OpenPAM/OpenPAM
OpenPAM
/
OpenPAM
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
664 Commits 3 Branches 10 Tags 1.9 MiB
Commit Graph

307 Commits

Author SHA1 Message Date
Dag-Erling Smørgrav 89f5473b9d merge r802: require at least one service function to have succeeded. 
merge r803: introduce strlset() and use it to clear authentication tokens
merge r804: remove keywords from text files
merge r805: include CVE numbers in change log
merge r806: prepare to release Ourouparia


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/branches/nooath@807 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2014-09-09 09:41:32 +00:00
Dag-Erling Smørgrav 4685f783f4 merge r795: fix error handling for nonexistent modules (CVE-2014-3879) 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/branches/nooath@796 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2014-06-03 21:30:08 +00:00
Dag-Erling Smørgrav c87d7f0ff0 merge r759: add is_xdigit() predicate 
merge r760: add tests for ctype macros
merge r761: fix bug in is_upper()
merge r762: update credits


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/branches/nooath@763 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2014-02-26 16:29:16 +00:00
Dag-Erling Smørgrav c3cacd763a merge r742: caught_signal should be static. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/branches/nooath@743 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-09-07 19:26:36 +00:00
Dag-Erling Smørgrav efcf4a9ec6 Create a nooath branch as a copy of trunk@713 with the OATH code removed. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/branches/nooath@714 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-08-19 15:30:21 +00:00
Dag-Erling Smørgrav efa93c4a5f Don't log the text we read, it may contain sensitive information (such 
as an OATH OTP key, since liboath uses openpam_readline() to read the
keyfile)


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@703 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-08-16 11:57:54 +00:00
Dag-Erling Smørgrav 929ddb1bc3 Fixed flipped condition. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@699 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-08-15 17:15:35 +00:00
Dag-Erling Smørgrav fe081dbbfc Unfortunately, Linux doesn't have MAP_NOCORE. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@696 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-08-15 16:00:41 +00:00
Dag-Erling Smørgrav 88a91c2d02 Rename oath_dummy_key() to oath_key_dummy() and move it into its own file. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@694 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-08-15 15:23:58 +00:00
Dag-Erling Smørgrav 066e2b91ff Record the last successful use of a TOTP key. Also add commented-out 
logic to prevent reuse of the same code or an earlier code within the
window, and make some minor type adjustments.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@693 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-08-15 15:21:31 +00:00
Dag-Erling Smørgrav 5847a34802 The --with-modules-dir configure option never quite worked, and became 
even more badly broken when the dynamic loader was rewritten in March.
Reimplement it the way it was always meant to work (but never did):

If --with-modules-dir was specified, modules will be installed in that
directory and the dynamic loader will look for them there.  If it was
not specified, modules will be installed in libdir and the dynamic
loader will use the standard search path (/usr/lib:/usr/local/lib).  In
both cases, a policy file can still name a module by its full path.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@690 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-08-15 13:22:51 +00:00
Dag-Erling Smørgrav c9387115d9 Factor out oath_key_{alloc,free}() and implement wiring / locking. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@689 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-07-12 10:47:14 +00:00
Dag-Erling Smørgrav c05b6dd046 INFTIM is a BSDism; use -1 instead. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@688 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-07-11 16:40:08 +00:00
Dag-Erling Smørgrav 93d104bfd6 Reimplement, hopefully with marginally fewer bugs. There is an 
unfortunate amount of code duplication between the tty and non-tty
paths, but the alternative is greatly increased complexity.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@687 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-07-11 16:37:25 +00:00
Dag-Erling Smørgrav 3a53d5117b Document that openpam_log(3) saves and restores errno(2). 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@686 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-07-11 16:36:02 +00:00
Dag-Erling Smørgrav 3ab09a4f26 OPENPAM_DEBUG (--enable-debug) has a double action: it enables the 
debugging macros, and sets the initial value of openpam_debug to 1.
This effectively gives the user a choice between no debugging at all,
or drowning in debugging messages from every part of the system.

Assuming that the primary use case for debugging is to allow admins to
troubleshoot their policies by adding the debug option to selected
pam.conf entries, remove the initialization of openpam_debug to 1.
This allows integrators to ship OpenPAM with OPENPAM_DEBUG defined
without spamming /var/log.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@684 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-04-14 15:44:32 +00:00
Dag-Erling Smørgrav a43b9256fc Log an error if open() failed for any other reason than ENOENT. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@683 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-04-14 14:49:59 +00:00
Dag-Erling Smørgrav 70d5d18643 Initialize has_ver and has_so to false, not true. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@682 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-04-14 14:48:29 +00:00
Dag-Erling Smørgrav 2fc7038ca4 Always restore errno before returning from openpam_log(). 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@681 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-04-14 14:36:05 +00:00
Dag-Erling Smørgrav 9f6bdd74f4 Clean up and simplify dummy key handling. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@679 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-03-18 21:38:58 +00:00
Dag-Erling Smørgrav 7da9af6602 Set a reasonable, hard limit on label length. This removes the need for 
a variable-length key structure (to accommodate a variable-length label)
and vastly simplifies key parsing.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@678 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-03-18 21:34:29 +00:00
Dag-Erling Smørgrav c1df418c6f comment nit 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@674 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-03-17 20:04:24 +00:00
Dag-Erling Smørgrav 794601a544 Make the .so suffix optional, so these three lines are now equivalent: 
auth	required	pam_unix.so.2	try_first_pass
auth	required	pam_unix.so	try_first_pass
auth	required	pam_unix	try_first_pass


