diff options
Diffstat (limited to 'modules/pam_timestamp')
| -rw-r--r-- | modules/pam_timestamp/Makefile.am | 19 | ||||
| -rw-r--r-- | modules/pam_timestamp/Makefile.in | 90 | ||||
| -rw-r--r-- | modules/pam_timestamp/README | 3 | ||||
| -rw-r--r-- | modules/pam_timestamp/hmac_openssl_wrapper.c | 381 | ||||
| -rw-r--r-- | modules/pam_timestamp/hmac_openssl_wrapper.h | 57 | ||||
| -rw-r--r-- | modules/pam_timestamp/pam_timestamp.8 | 9 | ||||
| -rw-r--r-- | modules/pam_timestamp/pam_timestamp.8.xml | 5 | ||||
| -rw-r--r-- | modules/pam_timestamp/pam_timestamp.c | 53 | ||||
| -rw-r--r-- | modules/pam_timestamp/pam_timestamp_check.8 | 6 | ||||
| -rw-r--r-- | modules/pam_timestamp/pam_timestamp_check.8.xml | 2 | ||||
| -rw-r--r-- | modules/pam_timestamp/sha1.c | 21 | ||||
| -rw-r--r-- | modules/pam_timestamp/sha1.h | 5 |
12 files changed, 591 insertions, 60 deletions
diff --git a/modules/pam_timestamp/Makefile.am b/modules/pam_timestamp/Makefile.am index d49abf4b..d290b85f 100644 --- a/modules/pam_timestamp/Makefile.am +++ b/modules/pam_timestamp/Makefile.am @@ -18,12 +18,12 @@ TESTS = $(dist_check_SCRIPTS) $(check_PROGRAMS) securelibdir = $(SECUREDIR) secureconfdir = $(SCONFIGDIR) -noinst_HEADERS = hmacsha1.h sha1.h +noinst_HEADERS = hmacsha1.h sha1.h hmac_openssl_wrapper.h AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \ $(WARN_CFLAGS) -pam_timestamp_la_LDFLAGS = -no-undefined -avoid-version -module $(AM_LDFLAGS) +pam_timestamp_la_LDFLAGS = -no-undefined -avoid-version -module $(AM_LDFLAGS) $(CRYPTO_LIBS) pam_timestamp_la_LIBADD = $(top_builddir)/libpam/libpam.la if HAVE_VERSIONING pam_timestamp_la_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map @@ -32,15 +32,24 @@ endif securelib_LTLIBRARIES = pam_timestamp.la sbin_PROGRAMS = pam_timestamp_check -pam_timestamp_la_SOURCES = pam_timestamp.c hmacsha1.c sha1.c +pam_timestamp_la_SOURCES = pam_timestamp.c +if COND_USE_OPENSSL +pam_timestamp_la_SOURCES += hmac_openssl_wrapper.c +else +pam_timestamp_la_SOURCES += hmacsha1.c sha1.c +endif pam_timestamp_la_CFLAGS = $(AM_CFLAGS) pam_timestamp_check_SOURCES = pam_timestamp_check.c -pam_timestamp_check_CFLAGS = $(AM_CFLAGS) @PIE_CFLAGS@ +pam_timestamp_check_CFLAGS = $(AM_CFLAGS) @EXE_CFLAGS@ pam_timestamp_check_LDADD = $(top_builddir)/libpam/libpam.la -pam_timestamp_check_LDFLAGS = @PIE_LDFLAGS@ +pam_timestamp_check_LDFLAGS = @EXE_LDFLAGS@ +if COND_USE_OPENSSL +hmacfile_SOURCES = hmac_openssl_wrapper.c +else hmacfile_SOURCES = hmacfile.c hmacsha1.c sha1.c +endif hmacfile_LDADD = $(top_builddir)/libpam/libpam.la check_PROGRAMS = hmacfile diff --git a/modules/pam_timestamp/Makefile.in b/modules/pam_timestamp/Makefile.in index 79941c54..440020b5 100644 --- a/modules/pam_timestamp/Makefile.in +++ b/modules/pam_timestamp/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.16.1 from Makefile.am. +# Makefile.in generated by automake 1.16.3 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2018 Free Software Foundation, Inc. +# Copyright (C) 1994-2020 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -98,21 +98,26 @@ build_triplet = @build@ host_triplet = @host@ @HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map sbin_PROGRAMS = pam_timestamp_check$(EXEEXT) +@COND_USE_OPENSSL_TRUE@am__append_2 = hmac_openssl_wrapper.c +@COND_USE_OPENSSL_FALSE@am__append_3 = hmacsha1.c sha1.c check_PROGRAMS = hmacfile$(EXEEXT) subdir = modules/pam_timestamp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 -am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \ - $(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/intlmacosx.m4 \ - $(top_srcdir)/m4/japhar_grep_cflags.m4 \ +am__aclocal_m4_deps = $(top_srcdir)/m4/attribute.m4 \ + $(top_srcdir)/m4/gettext.m4 $(top_srcdir)/m4/iconv.m4 \ + $(top_srcdir)/m4/intlmacosx.m4 \ $(top_srcdir)/m4/jh_path_xml_catalog.m4 \ $(top_srcdir)/m4/ld-O1.m4 $(top_srcdir)/m4/ld-as-needed.m4 \ - $(top_srcdir)/m4/ld-no-undefined.m4 $(top_srcdir)/m4/lib-ld.m4 \ + $(top_srcdir)/m4/ld-no-undefined.m4 \ + $(top_srcdir)/m4/ld-z-now.m4 $(top_srcdir)/m4/lib-ld.m4 \ $(top_srcdir)/m4/lib-link.m4 $(top_srcdir)/m4/lib-prefix.m4 \ $(top_srcdir)/m4/libprelude.m4 $(top_srcdir)/m4/libtool.m4 \ $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \ $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \ $(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/po.m4 \ - $(top_srcdir)/m4/progtest.m4 $(top_srcdir)/configure.ac + $(top_srcdir)/m4/progtest.m4 \ + $(top_srcdir)/m4/warn_lang_flags.m4 \ + $(top_srcdir)/m4/warnings.m4 $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) DIST_COMMON = $(srcdir)/Makefile.am $(dist_check_SCRIPTS) \ @@ -154,8 +159,13 @@ am__uninstall_files_from_dir = { \ } LTLIBRARIES = $(securelib_LTLIBRARIES) pam_timestamp_la_DEPENDENCIES = $(top_builddir)/libpam/libpam.la +am__pam_timestamp_la_SOURCES_DIST = pam_timestamp.c \ + hmac_openssl_wrapper.c hmacsha1.c sha1.c +@COND_USE_OPENSSL_TRUE@am__objects_1 = pam_timestamp_la-hmac_openssl_wrapper.lo +@COND_USE_OPENSSL_FALSE@am__objects_2 = pam_timestamp_la-hmacsha1.lo \ +@COND_USE_OPENSSL_FALSE@ pam_timestamp_la-sha1.lo am_pam_timestamp_la_OBJECTS = pam_timestamp_la-pam_timestamp.lo \ - pam_timestamp_la-hmacsha1.lo pam_timestamp_la-sha1.lo + $(am__objects_1) $(am__objects_2) pam_timestamp_la_OBJECTS = $(am_pam_timestamp_la_OBJECTS) AM_V_lt = $(am__v_lt_@AM_V@) am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) @@ -165,8 +175,12 @@ pam_timestamp_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \ $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ $(pam_timestamp_la_CFLAGS) $(CFLAGS) \ $(pam_timestamp_la_LDFLAGS) $(LDFLAGS) -o $@ -am_hmacfile_OBJECTS = hmacfile.$(OBJEXT) hmacsha1.$(OBJEXT) \ - sha1.$(OBJEXT) +am__hmacfile_SOURCES_DIST = hmacfile.c hmacsha1.c sha1.c \ + hmac_openssl_wrapper.c +@COND_USE_OPENSSL_FALSE@am_hmacfile_OBJECTS = hmacfile.$(OBJEXT) \ +@COND_USE_OPENSSL_FALSE@ hmacsha1.$(OBJEXT) sha1.$(OBJEXT) +@COND_USE_OPENSSL_TRUE@am_hmacfile_OBJECTS = \ +@COND_USE_OPENSSL_TRUE@ hmac_openssl_wrapper.$(OBJEXT) hmacfile_OBJECTS = $(am_hmacfile_OBJECTS) hmacfile_DEPENDENCIES = $(top_builddir)/libpam/libpam.la am_pam_timestamp_check_OBJECTS = \ @@ -192,8 +206,10 @@ am__v_at_1 = DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp am__maybe_remake_depfiles = depfiles -am__depfiles_remade = ./$(DEPDIR)/hmacfile.Po ./$(DEPDIR)/hmacsha1.Po \ +am__depfiles_remade = ./$(DEPDIR)/hmac_openssl_wrapper.Po \ + ./$(DEPDIR)/hmacfile.Po ./$(DEPDIR)/hmacsha1.Po \ ./$(DEPDIR)/pam_timestamp_check-pam_timestamp_check.Po \ + ./$(DEPDIR)/pam_timestamp_la-hmac_openssl_wrapper.Plo \ ./$(DEPDIR)/pam_timestamp_la-hmacsha1.Plo \ ./$(DEPDIR)/pam_timestamp_la-pam_timestamp.Plo \ ./$(DEPDIR)/pam_timestamp_la-sha1.Plo ./$(DEPDIR)/sha1.Po @@ -218,8 +234,8 @@ am__v_CCLD_0 = @echo " CCLD " $@; am__v_CCLD_1 = SOURCES = $(pam_timestamp_la_SOURCES) $(hmacfile_SOURCES) \ $(pam_timestamp_check_SOURCES) -DIST_SOURCES = $(pam_timestamp_la_SOURCES) $(hmacfile_SOURCES) \ - $(pam_timestamp_check_SOURCES) +DIST_SOURCES = $(am__pam_timestamp_la_SOURCES_DIST) \ + $(am__hmacfile_SOURCES_DIST) $(pam_timestamp_check_SOURCES) am__can_run_installinfo = \ case $$AM_UPDATE_INFO_DIR in \ n|no|NO) false;; \ @@ -405,6 +421,7 @@ am__set_TESTS_bases = \ bases='$(TEST_LOGS)'; \ bases=`for i in $$bases; do echo $$i; done | sed 's/\.log$$//'`; \ bases=`echo $$bases` +AM_TESTSUITE_SUMMARY_HEADER = ' for $(PACKAGE_STRING)' RECHECK_LOGS = $(TEST_LOGS) AM_RECURSIVE_TARGETS = check recheck TEST_SUITE_LOG = test-suite.log @@ -449,6 +466,9 @@ CC_FOR_BUILD = @CC_FOR_BUILD@ CFLAGS = @CFLAGS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ +CRYPTO_LIBS = @CRYPTO_LIBS@ +CRYPT_CFLAGS = @CRYPT_CFLAGS@ +CRYPT_LIBS = @CRYPT_LIBS@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ @@ -462,6 +482,8 @@ ECONF_CFLAGS = @ECONF_CFLAGS@ ECONF_LIBS = @ECONF_LIBS@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ +EXE_CFLAGS = @EXE_CFLAGS@ +EXE_LDFLAGS = @EXE_LDFLAGS@ FGREP = @FGREP@ FO2PDF = @FO2PDF@ GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@ @@ -481,7 +503,6 @@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ LIBAUDIT = @LIBAUDIT@ -LIBCRACK = @LIBCRACK@ LIBCRYPT = @LIBCRYPT@ LIBDB = @LIBDB@ LIBDL = @LIBDL@ @@ -528,8 +549,6 @@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ -PIE_CFLAGS = @PIE_CFLAGS@ -PIE_LDFLAGS = @PIE_LDFLAGS@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ @@ -540,6 +559,7 @@ SECUREDIR = @SECUREDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ +STRINGPARAM_HMAC = @STRINGPARAM_HMAC@ STRINGPARAM_VENDORDIR = @STRINGPARAM_VENDORDIR@ STRIP = @STRIP@ TIRPC_CFLAGS = @TIRPC_CFLAGS@ @@ -589,7 +609,6 @@ htmldir = @htmldir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ -libc_cv_fpie = @libc_cv_fpie@ libdir = @libdir@ libexecdir = @libexecdir@ localedir = @localedir@ @@ -597,9 +616,6 @@ localstatedir = @localstatedir@ mandir = @mandir@ mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ -pam_cv_ld_O1 = @pam_cv_ld_O1@ -pam_cv_ld_as_needed = @pam_cv_ld_as_needed@ -pam_cv_ld_no_undefined = @pam_cv_ld_no_undefined@ pam_xauth_path = @pam_xauth_path@ pdfdir = @pdfdir@ prefix = @prefix@ @@ -609,6 +625,7 @@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ sysconfdir = @sysconfdir@ +systemdunitdir = @systemdunitdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ @@ -622,21 +639,23 @@ dist_check_SCRIPTS = tst-pam_timestamp TESTS = $(dist_check_SCRIPTS) $(check_PROGRAMS) securelibdir = $(SECUREDIR) secureconfdir = $(SCONFIGDIR) -noinst_HEADERS = hmacsha1.h sha1.h +noinst_HEADERS = hmacsha1.h sha1.h hmac_openssl_wrapper.h AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \ $(WARN_CFLAGS) pam_timestamp_la_LDFLAGS = -no-undefined -avoid-version -module \ - $(AM_LDFLAGS) $(am__append_1) + $(AM_LDFLAGS) $(CRYPTO_LIBS) $(am__append_1) pam_timestamp_la_LIBADD = $(top_builddir)/libpam/libpam.la securelib_LTLIBRARIES = pam_timestamp.la -pam_timestamp_la_SOURCES = pam_timestamp.c hmacsha1.c sha1.c +pam_timestamp_la_SOURCES = pam_timestamp.c $(am__append_2) \ + $(am__append_3) pam_timestamp_la_CFLAGS = $(AM_CFLAGS) pam_timestamp_check_SOURCES = pam_timestamp_check.c -pam_timestamp_check_CFLAGS = $(AM_CFLAGS) @PIE_CFLAGS@ +pam_timestamp_check_CFLAGS = $(AM_CFLAGS) @EXE_CFLAGS@ pam_timestamp_check_LDADD = $(top_builddir)/libpam/libpam.la -pam_timestamp_check_LDFLAGS = @PIE_LDFLAGS@ -hmacfile_SOURCES = hmacfile.c hmacsha1.c sha1.c +pam_timestamp_check_LDFLAGS = @EXE_LDFLAGS@ +@COND_USE_OPENSSL_FALSE@hmacfile_SOURCES = hmacfile.c hmacsha1.c sha1.c +@COND_USE_OPENSSL_TRUE@hmacfile_SOURCES = hmac_openssl_wrapper.c hmacfile_LDADD = $(top_builddir)/libpam/libpam.la @ENABLE_REGENERATE_MAN_TRUE@dist_noinst_DATA = README all: all-am @@ -783,9 +802,11 @@ mostlyclean-compile: distclean-compile: -rm -f *.tab.c +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/hmac_openssl_wrapper.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/hmacfile.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/hmacsha1.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_timestamp_check-pam_timestamp_check.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_timestamp_la-hmac_openssl_wrapper.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_timestamp_la-hmacsha1.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_timestamp_la-pam_timestamp.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_timestamp_la-sha1.Plo@am__quote@ # am--include-marker @@ -825,6 +846,13 @@ pam_timestamp_la-pam_timestamp.lo: pam_timestamp.c @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(pam_timestamp_la_CFLAGS) $(CFLAGS) -c -o pam_timestamp_la-pam_timestamp.lo `test -f 'pam_timestamp.c' || echo '$(srcdir)/'`pam_timestamp.c +pam_timestamp_la-hmac_openssl_wrapper.lo: hmac_openssl_wrapper.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(pam_timestamp_la_CFLAGS) $(CFLAGS) -MT pam_timestamp_la-hmac_openssl_wrapper.lo -MD -MP -MF $(DEPDIR)/pam_timestamp_la-hmac_openssl_wrapper.Tpo -c -o pam_timestamp_la-hmac_openssl_wrapper.lo `test -f 'hmac_openssl_wrapper.c' || echo '$(srcdir)/'`hmac_openssl_wrapper.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/pam_timestamp_la-hmac_openssl_wrapper.Tpo $(DEPDIR)/pam_timestamp_la-hmac_openssl_wrapper.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='hmac_openssl_wrapper.c' object='pam_timestamp_la-hmac_openssl_wrapper.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(pam_timestamp_la_CFLAGS) $(CFLAGS) -c -o pam_timestamp_la-hmac_openssl_wrapper.lo `test -f 'hmac_openssl_wrapper.c' || echo '$(srcdir)/'`hmac_openssl_wrapper.c + pam_timestamp_la-hmacsha1.lo: hmacsha1.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(pam_timestamp_la_CFLAGS) $(CFLAGS) -MT pam_timestamp_la-hmacsha1.lo -MD -MP -MF $(DEPDIR)/pam_timestamp_la-hmacsha1.Tpo -c -o pam_timestamp_la-hmacsha1.lo `test -f 'hmacsha1.c' || echo '$(srcdir)/'`hmacsha1.