Commit graph

374 commits

Author SHA1 Message Date
Dag-Erling Smørgrav
41eb8b9f02 In openpam_subst(3), avoid incrementing past the end of the template.
My thanks to Robert Morris <rtm@lcs.mit.edu> for finding and reporting the bug.
2023-06-26 20:49:27 +02:00
Dag-Erling Smørgrav
7da86c0c62 Decrement optc when removing an option.
My thanks to Robert Morris <rtm@lcs.mit.edu> for finding and reporting the bug.
2023-06-26 20:24:42 +02:00
Dag-Erling Smørgrav
cc0d61260e Remove unnecessary log messages. 2021-10-22 17:21:48 +02:00
Dag-Erling Smørgrav
05bd3febc0 Gitify. 2021-10-20 15:44:03 +02:00
Dag-Erling Smørgrav
a967883b9c In openpam_ttyconv(3), wait to print the prompt until after we're ready
to accept input.  Otherwise, there is a small but non-zero chance that
input provided after the prompt appears is discarded when we flush the
tty buffer.

Submitted by:	Brooks Davis <brooks@freebsd.org>


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@948 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2020-11-19 05:41:15 +00:00
Dag-Erling Smørgrav
bb68996306 Bump copyright years.
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@944 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2019-02-22 09:49:12 +00:00
Dag-Erling Smørgrav
9bdf428c5a Fix an off-by-one bug in pam_getenv() which was inadvertantly
introduced when pam_getenv() was (needlessly) rewritten as part of
r913.  Rewrite pam_getenv() again (but correctly, this time) to reduce
the number of times we iterate over the same string.  Add a few unit
tests for pam_{get,put,set}env(), including one which would have
caught the bug.

Credit goes to Tim Creech <tcreech@tcreech.com> for discovering and
reporting the bug.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@943 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2019-02-20 13:23:51 +00:00
Dag-Erling Smørgrav
9cd25f7e7d Switch from $Id$ to $OpenPAM$.
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@938 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2017-04-30 21:34:42 +00:00
Dag-Erling Smørgrav
919a1250d4 Bump copyright year.
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@935 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2017-04-26 21:04:10 +00:00
Dag-Erling Smørgrav
105d392c57 Add two more error codes for situations where we used PAM_SYMBOL_ERR.
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@932 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2017-04-26 20:41:59 +00:00
Dag-Erling Smørgrav
29c7f93598 Introduce an array of error strings and use it wherever applicable.
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@931 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2017-04-26 19:23:50 +00:00
Dag-Erling Smørgrav
3ebfd11150 Use the correct error code in some of the places where we have long used
the wrong one.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@927 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2017-04-26 19:15:30 +00:00
Dag-Erling Smørgrav
d9e44d146f Fix a bug that prevented the service name from being freed, thus
leaking a small amount of memory for every PAM session.

While there, eliminate an unnecessary variable.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@918 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2017-02-19 17:46:22 +00:00
Dag-Erling Smørgrav
82935b7d7a Downgrade the "unexpected EOF" message from ERROR to DEBUG.
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@916 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2017-02-07 12:25:58 +00:00
Dag-Erling Smørgrav
1e09705bd7 Fix FREEV() when v is NULL.
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@915 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2017-02-07 12:03:19 +00:00
Dag-Erling Smørgrav
c5a320988e In pam_*env(3), set errno as the corresponding POSIX functions would.
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@914 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2017-01-21 15:15:29 +00:00
Dag-Erling Smørgrav
e936857588 Newer versions of clang take __nonnull__ annotations into account not only
when compiling code that calls the function, but also when compiling the
function itself.  This means that NULL checks in the function trigger
condition-always-false warnings.  We have a choice between disabling these
warnings, removing the __nonnull__ annotations, or removing the NULL checks.
We prefer to keep the annotations and warnings and remove the checks.  In
all cases, passing NULL to the function in question will result in a
segmentation fault, which is often easier to debug than an error return,
especially when most of these checks were for the PAM handle, which can only
be NULL if the caller ignored an error return from pam_start().


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@913 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2017-01-21 15:11:12 +00:00
Dag-Erling Smørgrav
c75883564d Move OATH development to a branch. OATH will soon disappear entirely
from this repository as Cryb takes over.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@907 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2017-01-18 09:39:01 +00:00
Dag-Erling Smørgrav
3699596d18 Correctly compare the return value from pam_get_item() to PAM_SUCCESS
instead of assuming (incorrectly) that it returns non-zero on success.
Bump dates as needed.

