Hello community, here is the log from the commit of package pam_u2f for openSUSE:Factory checked in at 2018-05-16 11:42:47 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/pam_u2f (Old) and /work/SRC/openSUSE:Factory/.pam_u2f.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "pam_u2f" Wed May 16 11:42:47 2018 rev:5 rq:607682 version:1.0.7 Changes: -------- --- /work/SRC/openSUSE:Factory/pam_u2f/pam_u2f.changes 2018-04-23 15:26:05.294054302 +0200 +++ /work/SRC/openSUSE:Factory/.pam_u2f.new/pam_u2f.changes 2018-05-16 11:44:08.290741935 +0200 @@ -1,0 +2,7 @@ +Tue May 15 09:04:06 UTC 2018 - [email protected] + +- Update to version 1.0.7: + - Add authpending_file to signal authentication activity + - Add nodetect to skip to avoid unnecessary cue messages + +------------------------------------------------------------------- Old: ---- pam_u2f-1.0.6.tar.gz pam_u2f-1.0.6.tar.gz.sig New: ---- pam_u2f-1.0.7.tar.gz pam_u2f-1.0.7.tar.gz.sig ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ pam_u2f.spec ++++++ --- /var/tmp/diff_new_pack.PurIrn/_old 2018-05-16 11:44:09.354703206 +0200 +++ /var/tmp/diff_new_pack.PurIrn/_new 2018-05-16 11:44:09.354703206 +0200 @@ -17,7 +17,7 @@ Name: pam_u2f -Version: 1.0.6 +Version: 1.0.7 Release: 0 Summary: U2F authentication integration into PAM License: BSD-2-Clause ++++++ pam_u2f-1.0.6.tar.gz -> pam_u2f-1.0.7.tar.gz ++++++ ++++ 3198 lines of diff (skipped) ++++ retrying with extended exclude list diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/pam_u2f-1.0.6/COPYING new/pam_u2f-1.0.7/COPYING --- old/pam_u2f-1.0.6/COPYING 2015-02-12 09:49:59.000000000 +0100 +++ new/pam_u2f-1.0.7/COPYING 2018-04-27 17:20:14.000000000 +0200 @@ -1,4 +1,4 @@ -Copyright (c) 2014-2015 Yubico AB +Copyright (c) 2014-2018 Yubico AB All rights reserved. Redistribution and use in source and binary forms, with or without diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/pam_u2f-1.0.6/ChangeLog new/pam_u2f-1.0.7/ChangeLog --- old/pam_u2f-1.0.6/ChangeLog 2018-04-18 10:48:20.000000000 +0200 +++ new/pam_u2f-1.0.7/ChangeLog 2018-05-15 10:54:03.000000000 +0200 @@ -1,3 +1,53 @@ +2018-05-15 Alessio Di Mauro <[email protected]> + + * NEWS: Update NEWS file + +2018-05-04 Alessio Di Mauro <[email protected]> + + * : Merge PR #92 + +2018-05-02 Alessio Di Mauro <[email protected]> + + * : Merge PR #91 + +2018-04-30 CJ Oster <[email protected]> + + * man/pam_u2f.8.txt, pam-u2f.c, util.c, util.h: Adds "nodetect" + option. + +2018-04-24 Alessio Di Mauro <[email protected]> + + * util.c: fixup some minor memory leaks + +2018-04-24 Alessio Di Mauro <[email protected]> + + * pam-u2f.c, util.c: Make sure to free origin/appid/auth_file if + allocated + +2018-04-24 Alessio Di Mauro <[email protected]> + + * pam-u2f.c, util.h: Make authpending_file const and cast it during + free + +2018-04-24 Alessio Di Mauro <[email protected]> + + * COPYING, Makefile.am, configure.ac, pam-u2f.c, + pamu2fcfg/Makefile.am, pamu2fcfg/cmdline.ggo, + pamu2fcfg/pamu2fcfg.c, tests/Makefile.am, tests/basic.c, util.c, + util.h: Update copyright + +2018-04-24 Alessio Di Mauro <[email protected]> + + * pam-u2f.c: Default should_free_authpending_file to 0 + +2018-04-24 Alessio Di Mauro <[email protected]> + + * : Merge PR #89 + +2018-04-18 Alessio Di Mauro <[email protected]> + + * NEWS, configure.ac: Bump version + 2018-04-18 Alessio Di Mauro <[email protected]> * NEWS: Update NEWS file diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/pam_u2f-1.0.6/Makefile.am new/pam_u2f-1.0.7/Makefile.am --- old/pam_u2f-1.0.6/Makefile.am 2018-04-18 10:48:12.000000000 +0200 +++ new/pam_u2f-1.0.7/Makefile.am 2018-04-27 17:20:14.000000000 +0200 @@ -1,4 +1,4 @@ -# Copyright (C) 2014-2015 Yubico AB - See COPYING +# Copyright (C) 2014-2018 Yubico AB - See COPYING SUBDIRS = . pamu2fcfg tests diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/pam_u2f-1.0.6/NEWS new/pam_u2f-1.0.7/NEWS --- old/pam_u2f-1.0.6/NEWS 2018-04-18 10:44:53.000000000 +0200 +++ new/pam_u2f-1.0.7/NEWS 2018-05-15 10:39:51.000000000 +0200 @@ -2,6 +2,10 @@ pam-u2f NEWS -- History of user-visible changes. -*- outline -*- +* Version 1.0.7 (released 2018-05-15) + ** Add authpending_file to signal authentication activity + ** Add nodetect to skip to avoid unnecessary cue messages + * Version 1.0.6 (released 2018-04-18) ** Fix an issue when using syslog as a debug facility. ** Do not honor cue if no sutable device is found. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/pam_u2f-1.0.6/README new/pam_u2f-1.0.7/README --- old/pam_u2f-1.0.6/README 2018-04-16 13:36:14.000000000 +0200 +++ new/pam_u2f-1.0.7/README 2018-05-04 11:34:45.000000000 +0200 @@ -13,17 +13,20 @@ -------- This project uses 'autoconf', 'automake', 'pkg-config' and 'libtool' -to achieve portability and ease of use. If you downloaded a tarball, -build it as follows. +to achieve portability and ease of use. + +In addition, both the Yubico U2F https://developers.yubico.com/libu2f-host['libu2f-host-dev'] and +https://developers.yubico.com/libu2f-server['libu2f-server-dev'] libaries are needed. + + Debian: apt-get install autoconf automake libtool pkg-config libu2f-host-dev libu2f-server-dev --no-install-recommends + +If you downloaded a tarball, build it as follows. ----------- $ ./configure $ make ----------- -Both the Yubico U2F https://developers.yubico.com/libu2f-host[host] and -https://developers.yubico.com/libu2f-server[server] libaries are needed. - Building from Git ----------------- @@ -39,7 +42,7 @@ $ cd pam-u2f ----------- -Autoconf, automake, libtool, and libpam must be installed. AsciiDoc and xsltproc are used to +'Autoconf', 'automake', 'libtool', and 'libpam' must be installed. 'AsciiDoc' and 'xsltproc' are used to generate the manpages. Debian: apt-get install autoconf automake libtool libpam-dev asciidoc xsltproc libxml2-utils docbook-xml --no-install-recommends @@ -95,6 +98,14 @@ is not set, $HOME/.config/Yubico/u2f_keys is used. (more on <<files,Authorization Mapping Files>>). +authpending_file=file:: +Set the location of the file that is used for touch request notifications. +This file will be opened when pam-u2f starts waiting for a user to touch the device, +and will be closed when it no longer waits for a touch. +Use inotify to listen on these events, or a more high-level tool like https://github.com/maximbaz/yubikey-touch-detector[yubikey-touch-detector]. +Set an empty value in order to disable this functionality, like so: `authpending_file=`. +Default value: /var/run/user/$UID/pam-u2f-authpending + nouserok:: Set to enable authentication attempts to succeed even if the user trying to authenticate is not found inside authfile