OpenPAM/OpenPAM
OpenPAM/OpenPAM
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
798 commits 3 branches 10 tags 1.9 MiB
Commit graph

798 commits

This branch
This branch
All branches
Author SHA1 Message Date
Dag-Erling Smørgrav
3699596d18 Correctly compare the return value from pam_get_item() to PAM_SUCCESS 
instead of assuming (incorrectly) that it returns non-zero on success.
Bump dates as needed.

Reported by:	Patrick Bihan-Faou <patrick-fbsd@mindstep.com>


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@902 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2017-01-17 14:57:09 +00:00
Dag-Erling Smørgrav
da26321ba8 Spell the GCC pragmas correctly. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@891 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2016-09-19 10:04:25 +00:00
Dag-Erling Smørgrav
26fbccde77 Bump dates if required on files modified in 2014 or later. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@890 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2016-01-11 16:22:09 +00:00
Dag-Erling Smørgrav
b6605f9267 Add University of Oslo copyright and bump dates. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@889 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2016-01-11 16:21:28 +00:00
Dag-Erling Smørgrav
aa6768d765 Fix props 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@888 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2016-01-11 16:19:57 +00:00
Dag-Erling Smørgrav
c371da364c Note that the secret should also be percent-encoded. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@887 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2016-01-11 14:09:30 +00:00
Dag-Erling Smørgrav
4a77e993a9 Fix parsing of percent-encoded URIs. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@886 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2016-01-11 14:07:54 +00:00
Dag-Erling Smørgrav
d040ae3d29 Add a man page for pam_oath(8) which I've had lying around for years. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@885 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2016-01-11 13:45:17 +00:00
Dag-Erling Smørgrav
b1895baa2d Don't forget to generate the Makefile for pam_return(8). 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@884 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2016-01-11 13:44:33 +00:00
Dag-Erling Smørgrav
ddfa63ca38 Disable coverage analysis of tests and test infrastructure. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@883 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2016-01-09 18:42:28 +00:00
Dag-Erling Smørgrav
41a50e0c57 Set an upper limit to the number of codes generated by the calc command. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@882 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2016-01-09 18:41:46 +00:00
Dag-Erling Smørgrav
9ff1a454ce Fix off-by-one bug: we forgot to account for the terminating NUL when 
checking the length of the label.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@881 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2016-01-09 18:29:32 +00:00
Dag-Erling Smørgrav
310b5ee125 Partially revert r871 until a better solution can be found, as it only 
works if the file already exists.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@880 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2016-01-09 17:52:39 +00:00
Dag-Erling Smørgrav
a38c5db91b Fix rather embarassing #if nesting error in previous commit. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@879 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2016-01-09 17:43:56 +00:00
Dag-Erling Smørgrav
f82c90afb6 Coverity Scan doesn't like the no-op default case, so hide it when 
we're not instrumenting for coverage analysis.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@878 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2016-01-09 17:34:32 +00:00
Dag-Erling Smørgrav
4e92aa7e24 Plug potential memory leak reported by Coverity Scan. I'm not sure it 
can actually ever occur, but the extra free() is harmless, provided we
make sure not to free() something we're still using.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@877 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2016-01-09 17:26:18 +00:00
Dag-Erling Smørgrav
5b83650c3d Don't forget to free the line we read from the key file. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@876 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2016-01-09 17:23:36 +00:00
Dag-Erling Smørgrav
e89fab019e Fix NULL check in pam_oath_save_key() error-handling code, which 
checked the wrong variable.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@875 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2016-01-09 17:22:34 +00:00
Dag-Erling Smørgrav
d4aad88c97 Add a table-driven test which leverages the pam_return module to test 
various code paths in openpam_dispatch().


