Dag-Erling Smørgrav
4be13a4e6c
merge r768: fix condition for using application-provided prompt
...
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/branches/nooath@905 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2017-01-17 15:19:56 +00:00
Dag-Erling Smørgrav
4860733e29
merge r872: add missing third clause
...
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/branches/nooath@898 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2017-01-17 14:37:07 +00:00
Dag-Erling Smørgrav
9ce6a3fc2c
merge r877: plug hypothetical memory leak
...
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/branches/nooath@897 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2017-01-17 14:35:09 +00:00
Dag-Erling Smørgrav
204469e6c6
merge r745: (belatedly) add defensive length check to strlcpy()
...
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/branches/nooath@896 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2017-01-17 14:34:00 +00:00
Dag-Erling Smørgrav
c5252af6a8
merge r890: bump copyright dates for files modified in 2014 or later
...
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/branches/nooath@895 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2017-01-17 14:31:56 +00:00
Dag-Erling Smørgrav
debbcc1b75
merge r863,r874,r891: partial unit tests for openpam_dispatch()
...
merge r864-867,r871,r880,r883: various improvements to tests and test suite
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/branches/nooath@894 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2017-01-17 14:29:41 +00:00
Dag-Erling Smørgrav
abee687e7a
merge r862: add control flag for fallback to "other" policy
...
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/branches/nooath@893 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2017-01-17 14:19:04 +00:00
Dag-Erling Smørgrav
6b947dd00a
merge r787,r830-r840,r845,r852-r853: build and packaging improvements
...
merge r854: silence all cast-qual warnings except in test suite
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/branches/nooath@855 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2015-01-27 22:33:15 +00:00
Dag-Erling Smørgrav
918f37acdc
merge r792: support line continuation in whitespace.
...
merge r824: remove unused variable.
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/branches/nooath@825 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2014-10-18 22:38:31 +00:00
Dag-Erling Smørgrav
89f5473b9d
merge r802: require at least one service function to have succeeded.
...
merge r803: introduce strlset() and use it to clear authentication tokens
merge r804: remove keywords from text files
merge r805: include CVE numbers in change log
merge r806: prepare to release Ourouparia
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/branches/nooath@807 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2014-09-09 09:41:32 +00:00
Dag-Erling Smørgrav
4685f783f4
merge r795: fix error handling for nonexistent modules (CVE-2014-3879)
...
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/branches/nooath@796 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2014-06-03 21:30:08 +00:00
Dag-Erling Smørgrav
c87d7f0ff0
merge r759: add is_xdigit() predicate
...
merge r760: add tests for ctype macros
merge r761: fix bug in is_upper()
merge r762: update credits
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/branches/nooath@763 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2014-02-26 16:29:16 +00:00
Dag-Erling Smørgrav
c3cacd763a
merge r742: caught_signal should be static.
...
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/branches/nooath@743 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2013-09-07 19:26:36 +00:00
Dag-Erling Smørgrav
efcf4a9ec6
Create a nooath branch as a copy of trunk@713 with the OATH code removed.
...
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/branches/nooath@714 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2013-08-19 15:30:21 +00:00
Dag-Erling Smørgrav
efa93c4a5f
Don't log the text we read, it may contain sensitive information (such
...
as an OATH OTP key, since liboath uses openpam_readline() to read the
keyfile)
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@703 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2013-08-16 11:57:54 +00:00
Dag-Erling Smørgrav
929ddb1bc3
Fixed flipped condition.
...
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@699 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2013-08-15 17:15:35 +00:00
Dag-Erling Smørgrav
fe081dbbfc
Unfortunately, Linux doesn't have MAP_NOCORE.
...
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@696 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2013-08-15 16:00:41 +00:00
Dag-Erling Smørgrav
88a91c2d02
Rename oath_dummy_key() to oath_key_dummy() and move it into its own file.
...
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@694 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2013-08-15 15:23:58 +00:00
Dag-Erling Smørgrav
066e2b91ff
Record the last successful use of a TOTP key. Also add commented-out
...
logic to prevent reuse of the same code or an earlier code within the
window, and make some minor type adjustments.
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@693 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2013-08-15 15:21:31 +00:00
Dag-Erling Smørgrav
5847a34802
The --with-modules-dir configure option never quite worked, and became
...
even more badly broken when the dynamic loader was rewritten in March.
Reimplement it the way it was always meant to work (but never did):
If --with-modules-dir was specified, modules will be installed in that
directory and the dynamic loader will look for them there. If it was
not specified, modules will be installed in libdir and the dynamic
loader will use the standard search path (/usr/lib:/usr/local/lib). In
both cases, a policy file can still name a module by its full path.
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@690 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2013-08-15 13:22:51 +00:00
Dag-Erling Smørgrav
c9387115d9
Factor out oath_key_{alloc,free}() and implement wiring / locking.
...
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@689 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2013-07-12 10:47:14 +00:00
Dag-Erling Smørgrav
c05b6dd046
INFTIM is a BSDism; use -1 instead.
...
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@688 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2013-07-11 16:40:08 +00:00
Dag-Erling Smørgrav
93d104bfd6
Reimplement, hopefully with marginally fewer bugs. There is an
...
unfortunate amount of code duplication between the tty and non-tty
paths, but the alternative is greatly increased complexity.
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@687 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2013-07-11 16:37:25 +00:00
Dag-Erling Smørgrav
3a53d5117b
Document that openpam_log(3) saves and restores errno(2).
...
