From patchwork Tue Aug 7 16:44:31 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Selva Nair X-Patchwork-Id: 441 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director10.mail.ord1d.rsapps.net ([172.30.191.6]) by backend30.mail.ord1d.rsapps.net (Dovecot) with LMTP id y74FHihdalvjNgAAIUCqbw for ; Tue, 07 Aug 2018 23:02:00 -0400 Received: from proxy2.mail.ord1d.rsapps.net ([172.30.191.6]) by director10.mail.ord1d.rsapps.net (Dovecot) with LMTP id /WtuGShdalvaPwAApN4f7A ; Tue, 07 Aug 2018 23:02:00 -0400 Received: from smtp33.gate.ord1d ([172.30.191.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy2.mail.ord1d.rsapps.net with LMTP id QIGPHShdaluJWwAAfawv4w ; Tue, 07 Aug 2018 23:02:00 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp33.gate.ord1d.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dmarc=fail (p=none; dis=none) header.from=gmail.com X-Suspicious-Flag: YES X-Classification-ID: 6a3ec0c8-9ab7-11e8-b9e4-525400041ef2-1-1 Received: from [216.105.38.7] ([216.105.38.7:45862] helo=lists.sourceforge.net) by smtp33.gate.ord1d.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id 8F/FF-31492-72D5A6B5; Tue, 07 Aug 2018 23:01:59 -0400 Received: from [127.0.0.1] (helo=sfs-ml-2.v29.lw.sourceforge.com) by sfs-ml-2.v29.lw.sourceforge.com with esmtp (Exim 4.90_1) (envelope-from ) id 1fnEiQ-00039g-2m; Wed, 08 Aug 2018 03:00:50 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-2.v29.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.90_1) (envelope-from ) id 1fnEiP-00039a-2k for openvpn-devel@lists.sourceforge.net; Wed, 08 Aug 2018 03:00:49 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=References:In-Reply-To:Message-Id:Date:Subject:Cc: To:From:Sender:Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=Ngpp9gL2pJ9+SZVxymfs7syzvTO0k0z3qZFvyOKPq5I=; b=gIWDPczThPlQmHvNY1OXWR/w44 ll3tNrf9So+1O2xXKUcoSQmg2sNNopnr2O0hP+vxtMS9Eq/DKQL5+oV6hfu5huUfK3CnHR5Ucj55a 0eRL9uxO750Dm6r7dDu9n9xbbSItXyOzJTh+CcRohg3DTZmAss8PDsSxtCwrnsYUy7OQ=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To :MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=Ngpp9gL2pJ9+SZVxymfs7syzvTO0k0z3qZFvyOKPq5I=; b=gMEePF0tJ71b3B3nMJIiYiRMPb 2pbssCZzQh0sP3SOpsTiJMKaqa297qrfDbMgEGg6iIysqm8gUZaApwDF+/2fHsuj/ucoohyrd/QMs qtjvk+smEO5kKBot5LA7rjkN2EluMxul/Xc7vLVME8JvxKFGzPxUXUvutpm2IAMXgYZE=; Received: from scala.nanotech.utoronto.ca ([128.100.226.29]) by sfi-mx-4.v28.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.90_1) id 1fnEiN-00B7CE-LN for openvpn-devel@lists.sourceforge.net; Wed, 08 Aug 2018 03:00:48 +0000 Received: by scala.nanotech.utoronto.ca (Postfix, from userid 1000) id 69CFD836F5; Tue, 7 Aug 2018 22:44:34 -0400 (EDT) From: selva.nair@gmail.com To: openvpn-devel@lists.sourceforge.net Date: Tue, 7 Aug 2018 22:44:31 -0400 Message-Id: <1533696271-21799-2-git-send-email-selva.nair@gmail.com> X-Mailer: git-send-email 2.6.2 In-Reply-To: <1533696271-21799-1-git-send-email-selva.nair@gmail.com> References: <1533696271-21799-1-git-send-email-selva.nair@gmail.com> X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (selva.nair[at]gmail.com) 0.0 DKIM_ADSP_CUSTOM_MED No valid author signature, adsp_override is CUSTOM_MED 0.0 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail domains are different 0.0 FREEMAIL_FORGED_FROMDOMAIN 2nd level domains in From and EnvelopeFrom freemail headers are different 1.2 NML_ADSP_CUSTOM_MED ADSP custom_med hit, and not from a mailing list X-Headers-End: 1fnEiN-00B7CE-LN Subject: [Openvpn-devel] [PATCH 2/2] Accept empty password and/or response in auth-pam plugin X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox From: Selva Nair In the auth-pam plugin correctly parse the static challenge string even when password or challenge response is empty. Whether an empty user input is an error is determined by the PAM conversation function depending on whether the PAM module queries for it or not. Signed-off-by: Selva Nair Acked-by: Gert Doering --- src/plugins/auth-pam/auth-pam.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/plugins/auth-pam/auth-pam.c b/src/plugins/auth-pam/auth-pam.c index 1324307..88b5320 100644 --- a/src/plugins/auth-pam/auth-pam.c +++ b/src/plugins/auth-pam/auth-pam.c @@ -310,11 +310,11 @@ split_scrv1_password(struct user_pass *up) *resp++ = '\0'; int n = plugin_base64_decode(pass, up->password, sizeof(up->password)-1); - if (n > 0) + if (n >= 0) { up->password[n] = '\0'; n = plugin_base64_decode(resp, up->response, sizeof(up->response)-1); - if (n > 0) + if (n >= 0) { up->response[n] = '\0'; if (DEBUG(up->verb))