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@874 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2015-12-01 19:40:01 +00:00
Dag-Erling Smørgrav
17c3fff539 For testing purposes, add a pam_return module which can be configured to 
return any value, either by name (e.g. PAM_AUTH_ERR) or by number, even
if that number is out of range.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@873 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2015-12-01 19:38:01 +00:00
Dag-Erling Smørgrav
f78c2be225 Add missing third clause. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@872 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2015-12-01 19:25:07 +00:00
Dag-Erling Smørgrav
b3cd4386fa In t_fopen(), resolve the full path to the file before opening it. 
In t_fprintf(), immediately flush the file after writing to it.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@871 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2015-12-01 19:21:50 +00:00
Dag-Erling Smørgrav
d30df17f67 Increase the TOTP window to ±2 timesteps. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@870 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2015-10-23 10:22:35 +00:00
Dag-Erling Smørgrav
b149f4beed Fix uninitialized variable warning. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@869 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2015-10-23 10:19:21 +00:00
Dag-Erling Smørgrav
4a9cae719e Let the optional argument to the calc command be the total number of codes 
to print, not the number of codes in addition to the current code.
Add a -n option which causes the calc command to print the counter or
timestamp in addition to the code.
Document the fact that the calc command does not work correctly for TOTP
keys with count > 1.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@868 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2015-10-23 09:41:16 +00:00
Dag-Erling Smørgrav
75781c2e7c Don't forget to distribute t_pam_conv.h 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@867 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2015-10-23 09:10:04 +00:00
Dag-Erling Smørgrav
37b1f12e58 Deconstify across the board to dodge -Wcast-qual until we convert to the far 
superior cryb.to test framework.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@866 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2015-07-31 00:03:02 +00:00
Dag-Erling Smørgrav
4ee61ea341 intptr_t requires <stdint.h> 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@865 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2015-07-31 00:02:09 +00:00
Dag-Erling Smørgrav
a1e8de164e ignore generated file 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@864 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2015-07-31 00:01:51 +00:00
Dag-Erling Smørgrav
38c6ca93b2 Start writing tests for openpam_dispatch(). The first is a regression test 
for the bug fixed in r802.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@863 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2015-07-30 23:44:31 +00:00
Dag-Erling Smørgrav
d84d7367fe Add a feature flag to control whether to fall back to the "other" policy 
for chains that are still empty after the requested policy was loaded.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@862 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2015-07-30 23:42:38 +00:00
Dag-Erling Smørgrav
653950434c Fully fix the input overflow bug and add a test case for it. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@861 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2015-03-19 00:42:58 +00:00
Dag-Erling Smørgrav
bf92462945 Include oath.man in the distribution tarball. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@860 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2015-03-19 00:21:23 +00:00
Dag-Erling Smørgrav
34ef29ccf8 ignore generated file 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@859 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2015-03-19 00:16:42 +00:00
Dag-Erling Smørgrav
737e1bef50 Increment by three, not one, after successfully decoding a character. 
Add a boundary check.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@858 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2015-03-19 00:07:19 +00:00
Dag-Erling Smørgrav
a1f83b0b30 Add unit tests for RFC 3986 percent encoding / decoding. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@857 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2015-03-19 00:06:32 +00:00
Dag-Erling Smørgrav
ce014fab92 Silence all remaining qual-cast warnings except in the test suite. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@854 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2015-01-27 22:13:03 +00:00
Dag-Erling Smørgrav
563ac2d4bb Remove the pamgdb script, since "libtool exec gdb" does the same job better. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@853 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2015-01-15 17:20:49 +00:00
Dag-Erling Smørgrav
8a2e3ce9b6 BullseyeCoverage needs to know exactly which compiler we're using. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@852 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2015-01-15 17:18:03 +00:00
Dag-Erling Smørgrav
00fb76245a Silence an uninitialized variable warning from gcc, which does not realize 
that the resynchronization loop will always run at least once.
Adjust the loop condition, which unintentionally ignored errors.
Remove a debugging message.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@851 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2014-12-15 17:11:36 +00:00
Dag-Erling Smørgrav
1cffa76b4f Track liboath: 
- Use UINT_MAX to indicate an invalid response.
  - The meaning of the window parameter has changed slightly.
The calc command now accepts a count of codes to generate.
The resync command now fails if the key is not resynchronizable.
Clean up the usage message.
Document exit codes.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@850 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2014-12-15 17:00:59 +00:00
Dag-Erling Smørgrav
cec8549503 Change the meaning of the window parameter to always indicate the number 
of codes to check *in addition* to the current code.  Note that for TOTP,
the window goes in both directions; a window of 1 means to check the
current code plus the previous and next.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@849 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2014-12-15 16:42:31 +00:00
Dag-Erling Smørgrav
e959d8c160 Consistently use UINT_MAX, not -1, to indicate an invalid response. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@848 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2014-12-15 16:12:29 +00:00
Dag-Erling Smørgrav
2f686b73cb Require the user to specify the OATH mode (HOTP or TOTP) when generating 
a new key.

Allow resynchronizing with three keys instead of two, increasing the
resynchronization window from 100 keys to 1000 keys.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@847 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2014-12-11 14:06:59 +00:00
Dag-Erling Smørgrav
c7a5aa489f Add an oath_mode(3) function which translates from mode names to numbers. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@846 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2014-12-11 13:58:15 +00:00
Dag-Erling Smørgrav
e84c236ee9 Recognize enums and unions as well as structs. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@845 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2014-12-11 13:56:51 +00:00
Dag-Erling Smørgrav
8988b9122e The read-only option that was implemented in r841 was inaccessible 
because the getopt(3) spec had not been updated to include it.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@844 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2014-11-25 14:01:58 +00:00
Dag-Erling Smørgrav
da2c1e7120 Fix a few cases where we incorrectly (and needlessly) cast away const 
qualifiers.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@843 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2014-11-25 10:35:19 +00:00
Dag-Erling Smørgrav
753721df82 Implement HOTP resynchronization: the user provides two consecutive codes 
from their token.  If the first code is found within the synchronization
window (currently hardcoded to 99) and the second is the next code in the
sequence, the counter is reset to one past the second code.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@842 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2014-11-12 17:30:38 +00:00
Dag-Erling Smørgrav
d130c0ec09 Turn writeback mode on by default in oathkey(1). 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@841 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2014-11-12 16:21:15 +00:00