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@686 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2013-07-11 16:36:02 +00:00
Dag-Erling Smørgrav
3ab09a4f26
OPENPAM_DEBUG (--enable-debug) has a double action: it enables the
...
debugging macros, and sets the initial value of openpam_debug to 1.
This effectively gives the user a choice between no debugging at all,
or drowning in debugging messages from every part of the system.
Assuming that the primary use case for debugging is to allow admins to
troubleshoot their policies by adding the debug option to selected
pam.conf entries, remove the initialization of openpam_debug to 1.
This allows integrators to ship OpenPAM with OPENPAM_DEBUG defined
without spamming /var/log.
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@684 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2013-04-14 15:44:32 +00:00
Dag-Erling Smørgrav
a43b9256fc
Log an error if open() failed for any other reason than ENOENT.
...
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@683 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2013-04-14 14:49:59 +00:00
Dag-Erling Smørgrav
70d5d18643
Initialize has_ver and has_so to false, not true.
...
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@682 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2013-04-14 14:48:29 +00:00
Dag-Erling Smørgrav
2fc7038ca4
Always restore errno before returning from openpam_log().
...
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@681 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2013-04-14 14:36:05 +00:00
Dag-Erling Smørgrav
9f6bdd74f4
Clean up and simplify dummy key handling.
...
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@679 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2013-03-18 21:38:58 +00:00
Dag-Erling Smørgrav
7da9af6602
Set a reasonable, hard limit on label length. This removes the need for
...
a variable-length key structure (to accommodate a variable-length label)
and vastly simplifies key parsing.
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@678 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2013-03-18 21:34:29 +00:00
Dag-Erling Smørgrav
c1df418c6f
comment nit
...
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@674 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2013-03-17 20:04:24 +00:00
Dag-Erling Smørgrav
794601a544
Make the .so suffix optional, so these three lines are now equivalent:
...
auth required pam_unix.so.2 try_first_pass
auth required pam_unix.so try_first_pass
auth required pam_unix try_first_pass
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@672 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2013-03-17 19:42:33 +00:00
Dag-Erling Smørgrav
d4ab77b35c
Document the effect of module options (echo_pass, *_prompt etc)
...
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@670 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2013-03-17 19:26:07 +00:00
Dag-Erling Smørgrav
32d5e093bd
Remove unneeded #include
...
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@667 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2013-03-17 14:24:00 +00:00
Dag-Erling Smørgrav
3353ad06ce
Add predicates for letters and digits.
...
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@666 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2013-03-17 14:22:17 +00:00
Dag-Erling Smørgrav
0f25be4e42
unbreak static linking
...
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@664 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2013-03-17 10:56:15 +00:00
Dag-Erling Smørgrav
567ecaa2af
Clean up the dynamic module loading code, and add support for the
...
module path which was added in r695.
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@662 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2013-03-11 16:33:27 +00:00
Dag-Erling Smørgrav
2b8f7a6154
nit: the argument is a module name, which may or may not be a path.
...
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@661 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2013-03-11 15:44:22 +00:00
Dag-Erling Smørgrav
fe2e691204
Use dlfunc() if available; if not, fake it in terms of dlsym().
...
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@660 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2013-03-11 15:08:52 +00:00
Dag-Erling Smørgrav
785bc19867
Move openpam_policy_path into openpam_constants.c, and add a corresponding
...
openpam_module_path.
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@659 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2013-03-11 14:10:13 +00:00
Dag-Erling Smørgrav
7bcd5bb700
Split up the liboath header files.
...
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@655 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2013-03-06 14:10:09 +00:00
Dag-Erling Smørgrav
93a9982d45
Link with -lcrypto
...
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@654 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2013-03-05 19:03:59 +00:00
Dag-Erling Smørgrav
0da2f07cfb
PAM_LOG_DEBUG -> PAM_LOG_LIBDEBUG
...
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@649 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2013-03-05 17:58:33 +00:00
Dag-Erling Smørgrav
a9a5497d3f
Reorganize:
...
- move libpam into lib/libpam
- move the OATH code into lib/liboath
- move oath.h into include/security
- update all pointers
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@646 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2013-03-05 17:49:06 +00:00
Dag-Erling Smørgrav
f8a727ec0c
Always use openpam_straddch(3) to bootstrap the string, even if we
...
have nothing to add to it. This simplifies the code and fixes a bug
introduced in r553 where the first character in the string would
always be set to '\0', instead of only when bootstrapping.
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@636 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2013-03-03 23:27:35 +00:00
Dag-Erling Smørgrav
75420a1e07
Simplify by using openpam_straddch(3) to bootstrap the string.
...
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@635 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2013-03-03 23:23:58 +00:00
Dag-Erling Smørgrav
54d9167cea
If ch == '\0', do not grow the string or advance the length counter,
...
but do allocate a string if there is none to begin with. This makes
it possible to use openpam_straddch(3) to preallocate the string (if
necessary) instead of manually calling malloc(3) or calloc(3) and
initializing size and len.
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@634 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2013-03-03 23:23:10 +00:00
Dag-Erling Smørgrav
08f35bc290
Style nit
...
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@631 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2013-03-03 19:41:24 +00:00
Dag-Erling Smørgrav
ff9ea1145d
PAM_SYSTEM_ERR is permissible here.
...
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@630 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2013-02-28 20:13:56 +00:00
Dag-Erling Smørgrav
f70250359e
Use AM_CPPFLAGS instead of INCLUDES.
...
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@620 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2013-02-24 18:51:10 +00:00