Commit Graph

370 Commits

Author SHA1 Message Date
Dag-Erling Smørgrav a967883b9c In openpam_ttyconv(3), wait to print the prompt until after we're ready
to accept input.  Otherwise, there is a small but non-zero chance that
input provided after the prompt appears is discarded when we flush the
tty buffer.

Submitted by:	Brooks Davis <brooks@freebsd.org>


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@948 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2020-11-19 05:41:15 +00:00
Dag-Erling Smørgrav bb68996306 Bump copyright years.
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@944 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2019-02-22 09:49:12 +00:00
Dag-Erling Smørgrav 9bdf428c5a Fix an off-by-one bug in pam_getenv() which was inadvertantly
introduced when pam_getenv() was (needlessly) rewritten as part of
r913.  Rewrite pam_getenv() again (but correctly, this time) to reduce
the number of times we iterate over the same string.  Add a few unit
tests for pam_{get,put,set}env(), including one which would have
caught the bug.

Credit goes to Tim Creech <tcreech@tcreech.com> for discovering and
reporting the bug.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@943 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2019-02-20 13:23:51 +00:00
Dag-Erling Smørgrav 9cd25f7e7d Switch from $Id$ to $OpenPAM$.
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@938 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2017-04-30 21:34:42 +00:00
Dag-Erling Smørgrav 919a1250d4 Bump copyright year.
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@935 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2017-04-26 21:04:10 +00:00
Dag-Erling Smørgrav 105d392c57 Add two more error codes for situations where we used PAM_SYMBOL_ERR.
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@932 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2017-04-26 20:41:59 +00:00
Dag-Erling Smørgrav 29c7f93598 Introduce an array of error strings and use it wherever applicable.
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@931 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2017-04-26 19:23:50 +00:00
Dag-Erling Smørgrav 3ebfd11150 Use the correct error code in some of the places where we have long used
the wrong one.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@927 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2017-04-26 19:15:30 +00:00
Dag-Erling Smørgrav d9e44d146f Fix a bug that prevented the service name from being freed, thus
leaking a small amount of memory for every PAM session.

While there, eliminate an unnecessary variable.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@918 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2017-02-19 17:46:22 +00:00
Dag-Erling Smørgrav 82935b7d7a Downgrade the "unexpected EOF" message from ERROR to DEBUG.
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@916 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2017-02-07 12:25:58 +00:00
Dag-Erling Smørgrav 1e09705bd7 Fix FREEV() when v is NULL.
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@915 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2017-02-07 12:03:19 +00:00
Dag-Erling Smørgrav c5a320988e In pam_*env(3), set errno as the corresponding POSIX functions would.
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@914 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2017-01-21 15:15:29 +00:00
Dag-Erling Smørgrav e936857588 Newer versions of clang take __nonnull__ annotations into account not only
when compiling code that calls the function, but also when compiling the
function itself.  This means that NULL checks in the function trigger
condition-always-false warnings.  We have a choice between disabling these
warnings, removing the __nonnull__ annotations, or removing the NULL checks.
We prefer to keep the annotations and warnings and remove the checks.  In
all cases, passing NULL to the function in question will result in a
segmentation fault, which is often easier to debug than an error return,
especially when most of these checks were for the PAM handle, which can only
be NULL if the caller ignored an error return from pam_start().


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@913 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2017-01-21 15:11:12 +00:00
Dag-Erling Smørgrav c75883564d Move OATH development to a branch. OATH will soon disappear entirely
from this repository as Cryb takes over.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@907 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2017-01-18 09:39:01 +00:00
Dag-Erling Smørgrav 3699596d18 Correctly compare the return value from pam_get_item() to PAM_SUCCESS
instead of assuming (incorrectly) that it returns non-zero on success.
Bump dates as needed.

