Browse code
In auth-pam plugin clear the password after use
v2: Change the plugin open to use v3 API so that secure_memzero()
exported from OpenVPN can be used.
v3: Relaxe API compatibility check: struct version 4 or higher
will have secure_memzero exported.
Note: context is cast as (openvpn_plugin_handle_t *) for consistency
with the current plugin header. If/when the header is fixed, change
this cast as well.
Signed-off-by: Selva Nair <selva.nair@gmail.com>
Acked-by: David Sommerseth <davids@openvpn.net>
Message-Id: <1494359069-13824-1-git-send-email-selva.nair@gmail.com>
URL: http://www.mail-archive.com/search?l=mid&q=1494359069-13824-1-git-send-email-selva.nair@gmail.com
Signed-off-by: David Sommerseth <davids@openvpn.net>
Selva Nair authored on 2017/05/10 04:44:29Showing 2 changed files
| ... | ... |
@@ -63,6 +63,9 @@ |
| 63 | 63 |
#define RESPONSE_VERIFY_SUCCEEDED 12 |
| 64 | 64 |
#define RESPONSE_VERIFY_FAILED 13 |
| 65 | 65 |
|
| 66 |
+/* Pointers to functions exported from openvpn */ |
|
| 67 |
+static plugin_secure_memzero_t plugin_secure_memzero = NULL; |
|
| 68 |
+ |
|
| 66 | 69 |
/* |
| 67 | 70 |
* Plugin state, used by foreground |
| 68 | 71 |
*/ |
| ... | ... |
@@ -274,8 +277,10 @@ name_value_match(const char *query, const char *match) |
| 274 | 274 |
return strncasecmp(match, query, strlen(match)) == 0; |
| 275 | 275 |
} |
| 276 | 276 |
|
| 277 |
-OPENVPN_EXPORT openvpn_plugin_handle_t |
|
| 278 |
-openvpn_plugin_open_v1(unsigned int *type_mask, const char *argv[], const char *envp[]) |
|
| 277 |
+OPENVPN_EXPORT int |
|
| 278 |
+openvpn_plugin_open_v3(const int v3structver, |
|
| 279 |
+ struct openvpn_plugin_args_open_in const *args, |
|
| 280 |
+ struct openvpn_plugin_args_open_return *ret) |
|
| 279 | 281 |
{
|
| 280 | 282 |
pid_t pid; |
| 281 | 283 |
int fd[2]; |
| ... | ... |
@@ -285,6 +290,16 @@ openvpn_plugin_open_v1(unsigned int *type_mask, const char *argv[], const char * |
| 285 | 285 |
|
| 286 | 286 |
const int base_parms = 2; |
| 287 | 287 |
|
| 288 |
+ const char **argv = args->argv; |
|
| 289 |
+ const char **envp = args->envp; |
|
| 290 |
+ |
|
| 291 |
+ /* Check API compatibility -- struct version 4 or higher needed */ |
|
| 292 |
+ if (v3structver < 4) |
|
| 293 |
+ {
|
|
| 294 |
+ fprintf(stderr, "AUTH-PAM: This plugin is incompatible with the running version of OpenVPN\n"); |
|
| 295 |
+ return OPENVPN_PLUGIN_FUNC_ERROR; |
|
| 296 |
+ } |
|
| 297 |
+ |
|
| 288 | 298 |
/* |
| 289 | 299 |
* Allocate our context |
| 290 | 300 |
*/ |
| ... | ... |
@@ -298,7 +313,10 @@ openvpn_plugin_open_v1(unsigned int *type_mask, const char *argv[], const char * |
| 298 | 298 |
/* |
| 299 | 299 |
* Intercept the --auth-user-pass-verify callback. |
| 300 | 300 |
*/ |
| 301 |
- *type_mask = OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY); |
|
| 301 |
+ ret->type_mask = OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY); |
|
| 302 |
+ |
|
| 303 |
+ /* Save global pointers to functions exported from openvpn */ |
|
| 304 |
+ plugin_secure_memzero = args->callbacks->plugin_secure_memzero; |
|
| 302 | 305 |
|
| 303 | 306 |
/* |
| 304 | 307 |
* Make sure we have two string arguments: the first is the .so name, |
| ... | ... |
@@ -386,7 +404,8 @@ openvpn_plugin_open_v1(unsigned int *type_mask, const char *argv[], const char * |
| 386 | 386 |
if (status == RESPONSE_INIT_SUCCEEDED) |
| 387 | 387 |
{
|
| 388 | 388 |
context->foreground_fd = fd[0]; |
| 389 |
- return (openvpn_plugin_handle_t) context; |
|
| 389 |
+ ret->handle = (openvpn_plugin_handle_t *) context; |
|
| 390 |
+ return OPENVPN_PLUGIN_FUNC_SUCCESS; |
|
| 390 | 391 |
} |
| 391 | 392 |
} |
| 392 | 393 |
else |
| ... | ... |
@@ -420,7 +439,7 @@ error: |
| 420 | 420 |
{
|
| 421 | 421 |
free(context); |
| 422 | 422 |
} |
| 423 |
- return NULL; |
|
| 423 |
+ return OPENVPN_PLUGIN_FUNC_ERROR; |
|
| 424 | 424 |
} |
| 425 | 425 |
|
| 426 | 426 |
OPENVPN_EXPORT int |
| ... | ... |
@@ -785,6 +804,7 @@ pam_server(int fd, const char *service, int verb, const struct name_value_list * |
| 785 | 785 |
goto done; |
| 786 | 786 |
} |
| 787 | 787 |
} |
| 788 |
+ plugin_secure_memzero(up.password, sizeof(up.password)); |
|
| 788 | 789 |
break; |
| 789 | 790 |
|
| 790 | 791 |
case COMMAND_EXIT: |
| ... | ... |
@@ -802,6 +822,7 @@ pam_server(int fd, const char *service, int verb, const struct name_value_list * |
| 802 | 802 |
} |
| 803 | 803 |
done: |
| 804 | 804 |
|
| 805 |
+ plugin_secure_memzero(up.password, sizeof(up.password)); |
|
| 805 | 806 |
#ifdef USE_PAM_DLOPEN |
| 806 | 807 |
dlclose_pam(); |
| 807 | 808 |
#endif |