OpenPAM/OpenPAM
OpenPAM
/
OpenPAM
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
722 Commits 3 Branches 10 Tags 1.9 MiB
Commit Graph

722 Commits

Author SHA1 Message Date
Dag-Erling Smørgrav 547794d58e Remove keywords from pure text files. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@804 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2014-09-09 09:11:31 +00:00
Dag-Erling Smørgrav 69b1a97268 Introduce strlset(), a memset() variant for strings where the actual 
size of the buffer is not necessarily known, and which can replace the
"memset(str, 0, strlen(str))" idiom.  Use it to clear buffers which may
have contained authentication tokens.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@803 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2014-09-09 09:07:51 +00:00
Dag-Erling Smørgrav 131aba915f From NetBSD: require at least one service function to have succeeded. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@802 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2014-09-09 08:08:13 +00:00
Dag-Erling Smørgrav 548c44573c Belatedly document the addition of module search paths. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@800 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2014-09-08 12:42:29 +00:00
Dag-Erling Smørgrav 05630b94be Spell the name of the University of Oslo in English. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@799 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2014-07-10 17:16:48 +00:00
Dag-Erling Smørgrav 57429ccc0e Add missing cast. 
Submitted by:	Jörg Sonnenberger <joerg@britannica.bec.de>


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@797 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2014-06-10 21:27:18 +00:00
Dag-Erling Smørgrav 7dbd5c38b7 In openpam_parse_chain(): 
1. Finish a comment which was meant to describe the four different
   termination conditions for the loop in openpam_parse_chain() but
   ended in mid-sentence.

2. Ensure that errno is consistently set to EINVAL if a syntax error
   is encountered in the policy file.

3. If openpam_load_module() fails because the module could not be
   loaded, set errno to ENOEXEC instead of ENOENT.  This closes a hole
   where a missing module or a typo in a module name would cause the
   corresponding chain to fail open.  Normally, if the policy exists
   but cannot be loaded, openpam_load_chain() will return an error,
   and openpam_configure() will discard any partially constructed
   chains.  However, openpam_load_chain() interprets ENOENT to mean
   that the policy was not found, so it does not immediately return an
   error, the partially-loaded chain is not discarded, and the policy
   is incorrectly considered to have been successfully loaded.

4. Ensure that errors encountered while parsing an included policy are
   correctly propagated to the original policy, and that ENOENT while
   processing an include directive is a hard error, not a soft error.

CVE-2014-3879


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@795 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2014-06-03 21:27:48 +00:00
Dag-Erling Smørgrav 1efe822057 For TOTP keys, we record when the key was last used. For HOTP keys, 
however, we want to record the *next* allowed counter value.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@794 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2014-04-11 10:35:18 +00:00
Dag-Erling Smørgrav b61b6f9c74 Add a test for lines containing more words than will fit in 
openpam_readword()'s initial allocation.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@793 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2014-03-17 14:27:03 +00:00
Dag-Erling Smørgrav e58f05403e Support line continuation in whitespace. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@792 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2014-03-17 14:11:41 +00:00
Dag-Erling Smørgrav 4614107c94 Missed one 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@791 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2014-03-17 14:10:33 +00:00
Dag-Erling Smørgrav f7e8328354 Additional tests for various end-of-line / end-of-file corner cases, 
and for comments that aren't comments.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@790 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2014-03-17 14:08:31 +00:00
Dag-Erling Smørgrav 14d31b83e8 Fix headers 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@789 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2014-03-12 00:04:20 +00:00
Dag-Erling Smørgrav a4ff6191f7 I must have been drunk when I wrote this. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@788 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2014-03-12 00:03:53 +00:00
Dag-Erling Smørgrav 925436a04f Compress man pages before generating the manifest. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@787 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2014-03-10 15:43:17 +00:00
Dag-Erling Smørgrav 078ac6bb4a Move oath_key_from_file() into a separate source file and document it. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@786 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2014-03-10 15:37:55 +00:00
Dag-Erling Smørgrav 6722d714f5 Missing word 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@785 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2014-03-10 15:37:38 +00:00
Dag-Erling Smørgrav 38622bad18 Implement keyfile writeback. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@784 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2014-03-10 15:31:30 +00:00
Dag-Erling Smørgrav ebdefa45ca Fix buffer overflow in the b64complete test case by increasing the size 
of the buffer used in tests.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@783 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2014-03-10 11:13:05 +00:00
Dag-Erling Smørgrav 7914208b2d Don't forget do distribute oath_impl.h. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@782 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2014-03-10 10:03:57 +00:00
Dag-Erling Smørgrav 9853f0d8d5 Generate man pages for oath_key_from_uri() and oath_uri_decode(). 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@781 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2014-03-10 09:59:01 +00:00
Dag-Erling Smørgrav 6243755aa2 Rudimentary key management tool. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@780 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2014-03-10 09:55:15 +00:00
Dag-Erling Smørgrav 5d59548018 When I changed the argument type from uint8_t * to char *, I forgot that 
they were being used as array indices.  Cast them back to uint8_t.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@779 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2014-03-09 14:11:44 +00:00
Dag-Erling Smørgrav 6c087dd523 Add test vectors which encode to the complete alphabet. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@778 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2014-03-09 14:10:06 +00:00
Dag-Erling Smørgrav 2efb7c4b01 Support (but ignore, for now) the issuer parameter. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@777 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2014-03-09 13:08:14 +00:00
Dag-Erling Smørgrav 75a6073d2c Encoder: 
- Return the desired length when the buffer is too small.