or if authfile is missing/malformed. @@ -128,6 +139,17 @@ cue:: Set to prompt a message to remind to touch the device. +nodetect:: +Set to skip detecting if a suitable U2F token is inserted before performing +the full tactile authentication. This detection was created to avoid +emitting the "cue" message if no suitable token exists, because doing so +leaks information about the authentication stack if a token is inserted but +not configured for the authenticating user. However, it was found that +versions of libu2f-user 1.1.5 or less has buggy iteration/sleep behavior +which causes a 1-second delay to occur for this initial detection. For this +reason, as well as the possibility of hypothetical tokens that do not +tolerate this double authentication, the "nodetect" option was added. + [[files]] Authorization Mapping Files --------------------------- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/pam_u2f-1.0.6/build-aux/ar-lib new/pam_u2f-1.0.7/build-aux/ar-lib --- old/pam_u2f-1.0.6/build-aux/ar-lib 2018-04-18 10:46:57.000000000 +0200 +++ new/pam_u2f-1.0.7/build-aux/ar-lib 2018-05-15 10:53:18.000000000 +0200 @@ -4,7 +4,7 @@ me=ar-lib scriptversion=2012-03-01.08; # UTC -# Copyright (C) 2010-2014 Free Software Foundation, Inc. +# Copyright (C) 2010-2017 Free Software Foundation, Inc. # Written by Peter Rosin <[email protected]>. # # This program is free software; you can redistribute it and/or modify diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/pam_u2f-1.0.6/configure.ac new/pam_u2f-1.0.7/configure.ac --- old/pam_u2f-1.0.6/configure.ac 2018-04-16 13:43:56.000000000 +0200 +++ new/pam_u2f-1.0.7/configure.ac 2018-04-27 17:20:14.000000000 +0200 @@ -1,6 +1,6 @@ -# Copyright (C) 2014-2017 Yubico AB +# Copyright (C) 2014-2018 Yubico AB AC_PREREQ([2.65]) -AC_INIT([pam_u2f], [1.0.6], [https://github.com/Yubico/pam-u2f/issues], +AC_INIT([pam_u2f], [1.0.7], [https://github.com/Yubico/pam-u2f/issues], [pam_u2f], [https://developers.yubico.com/pam-u2f/]) AC_CONFIG_AUX_DIR([build-aux]) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/pam_u2f-1.0.6/man/pam_u2f.8 new/pam_u2f-1.0.7/man/pam_u2f.8 --- old/pam_u2f-1.0.6/man/pam_u2f.8 2018-04-18 10:47:07.000000000 +0200 +++ new/pam_u2f-1.0.7/man/pam_u2f.8 2018-05-11 15:23:04.000000000 +0200 @@ -62,6 +62,11 @@ Set the location of the file that holds the mappings of user names to keyHandles and user keys\&. The format is username:keyHandle1,public_key1:keyHandle2,public_key2:\&... the default location of the file is $XDG_CONFIG_HOME/Yubico/u2f_keys\&. If the environment variable is not set, $HOME/\&.config/Yubico/u2f_keys is used\&. .RE .PP +\fBauthpending_file\fR=\fIfile\fR +.RS 4 +Set the location of the file that is used for touch request notifications\&. This file will be opened when pam\-u2f starts waiting for a user to touch the device, and will be closed when it no longer waits for a touch\&. Use inotify to listen on these events, or a more high\-level tool like yubikey\-touch\-detector\&. Default value: /var/run/user/$UID/pam\-u2f\-authpending\&. Set an empty value in order to disable this functionality, like so: lockfile= +.RE +.PP \fBnouserok\fR .RS 4 Set to enable authentication attempts to succeed even if the user trying to authenticate is not found inside authfile or if authfile is missing/malformed\&. @@ -101,6 +106,13 @@ .RS 4 Set to prompt a message to remind to touch the device\&. .RE +.PP +\fBnodetect\fR +.RS 4 +Skip detecting if a suitable key is inserted before performing a full authentication\&. See +\fBNOTES\fR +below\&. +.RE .SH "EXAMPLES" .sp auth sufficient pam_u2f\&.so debug origin=pam://$HOSTNAME appid=pam://$HOSTNAME @@ -109,6 +121,13 @@ .SH "CAVEATS" .sp Using pam\-u2f to secure the login to a computer while storing the mapping file in an encrypted home directory, will result in the impossibility of logging into the system\&. The partition is decrypted after login and the mapping file can not be accessed\&. +.SH "NOTES" +.sp +The "nodetect" option should be used with caution\&. pam_u2f checks that a key configured for the user is inserted before performing the full tactile authentication\&. This detection is done by sending a "check\-only" authentication request to all inserted tokens to so see if at least one of them responds affirmatively to one or more of the keyhandles configured for the user\&. By doing this, pam_u2f can avoid emitting the "cue" prompt (if configured), which can cause some confusing UI issues if the cue is emitted followed by the underlying library immediately failing the tactile authentication\&. This option is also useful to avoid an unintended 1\-second delay prior to the tactile authentication caused by versions of libu2f\-host <= 1\&.1\&.5\&. +.sp +If pam_u2f is configured to "cue" and "nodetect", an attacker can determine that pam_u2f is part of the authentication stack by inserting any random U2F token and performing an authentication attempt\&. In this scenario, the attacker would see the cue message followed by an immediate failure, whereas with detection enabled, the U2F authentication will fail silently\&. Understand that an attacker could choose a U2F token that alerts him or her in some way to the "check\-only" authentication attempt, so this precaution only pushes the issue back a step\&. +.sp +In summary, the detection feature was added to avoid confusing UI issues and to prevent leaking information about the authentication stack in very specific scenario when "cue" is configured\&. The "nodetect" option was added to avoid buggy sleep behavior in older versions of libu2f\-host and for hypothetical tokens that do not tolerate the double authentication\&. Detection is performed, and likewise "nodetect" honored, regardless of whether "cue" is also specified\&. .SH "BUGS" .sp Report pam\-u2f bugs in the issue tracker: https://github\&.com/Yubico/pam\-u2f/issues diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/pam_u2f-1.0.6/man/pam_u2f.8.txt new/pam_u2f-1.0.7/man/pam_u2f.8.txt --- old/pam_u2f-1.0.6/man/pam_u2f.8.txt 2018-04-16 13:36:14.000000000 +0200 +++ new/pam_u2f-1.0.7/man/pam_u2f.8.txt 2018-05-02 12:31:58.000000000 +0200 @@ -29,6 +29,9 @@ *authfile*=_file_:: Set the location of the file that holds the mappings of user names to keyHandles and user keys. The format is username:keyHandle1,public_key1:keyHandle2,public_key2:... the default location of the file is $XDG_CONFIG_HOME/Yubico/u2f_keys. If the environment variable is not set, $HOME/.config/Yubico/u2f_keys is used. +*authpending_file*=_file_:: +Set the location of the file that is used for touch request notifications. This file will be opened when pam-u2f starts waiting