Reported by:	Patrick Bihan-Faou <patrick-fbsd@mindstep.com>


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@902 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2017-01-17 14:57:09 +00:00
Dag-Erling Smørgrav
26fbccde77 Bump dates if required on files modified in 2014 or later.
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@890 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2016-01-11 16:22:09 +00:00
Dag-Erling Smørgrav
c371da364c Note that the secret should also be percent-encoded.
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@887 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2016-01-11 14:09:30 +00:00
Dag-Erling Smørgrav
4a77e993a9 Fix parsing of percent-encoded URIs.
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@886 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2016-01-11 14:07:54 +00:00
Dag-Erling Smørgrav
9ff1a454ce Fix off-by-one bug: we forgot to account for the terminating NUL when
checking the length of the label.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@881 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2016-01-09 18:29:32 +00:00
Dag-Erling Smørgrav
a38c5db91b Fix rather embarassing #if nesting error in previous commit.
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@879 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2016-01-09 17:43:56 +00:00
Dag-Erling Smørgrav
f82c90afb6 Coverity Scan doesn't like the no-op default case, so hide it when
we're not instrumenting for coverage analysis.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@878 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2016-01-09 17:34:32 +00:00
Dag-Erling Smørgrav
4e92aa7e24 Plug potential memory leak reported by Coverity Scan. I'm not sure it
can actually ever occur, but the extra free() is harmless, provided we
make sure not to free() something we're still using.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@877 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2016-01-09 17:26:18 +00:00
Dag-Erling Smørgrav
5b83650c3d Don't forget to free the line we read from the key file.
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@876 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2016-01-09 17:23:36 +00:00
Dag-Erling Smørgrav
f78c2be225 Add missing third clause.
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@872 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2015-12-01 19:25:07 +00:00
Dag-Erling Smørgrav
4ee61ea341 intptr_t requires <stdint.h>
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@865 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2015-07-31 00:02:09 +00:00
Dag-Erling Smørgrav
d84d7367fe Add a feature flag to control whether to fall back to the "other" policy
for chains that are still empty after the requested policy was loaded.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@862 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2015-07-30 23:42:38 +00:00
Dag-Erling Smørgrav
653950434c Fully fix the input overflow bug and add a test case for it.
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@861 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2015-03-19 00:42:58 +00:00
Dag-Erling Smørgrav
737e1bef50 Increment by three, not one, after successfully decoding a character.
Add a boundary check.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@858 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2015-03-19 00:07:19 +00:00
Dag-Erling Smørgrav
ce014fab92 Silence all remaining qual-cast warnings except in the test suite.
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@854 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2015-01-27 22:13:03 +00:00
Dag-Erling Smørgrav
cec8549503 Change the meaning of the window parameter to always indicate the number
of codes to check *in addition* to the current code.  Note that for TOTP,
the window goes in both directions; a window of 1 means to check the
current code plus the previous and next.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@849 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2014-12-15 16:42:31 +00:00
Dag-Erling Smørgrav
e959d8c160 Consistently use UINT_MAX, not -1, to indicate an invalid response.
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@848 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2014-12-15 16:12:29 +00:00
Dag-Erling Smørgrav
c7a5aa489f Add an oath_mode(3) function which translates from mode names to numbers.
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@846 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2014-12-11 13:58:15 +00:00
Dag-Erling Smørgrav
da2c1e7120 Fix a few cases where we incorrectly (and needlessly) cast away const
qualifiers.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@843 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2014-11-25 10:35:19 +00:00
Dag-Erling Smørgrav
f3fda3d07a Style nits
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@839 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2014-11-07 16:37:56 +00:00
Dag-Erling Smørgrav
ac54af0d69 Add configure options to build as much as possible using the system
libpam and / or liboath.  Doing so disables building the corresponding
library and its documentation, but still builts the corresponding tools
and modules and runs the unit tests.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@834 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2014-10-28 10:25:58 +00:00
Dag-Erling Smørgrav
385dfb33cb Use $() instead of @@ in Makefiles.
Don't build OATH man pages if --without-oath.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@833 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2014-10-28 09:03:41 +00:00
Dag-Erling Smørgrav
e5b05552fc Remove unused variable.
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@824 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2014-10-18 22:35:35 +00:00
Dag-Erling Smørgrav
ce08052f96 Compare the return value from mmap() to MAP_FAILED, not NULL.
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@823 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2014-10-16 13:44:34 +00:00
Dag-Erling Smørgrav
69b1a97268 Introduce strlset(), a memset() variant for strings where the actual
size of the buffer is not necessarily known, and which can replace the
"memset(str, 0, strlen(str))" idiom.  Use it to clear buffers which may
have contained authentication tokens.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@803 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2014-09-09 09:07:51 +00:00
Dag-Erling Smørgrav
131aba915f From NetBSD: require at least one service function to have succeeded.
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@802 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2014-09-09 08:08:13 +00:00
Dag-Erling Smørgrav
05630b94be Spell the name of the University of Oslo in English.
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@799 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2014-07-10 17:16:48 +00:00
Dag-Erling Smørgrav
7dbd5c38b7 In openpam_parse_chain():
1. Finish a comment which was meant to describe the four different
   termination conditions for the loop in openpam_parse_chain() but
   ended in mid-sentence.

2. Ensure that errno is consistently set to EINVAL if a syntax error
   is encountered in the policy file.

3. If openpam_load_module() fails because the module could not be
   loaded, set errno to ENOEXEC instead of ENOENT.  This closes a hole
   where a missing module or a typo in a module name would cause the
   corresponding chain to fail open.  Normally, if the policy exists
   but cannot be loaded, openpam_load_chain() will return an error,
   and openpam_configure() will discard any partially constructed
   chains.  However, openpam_load_chain() interprets ENOENT to mean
   that the policy was not found, so it does not immediately return an
   error, the partially-loaded chain is not discarded, and the policy
   is incorrectly considered to have been successfully loaded.

4. Ensure that errors encountered while parsing an included policy are
   correctly propagated to the original policy, and that ENOENT while
   processing an include directive is a hard error, not a soft error.

CVE-2014-3879


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@795 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2014-06-03 21:27:48 +00:00
Dag-Erling Smørgrav
1efe822057 For TOTP keys, we record when the key was last used. For HOTP keys,
however, we want to record the *next* allowed counter value.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@794 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2014-04-11 10:35:18 +00:00
Dag-Erling Smørgrav
e58f05403e Support line continuation in whitespace.
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@792 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2014-03-17 14:11:41 +00:00
Dag-Erling Smørgrav
14d31b83e8 Fix headers
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@789 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2014-03-12 00:04:20 +00:00
Dag-Erling Smørgrav
a4ff6191f7 I must have been drunk when I wrote this.
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@788 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2014-03-12 00:03:53 +00:00