This opens any file descriptors with the O_CLOEXEC flag, which will make sure
that file descriptors won't be leaked into any child process. This was
previously an issue due to a forgotten fclose() (#136).
This fixes a couple of compiler warnings due to wrong pointer casts in regards
to the pamh structure, which is a bit of a hackery way to access the test data.
The latter function is considered insecure and deprecated on some platforms.
This will create the directory with 0700 implicitely, where it was 0755
beforehand. Since this is a more secure default and the test suite runs fine,
we don't bother to chmod the directory.
Since the install script currently requires sudo, we should state so
explicetely in the .travis.yml file to make sure we get a sudo-enabled
environment and not a container-based one, as there is no sudo available
in the latter one. The default was changed in August 2017, so when
forking this repository, the Travis CI won't work out-of-the box without
this modification. This is described in some details here [1].
[1]: https://docs.travis-ci.com/user/reference/overview/
Currently we trust the LDAP server to only return the `yubi_attr`
attribute, yet we loop over all possible attributes when there should
only be one.
Since the bundled test LDAP server ignores the requested attributes list,
we must make sure to only match against the `yubi_attr` attibute as
opposed to "all of them".
This also fixes an issue where AUTH_NOT_FOUND was returned instead
of AUTH_NO_TOKENS when there were no values returned for `yubi_attr`
but another attribute's value was considered as a candidate token.
Currently, if a user has no associated tokens, we still prompt for an
OTP challenge and attempt to verify it.
This adds a check earlier to avoid the useless prompt in that case.
The `nullok` option is also added. It changes the return value from
PAM_USER_UNKNOWN to PAM_IGNORE. (fixes#97)
Finally, some constants have been turned to symbolic form for clarity
and debugging output is improved.
When using `try_first_pass` or `use_first_pass`, the password we inherit
from PAM might not actually be an OTP challenge.
Currently, we happily leak it to the validation server without first
checking if it matches an authorized token ID.
This postpones sending the actual request until we know the token ID is
authorized.
The previous instructions create a global word-writeable path for challenge files. This is a security issue because all users and unprivileged processes can create challenge files for arbitrary users. This enables an attacker to bypass the second factor for authentication.