for a user to touch the device, and will be closed when it no longer waits for a touch. Use inotify to listen on these events, or a more high-level tool like yubikey-touch-detector. Default value: /var/run/user/$UID/pam-u2f-authpending. Set an empty value in order to disable this functionality, like so: lockfile= + *nouserok*:: Set to enable authentication attempts to succeed even if the user trying to authenticate is not found inside authfile or if authfile is missing/malformed. @@ -55,6 +58,9 @@ *cue*:: Set to prompt a message to remind to touch the device. +*nodetect*:: +Skip detecting if a suitable key is inserted before performing a full authentication. See *NOTES* below. + == EXAMPLES auth sufficient pam_u2f.so debug origin=pam://$HOSTNAME appid=pam://$HOSTNAME @@ -67,6 +73,36 @@ in the impossibility of logging into the system. The partition is decrypted after login and the mapping file can not be accessed. +== NOTES +The "nodetect" option should be used with caution. pam_u2f checks that a +key configured for the user is inserted before performing the full tactile +authentication. This detection is done by sending a "check-only" +authentication request to all inserted tokens to so see if at least one of +them responds affirmatively to one or more of the keyhandles configured for +the user. By doing this, pam_u2f can avoid emitting the "cue" prompt (if +configured), which can cause some confusing UI issues if the cue is emitted +followed by the underlying library immediately failing the tactile +authentication. This option is also useful to avoid an unintended 1-second +delay prior to the tactile authentication caused by versions of libu2f-host +\<= 1.1.5. + +If pam_u2f is configured to "cue" and "nodetect", an attacker can determine +that pam_u2f is part of the authentication stack by inserting any random +U2F token and performing an authentication attempt. In this scenario, the +attacker would see the cue message followed by an immediate failure, +whereas with detection enabled, the U2F authentication will fail silently. +Understand that an attacker could choose a U2F token that alerts him or +her in some way to the "check-only" authentication attempt, so this +precaution only pushes the issue back a step. + +In summary, the detection feature was added to avoid confusing UI issues +and to prevent leaking information about the authentication stack in very +specific scenario when "cue" is configured. The "nodetect" option was added +to avoid buggy sleep behavior in older versions of libu2f-host and for +hypothetical tokens that do not tolerate the double authentication. +Detection is performed, and likewise "nodetect" honored, regardless of +whether "cue" is also specified. + == BUGS Report pam-u2f bugs in the issue tracker: https://github.com/Yubico/pam-u2f/issues diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/pam_u2f-1.0.6/pam-u2f.c new/pam_u2f-1.0.7/pam-u2f.c --- old/pam_u2f-1.0.6/pam-u2f.c 2018-04-18 10:32:25.000000000 +0200 +++ new/pam_u2f-1.0.7/pam-u2f.c 2018-05-02 12:31:58.000000000 +0200 @@ -1,5 +1,5 @@ /* - * Copyright (C) 2014-2015 Yubico AB - See COPYING + * Copyright (C) 2014-2018 Yubico AB - See COPYING */ /* Define which PAM interfaces we provide */ @@ -9,6 +9,7 @@ #include <security/pam_appl.h> #include <security/pam_modules.h> +#include <fcntl.h> #include <sys/types.h> #include <sys/stat.h> #include <unistd.h> @@ -51,8 +52,12 @@ cfg->interactive = 1; if (strcmp(argv[i], "cue") == 0) cfg->cue = 1; + if (strcmp(argv[i], "nodetect") == 0) + cfg->nodetect = 1; if (strncmp(argv[i], "authfile=", 9) == 0) cfg->auth_file = argv[i] + 9; + if (strncmp(argv[i], "authpending_file=", 17) == 0) + cfg->authpending_file = argv[i] + 17; if (strncmp(argv[i], "origin=", 7) == 0) cfg->origin = argv[i] + 7; if (strncmp(argv[i], "appid=", 6) == 0) @@ -95,11 +100,13 @@ D(cfg->debug_file, "debug=%d", cfg->debug); D(cfg->debug_file, "interactive=%d", cfg->interactive); D(cfg->debug_file, "cue=%d", cfg->cue); + D(cfg->debug_file, "nodetect=%d", cfg->nodetect); D(cfg->debug_file, "manual=%d", cfg->manual); D(cfg->debug_file, "nouserok=%d", cfg->nouserok); D(cfg->debug_file, "openasuser=%d", cfg->openasuser); D(cfg->debug_file, "alwaysok=%d", cfg->alwaysok); D(cfg->debug_file, "authfile=%s", cfg->auth_file ? cfg->auth_file : "(null)"); + D(cfg->debug_file, "authpending_file=%s", cfg->authpending_file ? cfg->authpending_file : "(null)"); D(cfg->debug_file, "origin=%s", cfg->origin ? cfg->origin : "(null)"); D(cfg->debug_file, "appid=%s", cfg->appid ? cfg->appid : "(null)"); D(cfg->debug_file, "prompt=%s", cfg->prompt ? cfg->prompt : "(null)"); @@ -132,6 +139,10 @@ device_t *devices = NULL; unsigned n_devices = 0; int openasuser; + int should_free_origin = 0; + int should_free_appid = 0; + int should_free_auth_file = 0; + int should_free_authpending_file = 0; parse_cfg(flags, argc, argv, cfg); @@ -148,6 +159,8 @@ if (!cfg->origin) { DBG("Unable to allocate memory"); goto done; + } else { + should_free_origin = 1; } } @@ -158,6 +171,8 @@ if (!cfg->appid) { DBG("Unable to allocate memory") goto done; + } else { + should_free_appid = 1; } } @@ -230,6 +245,7 @@ DBG("Using default authentication file %s", buf); cfg->auth_file = buf; /* cfg takes ownership */ + should_free_auth_file = 1; buf = NULL; } else { DBG("Using authentication file %s", cfg->auth_file); @@ -278,6 +294,36 @@ } } + // Determine the full path for authpending_file in order to emit touch request notifications + if (!cfg->authpending_file) { + int actual_size = snprintf(buffer, BUFSIZE, DEFAULT_AUTHPENDING_FILE_PATH, getuid()); + if (actual_size >= 0 && actual_size < BUFSIZE) { + cfg->authpending_file = strdup(buffer); + } + if (!cfg->authpending_file) { + DBG("Unable to allocate memory for the authpending_file, touch request notifications will not be emitted"); + } else { + should_free_authpending_file = 1; + } + } else { + if (strlen(cfg->authpending_file) == 0) { + DBG("authpending_file is set to an empty value, touch request notifications will be disabled"); + cfg->authpending_file = NULL; + } + } + + int authpending_file_descriptor = -1; + if (cfg->authpending_file) { + DBG("Using file '%s' for emitting touch request notifications", cfg->authpending_file); + + // Open (or create) the authpending_file to indicate that we start waiting for a touch + authpending_file_descriptor = open(cfg->authpending_file, O_RDONLY | O_CREAT, 0664); + if (authpending_file_descriptor < 0) { + DBG("Unable to emit 'authentication started' notification by opening the file '%s', (%s)", + cfg->authpending_file, strerror(errno)); + } + } + if (cfg->manual == 0) { if (cfg->interactive) { converse(pamh, PAM_PROMPT_ECHO_ON, @@ -289,6 +335,14 @@ retval = do_manual_authentication(cfg, devices, n_devices, pamh); } + // Close the authpending_file to indicate that we stop waiting for a touch + if (authpending_file_descriptor >= 0) { + if (close(authpending_file_descriptor) < 0) { + DBG("Unable to emit 'authentication stopped' notification by closing the file '%s', (%s)", + cfg->authpending_file, strerror(errno)); + } + } + if (retval != 1) { DBG("do_authentication returned %d", retval); retval = PAM_AUTH_ERR; @@ -305,6 +359,26 @@ buf = NULL; } + if (should_free_origin) { + free((char *) cfg->origin); + cfg->origin = NULL; + } + + if (should_free_appid) { + free((char *) cfg->appid); + cfg->appid = NULL; + } + + if (should_free_auth_file) { + free((char *) cfg->auth_file); + cfg->auth_file = NULL; + } + + if (should_free_authpending_file) { + free((char *) cfg->authpending_file); + cfg->authpending_file = NULL; + } + if (cfg->alwaysok && retval != PAM_SUCCESS) { DBG("alwaysok needed (otherwise return with %d)", retval); retval = PAM_SUCCESS; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/pam_u2f-1.0.6/pamu2fcfg/Makefile.am new/pam_u2f-1.0.7/pamu2fcfg/Makefile.am --- old/pam_u2f-1.0.6/pamu2fcfg/Makefile.am 2018-04-16 13:36:14.000000000 +0200 +++ new/pam_u2f-1.0.7/pamu2fcfg/Makefile.am 2018-04-27 17:20:15.000000000 +0200 @@ -1,4 +1,4 @@ -# Copyright (C) 2014-2015 Yubico AB - See COPYING +# Copyright (C) 2014-2018 Yubico AB - See COPYING AM_CFLAGS = $(WARN_CFLAGS) AM_CPPFLAGS=-I$(srcdir)/.. -I$(builddir)/.. $(LIBU2FHOST_CFLAGS) $(LIBU2FSERVER_CFLAGS) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/pam_u2f-1.0.6/pamu2fcfg/cmdline.ggo new/pam_u2f-1.0.7/pamu2fcfg/cmdline.ggo --- old/pam_u2f-1.0.6/pamu2fcfg/cmdline.ggo 2018-04-16 13:36:14.000000000 +0200 +++ new/pam_u2f-1.0.7/pamu2fcfg/cmdline.ggo 2018-04-27 17:20:15.000000000 +0200 @@ -1,4 +1,4 @@ -# Copyright (C) 2014-2015 Yubico AB - See COPYING +# Copyright (C) 2014-2018 Yubico AB - See COPYING # purpose "Perform a U2F registration operation and print a configuration line that can be used with the pam_u2f module." diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/pam_u2f-1.0.6/pamu2fcfg/pamu2fcfg.c new/pam_u2f-1.0.7/pamu2fcfg/pamu2fcfg.c --- old/pam_u2f-1.0.6/pamu2fcfg/pamu2fcfg.c 2018-04-16 13:36:14.000000000 +0200 +++ new/pam_u2f-1.0.7/pamu2fcfg/pamu2fcfg.c 2018-04-27 17:20:15.000000000 +0200 @@ -1,5 +1,5 @@ /* - * Copyright (C) 2014-2015 Yubico AB - See COPYING + * Copyright (C) 2014-2018 Yubico AB - See COPYING */ #include <u2f-server.h> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/pam_u2f-1.0.6/tests/Makefile.am new/pam_u2f-1.0.7/tests/Makefile.am --- old/pam_u2f-1.0.6/tests/Makefile.am 2015-02-12 09:51:37.000000000 +0100 +++ new/pam_u2f-1.0.7/tests/Makefile.am 2018-04-27 17:20:15.000000000 +0200 @@ -1,4 +1,4 @@ -# Copyright (C) 2014-2015 Yubico AB - See COPYING +# Copyright (C) 2014-2018 Yubico AB - See COPYING # AM_CFLAGS = $(WARN_CFLAGS) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/pam_u2f-1.0.6/tests/basic.c new/pam_u2f-1.0.7/tests/basic.c --- old/pam_u2f-1.0.6/tests/basic.c 2015-02-12 09:52:19.000000000 +0100 +++ new/pam_u2f-1.0.7/tests/basic.c 2018-04-27 17:20:15.000000000 +0200 @@ -1,5 +1,5 @@ /* - * Copyright (C) 2014-2015 Yubico AB - See COPYING + * Copyright (C) 2014-2018 