3 Fixed configure.ac to use any required pthread CFLAGS or LIBS.
5 Thread cancellation fixes.
7 Client names specified with "OPTION name=value" may no longer contain
10 Added "GETINFO --verbose CLIENTS" to show connected clients and their state.
12 Added the "STATE" status message which is sent to connected clients during a
13 client state change and has the same line format as the "GETINFO --verbose
14 CLIENTS" command. This also adds a new configuration parameter "send_state" to
15 disable sending the client state, send client states to only other clients who
16 are invoking_user's or all connected clients. The default is invoking users.
18 Added configuration parameter "lock_timeout" that behaves as the default for
19 "OPTION lock-timeout". The default is 5 seconds.
21 Added the "KILL" command to terminate another client when the current one is
24 Now sends a keepalive status message while waiting for a data file lock to be
27 Added command line option --kill to terminate a running pwmd instance.
32 When opening a new file then opening another, the first file would be cached
33 when not saved. So remove the cache entry for non-saved file to prevent a
36 Fixed the verbose flag of LIST to not append a "T" flag when no target
37 existed for a root element.
39 Updated Debian packaging info so 'make deb' should now reflect the current
45 Update to work with newest gpg-agent. This adds configuration parameter
46 "gpg_agent_socket" to replace "agent_env_file".
48 Fix doc/magic and the version string.
53 Fixed SAVE --keygrip and --sign-keygrip when not a new file.
55 Fixed SAVE using the previously opened files signing key when the current file
58 Fixed TLS socket hanging during handshake failure.
60 Fixed TLS wait interval during EAGAIN.
62 Added GETINFO USER to return the client username/hash.
64 Fixed MOVE doing an unneeded permission check.
66 Fixed CACHETIMEOUT to apply the new timeout immediately and not wait for the
67 existing timer to expire.
69 Bugfixes. See ChangeLog for details.
75 Fix SAVE --inquire-keyparam for new files.
77 Fix TLS fingerprint hash case comparison.
79 Check permissions before modifying a "target" attribute.
81 Access is denied for an element that does not contain an "_acl" attribute
82 unless the client is the invoking_user.
87 Support for ELG keypairs.
89 The "allowed" configuration parameter supports TLS fingerprint hashes by
90 prefixing the hash with a '#' character. This removes the "tls_access"
91 configuration parameter.
93 Added configuration parameter "allowed_file" which should contain one
94 username, group name or hash per line and has the same syntax as the "allowed"
97 TLS fingerprint hashes are now in SHA256 format and not SHA1 and when
98 specified in a configuration parameter, or "allowed_file", should be
101 Added per-element access control lists (ACL). Works like the "allowed"
102 configuration parameter but the ACL is stored in the element attribute "_acl".
103 This adds a LIST --verbose flag 'P' to indicate that the current client is not
104 allowed access to the element. This also adds the "invoking_user" and
105 "invoking_tls" configuration parameters. See the documentation for details.
107 Removed libacl support for data files. It isn't very useful.
109 Fixed a recursion loop in the LIST command. See move test #8 and #9.
111 Disable attaching to the pwmd process. This is Linux specific and has the
112 effect of hiding the pwmd process from 'ps' output.
114 A few other bug fixes. See ChangeLog for details.
119 More lenient element and attribute names. This reverts the behavior introduced
120 in version 3.0.5. This allows for things like '@' or digits in an element or
121 attribute name making pwmd more useful. I don't remember why I made it so
122 strict in that version so I'll revert it for now until I do remember.
127 Write a PID file upon startup to detect a stale socket when running another
130 Bind to the local socket before doing cache pushing.
132 Added command line option --force as an alias to --ignore.
134 Fixed a few cppcheck(1) warnings.
136 Fixed a bug that ignored the return value from launch_pinentry().
138 Added configuration parameter "log_keepopen" for use when logging to a file.
143 More strict element and attribute names. Conform to the XML naming spec.
145 Log any non-fatal XML error. These may occur when loading or parsing
150 Set XML standalone mode; and UTF-8 encoding explicitly (the default).
155 A few "target" attribute fixes.
157 Updated Debian packaging stuff. Try 'make deb'.
162 Fixed the PASSWD command requiring a passphrase for a non-PKI data file
163 without a passphrase.
165 Fixed a few memory leaks.
167 The 'OPTION disable-pinentry' now resets the gpg-agent '--pinentry-mode'
170 Fixed new non-PKI data file cache entry getting cleared during SAVE.
172 The CLEARCACHE and CACHETIMEOUT commands now make use of the
173 "tls_access" configuration parameter in a data file section like the
174 OPEN command does. Also added a "-" flag to the fingerprint which
175 behaves like the "!" flag.