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/pam_timestamp_la-hmacsha1.Tpo $(DEPDIR)/pam_timestamp_la-hmacsha1.Plo @@ -1061,7 +1089,7 @@ $(TEST_SUITE_LOG): $(TEST_LOGS) test x"$$VERBOSE" = x || cat $(TEST_SUITE_LOG); \ fi; \ echo "$${col}$$br$${std}"; \ - echo "$${col}Testsuite summary for $(PACKAGE_STRING)$${std}"; \ + echo "$${col}Testsuite summary"$(AM_TESTSUITE_SUMMARY_HEADER)"$${std}"; \ echo "$${col}$$br$${std}"; \ create_testsuite_report --maybe-color; \ echo "$$col$$br$$std"; \ @@ -1208,9 +1236,11 @@ clean-am: clean-checkPROGRAMS clean-generic clean-libtool \ clean-sbinPROGRAMS clean-securelibLTLIBRARIES mostlyclean-am distclean: distclean-am - -rm -f ./$(DEPDIR)/hmacfile.Po + -rm -f ./$(DEPDIR)/hmac_openssl_wrapper.Po + -rm -f ./$(DEPDIR)/hmacfile.Po -rm -f ./$(DEPDIR)/hmacsha1.Po -rm -f ./$(DEPDIR)/pam_timestamp_check-pam_timestamp_check.Po + -rm -f ./$(DEPDIR)/pam_timestamp_la-hmac_openssl_wrapper.Plo -rm -f ./$(DEPDIR)/pam_timestamp_la-hmacsha1.Plo -rm -f ./$(DEPDIR)/pam_timestamp_la-pam_timestamp.Plo -rm -f ./$(DEPDIR)/pam_timestamp_la-sha1.Plo @@ -1260,9 +1290,11 @@ install-ps-am: installcheck-am: maintainer-clean: maintainer-clean-am - -rm -f ./$(DEPDIR)/hmacfile.Po + -rm -f ./$(DEPDIR)/hmac_openssl_wrapper.Po + -rm -f ./$(DEPDIR)/hmacfile.Po -rm -f ./$(DEPDIR)/hmacsha1.Po -rm -f ./$(DEPDIR)/pam_timestamp_check-pam_timestamp_check.Po + -rm -f ./$(DEPDIR)/pam_timestamp_la-hmac_openssl_wrapper.Plo -rm -f ./$(DEPDIR)/pam_timestamp_la-hmacsha1.Plo -rm -f ./$(DEPDIR)/pam_timestamp_la-pam_timestamp.Plo -rm -f ./$(DEPDIR)/pam_timestamp_la-sha1.Plo diff --git a/modules/pam_timestamp/README b/modules/pam_timestamp/README index 4f16bae0..e1ed508a 100644 --- a/modules/pam_timestamp/README +++ b/modules/pam_timestamp/README @@ -13,6 +13,9 @@ created in the timestampdir directory for the user. When an application attempts to authenticate the user, a pam_timestamp will treat a sufficiently recent timestamp file as grounds for succeeding. +The default encryption hash is taken from the HMAC_CRYPTO_ALGO variable from / +etc/login.defs. + OPTIONS timestampdir=directory diff --git a/modules/pam_timestamp/hmac_openssl_wrapper.c b/modules/pam_timestamp/hmac_openssl_wrapper.c new file mode 100644 index 00000000..926c2fb9 --- /dev/null +++ b/modules/pam_timestamp/hmac_openssl_wrapper.c @@ -0,0 +1,381 @@ +/* Wrapper for hmac openssl implementation. + * + * Copyright (c) 2021 Red Hat, Inc. + * Written by Iker Pedrosa <ipedrosa@redhat.com> + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, and the entire permission notice in its entirety, + * including the disclaimer of warranties. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior + * written permission. + * + * ALTERNATIVELY, this product may be distributed under the terms of + * the GNU Public License, in which case the provisions of the GPL are + * required INSTEAD OF the above restrictions. (This clause is + * necessary due to a potential bad interaction between the GPL and + * the restrictions contained in a BSD-style copyright.) + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED + * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#include "config.h" + +#ifdef WITH_OPENSSL + +#include <sys/stat.h> +#include <fcntl.h> +#include <syslog.h> +#include <unistd.h> +#include <string.h> +#include <errno.h> +#include <openssl/evp.h> +#include <openssl/params.h> +#include <openssl/core_names.h> + +#include <security/pam_ext.h> +#include <security/pam_modutil.h> + +#include "hmac_openssl_wrapper.h" + +#define LOGIN_DEFS "/etc/login.defs" +#define CRYPTO_KEY "HMAC_CRYPTO_ALGO" +#define DEFAULT_ALGORITHM "SHA512" +#define MAX_HMAC_LENGTH 512 +#define MAX_KEY_LENGTH EVP_MAX_KEY_LENGTH + +static char * +get_crypto_algorithm(pam_handle_t *pamh, int debug){ + char *config_value = NULL; + + config_value = pam_modutil_search_key(pamh, LOGIN_DEFS, CRYPTO_KEY); + + if (config_value == NULL) { + config_value = strdup(DEFAULT_ALGORITHM); + if (debug) { + pam_syslog(pamh, LOG_DEBUG, + "Key [%s] not found, falling back to default algorithm [%s]\n", + CRYPTO_KEY, DEFAULT_ALGORITHM); + } + } + + return config_value; +} + +static int +generate_key(pam_handle_t *pamh, char **key, size_t key_size) +{ + int fd = 0; + size_t bytes_read = 0; + char * tmp = NULL; + + fd = open("/dev/urandom", O_RDONLY); + if (fd == -1) { + pam_syslog(pamh, LOG_ERR, "Cannot open /dev/urandom: %m"); + return PAM_AUTH_ERR; + } + + tmp = malloc(key_size); + if (!tmp) { + pam_syslog(pamh, LOG_CRIT, "Not enough memory"); + close(fd); + return PAM_AUTH_ERR; + } + + bytes_read = pam_modutil_read(fd, tmp, key_size); + close(fd); + + if (bytes_read < key_size) { + pam_syslog(pamh, LOG_ERR, "Short read on random device"); + free(tmp); + return PAM_AUTH_ERR; + } + + *key = tmp; + + return PAM_SUCCESS; +} + +static int +read_file(pam_handle_t *pamh, int fd, char **text, size_t *text_length) +{ + struct stat st; + size_t bytes_read = 0; + char *tmp = NULL; + + if (fstat(fd, &st) == -1) { + pam_syslog(pamh, LOG_ERR, "Unable to stat file: %m"); + close(fd); + return PAM_AUTH_ERR; + } + + if (st.st_size == 0) { + pam_syslog(pamh, LOG_ERR, "Key file size cannot be 0"); + close(fd); + return PAM_AUTH_ERR; + } + + tmp = malloc(st.st_size); + if (!tmp) { + pam_syslog(pamh, LOG_CRIT, "Not enough memory"); + close(fd); + return PAM_AUTH_ERR; + } + + bytes_read = pam_modutil_read(fd, tmp, st.st_size); + close(fd); + + if (bytes_read < (size_t)st.st_size) { + pam_syslog(pamh, LOG_ERR, "Short read on key file"); + memset(tmp, 0, st.st_size); + free(tmp); + return PAM_AUTH_ERR; + } + + *text = tmp; + *text_length = st.st_size; + + return PAM_SUCCESS; +} + +static int +write_file(pam_handle_t *pamh, const char *file_name, char *text, + size_t text_length, uid_t owner, gid_t group) +{ + int fd = 0; + size_t bytes_written = 0; + + fd = open(file_name, + O_WRONLY | O_CREAT | O_TRUNC, + S_IRUSR | S_IWUSR); + if (fd == -1) { + pam_syslog(pamh, LOG_ERR, "Unable to open [%s]: %m", file_name); + memset(text, 0, text_length); + free(text); + return PAM_AUTH_ERR; + } + + if (fchown(fd, owner, group) == -1) { + pam_syslog(pamh, LOG_ERR, "Unable to change ownership [%s]: %m", file_name); + memset(text, 0, text_length); + free(text); + close(fd); + return PAM_AUTH_ERR; + } + + bytes_written = pam_modutil_write(fd, text, text_length); + close(fd); + + if (bytes_written < text_length) { + pam_syslog(pamh, LOG_ERR, "Short write on %s", file_name); + free(text); + return PAM_AUTH_ERR; + } + + return PAM_SUCCESS; +} + +static int +key_management(pam_handle_t *pamh, const char *file_name, char **text, + size_t text_length, uid_t owner, gid_t group) +{ + int fd = 0; + + fd = open(file_name, O_RDONLY | O_NOFOLLOW); + if (fd == -1) { + if (errno == ENOENT) { + if (generate_key(pamh, text, text_length)) { + pam_syslog(pamh, LOG_ERR, "Unable to generate key"); + return PAM_AUTH_ERR; + } + + if (write_file(pamh, file_name, *text, text_length, owner, group)) { + pam_syslog(pamh, LOG_ERR, "Unable to write key"); + return PAM_AUTH_ERR; + } + } else { + pam_syslog(pamh, LOG_ERR, "Unable to open %s: %m", file_name); + return PAM_AUTH_ERR; + } + } else { + if (read_file(pamh, fd, text, &text_length)) { + pam_syslog(pamh, LOG_ERR, "Error reading key file %s\n", file_name); + return PAM_AUTH_ERR; + } + } + + return PAM_SUCCESS; +} + +static int +hmac_management(pam_handle_t *pamh, int debug, void **out, size_t *out_length, + char *key, size_t key_length, + const void *text, size_t text_length) +{ + int ret = PAM_AUTH_ERR; + EVP_MAC *evp_mac = NULL; + EVP_MAC_CTX *ctx = NULL; + unsigned char *hmac_message = NULL; + size_t hmac_length; + char *algo = NULL; + OSSL_PARAM subalg_param[] = { OSSL_PARAM_END, OSSL_PARAM_END }; + + algo = get_crypto_algorithm(pamh, debug); + + subalg_param[0] = OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_DIGEST, + algo, + 0); + + evp_mac = EVP_MAC_fetch(NULL, "HMAC", NULL); + if (evp_mac == NULL) { + pam_syslog(pamh, LOG_ERR, "Unable to create hmac implementation"); + goto done; + } + + ctx = EVP_MAC_CTX_new(evp_mac); + if (ctx == NULL) { + pam_syslog(pamh, LOG_ERR, "Unable to create hmac context"); + goto done; + } + + ret = EVP_MAC_init(ctx, (const unsigned char *)key, key_length, subalg_param); + if (ret == 0) { + pam_syslog(pamh, LOG_ERR, "Unable to initialize hmac context"); + goto done; + } + + ret = EVP_MAC_update(ctx, (const unsigned char *)text, text_length); + if (ret == 0) { + pam_syslog(pamh, LOG_ERR, "Unable to update hmac context"); + goto done; + } + + hmac_message = (unsigned char*)malloc(sizeof(unsigned char) * MAX_HMAC_LENGTH); + if (!hmac_message) { + pam_syslog(pamh, LOG_CRIT, "Not enough memory"); + goto done; + } + + ret = EVP_MAC_final(ctx, hmac_message, &hmac_length, MAX_HMAC_LENGTH); + if (ret == 0) { + pam_syslog(pamh, LOG_ERR, "Unable to calculate hmac message"); + goto done; + } + + *out_length = hmac_length; + *out = malloc(*out_length); + if (*out == NULL) { + pam_syslog(pamh, LOG_CRIT, "Not enough memory"); + goto done; + } + + memcpy(*out, hmac_message, *out_length); + ret = PAM_SUCCESS; + +done: + if (hmac_message != NULL) { + free(hmac_message); + } + if (key != NULL) { + memset(key, 0, key_length); + free(key); + } + if (ctx != NULL) { + EVP_MAC_CTX_free(ctx); + } + if (evp_mac != NULL) { + EVP_MAC_free(evp_mac); + } + free(algo); + + return ret; +} + +int +hmac_size(pam_handle_t *pamh, int debug, size_t *hmac_length) +{ + int ret = PAM_AUTH_ERR; + EVP_MAC *evp_mac = NULL; + EVP_MAC_CTX *ctx = NULL; + const unsigned char key[] = "ThisIsJustAKey"; + size_t key_length = MAX_KEY_LENGTH; + char *algo = NULL; + OSSL_PARAM subalg_param[] = { OSSL_PARAM_END, OSSL_PARAM_END }; + + algo = get_crypto_algorithm(pamh, debug); + + subalg_param[0] = OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_DIGEST, + algo, + 0); + + evp_mac = EVP_MAC_fetch(NULL, "HMAC", NULL); + if (evp_mac == NULL) { + pam_syslog(pamh, LOG_ERR, "Unable to create hmac implementation"); + goto done; + } + + ctx = EVP_MAC_CTX_new(evp_mac); + if (ctx == NULL) { + pam_syslog(pamh, LOG_ERR, "Unable to create hmac context"); + goto done; + } + + ret = EVP_MAC_init(ctx, key, key_length, subalg_param); + if (ret == 0) { + pam_syslog(pamh, LOG_ERR, "Unable to initialize hmac context"); + goto done; + } + + *hmac_length = EVP_MAC_CTX_get_mac_size(ctx); + ret = PAM_SUCCESS; + +done: + if (ctx != NULL) { + EVP_MAC_CTX_free(ctx); + } + if (evp_mac != NULL) { + EVP_MAC_free(evp_mac); + } + free(algo); + + return ret; +} + +int +hmac_generate(pam_handle_t *pamh, int debug, void **mac, size_t *mac_length, + const char *key_file, uid_t owner, gid_t group, + const void *text, size_t text_length) +{ + char *key = NULL; + size_t key_length = MAX_KEY_LENGTH; + + if (key_management(pamh, key_file, &key, key_length, owner, group)) { + return PAM_AUTH_ERR; + } + + if (hmac_management(pamh, debug, mac, mac_length, key, key_length, + text, text_length)) { + return PAM_AUTH_ERR; + } + + return PAM_SUCCESS; +} + +#endif /* WITH_OPENSSL */ diff --git a/modules/pam_timestamp/hmac_openssl_wrapper.h b/modules/pam_timestamp/hmac_openssl_wrapper.h new file mode 100644 index 00000000..cc27c811 --- /dev/null +++ b/modules/pam_timestamp/hmac_openssl_wrapper.h @@ -0,0 +1,57 @@ +/* Wrapper for hmac openssl implementation. + * + * Copyright (c) 2021 Red Hat, Inc. + * Written by Iker Pedrosa <ipedrosa@redhat.com> + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, and the entire permission notice in its entirety, + * including the disclaimer of warranties. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior + * written permission. + * + * ALTERNATIVELY, this product may be distributed under the terms of + * the GNU Public License, in which case the provisions of the GPL are + * required INSTEAD OF the above restrictions. (This clause is + * necessary due to a potential bad interaction between the GPL and + * the restrictions contained in a BSD-style copyright.) + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED + * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ +#ifndef PAM_TIMESTAMP_HMAC_OPENSSL_WRAPPER_H +#define PAM_TIMESTAMP_HMAC_OPENSSL_WRAPPER_H + +#include "config.h" + +#ifdef WITH_OPENSSL + +#include <openssl/hmac.h> +#include <security/pam_modules.h> + +int +hmac_size(pam_handle_t *pamh, int debug, size_t *hmac_length); + +int +hmac_generate(pam_handle_t *pamh, int debug, void **mac, size_t *mac_length, + const char *key_file, uid_t owner, gid_t group, + const void *text, size_t text_length); + +#endif /* WITH_OPENSSL */ +#endif /* PAM_TIMESTAMP_HMAC_OPENSSL_WRAPPER_H */ diff --git a/modules/pam_timestamp/pam_timestamp.8 b/modules/pam_timestamp/pam_timestamp.8 index 59ddcd65..cd8195dc 100644 --- a/modules/pam_timestamp/pam_timestamp.8 +++ b/modules/pam_timestamp/pam_timestamp.8 @@ -2,12 +2,12 @@ .\" Title: pam_timestamp .\" Author: [see the "AUTHOR" section] .\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/> -.\" Date: 06/08/2020 +.\" Date: 09/03/2021 .\" Manual: Linux-PAM Manual .\" Source: Linux-PAM Manual .\" Language: English .