Yubico AB - See COPYING */ #include <stdio.h> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/pam_u2f-1.0.6/util.c new/pam_u2f-1.0.7/util.c --- old/pam_u2f-1.0.6/util.c 2018-04-18 10:34:39.000000000 +0200 +++ new/pam_u2f-1.0.7/util.c 2018-05-02 12:31:58.000000000 +0200 @@ -1,5 +1,5 @@ /* - * Copyright (C) 2014-2015 Yubico AB - See COPYING + * Copyright (C) 2014-2018 Yubico AB - See COPYING */ #include "util.h" @@ -204,8 +204,11 @@ *n_devs = 0; out: - free(buf); - buf = NULL; + if (buf) { + free(buf); + buf = NULL; + } + if (opwfile) fclose(opwfile); else if (fd >= 0) @@ -315,13 +318,18 @@ if (cfg->debug) D(cfg->debug_file, "Unable to produce authentication challenge: %s", u2fs_strerror(s_rc)); + free(buf); + buf = NULL; return retval; } if (cfg->debug) D(cfg->debug_file, "Challenge: %s", buf); - if ((h_rc = u2fh_authenticate(devs, buf, cfg->origin, &response, 0)) == U2FH_OK ) { + if (cfg->nodetect || (h_rc = u2fh_authenticate(devs, buf, cfg->origin, &response, 0)) == U2FH_OK ) { + + if (cfg->nodetect) + D(cfg->debug_file, "nodetect option specified, suitable key detection skipped"); if (cfg->manual == 0 && cfg->cue && !cued) { cued = 1; @@ -335,8 +343,15 @@ if (cfg->debug) D(cfg->debug_file, "Response: %s", response); - if (u2fs_authentication_verify(ctx, response, &auth_result) == U2FS_OK) { + s_rc = u2fs_authentication_verify(ctx, response, &auth_result); + u2fs_free_auth_res(auth_result); + free(response); + response = NULL; + if (s_rc == U2FS_OK) { retval = 1; + + free(buf); + buf = NULL; break; } } else { @@ -344,9 +359,11 @@ D(cfg->debug_file, "Unable to communicate to the device, %s", u2fh_strerror(h_rc)); } } else { - if (cfg->debug) - D(cfg->debug_file, "Device for this keyhandle is not present."); + if (cfg->debug) + D(cfg->debug_file, "Device for this keyhandle is not present."); } + free(buf); + buf = NULL; i++; @@ -448,6 +465,8 @@ converse(pamh, PAM_TEXT_INFO, prompt); } converse(pamh, PAM_TEXT_INFO, buf); + free(buf); + buf = NULL; } converse(pamh, PAM_TEXT_INFO, @@ -460,8 +479,9 @@ response = converse(pamh, PAM_PROMPT_ECHO_ON, prompt); converse(pamh, PAM_TEXT_INFO, response); - if (u2fs_authentication_verify(ctx_arr[i], response, &auth_result) == - U2FS_OK) { + s_rc = u2fs_authentication_verify(ctx_arr[i], response, &auth_result); + u2fs_free_auth_res(auth_result); + if (s_rc == U2FS_OK) { retval = 1; } free(response); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/pam_u2f-1.0.6/util.h new/pam_u2f-1.0.7/util.h --- old/pam_u2f-1.0.6/util.h 2018-04-18 10:32:25.000000000 +0200 +++ new/pam_u2f-1.0.7/util.h 2018-05-02 12:31:58.000000000 +0200 @@ -1,5 +1,5 @@ /* - * Copyright (C) 2014-2015 Yubico AB - See COPYING + * Copyright (C) 2014-2018 Yubico AB - See COPYING */ #ifndef UTIL_H @@ -16,6 +16,7 @@ #define DEVSIZE (((PK_LEN) + (KH_LEN) + (RD_LEN))) #define DEFAULT_AUTHFILE_DIR_VAR "XDG_CONFIG_HOME" #define DEFAULT_AUTHFILE "/Yubico/u2f_keys" +#define DEFAULT_AUTHPENDING_FILE_PATH "/var/run/user/%d/pam-u2f-authpending" #define DEFAULT_PROMPT "Insert your U2F device, then press ENTER." #define DEFAULT_CUE "Please touch the device." #define DEFAULT_ORIGIN_PREFIX "pam://" @@ -37,7 +38,9 @@ int alwaysok; int interactive; int cue; + int nodetect; const char *auth_file; + const char *authpending_file; const char *origin; const char *appid; const char *prompt;