180 The "allowed" configuration parameter now works in a data file section
181 and is a list of local user or group names allowed to open the data
182 file. The OPEN, CLEARCACHE and CACHETIMEOUT commands make use of
183 this. This also adds a deny flag '-' to a user or group name.
185 Fixed the cache timer to expire deferred cache entries. No longer need
186 to wait for the next OPEN or SAVE command.
188 Make use of the --no-passphrase option for non-PKI data files. This
189 adds the --no-passphrase option to the PASSWD command.
191 Show a backtrace on SIGABRT.
196 Fix crash when checking the cache status of a new file.
198 Set the default cache_timeout configuration parameter to 600.
200 Set the default keepalive_interval to 60.
202 Fix SAVE not caching new files.
207 This version contains quite a few changes and enhancements. Most
208 commands and syntax have changed in this release so please read the
209 example configuration file and the html or texinfo documentation in
212 You will need to convert your existing pwmd v2.x data file to the new
213 data file format by doing the following:
215 $ pwmd --convert datafile -o newfile
217 then place "newfile" in ~/.pwmd/data. If you built with gpg-agent
218 support by passing --enable-agent to configure, then append
219 --use-agent to the above command line to use the gpg-agent to generate
220 a public and private keypair. No keypair is generated by default; the
221 data file is symmetrically encrypted.
223 Pwmd now supports the use of the gpg-agent for passphrase caching and
224 key management. This means smartcards are also supported. A "stub" of
225 the secret key is stored in the above mentioned key directory, but the
226 secret portion of the key is stored on the smartcard. To convert your
227 existing data while encrypting to an existing public key, pass the
228 --keygrip option with --convert or --import, along with
229 --use-agent. You may also need to pass the --sign-keygrip, too. See
230 the pwmd manual for details.
232 The XML document is now cached in pwmd when the passphrase is also
233 cached. This is needed to prevent requiring a smartcard to be inserted
234 for each OPEN command although it can still be required by setting the
235 CACHETIMEOUT of a data file to 0. Pwmd will operate on a copy of the
236 cached document and update the cached one after a SAVE. It is also
237 much faster than having to decrypt the data file during each OPEN.
238 The cached document is encrypted to prevent memory grepping attacks.
240 Ported to POSIX threads (pthreads).
243 PWMD_LIBXML_ERROR -> GPG_ERR_BAD_DATA
244 PWMD_NO_FILE -> GPG_ERR_INV_STATE
245 PWMD_FILE_MODIFIED -> GPG_ERR_CHECKSUM
247 Most commands now have an --inquire option to retrieve remaining
248 non-option arguments via a server inquire. This avoids the libassuan
249 line length limit for longer element paths.
251 Added the PASSWD command to change the passphrase of a secret key or a
252 symmetrically encrypted key (SAVE --no-agent).
254 The IMPORT command can now import siblings.
256 Added the AGENT command to send a command directly to gpg-agent.
258 Added the GETINFO command to retrieve server details. This removes the
259 VERSION and GETPID commands.
261 Removed the CONFIG and KEEPALIVE status messages.
263 Added the NEWFILE status message to determine when the file OPEN'ed is
266 Added ISCACHED --lock to lock the file mutex. This doesn't require an
267 OPEN'd file. It was added to prevent a race condition with another
268 client accessing the same file when one client needed to determine the
269 cache status before the OPEN.
271 Texinfo documentation and the manual page is generated from the
274 Commands that normally returned GPG_ERR_NO_VALUE now return
277 The --iterations command line, configuration and SAVE options have
278 been renamed to "s2k-count". The PASSWD command can be used to change
279 this value for an existing secret key.
281 The CLEARCACHE command returns an error when the file mutex associated
282 with the data file is locked by another client. Although an error is
283 returned the cached file is flagged for cache removal which will occur
284 when the data file mutex is released.
286 Added LIST --all to retrieve the entire element tree. Flags are
287 appended to each element path when this option is used. See the
288 documentation for details.
290 The checksum is now a CRC32 checksum rather than a stat() of the ctime
293 Can now listen for remote connections via TLS (IPv4 and IPv6) as well
294 as the local UNIX domain socket.
296 Added tests. Run them with 'make tests' in the tests/ directory.
298 More portable: *BSD, SunOS/Solaris/OpenSolaris, Android and Linux and
299 32 and 64 bit versions of these as well as little and big endian.
301 Removed the libglib-2.0 dependency.