From patchwork Tue Aug 7 16:44:30 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Selva Nair X-Patchwork-Id: 440 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director10.mail.ord1d.rsapps.net ([172.30.191.6]) by backend30.mail.ord1d.rsapps.net (Dovecot) with LMTP id LLPUBxRdaltGTgAAIUCqbw for ; Tue, 07 Aug 2018 23:01:40 -0400 Received: from proxy5.mail.ord1d.rsapps.net ([172.30.191.6]) by director10.mail.ord1d.rsapps.net (Dovecot) with LMTP id gy+MMhRdalvoLgAApN4f7A ; Tue, 07 Aug 2018 23:01:40 -0400 Received: from smtp28.gate.ord1d ([172.30.191.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy5.mail.ord1d.rsapps.net with LMTP id 8DdQMhRdaltzQAAA8Zzt7w ; Tue, 07 Aug 2018 23:01:40 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp28.gate.ord1d.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dmarc=fail (p=none; dis=none) header.from=gmail.com X-Suspicious-Flag: YES X-Classification-ID: 5efdd7f8-9ab7-11e8-aba1-525400ea129b-1-1 Received: from [216.105.38.7] ([216.105.38.7:65410] helo=lists.sourceforge.net) by smtp28.gate.ord1d.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id 0E/4B-20587-41D5A6B5; Tue, 07 Aug 2018 23:01:40 -0400 Received: from [127.0.0.1] (helo=sfs-ml-4.v29.lw.sourceforge.com) by sfs-ml-4.v29.lw.sourceforge.com with esmtp (Exim 4.90_1) (envelope-from ) id 1fnEiQ-0003Gg-Ca; Wed, 08 Aug 2018 03:00:50 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-4.v29.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.90_1) (envelope-from ) id 1fnEiP-0003GZ-0o for openvpn-devel@lists.sourceforge.net; Wed, 08 Aug 2018 03:00:49 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To: MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=a19Tcoitwa2yn2ffG0uQaMReHhkAV9mBOxRZ6oQNiso=; b=Il5cgNfgIb17EwxIjP/BPNzpRU /Y7/EO2ELCF+MW0xYMotFtoqYc0QKRM2kTuik38p9PhWs/ZDGvl4SDijTwk0jRICbMo6qhVIdewV9 +MyAXiHaN74BrWngsI8HEpuqHilMOkX9I4IlizmYk49Xhutdp8Mr8Jwa7Resnnv344E4=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To:MIME-Version: Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=a19Tcoitwa2yn2ffG0uQaMReHhkAV9mBOxRZ6oQNiso=; b=Jyghji3inc0nkWW060dmT4N2Vs 3hQBnsswHwozpjlXPjCZCcJVAxzvqMoZchYrOmwjQ1fJRu2DK9HATtUZ3KvoWLzb78JBMW6p0W1U6 w3R6Sg5OleHw10HyQFu6+Rx9EOibbP1uV4hIXKGhZHkyyEwdhvFwV3TLRy1PsSpH4Dl0=; Received: from scala.nanotech.utoronto.ca ([128.100.226.29]) by sfi-mx-3.v28.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.90_1) id 1fnEiN-00BWS2-LM for openvpn-devel@lists.sourceforge.net; Wed, 08 Aug 2018 03:00:48 +0000 Received: by scala.nanotech.utoronto.ca (Postfix, from userid 1000) id 669BD836F2; Tue, 7 Aug 2018 22:44:32 -0400 (EDT) From: selva.nair@gmail.com To: openvpn-devel@lists.sourceforge.net Date: Tue, 7 Aug 2018 22:44:30 -0400 Message-Id: <1533696271-21799-1-git-send-email-selva.nair@gmail.com> X-Mailer: git-send-email 2.6.2 X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (selva.nair[at]gmail.com) 0.0 DKIM_ADSP_CUSTOM_MED No valid author signature, adsp_override is CUSTOM_MED 0.0 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail domains are different 0.0 FREEMAIL_FORGED_FROMDOMAIN 2nd level domains in From and EnvelopeFrom freemail headers are different 1.2 NML_ADSP_CUSTOM_MED ADSP custom_med hit, and not from