- Return the desired length when the buffer is too small.
- Annotate the switch so Bullseye doesn't complain about an uncovered
default case.
Decoder:
- The table approach was a good idea, but there was no way to tell the
difference between a character that decodes as 0 and an invalid
character. Modify the tables so an invalid character is indicated
by 0xff instead of 0x00.
- Check that padding starts in a valid position. Note that we still
don't check for left-over bits.
- The overflow test always failed, because we set *olen = len before
comparing them.
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@776 185d5e19-27fe-0310-9dcf-9bff6b9f3609
code is less strict about padding, thus ensuring compatibility with
implementations which do not understand padding, such as MIME::Base32.
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@771 185d5e19-27fe-0310-9dcf-9bff6b9f3609
latter was derived from the former, and had a couple of copy-paste bugs
in addition to the padding bug.
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@770 185d5e19-27fe-0310-9dcf-9bff6b9f3609
and not 160 (which would actually overflow). This should probably
be a macro.
- Implement random key generation using OpenSSL's RAND_bytes(3).
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@755 185d5e19-27fe-0310-9dcf-9bff6b9f3609
filename is much larger than it needs to be. However, this might not be
the case in the future. To be safe, add a length check after strlcpy().
This should silence a Coverity warning about possible array overflow.
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@745 185d5e19-27fe-0310-9dcf-9bff6b9f3609
as an OATH OTP key, since liboath uses openpam_readline() to read the
keyfile)
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@703 185d5e19-27fe-0310-9dcf-9bff6b9f3609
logic to prevent reuse of the same code or an earlier code within the
window, and make some minor type adjustments.
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@693 185d5e19-27fe-0310-9dcf-9bff6b9f3609
even more badly broken when the dynamic loader was rewritten in March.
Reimplement it the way it was always meant to work (but never did):
If --with-modules-dir was specified, modules will be installed in that
directory and the dynamic loader will look for them there. If it was
not specified, modules will be installed in libdir and the dynamic
loader will use the standard search path (/usr/lib:/usr/local/lib). In
both cases, a policy file can still name a module by its full path.
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@690 185d5e19-27fe-0310-9dcf-9bff6b9f3609
unfortunate amount of code duplication between the tty and non-tty
paths, but the alternative is greatly increased complexity.
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@687 185d5e19-27fe-0310-9dcf-9bff6b9f3609
debugging macros, and sets the initial value of openpam_debug to 1.
This effectively gives the user a choice between no debugging at all,
or drowning in debugging messages from every part of the system.
Assuming that the primary use case for debugging is to allow admins to
troubleshoot their policies by adding the debug option to selected
pam.conf entries, remove the initialization of openpam_debug to 1.
This allows integrators to ship OpenPAM with OPENPAM_DEBUG defined
without spamming /var/log.
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@684 185d5e19-27fe-0310-9dcf-9bff6b9f3609
- move libpam into lib/libpam
- move the OATH code into lib/liboath
- move oath.h into include/security
- update all pointers
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@646 185d5e19-27fe-0310-9dcf-9bff6b9f3609
have nothing to add to it. This simplifies the code and fixes a bug
introduced in r553 where the first character in the string would
always be set to '\0', instead of only when bootstrapping.
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@636 185d5e19-27fe-0310-9dcf-9bff6b9f3609
but do allocate a string if there is none to begin with. This makes
it possible to use openpam_straddch(3) to preallocate the string (if
necessary) instead of manually calling malloc(3) or calloc(3) and
initializing size and len.
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@634 185d5e19-27fe-0310-9dcf-9bff6b9f3609
license on code I wrote after the DARPA / NAI contract ended. Change
all occurrences to the standard license.
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@619 185d5e19-27fe-0310-9dcf-9bff6b9f3609
Add asprintf() and vasprintf() for systems that don't have it.
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@616 185d5e19-27fe-0310-9dcf-9bff6b9f3609
through months of testing only to show up within hours of release.
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@611 185d5e19-27fe-0310-9dcf-9bff6b9f3609
apparently didn't do it consistently. For some reason, it built fine on
one of my dev machines, but nowhere else.
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@604 185d5e19-27fe-0310-9dcf-9bff6b9f3609
that searches for it. If the service name contains a path separator
character, treat it is a relative or absolute path to the policy file.
This need to be documented either in pam.conf(5) or in pam_start(3) once
the feature mechanism is no longer experimental.
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@600 185d5e19-27fe-0310-9dcf-9bff6b9f3609
Use it to control policy and module file checks. The default settings
correspond to the current behavior: disallow path separators in policy
names, but allow them in module names; verify ownership and permissions
for both policy files and modules.
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@594 185d5e19-27fe-0310-9dcf-9bff6b9f3609
but within a double-quoted string, it is a line continuation.
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@585 185d5e19-27fe-0310-9dcf-9bff6b9f3609
Fix line continuation (newline is stripped, not quoted)
Further improve the documentation
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@567 185d5e19-27fe-0310-9dcf-9bff6b9f3609
If the first character encountered is a quote, immediately allocate a
single byte. This way, if the word we've started reading is actually
an empty quoted string ('' or ""), we correctly return an empty string
instead of NULL.
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@553 185d5e19-27fe-0310-9dcf-9bff6b9f3609
trailing whitespace, openpam_readword() should *always* push back the
last character read (which is a no-op in the EOF case).
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@550 185d5e19-27fe-0310-9dcf-9bff6b9f3609
string, reallocating the string if necessary.
Add an openpam_readword() function that reads a single word from a
file according to the usual shell quoting rules.
Add an openpam_readlinev() function that uses openpam_readword() to
read an entire line and return a list of the words it contained.
Rewrite openpam_parse_chain() using openpam_readlinev(), which greatly
simplifies the code and ensures correct parsing of module option.
Thanks to Maëlle Lesage for pointing out the issue and writing an
early version of what became the main loop in openpam_readword().
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@547 185d5e19-27fe-0310-9dcf-9bff6b9f3609
version of openpam_log() that's actually used. Internal debugging
messages therefore went to the default case and were logged as errors,
spamming /var/log/messages and the console.
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@544 185d5e19-27fe-0310-9dcf-9bff6b9f3609
reasons, it is easier to use the 3-clause BSD license even for new
additions to OpenPAM.
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@543 185d5e19-27fe-0310-9dcf-9bff6b9f3609
which will cause syslog() to log the wrong error message if the format
string contains %m.
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@537 185d5e19-27fe-0310-9dcf-9bff6b9f3609
Move prototype from "opempam_impl.h" to <security/openpam.h>.
Generate openpam_straddch(3) man page.
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@535 185d5e19-27fe-0310-9dcf-9bff6b9f3609
determine whether to stop searching for a policy. After r487,
multiple policies for the same service would be concatenated, whereas
the intention was that the one that came first in the policy path
should eclipse the others.
While there, take the time to reorganize the front end of the policy
loading code, both to clarify the logic and to produce better log
messages in case of errors. The most important change is that
openpam_load_chain() now opens and vets the policy file before calling
openpam_parse_chain(), so it is better able to distinguish between
errors relating to the file itself and errors relating to its
contents.
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@524 185d5e19-27fe-0310-9dcf-9bff6b9f3609
is currently equivalent to PAM_LOG_DEBUG, and is used only by the
library call tracing macros (ENTER*() and RETURN*()). It should
eventually replace PAM_LOG_DEBUG throughout the library, except
perhaps for a few particularly interesting messages; PAM_LOG_DEBUG
will be reserved for modules.
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@522 185d5e19-27fe-0310-9dcf-9bff6b9f3609