\" -.TH "PAM_TIMESTAMP" "8" "06/08/2020" "Linux-PAM Manual" "Linux\-PAM Manual" +.TH "PAM_TIMESTAMP" "8" "09/03/2021" "Linux-PAM Manual" "Linux\-PAM Manual" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- @@ -45,6 +45,11 @@ When an application opens a session using directory for the user\&. When an application attempts to authenticate the user, a \fIpam_timestamp\fR will treat a sufficiently recent timestamp file as grounds for succeeding\&. +.PP +The default encryption hash is taken from the +\fBHMAC_CRYPTO_ALGO\fR +variable from +\fI/etc/login\&.defs\fR\&. .SH "OPTIONS" .PP \fBtimestampdir=\fR\fB\fIdirectory\fR\fR diff --git a/modules/pam_timestamp/pam_timestamp.8.xml b/modules/pam_timestamp/pam_timestamp.8.xml index e19a0bcf..83e5aea8 100644 --- a/modules/pam_timestamp/pam_timestamp.8.xml +++ b/modules/pam_timestamp/pam_timestamp.8.xml @@ -50,6 +50,11 @@ for the user. When an application attempts to authenticate the user, a <emphasis>pam_timestamp</emphasis> will treat a sufficiently recent timestamp file as grounds for succeeding. </para> + <para condition="openssl_hmac"> + The default encryption hash is taken from the + <emphasis remap='B'>HMAC_CRYPTO_ALGO</emphasis> variable from + <emphasis>/etc/login.defs</emphasis>. + </para> </refsect1> <refsect1 id="pam_timestamp-options"> diff --git a/modules/pam_timestamp/pam_timestamp.c b/modules/pam_timestamp/pam_timestamp.c index 30be883c..01dd1385 100644 --- a/modules/pam_timestamp/pam_timestamp.c +++ b/modules/pam_timestamp/pam_timestamp.c @@ -56,7 +56,11 @@ #include <utmp.h> #include <syslog.h> #include <paths.h> +#ifdef WITH_OPENSSL +#include "hmac_openssl_wrapper.h" +#else #include "hmacsha1.h" +#endif /* WITH_OPENSSL */ #include <security/pam_modules.h> #include <security/_pam_macros.h> @@ -79,6 +83,9 @@ #define BUFLEN PATH_MAX #endif +#define ROOT_USER 0 +#define ROOT_GROUP 0 + /* Return PAM_SUCCESS if the given directory looks "safe". */ static int check_dir_perms(pam_handle_t *pamh, const char *tdir) @@ -449,6 +456,13 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **argv) return PAM_AUTH_ERR; } +#ifdef WITH_OPENSSL + if (hmac_size(pamh, debug, &maclen)) { + return PAM_AUTH_ERR; + } +#else + maclen = hmac_sha1_size(); +#endif /* WITH_OPENSSL */ /* Check that the file is the expected size. */ if (st.st_size == 0) { /* Invalid, but may have been created by sudo. */ @@ -456,7 +470,7 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **argv) return PAM_AUTH_ERR; } if (st.st_size != - (off_t)(strlen(path) + 1 + sizeof(then) + hmac_sha1_size())) { + (off_t)(strlen(path) + 1 + sizeof(then) + maclen)) { pam_syslog(pamh, LOG_NOTICE, "timestamp file `%s' " "appears to be corrupted", path); close(fd); @@ -487,8 +501,17 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **argv) message_end = message + strlen(path) + 1 + sizeof(then); /* Regenerate the MAC. */ - hmac_sha1_generate_file(pamh, &mac, &maclen, TIMESTAMPKEY, 0, 0, - message, message_end - message); +#ifdef WITH_OPENSSL + if (hmac_generate(pamh, debug, &mac, &maclen, TIMESTAMPKEY, + ROOT_USER, ROOT_GROUP, message, message_end - message)) { + close(fd); + free(message); + return PAM_AUTH_ERR; + } +#else + hmac_sha1_generate_file(pamh, &mac, &maclen, TIMESTAMPKEY, + ROOT_USER, ROOT_GROUP, message, message_end - message); +#endif /* WITH_OPENSSL */ if ((mac == NULL) || (memcmp(path, message, strlen(path)) != 0) || (memcmp(mac, message_end, maclen) != 0)) { @@ -605,8 +628,16 @@ pam_sm_open_session(pam_handle_t *pamh, int flags UNUSED, int argc, const char * } } +#ifdef WITH_OPENSSL + if (hmac_size(pamh, debug, &maclen)) { + return PAM_SESSION_ERR; + } +#else + maclen = hmac_sha1_size(); +#endif /* WITH_OPENSSL */ + /* Generate the message. */ - text = malloc(strlen(path) + 1 + sizeof(now) + hmac_sha1_size()); + text = malloc(strlen(path) + 1 + sizeof(now) + maclen); if (text == NULL) { pam_syslog(pamh, LOG_CRIT, "unable to allocate memory: %m"); return PAM_SESSION_ERR; @@ -621,15 +652,21 @@ pam_sm_open_session(pam_handle_t *pamh, int flags UNUSED, int argc, const char * p += sizeof(now); /* Generate the MAC and append it to the plaintext. */ - hmac_sha1_generate_file(pamh, &mac, &maclen, - TIMESTAMPKEY, - 0, 0, - text, p - text); +#ifdef WITH_OPENSSL + if (hmac_generate(pamh, debug, &mac, &maclen, TIMESTAMPKEY, + ROOT_USER, ROOT_GROUP, text, p - text)) { + free(text); + return PAM_SESSION_ERR; + } +#else + hmac_sha1_generate_file(pamh, &mac, &maclen, TIMESTAMPKEY, + ROOT_USER, ROOT_GROUP, text, p - text); if (mac == NULL) { pam_syslog(pamh, LOG_ERR, "failure generating MAC: %m"); free(text); return PAM_SESSION_ERR; } +#endif /* WITH_OPENSSL */ memmove(p, mac, maclen); p += maclen; free(mac); diff --git a/modules/pam_timestamp/pam_timestamp_check.8 b/modules/pam_timestamp/pam_timestamp_check.8 index 50fb1a30..a0373757 100644 --- a/modules/pam_timestamp/pam_timestamp_check.8 +++ b/modules/pam_timestamp/pam_timestamp_check.8 @@ -2,12 +2,12 @@ .