 - Annotate the switch so Bullseye doesn't complain about an uncovered
   default case.

Decoder:

 - The table approach was a good idea, but there was no way to tell the
   difference between a character that decodes as 0 and an invalid
   character.  Modify the tables so an invalid character is indicated
   by 0xff instead of 0x00.

 - Check that padding starts in a valid position.  Note that we still
   don't check for left-over bits.

 - The overflow test always failed, because we set *olen = len before
   comparing them.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@776 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2014-03-09 12:48:48 +00:00
Dag-Erling Smørgrav d60017fe80 Additional tests (which also fail) for unexpected padding. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@775 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2014-03-09 12:04:56 +00:00
Dag-Erling Smørgrav 183cc6d511 The dummy constants have moved to oath_constants.h. 
Add annotation macros for coverage analysis.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@774 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2014-03-09 11:51:08 +00:00
Dag-Erling Smørgrav c5265319ff Completely rewrite the test suite for the RFC 4648 encoding / decoding 
functions and add many new tests, several of which fail.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@773 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2014-03-09 11:49:08 +00:00
Dag-Erling Smørgrav 01809a1b48 Switch from uint8_t to char. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@772 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2014-03-09 11:45:05 +00:00
Dag-Erling Smørgrav 17144e7a5f Replace base{32,64}_decode() with table-driven implementations. The new 
code is less strict about padding, thus ensuring compatibility with
implementations which do not understand padding, such as MIME::Base32.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@771 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2014-03-06 17:54:58 +00:00
Dag-Erling Smørgrav 4645bc1762 Fix base{32,64}_decode(). The former handled padding incorrectly; the 
latter was derived from the former, and had a couple of copy-paste bugs
in addition to the padding bug.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@770 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2014-03-06 12:35:47 +00:00
Dag-Erling Smørgrav 576e1e6b1c Add tests for base{32,64}_decode(). Both are broken. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@769 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2014-03-06 12:32:29 +00:00
Dag-Erling Smørgrav 56f7cf21f5 Make stdout line-buffered so verbose output is easier to read. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@768 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2014-03-06 12:31:31 +00:00
Dag-Erling Smørgrav 03207fcd61 oops, braino in previous commit. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@767 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2014-03-06 12:30:44 +00:00
Dag-Erling Smørgrav 3dab19018f props 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@766 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2014-03-06 12:29:36 +00:00
Dag-Erling Smørgrav 9f84c11072 props 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@765 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2014-03-06 09:29:06 +00:00
Dag-Erling Smørgrav 46df1b1050 Document the is_upper() bug. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@764 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2014-02-26 17:30:57 +00:00
Dag-Erling Smørgrav 5fadc4abb8 Credit Larry Baird for the is_upper() bug and sort the list. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@762 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2014-02-26 16:23:41 +00:00
Dag-Erling Smørgrav c7457cff15 Fix a bug in the is_upper() macro. 
Submitted by:	Larry Baird <lab@gta.com>


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@761 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2014-02-26 16:23:22 +00:00
Dag-Erling Smørgrav 58921adbab Add complete coverage for the classification macros in openpam_ctype.h. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@760 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2014-02-26 16:22:32 +00:00
Dag-Erling Smørgrav 9e9207fd5d Add is_xdigit() predicate. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@759 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2014-01-24 13:44:34 +00:00
Dag-Erling Smørgrav 3d0d4da447 Factor out and document oath_key_from_uri(). 
Implement percent-decoding of the key label.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@758 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2014-01-23 20:19:54 +00:00
Dag-Erling Smørgrav aec3988b2f Bump copyright 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@757 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2014-01-23 20:17:41 +00:00
Dag-Erling Smørgrav 59313f56a4 Do not use oath_[ht]otp_match() as predicates - a non-zero return can 
mean an error occurred.  We should probably switch to the standard
Unix idiom of returning 0 for success.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@756 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2014-01-22 15:13:56 +00:00
Dag-Erling Smørgrav e8cd86aade - The key length is in bytes, not bits, so the correct default is 20 
and not 160 (which would actually overflow).  This should probably
  be a macro.
- Implement random key generation using OpenSSL's RAND_bytes(3).


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@755 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2014-01-22 15:12:15 +00:00
Dag-Erling Smørgrav 11a8c730d2 Enable OATH by default and tweak some option description strings. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@754 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2014-01-20 11:25:44 +00:00
Dag-Erling Smørgrav 9c592d628c Note that saving the keyfile updates a TOTP key's lastused parameter. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@753 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2014-01-20 10:48:39 +00:00
Dag-Erling Smørgrav aa338bce81 Add oath_key_create(3) which creates an OATH key from scratch. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@752 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2014-01-20 10:47:10 +00:00
Dag-Erling Smørgrav df95e0530d Credit Baptiste Daroussin for his various contributions, including but not 
limited to r749.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@750 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2014-01-13 21:27:03 +00:00