable to fix vsftpd auth breaking down (#100)
[Bugfix] Fix type for argument to stat (community contribution)
[Docs] Added code of conduct (#106) and updated AUTHORS
[Makefile] Fix LIBDIR on non-debian systems
* 0.8.1
[CI] Fixed "build & test on own server" job
[Enhancement] Fix obtaining tty by DISPLAY if DISPLAY contains a screen identifier
[Enhancement] Whitelist policykit since obtaining the session tty is impossible in some scenarios (exploiting would require an already authenticated session)
[Enhancement] Indicate to tmux we specify an id by prepending it with '$'
[Enhancement] Fix versioning information
[Enhancement] Fix compatibility with Wayland
[Enhancement] Allow execution of complex commands in pamusb-agent
* 0.8.0
- [SECURITY!] Massive rework of local check, now properly denies when remote clients are connected via multiplexers (tmux, screen) - huge thanks to Github user @fuseteam for extensive testing [issue #51]
- [Enhancement] Whitelisted most login managers for local check
- [Enhancement] Agent: workaround for devices being disconnected because of power management events (thx to Github user @uszie)
- [Bugfix] fixed pad file syncing behaviour during heavy file IO [issue #57]
- [Enhancement] Added version info to pamusb-conf and pamusb-check
* 0.7.3
- Reworked deny_remote option
- Removed unknown_pts_as_local option (not needed anymore)
* 0.7.2
- Works with libpam >= 1.4.0 / installs to correct target directory
- Fix Lintian error 'bad-distribution-in-changes-file' on non-Ubuntu
- Fix spelling error in debian/copyright
- Change default value for unknown_pts_as_local to false
* 0.7.1
- [Debian] Added missing dependencies
- [Debian] Fix volume count detection in configure scripts for later versions of udisksctl
- [Debian] Fix NVMe volume handling in configure scripts
- Fix pamusb-conf allowing to add multiple devices per user
- Add rudimentary automated testing
* 0.7.0
- Re-release - Uses github.com/mcdope/pam_usb as source
(note that some of these changes were already in 0.6.0)
- Ported to Python 3
- pamusb-agent is now a systemd unit
- pamusb-agent config can now hold environment vars
- pamusb-conf got new options for automation
(--list-devices, --list-volumes, --device, --volume, --yes)
- pamusb-conf now properly ignores read-only media (like optical drives)
- Support for devices lacking vendor and/or model
- [Debian] PAM module gets installed using libpam-runtime/pam-auth-update
- [Debian] Using debconf to create fully working config on install
- Documentation / example config updated
- Wiki (https://github.com/mcdope/pam_usb/wiki) updated
* 0.6.0
- Never officially released, used by some packaged versions to override
upstream version.
* 0.5.0
- Migrated the code base to UDisks. pam_usb doesn't depend on HAL anymore.
- Added deny_remote option (defaults to true). If false,
local login check will be disabled.
- Fixed a bug in the device recognition (--add-device)
* 0.4.2
- Added the pad_expiration option which tells pam_usb how often pads
should be updated in order to reduce device writing.
- Support for time options in the configuration parser (5s, 2h, 10m, etc)
- Added the --verbose option to pamusb-conf
- Added the --debug option to pamusb-check
- Fixed the ElementTree import statement of pamusb-agent to work with
Python 2.5. Thanks to Donald Hayward <[email protected]> for
the patch.
- Fixed pamusb-conf to work without vendor and product name
- Improved the device detection to work with any removable storage device.
Thanks to Guillermo Antonio Amaral Bastidas <[email protected]>
for providing the patch.
- Added a workaround for a DBUS bug that prevented pam_usb to work with su.
https://bugs.freedesktop.org/show_bug.cgi?id=11876
- Disable log outputting if the application doesn't have any tty
attached (fixes gksudo and other software).
- Various minor bugfix
* 0.4.1
- Fixed a security issue related to OpenSSH authentication
- Fixed the quiet option (now it is really quiet)
- Support for devices without vendor/model information
* 0.4.0
- Both pam_usb and its tools (adm, hotplug) have been redesigned from the
ground up and rewritten from scratch.
- Hardware recognition is now done through HAL which provides a stable
interface over kernel changes.
- Certificates have been replaced by one time pads. That will prevent
copies of the USB device to be used for authentication.
- Device's manufacturer properties verification. pam_usb now verifies
device informations (vendor, product, serial number, UUID) in the
authentication process.
- Configuration is now handled in a central place, the pamusb.conf
configuration file. This XML file contains configuration entries for
users, devices and services.
- pamusb-agent (formely usbhotplug) make use of DBUS signals (sent by HAL)
instead of kernel hotplugging. Also, its configuration has been merged
into the pamusb.conf configuration file.
- A new tool named pamusb-check has been added. It can perform authentication
the way the PAM module does. It can be useful for testing and scripting
purposes.
* 0.3.3
- The option keypath is now splitted into local_keypath and device_keypath.
- Fixed a bug that occurred when the TTY entry was empty.
- pam_usb doesn't get anymore the tty name from PAM_TTY as it used to be
empty on some systems.
- Better defaults. The default options have been set to fit most needs,
you are no longer required to use !check_device on 2.6.
- Verbose mode. By default, pam_usb now prints some informations during
the login process (access granted, the reason why access was refused, etc).
This can be turned off using the brand new 'quiet' option.
- Other small fixes.
* 0.3.2
- Now pam_usb will also try to autodetect /dev/sdN devices (not just
/dev/sdNX).