a mailing list X-Headers-End: 1fnEiN-00BWS2-LM Subject: [Openvpn-devel] [PATCH 1/2] Bump version of openvpn plugin argument structs to 5 X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox From: Selva Nair This was missed in commit 6690769f78bbfb889fef2a54088d979896c87d51 that exported base64_encode and base64_decode() functions. Also check the version is >= 5 in auth-pam plugin to ensure that the base64_decode function pointer can be referenced. Signed-off-by: Selva Nair Acked-by: Gert Doering --- include/openvpn-plugin.h.in | 5 +++-- src/plugins/auth-pam/auth-pam.c | 4 ++-- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/include/openvpn-plugin.h.in b/include/openvpn-plugin.h.in index 5b64cbb..103844f 100644 --- a/include/openvpn-plugin.h.in +++ b/include/openvpn-plugin.h.in @@ -219,10 +219,11 @@ struct openvpn_plugin_string_list * OpenVPN to plug-ins. * * 4 Exported secure_memzero() as plugin_secure_memzero() - * Exported openvpn_base64_encode() as plugin_base64_encode() + * + * 5 Exported openvpn_base64_encode() as plugin_base64_encode() * Exported openvpn_base64_decode() as plugin_base64_decode() */ -#define OPENVPN_PLUGINv3_STRUCTVER 4 +#define OPENVPN_PLUGINv3_STRUCTVER 5 /** * Definitions needed for the plug-in callback functions. diff --git a/src/plugins/auth-pam/auth-pam.c b/src/plugins/auth-pam/auth-pam.c index 3d564a9..1324307 100644 --- a/src/plugins/auth-pam/auth-pam.c +++ b/src/plugins/auth-pam/auth-pam.c @@ -356,8 +356,8 @@ openvpn_plugin_open_v3(const int v3structver, const char **argv = args->argv; const char **envp = args->envp; - /* Check API compatibility -- struct version 4 or higher needed */ - if (v3structver < 4) + /* Check API compatibility -- struct version 5 or higher needed */ + if (v3structver < 5) { fprintf(stderr, "AUTH-PAM: This plugin is incompatible with the running version of OpenVPN\n"); return OPENVPN_PLUGIN_FUNC_ERROR; From patchwork Tue Aug 7 16:44:31 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Selva Nair X-Patchwork-Id: 441 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director10.mail.ord1d.rsapps.net ([172.30.191.6]) by backend30.mail.ord1d.rsapps.net (Dovecot) with LMTP id y74FHihdalvjNgAAIUCqbw for ; Tue, 07 Aug 2018 23:02:00 -0400 Received: from proxy2.mail.ord1d.rsapps.net ([172.30.191.6]) by director10.mail.ord1d.rsapps.net (Dovecot) with LMTP id /WtuGShdalvaPwAApN4f7A ; Tue, 07 Aug 2018 23:02:00 -0400 Received: from smtp33.gate.ord1d ([172.30.191.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy2.mail.ord1d.rsapps.net with LMTP id QIGPHShdaluJWwAAfawv4w ; Tue, 07 Aug 2018 23:02:00 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp33.gate.ord1d.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dmarc=fail (p=none; dis=none) header.from=gmail.com X-Suspicious-Flag: YES X-Classification-ID: 6a3ec0c8-9ab7-11e8-b9e4-525400041ef2-1-1 Received: from [216.105.38.7] ([216.105.38.7:45862] helo=lists.sourceforge.net) by smtp33.gate.ord1d.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id 8F/FF-31492-72D5A6B5; Tue, 07 Aug 2018 23:01:59 -0400 Received: from [127.0.0.1] (helo=sfs-ml-2.v29.lw.sourceforge.com) by sfs-ml-2.v29.lw.sourceforge.com with esmtp (Exim 4.90_1) (envelope-from ) id 1fnEiQ-00039g-2m; Wed, 08 Aug 2018 03:00:50 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-2.v29.