\" Title: pam_timestamp_check .\" Author: [see the "AUTHOR" section] .\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/> -.\" Date: 06/08/2020 +.\" Date: 09/03/2021 .\" Manual: Linux-PAM Manual .\" Source: Linux-PAM Manual .\" Language: English .\" -.TH "PAM_TIMESTAMP_CHECK" "8" "06/08/2020" "Linux-PAM Manual" "Linux\-PAM Manual" +.TH "PAM_TIMESTAMP_CHECK" "8" "09/03/2021" "Linux-PAM Manual" "Linux\-PAM Manual" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- @@ -130,4 +130,4 @@ timestamp files and directories \fBpam\fR(8) .SH "AUTHOR" .PP -pam_tally was written by Nalin Dahyabhai\&. +pam_timestamp was written by Nalin Dahyabhai\&. diff --git a/modules/pam_timestamp/pam_timestamp_check.8.xml b/modules/pam_timestamp/pam_timestamp_check.8.xml index 8ca5a755..3a65d7ef 100644 --- a/modules/pam_timestamp/pam_timestamp_check.8.xml +++ b/modules/pam_timestamp/pam_timestamp_check.8.xml @@ -200,7 +200,7 @@ session optional pam_timestamp.so <refsect1 id='pam_timestamp-author'> <title>AUTHOR</title> <para> - pam_tally was written by Nalin Dahyabhai. + pam_timestamp was written by Nalin Dahyabhai. </para> </refsect1> diff --git a/modules/pam_timestamp/sha1.c b/modules/pam_timestamp/sha1.c index af3ccb97..d713aed1 100644 --- a/modules/pam_timestamp/sha1.c +++ b/modules/pam_timestamp/sha1.c @@ -156,8 +156,8 @@ sha1_update(struct sha1_context *ctx, const unsigned char *data, size_t length) while (l + ctx->pending_count >= SHA1_BLOCK_SIZE) { c = ctx->pending_count; t = SHA1_BLOCK_SIZE - c; - memcpy(ctx->pending + c, &data[i], t); - sha1_process(ctx, (uint32_t*) ctx->pending); + memcpy(ctx->pending.c + c, &data[i], t); + sha1_process(ctx, ctx->pending.i); i += t; l -= t; ctx->pending_count = 0; @@ -165,7 +165,7 @@ sha1_update(struct sha1_context *ctx, const unsigned char *data, size_t length) /* Save what's left of the data block as a pending data block. */ c = ctx->pending_count; - memcpy(ctx->pending + c, &data[i], l); + memcpy(ctx->pending.c + c, &data[i], l); ctx->pending_count += l; /* Update the message length. */ @@ -193,18 +193,17 @@ sha1_output(struct sha1_context *ctx, unsigned char *out) /* Pad this block. */ c = ctx2.pending_count; - memcpy(ctx2.pending + c, + memcpy(ctx2.pending.c + c, padding, SHA1_BLOCK_SIZE - c); /* Do we need to process two blocks now? */ if (c >= (SHA1_BLOCK_SIZE - (sizeof(uint32_t) * 2))) { /* Process this block. */ - sha1_process(&ctx2, - (uint32_t*) ctx2.pending); + sha1_process(&ctx2, ctx2.pending.i); /* Set up another block. */ ctx2.pending_count = 0; - memset(ctx2.pending, 0, SHA1_BLOCK_SIZE); - ctx2.pending[0] = + memset(ctx2.pending.c, 0, SHA1_BLOCK_SIZE); + ctx2.pending.c[0] = (c == SHA1_BLOCK_SIZE) ? 0x80 : 0; } @@ -217,11 +216,11 @@ sha1_output(struct sha1_context *ctx, unsigned char *out) ctx2.counts[0] <<= 3; ctx2.counts[0] = htonl(ctx2.counts[0]); ctx2.counts[1] = htonl(ctx2.counts[1]); - memcpy(ctx2.pending + 56, + memcpy(ctx2.pending.c + 56, &ctx2.counts[1], sizeof(uint32_t)); - memcpy(ctx2.pending + 60, + memcpy(ctx2.pending.c + 60, &ctx2.counts[0], sizeof(uint32_t)); - sha1_process(&ctx2, (uint32_t*) ctx2.pending); + sha1_process(&ctx2, ctx2.pending.i); /* Output the data. */ out[ 3] = (ctx2.a >> 0) & 0xff; diff --git a/modules/pam_timestamp/sha1.h b/modules/pam_timestamp/sha1.h index a1c38917..69f432e6 100644 --- a/modules/pam_timestamp/sha1.h +++ b/modules/pam_timestamp/sha1.h @@ -46,7 +46,10 @@ struct sha1_context { size_t count; - unsigned char pending[SHA1_BLOCK_SIZE] PAM_ATTRIBUTE_ALIGNED(4); + union { + unsigned char c[SHA1_BLOCK_SIZE]; + uint32_t i[SHA1_BLOCK_SIZE / sizeof(uint32_t)]; + } pending; uint32_t counts[2]; size_t pending_count; uint32_t a, b, c, d, e; |