OpenPAM/OpenPAM
OpenPAM/OpenPAM
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
829 commits 3 branches 10 tags 1.9 MiB
Commit graph

829 commits

This branch
This branch
All branches
Author SHA1 Message Date
Dag-Erling Smørgrav
37ff7929a0 Remove superfluous comments and blank lines. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@817 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2014-10-08 10:58:11 +00:00
Dag-Erling Smørgrav
5c8ea43402 Spell out option names 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@814 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2014-09-12 07:46:46 +00:00
Dag-Erling Smørgrav
b94f9e7ce7 Gavin helped out with CVE-2014-3879 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@813 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2014-09-12 07:46:23 +00:00
Dag-Erling Smørgrav
6846134790 Push back one day. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@811 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2014-09-12 07:23:27 +00:00
Dag-Erling Smørgrav
1450290a72 typo 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@809 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2014-09-09 11:01:45 +00:00
Dag-Erling Smørgrav
95a55b95cf Prepare for releasing Ourouparia on Thursday. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@806 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2014-09-09 09:33:54 +00:00
Dag-Erling Smørgrav
2ae3b8b727 Include CVE numbers when available 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@805 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2014-09-09 09:13:00 +00:00
Dag-Erling Smørgrav
547794d58e Remove keywords from pure text files. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@804 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2014-09-09 09:11:31 +00:00
Dag-Erling Smørgrav
69b1a97268 Introduce strlset(), a memset() variant for strings where the actual 
size of the buffer is not necessarily known, and which can replace the
"memset(str, 0, strlen(str))" idiom.  Use it to clear buffers which may
have contained authentication tokens.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@803 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2014-09-09 09:07:51 +00:00
Dag-Erling Smørgrav
131aba915f From NetBSD: require at least one service function to have succeeded. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@802 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2014-09-09 08:08:13 +00:00
Dag-Erling Smørgrav
548c44573c Belatedly document the addition of module search paths. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@800 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2014-09-08 12:42:29 +00:00
Dag-Erling Smørgrav
05630b94be Spell the name of the University of Oslo in English. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@799 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2014-07-10 17:16:48 +00:00
Dag-Erling Smørgrav
57429ccc0e Add missing cast. 
Submitted by:	Jörg Sonnenberger <joerg@britannica.bec.de>


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@797 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2014-06-10 21:27:18 +00:00
Dag-Erling Smørgrav
7dbd5c38b7 In openpam_parse_chain(): 
1. Finish a comment which was meant to describe the four different
   termination conditions for the loop in openpam_parse_chain() but
   ended in mid-sentence.

2. Ensure that errno is consistently set to EINVAL if a syntax error
   is encountered in the policy file.

3. If openpam_load_module() fails because the module could not be
   loaded, set errno to ENOEXEC instead of ENOENT.  This closes a hole
   where a missing module or a typo in a module name would cause the
   corresponding chain to fail open.  Normally, if the policy exists
   but cannot be loaded, openpam_load_chain() will return an error,
   and openpam_configure() will discard any partially constructed
   chains.  However, openpam_load_chain() interprets ENOENT to mean
   that the policy was not found, so it does not immediately return an
   error, the partially-loaded chain is not discarded, and the policy
   is incorrectly considered to have been successfully loaded.

4. Ensure that errors encountered while parsing an included policy are
   correctly propagated to the original policy, and that ENOENT while
   processing an include directive is a hard error, not a soft error.

CVE-2014-3879


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@795 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2014-06-03 21:27:48 +00:00
Dag-Erling Smørgrav
1efe822057 For TOTP keys, we record when the key was last used. For HOTP keys, 
however, we want to record the *next* allowed counter value.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@794 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2014-04-11 10:35:18 +00:00
Dag-Erling Smørgrav
b61b6f9c74 Add a test for lines containing more words than will fit in 
openpam_readword()'s initial allocation.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@793 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2014-03-17 14:27:03 +00:00
Dag-Erling Smørgrav
e58f05403e Support line continuation in whitespace. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@792 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2014-03-17 14:11:41 +00:00
Dag-Erling Smørgrav
4614107c94 Missed one 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@791 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2014-03-17 14:10:33 +00:00
Dag-Erling Smørgrav
f7e8328354 Additional tests for various end-of-line / end-of-file corner cases, 
and for comments that aren't comments.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@790 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2014-03-17 14:08:31 +00:00
Dag-Erling Smørgrav
14d31b83e8 Fix headers 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@789 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2014-03-12 00:04:20 +00:00
Dag-Erling Smørgrav
a4ff6191f7 I must have been drunk when I wrote this. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@788 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2014-03-12 00:03:53 +00:00
Dag-Erling Smørgrav
925436a04f Compress man pages before generating the manifest. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@787 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2014-03-10 15:43:17 +00:00
Dag-Erling Smørgrav
078ac6bb4a Move oath_key_from_file() into a separate source file and document it. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@786 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2014-03-10 15:37:55 +00:00
Dag-Erling Smørgrav
6722d714f5 Missing word 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@785 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2014-03-10 15:37:38 +00:00
Dag-Erling Smørgrav
38622bad18 Implement keyfile writeback. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@784 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2014-03-10 15:31:30 +00:00
Dag-Erling Smørgrav
ebdefa45ca Fix buffer overflow in the b64complete test case by increasing the size 
of the buffer used in tests.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@783 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2014-03-10 11:13:05 +00:00
Dag-Erling Smørgrav
7914208b2d Don't forget do distribute oath_impl.h. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@782 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2014-03-10 10:03:57 +00:00
Dag-Erling Smørgrav
9853f0d8d5 Generate man pages for oath_key_from_uri() and oath_uri_decode(). 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@781 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2014-03-10 09:59:01 +00:00
Dag-Erling Smørgrav
6243755aa2 Rudimentary key management tool. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@780 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2014-03-10 09:55:15 +00:00
Dag-Erling Smørgrav
5d59548018 When I changed the argument type from uint8_t * to char *, I forgot that 
they were being used as array indices.  Cast them back to uint8_t.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@779 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2014-03-09 14:11:44 +00:00
Dag-Erling Smørgrav
6c087dd523 Add test vectors which encode to the complete alphabet. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@778 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2014-03-09 14:10:06 +00:00
Dag-Erling Smørgrav
2efb7c4b01 Support (but ignore, for now) the issuer parameter. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@777 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2014-03-09 13:08:14 +00:00
Dag-Erling Smørgrav
75a6073d2c Encoder: 
- Return the desired length when the buffer is too small.