Reported by:	Patrick Bihan-Faou <patrick-fbsd@mindstep.com>


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@902 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2017-01-17 14:57:09 +00:00
Dag-Erling Smørgrav 26fbccde77 Bump dates if required on files modified in 2014 or later.
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@890 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2016-01-11 16:22:09 +00:00
Dag-Erling Smørgrav c371da364c Note that the secret should also be percent-encoded.
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@887 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2016-01-11 14:09:30 +00:00
Dag-Erling Smørgrav 4a77e993a9 Fix parsing of percent-encoded URIs.
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@886 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2016-01-11 14:07:54 +00:00
Dag-Erling Smørgrav 9ff1a454ce Fix off-by-one bug: we forgot to account for the terminating NUL when
checking the length of the label.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@881 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2016-01-09 18:29:32 +00:00
Dag-Erling Smørgrav a38c5db91b Fix rather embarassing #if nesting error in previous commit.
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@879 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2016-01-09 17:43:56 +00:00
Dag-Erling Smørgrav f82c90afb6 Coverity Scan doesn't like the no-op default case, so hide it when
we're not instrumenting for coverage analysis.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@878 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2016-01-09 17:34:32 +00:00
Dag-Erling Smørgrav 4e92aa7e24 Plug potential memory leak reported by Coverity Scan. I'm not sure it
can actually ever occur, but the extra free() is harmless, provided we
make sure not to free() something we're still using.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@877 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2016-01-09 17:26:18 +00:00
Dag-Erling Smørgrav 5b83650c3d Don't forget to free the line we read from the key file.
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@876 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2016-01-09 17:23:36 +00:00
Dag-Erling Smørgrav f78c2be225 Add missing third clause.
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@872 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2015-12-01 19:25:07 +00:00
Dag-Erling Smørgrav 4ee61ea341 intptr_t requires <stdint.h>
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@865 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2015-07-31 00:02:09 +00:00
Dag-Erling Smørgrav d84d7367fe Add a feature flag to control whether to fall back to the "other" policy
for chains that are still empty after the requested policy was loaded.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@862 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2015-07-30 23:42:38 +00:00
Dag-Erling Smørgrav 653950434c Fully fix the input overflow bug and add a test case for it.
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@861 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2015-03-19 00:42:58 +00:00
Dag-Erling Smørgrav 737e1bef50 Increment by three, not one, after successfully decoding a character.
Add a boundary check.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@858 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2015-03-19 00:07:19 +00:00
Dag-Erling Smørgrav ce014fab92 Silence all remaining qual-cast warnings except in the test suite.
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@854 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2015-01-27 22:13:03 +00:00
Dag-Erling Smørgrav cec8549503 Change the meaning of the window parameter to always indicate the number
of codes to check *in addition* to the current code.  Note that for TOTP,
the window goes in both directions; a window of 1 means to check the
current code plus the previous and next.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@849 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2014-12-15 16:42:31 +00:00
Dag-Erling Smørgrav e959d8c160 Consistently use UINT_MAX, not -1, to indicate an invalid response.
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@848 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2014-12-15 16:12:29 +00:00
Dag-Erling Smørgrav c7a5aa489f Add an oath_mode(3) function which translates from mode names to numbers.
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@846 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2014-12-11 13:58:15 +00:00
Dag-Erling Smørgrav da2c1e7120 Fix a few cases where we incorrectly (and needlessly) cast away const
qualifiers.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@843 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2014-11-25 10:35:19 +00:00
Dag-Erling Smørgrav f3fda3d07a Style nits
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@839 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2014-11-07 16:37:56 +00:00
Dag-Erling Smørgrav ac54af0d69 Add configure options to build as much as possible using the system
libpam and / or liboath.  Doing so disables building the corresponding
library and its documentation, but still builts the corresponding tools
and modules and runs the unit tests.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@834 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2014-10-28 10:25:58 +00:00
Dag-Erling Smørgrav 385dfb33cb Use $() instead of @@ in Makefiles.
Don't build OATH man pages if --without-oath.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@833 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2014-10-28 09:03:41 +00:00
Dag-Erling Smørgrav e5b05552fc Remove unused variable.
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@824 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2014-10-18 22:35:35 +00:00
Dag-Erling Smørgrav ce08052f96 Compare the return value from mmap() to MAP_FAILED, not NULL.
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@823 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2014-10-16 13:44:34 +00:00
Dag-Erling Smørgrav 69b1a97268 Introduce strlset(), a memset() variant for strings where the actual
size of the buffer is not necessarily known, and which can replace the
"memset(str, 0, strlen(str))" idiom.  Use it to clear buffers which may
have contained authentication tokens.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@803 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2014-09-09 09:07:51 +00:00
Dag-Erling Smørgrav 131aba915f From NetBSD: require at least one service function to have succeeded.
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@802 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2014-09-09 08:08:13 +00:00
Dag-Erling Smørgrav 05630b94be Spell the name of the University of Oslo in English.
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@799 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2014-07-10 17:16:48 +00:00
Dag-Erling Smørgrav 7dbd5c38b7 In openpam_parse_chain():
1. Finish a comment which was meant to describe the four different
   termination conditions for the loop in openpam_parse_chain() but
   ended in mid-sentence.

2. Ensure that errno is consistently set to EINVAL if a syntax error
   is encountered in the policy file.

3. If openpam_load_module() fails because the module could not be
   loaded, set errno to ENOEXEC instead of ENOENT.  This closes a hole
   where a missing module or a typo in a module name would cause the
   corresponding chain to fail open.  Normally, if the policy exists
   but cannot be loaded, openpam_load_chain() will return an error,
   and openpam_configure() will discard any partially constructed
   chains.  However, openpam_load_chain() interprets ENOENT to mean
   that the policy was not found, so it does not immediately return an
   error, the partially-loaded chain is not discarded, and the policy
   is incorrectly considered to have been successfully loaded.

4. Ensure that errors encountered while parsing an included policy are
   correctly propagated to the original policy, and that ENOENT while
   processing an include directive is a hard error, not a soft error.

CVE-2014-3879


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@795 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2014-06-03 21:27:48 +00:00
Dag-Erling Smørgrav 1efe822057 For TOTP keys, we record when the key was last used. For HOTP keys,
however, we want to record the *next* allowed counter value.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@794 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2014-04-11 10:35:18 +00:00
Dag-Erling Smørgrav e58f05403e Support line continuation in whitespace.
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@792 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2014-03-17 14:11:41 +00:00
Dag-Erling Smørgrav 14d31b83e8 Fix headers
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@789 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2014-03-12 00:04:20 +00:00
Dag-Erling Smørgrav a4ff6191f7 I must have been drunk when I wrote this.
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@788 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2014-03-12 00:03:53 +00:00
Dag-Erling Smørgrav 078ac6bb4a Move oath_key_from_file() into a separate source file and document it.
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@786 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2014-03-10 15:37:55 +00:00
Dag-Erling Smørgrav 6722d714f5 Missing word
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@785 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2014-03-10 15:37:38 +00:00
Dag-Erling Smørgrav 7914208b2d Don't forget do distribute oath_impl.h.
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@782 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2014-03-10 10:03:57 +00:00
Dag-Erling Smørgrav 5d59548018 When I changed the argument type from uint8_t * to char *, I forgot that
they were being used as array indices.  Cast them back to uint8_t.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@779 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2014-03-09 14:11:44 +00:00