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@672 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-03-17 19:42:33 +00:00
Dag-Erling Smørgrav d4ab77b35c Document the effect of module options (echo_pass, *_prompt etc) 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@670 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-03-17 19:26:07 +00:00
Dag-Erling Smørgrav 32d5e093bd Remove unneeded #include 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@667 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-03-17 14:24:00 +00:00
Dag-Erling Smørgrav 3353ad06ce Add predicates for letters and digits. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@666 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-03-17 14:22:17 +00:00
Dag-Erling Smørgrav 0f25be4e42 unbreak static linking 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@664 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-03-17 10:56:15 +00:00
Dag-Erling Smørgrav 567ecaa2af Clean up the dynamic module loading code, and add support for the 
module path which was added in r695.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@662 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-03-11 16:33:27 +00:00
Dag-Erling Smørgrav 2b8f7a6154 nit: the argument is a module name, which may or may not be a path. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@661 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-03-11 15:44:22 +00:00
Dag-Erling Smørgrav fe2e691204 Use dlfunc() if available; if not, fake it in terms of dlsym(). 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@660 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-03-11 15:08:52 +00:00
Dag-Erling Smørgrav 785bc19867 Move openpam_policy_path into openpam_constants.c, and add a corresponding 
openpam_module_path.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@659 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-03-11 14:10:13 +00:00
Dag-Erling Smørgrav 7bcd5bb700 Split up the liboath header files. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@655 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-03-06 14:10:09 +00:00
Dag-Erling Smørgrav 93a9982d45 Link with -lcrypto 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@654 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-03-05 19:03:59 +00:00
Dag-Erling Smørgrav 0da2f07cfb PAM_LOG_DEBUG -> PAM_LOG_LIBDEBUG 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@649 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-03-05 17:58:33 +00:00
Dag-Erling Smørgrav a9a5497d3f Reorganize: 
- move libpam into lib/libpam
 - move the OATH code into lib/liboath
 - move oath.h into include/security
 - update all pointers


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@646 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-03-05 17:49:06 +00:00
Dag-Erling Smørgrav f8a727ec0c Always use openpam_straddch(3) to bootstrap the string, even if we 
have nothing to add to it.  This simplifies the code and fixes a bug
introduced in r553 where the first character in the string would
always be set to '\0', instead of only when bootstrapping.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@636 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-03-03 23:27:35 +00:00
Dag-Erling Smørgrav 75420a1e07 Simplify by using openpam_straddch(3) to bootstrap the string. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@635 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-03-03 23:23:58 +00:00
Dag-Erling Smørgrav 54d9167cea If ch == '\0', do not grow the string or advance the length counter, 
but do allocate a string if there is none to begin with.  This makes
it possible to use openpam_straddch(3) to preallocate the string (if
necessary) instead of manually calling malloc(3) or calloc(3) and
initializing size and len.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@634 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-03-03 23:23:10 +00:00
Dag-Erling Smørgrav 08f35bc290 Style nit 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@631 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-03-03 19:41:24 +00:00
Dag-Erling Smørgrav ff9ea1145d PAM_SYSTEM_ERR is permissible here. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@630 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-02-28 20:13:56 +00:00
Dag-Erling Smørgrav f70250359e Use AM_CPPFLAGS instead of INCLUDES. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@620 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-02-24 18:51:10 +00:00
Dag-Erling Smørgrav e15ecfaa9c I seem to have inadvertantly used a non-standard variation of the BSD 
license on code I wrote after the DARPA / NAI contract ended.  Change
all occurrences to the standard license.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@619 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-02-24 14:01:42 +00:00
Dag-Erling Smørgrav 2b555bb3d3 Move our strlcat() and strlcpy() implementations into .c files. 
Add asprintf() and vasprintf() for systems that don't have it.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@616 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2012-08-07 15:18:16 +00:00
Dag-Erling Smørgrav 709f28793c Forgot to include openpam_cred.h in distribution. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@615 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2012-08-07 14:33:39 +00:00
Dag-Erling Smørgrav 0869153c0b Define struct pam_saved_cred in a separate header. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@613 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2012-08-06 11:44:21 +00:00
Dag-Erling Smørgrav d4aebe2ae9 Fix a boneheaded error in the option copying loop that remained undetected 
through months of testing only to show up within hours of release.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@611 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2012-05-26 22:57:11 +00:00
Dag-Erling Smørgrav 78ab63e094 More code that inexplicably builds on one dev box but not on others. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@607 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2012-04-20 11:09:37 +00:00
Dag-Erling Smørgrav fe17647fb8 Name include guards consistently. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@606 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2012-04-20 11:06:38 +00:00
Dag-Erling Smørgrav fcce2d8609 Before committing r594, I shortened the names of certain features, but I 
apparently didn't do it consistently.  For some reason, it built fine on
one of my dev machines, but nowhere else.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@604 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2012-04-20 11:04:05 +00:00
Dag-Erling Smørgrav be8d8c6c7b Don't forget to distribute openpam_features.h. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@602 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2012-04-15 17:31:15 +00:00