 - Annotate the switch so Bullseye doesn't complain about an uncovered
   default case.

Decoder:

 - The table approach was a good idea, but there was no way to tell the
   difference between a character that decodes as 0 and an invalid
   character.  Modify the tables so an invalid character is indicated
   by 0xff instead of 0x00.

 - Check that padding starts in a valid position.  Note that we still
   don't check for left-over bits.

 - The overflow test always failed, because we set *olen = len before
   comparing them.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@776 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2014-03-09 12:48:48 +00:00
Dag-Erling Smørgrav
d60017fe80 Additional tests (which also fail) for unexpected padding. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@775 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2014-03-09 12:04:56 +00:00
Dag-Erling Smørgrav
183cc6d511 The dummy constants have moved to oath_constants.h. 
Add annotation macros for coverage analysis.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@774 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2014-03-09 11:51:08 +00:00
Dag-Erling Smørgrav
c5265319ff Completely rewrite the test suite for the RFC 4648 encoding / decoding 
functions and add many new tests, several of which fail.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@773 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2014-03-09 11:49:08 +00:00
Dag-Erling Smørgrav
01809a1b48 Switch from uint8_t to char. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@772 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2014-03-09 11:45:05 +00:00
Dag-Erling Smørgrav
17144e7a5f Replace base{32,64}_decode() with table-driven implementations. The new 
code is less strict about padding, thus ensuring compatibility with
implementations which do not understand padding, such as MIME::Base32.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@771 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2014-03-06 17:54:58 +00:00
Dag-Erling Smørgrav
4645bc1762 Fix base{32,64}_decode(). The former handled padding incorrectly; the 
latter was derived from the former, and had a couple of copy-paste bugs
in addition to the padding bug.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@770 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2014-03-06 12:35:47 +00:00
Dag-Erling Smørgrav
576e1e6b1c Add tests for base{32,64}_decode(). Both are broken. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@769 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2014-03-06 12:32:29 +00:00
Dag-Erling Smørgrav
56f7cf21f5 Make stdout line-buffered so verbose output is easier to read. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@768 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2014-03-06 12:31:31 +00:00
Dag-Erling Smørgrav
03207fcd61 oops, braino in previous commit. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@767 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2014-03-06 12:30:44 +00:00
Dag-Erling Smørgrav
3dab19018f props 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@766 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2014-03-06 12:29:36 +00:00
Dag-Erling Smørgrav
9f84c11072 props 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@765 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2014-03-06 09:29:06 +00:00
Dag-Erling Smørgrav
46df1b1050 Document the is_upper() bug. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@764 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2014-02-26 17:30:57 +00:00
Dag-Erling Smørgrav
5fadc4abb8 Credit Larry Baird for the is_upper() bug and sort the list. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@762 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2014-02-26 16:23:41 +00:00
Dag-Erling Smørgrav
c7457cff15 Fix a bug in the is_upper() macro. 
Submitted by:	Larry Baird <lab@gta.com>


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@761 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2014-02-26 16:23:22 +00:00
Dag-Erling Smørgrav
58921adbab Add complete coverage for the classification macros in openpam_ctype.h. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@760 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2014-02-26 16:22:32 +00:00
Dag-Erling Smørgrav
9e9207fd5d Add is_xdigit() predicate. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@759 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2014-01-24 13:44:34 +00:00
Dag-Erling Smørgrav
3d0d4da447 Factor out and document oath_key_from_uri(). 
Implement percent-decoding of the key label.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@758 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2014-01-23 20:19:54 +00:00