- Fixed a bug that happened when the application using PAM didn't set
PAM_TTY correctly.
- Added the use_first_pass and try_first_pass options.
Now if you enter your password on another PAM module (such as pam_mount
or pam_ssh), pam_usb will use that password to decrypt the private key.
* 0.3.1
- Lot of misc fixes (memory management, Makefiles, sanity checks, etc).
I'd like to thank the PaX Team <[email protected]> who did almost
the whole job.
- Added the hostname option which allows to select what hostname should
be used for authentication (useful for shared public keys over lan).
Thanks to Nicolas Chauvat <[email protected]> who reported the issue,
the idea and the patch for this feature.
* 0.3.0
- Not much changes in this version beside a gcc fix, but the 0.2 branch
reached too many new features so i wanted to name this release 0.3.0
as i should have done with 0.2.3
- Fixed a gcc 3.3 compile issue, and all related warning.
I would like to thank the following guys for having reported this bug so fast:
Lalande Fabrice <[email protected]>
Marco <[email protected]>
Neil Dunbar <[email protected]>
* 0.2.3
- Added the usbhotplug tool.
usbhotplug is a hotplug agent that will automagically start a lock handler
when the usb device is removed and an unlock handler when the usb device
is plugged back in and authenticated through pam_usb.
The default handlers will start xlock when the usb device is removed,
and will kill it when the usb device is plugged back in and authenticated.
I'd like to thank Wout Mertens <[email protected]> as we had a couple
of discussions about hotplug which helped me implementing this tool.
- The parser can now understand "option" and "!option" instead of
option=1 and option=-1 (e.g. debug !check_device).
Thanks to Jean-Christophe JASKULA <[email protected]> who
suggested me that and provided an initial patch.
- Fixed a loop bug on serial number checking. Thanks to Zs <[email protected]>
for reporting the bug and a patch to fix it.
- Added the direct_open option which allows to open the private key
using O_DIRECT to avoid disk caching (works only on devices that
supports it). Thanks to myles <[email protected]> who suggested me that.
- Added some sanity checks here and there because it seems that the PAM
API can return weird stuff from time to time.
- Handling the mount point creation/remotion in a better way which seems
to fix a couple of mntpoint problems.
* 0.2.2
- Added the keep_mounted option, which allows to not umount the mount point
once logged (useful if the gpg/ssh key is stored on there)
- Fixed the mntpoint option: do not delete the directory if it's not a
temporary one.
- Added the support to pass multiple filesystems name with the fs=
option (comma separated list). Changed the default fs to "ext2,vfat"
- Added the log_file option. Takes a filename as a argument.
Combined with debug=1 it can log debug messages to a file.
- Not mounting the device as read-only anymore. Instead, the mount_opts
option has been created. It accepts a comma separated list of mount
options (accepted options are: ro,bind,sync,remount,nosuid,noexec,nodev).
- Fixed an issue which made the allow_remote feature not working correctly
with gdm/kdm.
- Introduced the local_hosts and local_consoles options. They contain a
comma separated lists of hosts and consoles allowed to log in while using
allow_remote=-1
* 0.2.1
- Changed the naming method from x.y to x.y.z
- pam_usb is now able to distinguish local users from remote (as in
logged via ssh), and denies the authentication of non-local users.
Setting allow_remote to 1 disable this feature.
- Mounting is now done in read-only.
- Added the missing mandatory PAM functions.
* 0.2_rc2
- Workaround to make pam_usb not use /proc so it can run on Linux 2.6
By setting check_device to -1, pam_usb will neither check the device's
serial number, nor if it's attached. It's not a real problem if you
don't need serial number checking, but don't combine it with
check_if_mounted.
- Added the force_device capability. Now you can specify a device that
will be mounted without going in guessing mode. If the device cannot
be mounted, it'll switch back to the default guess mode.
Useful if guess mode fails, if you don't want it to try several
devices before getting the right one (so you can login faster), or if
you want to login using a floppy disk, a cdrom or whatever you want.
- Modified the serial number authentication method so now if no serial
numbers are avaible on a device, it will try to use the GUID.
Thanks to Damien Braillard <[email protected]> who reported the
issue, suggested a way to fix it, and provided a first patch for it.
* 0.2_rc1
- Radically changed the way pam_usb authenticates the user on the
system. Now it works with a pair of DSA keys.
Thanks to Wout Mertens <[email protected]> who told me that i could
use a couple of SSH keys to fix the authentication issue.
That gave me the idea to use a set of private/public keys.
Thanks to Ilkka Mattila <[email protected]> who helped me to
find out a better way to implement the key challenge: extracting the
public key was inadequate.
Also thanks to those who brought up weird scenarios and/or tested
pre-releases of pam_usb, in alphabetical order:
Ilkka Mattila <[email protected]>
Joonas Kortesalmi
Thomas Stewart <[email protected]>
Tuure Laurinolli <[email protected]>
* 0.1:
- Now pam_usb doesn't require a mount point. Instead, it creates
a temporary directory under /tmp.
Thanks to Loic Jaquemet <[email protected]> who gave me the idea.
- Compiles with gcc 2.95 thanks to Tobias Bayer <[email protected]> bug
report.
* 0.1-beta2:
- procfile and device entries autodetection have been fixed thanks to
Thomas Stewart <[email protected]> bug reports.
- devfs support added. Thanks to Loic Jaquemet <[email protected]>
for the bug report.
* 0.1-beta1:
- Initial release