mirror of
https://github.com/Yubico/yubico-pam.git
synced 2025-02-01 01:52:17 +01:00
Merge branch 'pr-187'
This commit is contained in:
Klas Lindfors
commit
eca00d0a58
14
configure.ac
14
configure.ac
@ -159,6 +159,20 @@ if test "$gl_gcc_warnings" = yes; then
|
|||||||
gl_WARN_ADD([-fdiagnostics-show-option])
|
gl_WARN_ADD([-fdiagnostics-show-option])
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
# Enable more secure memset if available
|
||||||
|
AC_CHECK_FUNCS([memset_s explicit_bzero explicit_memset])
|
||||||
|
AC_MSG_CHECKING(whether we can use inline asm code)
|
||||||
|
AC_LINK_IFELSE([AC_LANG_PROGRAM([[]],
|
||||||
|
[[
|
||||||
|
int a = 42;
|
||||||
|
int *pnt = &a;
|
||||||
|
__asm__ __volatile__ ("" : : "r"(pnt) : "memory");
|
||||||
|
]])],
|
||||||
|
[AC_MSG_RESULT(yes)
|
||||||
|
AC_DEFINE([HAVE_INLINE_ASM], [1], [inline asm code can be used])]
|
||||||
|
[AC_MSG_RESULT(no)]
|
||||||
|
)
|
||||||
|
|
||||||
AC_CONFIG_FILES(Makefile)
|
AC_CONFIG_FILES(Makefile)
|
||||||
AC_CONFIG_FILES(tests/Makefile)
|
AC_CONFIG_FILES(tests/Makefile)
|
||||||
AC_OUTPUT
|
AC_OUTPUT
|
||||||
|
|||||||
10
pam_yubico.c
10
pam_yubico.c
@ -1,5 +1,5 @@
|
|||||||
/* Written by Simon Josefsson <simon@yubico.com>.
|
/* Written by Simon Josefsson <simon@yubico.com>.
|
||||||
* Copyright (c) 2006-2016 Yubico AB
|
* Copyright (c) 2006-2019 Yubico AB
|
||||||
* Copyright (c) 2011 Tollef Fog Heen <tfheen@err.no>
|
* Copyright (c) 2011 Tollef Fog Heen <tfheen@err.no>
|
||||||
* All rights reserved.
|
* All rights reserved.
|
||||||
*
|
*
|
||||||
@ -45,6 +45,7 @@
|
|||||||
|
|
||||||
#include "util.h"
|
#include "util.h"
|
||||||
#include "drop_privs.h"
|
#include "drop_privs.h"
|
||||||
|
#include "ykbzero.h"
|
||||||
|
|
||||||
#include <ykclient.h>
|
#include <ykclient.h>
|
||||||
|
|
||||||
@ -998,7 +999,7 @@ pam_sm_authenticate (pam_handle_t * pamh,
|
|||||||
pam_strerror (pamh, retval));
|
pam_strerror (pamh, retval));
|
||||||
goto done;
|
goto done;
|
||||||
}
|
}
|
||||||
DBG ("get password returned: %s", password);
|
DBG ("get password returned: /* not logged */");
|
||||||
}
|
}
|
||||||
|
|
||||||
if (cfg->use_first_pass && password == NULL)
|
if (cfg->use_first_pass && password == NULL)
|
||||||
@ -1263,7 +1264,12 @@ pam_sm_authenticate (pam_handle_t * pamh,
|
|||||||
|
|
||||||
done:
|
done:
|
||||||
if (onlypasswd)
|
if (onlypasswd)
|
||||||
|
{
|
||||||
|
insecure_memzero(onlypasswd, strlen(onlypasswd));
|
||||||
free(onlypasswd);
|
free(onlypasswd);
|
||||||
|
}
|
||||||
|
insecure_memzero(otp, sizeof(otp));
|
||||||
|
insecure_memzero(otp_id, sizeof(otp_id));
|
||||||
if (templates > 0)
|
if (templates > 0)
|
||||||
{
|
{
|
||||||
size_t i;
|
size_t i;
|
||||||
|
|||||||
62
ykbzero.h
Normal file
62
ykbzero.h
Normal file
@ -0,0 +1,62 @@
|
|||||||
|
/* -*- mode:C; c-file-style: "bsd" -*- */
|
||||||
|
/*
|
||||||
|
* Copyright (c) 2008-2019 Yubico AB
|
||||||
|
* All rights reserved.
|
||||||
|
*
|
||||||
|
* Redistribution and use in source and binary forms, with or without
|
||||||
|
* modification, are permitted provided that the following conditions are
|
||||||
|
* met:
|
||||||
|
*
|
||||||
|
* * Redistributions of source code must retain the above copyright
|
||||||
|
* notice, this list of conditions and the following disclaimer.
|
||||||
|
*
|
||||||
|
* * Redistributions in binary form must reproduce the above
|
||||||
|
* copyright notice, this list of conditions and the following
|
||||||
|
* disclaimer in the documentation and/or other materials provided
|
||||||
|
* with the distribution.
|
||||||
|
*
|
||||||
|
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
||||||
|
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
||||||
|
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
||||||
|
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
||||||
|
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||||
|
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
||||||
|
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
||||||
|
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
||||||
|
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
||||||
|
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
||||||
|
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||||
|
*/
|
||||||
|
|
||||||
|
#ifndef __YKBZERO_H_INCLUDED__
|
||||||
|
#define __YKBZERO_H_INCLUDED__
|
||||||
|
|
||||||
|
#ifdef _WIN32
|
||||||
|
#include <windows.h>
|
||||||
|
#else
|
||||||
|
#include <string.h>
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#ifdef _WIN32
|
||||||
|
#define insecure_memzero(buf, len) SecureZeroMemory(buf, len)
|
||||||
|
#elif HAVE_MEMSET_S
|
||||||
|
#define insecure_memzero(buf, len) memset_s(buf, len, 0, len)
|
||||||
|
#elif HAVE_EXPLICIT_BZERO
|
||||||
|
#define insecure_memzero(buf, len) explicit_bzero(buf, len)
|
||||||
|
#elif HAVE_EXPLICIT_MEMSET
|
||||||
|
#define insecure_memzero(buf, len) explicit_memset(buf, 0, len)
|
||||||
|
#elif HAVE_INLINE_ASM
|
||||||
|
#define insecure_memzero(buf, len) do { \
|
||||||
|
memset(buf, 0, len); \
|
||||||
|
__asm__ __volatile__ ("" : : "r"(buf) : "memory"); \
|
||||||
|
} while (0)
|
||||||
|
#else
|
||||||
|
#define insecure_memzero(buf, len) do { \
|
||||||
|
volatile unsigned char *volatile __buf_ = \
|
||||||
|
(volatile unsigned char *volatile)buf; \
|
||||||
|
size_t __i_ = 0; \
|
||||||
|
while (__i_ < len) __buf_[__i_++] = 0; \
|
||||||
|
} while (0)
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#endif /* __YKBZERO_H_INCLUDED__ */
|
||||||
Loading…
x
Reference in New Issue
Block a user