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.90_1) (envelope-from ) id 1fnEiP-00039a-2k for openvpn-devel@lists.sourceforge.net; Wed, 08 Aug 2018 03:00:49 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=References:In-Reply-To:Message-Id:Date:Subject:Cc: To:From:Sender:Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=Ngpp9gL2pJ9+SZVxymfs7syzvTO0k0z3qZFvyOKPq5I=; b=gIWDPczThPlQmHvNY1OXWR/w44 ll3tNrf9So+1O2xXKUcoSQmg2sNNopnr2O0hP+vxtMS9Eq/DKQL5+oV6hfu5huUfK3CnHR5Ucj55a 0eRL9uxO750Dm6r7dDu9n9xbbSItXyOzJTh+CcRohg3DTZmAss8PDsSxtCwrnsYUy7OQ=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To :MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=Ngpp9gL2pJ9+SZVxymfs7syzvTO0k0z3qZFvyOKPq5I=; b=gMEePF0tJ71b3B3nMJIiYiRMPb 2pbssCZzQh0sP3SOpsTiJMKaqa297qrfDbMgEGg6iIysqm8gUZaApwDF+/2fHsuj/ucoohyrd/QMs qtjvk+smEO5kKBot5LA7rjkN2EluMxul/Xc7vLVME8JvxKFGzPxUXUvutpm2IAMXgYZE=; Received: from scala.nanotech.utoronto.ca ([128.100.226.29]) by sfi-mx-4.v28.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.90_1) id 1fnEiN-00B7CE-LN for openvpn-devel@lists.sourceforge.net; Wed, 08 Aug 2018 03:00:48 +0000 Received: by scala.nanotech.utoronto.ca (Postfix, from userid 1000) id 69CFD836F5; Tue, 7 Aug 2018 22:44:34 -0400 (EDT) From: selva.nair@gmail.com To: openvpn-devel@lists.sourceforge.net Date: Tue, 7 Aug 2018 22:44:31 -0400 Message-Id: <1533696271-21799-2-git-send-email-selva.nair@gmail.com> X-Mailer: git-send-email 2.6.2 In-Reply-To: <1533696271-21799-1-git-send-email-selva.nair@gmail.com> References: <1533696271-21799-1-git-send-email-selva.nair@gmail.com> X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (selva.nair[at]gmail.com) 0.0 DKIM_ADSP_CUSTOM_MED No valid author signature, adsp_override is CUSTOM_MED 0.0 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail domains are different 0.0 FREEMAIL_FORGED_FROMDOMAIN 2nd level domains in From and EnvelopeFrom freemail headers are different 1.2 NML_ADSP_CUSTOM_MED ADSP custom_med hit, and not from a mailing list X-Headers-End: 1fnEiN-00B7CE-LN Subject: [Openvpn-devel] [PATCH 2/2] Accept empty password and/or response in auth-pam plugin X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox From: Selva Nair In the auth-pam plugin correctly parse the static challenge string even when password or challenge response is empty. Whether an empty user input is an error is determined by the PAM conversation function depending on whether the PAM module queries for it or not. Signed-off-by: Selva Nair Acked-by: Gert Doering --- src/plugins/auth-pam/auth-pam.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/plugins/auth-pam/auth-pam.c b/src/plugins/auth-pam/auth-pam.c index 1324307..88b5320 100644 --- a/src/plugins/auth-pam/auth-pam.c +++ b/src/plugins/auth-pam/auth-pam.c @@ -310,11 +310,11 @@ split_scrv1_password(struct user_pass *up) *resp++ = '\0'; int n = plugin_base64_decode(pass, up->password, sizeof(up->password)-1); - if (n > 0) + if (n >= 0) { up->password[n] = '\0'; n = plugin_base64_decode(resp, up->response, sizeof(up->response)-1); - if (n > 0) + if (n >= 0) { up->response[n] = '\0'; if (DEBUG(up->verb))