From owner-freebsd-bugs Fri Dec 6 6:40: 7 2002 Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C3D3237B406 for ; Fri, 6 Dec 2002 06:40:02 -0800 (PST) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 00BD943EB2 for ; Fri, 6 Dec 2002 06:40:01 -0800 (PST) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.12.6/8.12.6) with ESMTP id gB6Ee1x3070497 for ; Fri, 6 Dec 2002 06:40:01 -0800 (PST) (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.12.6/8.12.6/Submit) id gB6Ee13L070496; Fri, 6 Dec 2002 06:40:01 -0800 (PST) Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DAD8837B401 for ; Fri, 6 Dec 2002 06:36:38 -0800 (PST) Received: from straylight.ringlet.net (office.sbnd.net [217.75.140.130]) by mx1.FreeBSD.org (Postfix) with SMTP id 8DAA243E4A for ; Fri, 6 Dec 2002 06:36:34 -0800 (PST) (envelope-from roam@ringlet.net) Received: (qmail 10950 invoked by uid 1000); 6 Dec 2002 14:36:03 -0000 Message-Id: <20021206143603.10949.qmail@straylight.ringlet.net> Date: 6 Dec 2002 14:36:03 -0000 From: Peter Pentchev Reply-To: Peter Pentchev To: FreeBSD-gnats-submit@FreeBSD.org X-Send-Pr-Version: 3.113 Subject: bin/46025: [PATCH] OPIE and S/Key PAM prompt echoing fixes Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org >Number: 46025 >Category: bin >Synopsis: [PATCH] OPIE and S/Key PAM prompt echoing fixes >Confidential: no >Severity: serious >Priority: high >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Fri Dec 06 06:40:01 PST 2002 >Closed-Date: >Last-Modified: >Originator: Peter Pentchev >Release: FreeBSD 4.7-STABLE i386 >Organization: SBND Technologies Ltd. >Environment: System: FreeBSD straylight.oblivion.bg 4.7-STABLE FreeBSD 4.7-STABLE #6: Fri Dec 6 11:53:43 EET 2002 roam@straylight.oblivion.bg:/usr/obj/usr/src/sys/RINGWORLD i386 >Description: The S/Key and OPIE PAM modules allow the user to see the pass phrase's characters as they are entered. This is done by turning on a PAM conversation option that controls echoing of the entered passwords; however, both modules neglect to turn it off afterwards, so if there are additional authentication modules used if the S/Key or OPIE login should fail, the passwords for those modules are echoed as they are entered. This may be highly undesirable in certain situations :) This has been tested using the Linux-PAM implementation in -STABLE; unfortunately, I cannot test it on a -CURRENT system with OpenPAM right now, but if this problem exists there too, then IMHO it is something that should be fixed before 5.0 rolls out the door. This is the reason I have marked this PR as serious/high. >How-To-Repeat: Configure OPIE or S/Key authentication on a 4.7-STABLE box. Try to log in. Press 'Enter' on the first OPIE or S/Key password prompt, so that the 'Password: [echo on]' prompt is displayed. Press 'Enter' or enter an invalid password at the 'echo on' prompt. Wait for the normal pam_unix or krb5 or whatever 'Password' prompt to appear, then watch in horrified fascination as your password is echoed straight back at you as you type it in. >Fix: Note that the fix below only works if the PAM conversation mechanism used actually honors the 'echo on' flag, or rather, handles the 'off-on-off' series of transitions properly; there is a separate problem with using the security/sudo port, which I will submit as a separate PR. Even with the above fixes, sudo will echo back the password for later auth modules unless the patch to come in the next PR is applied to the port. Index: src/contrib/libpam/libpam_misc/misc_conv.c =================================================================== RCS file: /home/ncvs/src/contrib/libpam/libpam_misc/Attic/misc_conv.c,v retrieving revision 1.1.1.1.6.2 diff -u -r1.1.1.1.6.2 misc_conv.c --- src/contrib/libpam/libpam_misc/misc_conv.c 11 Jun 2001 15:28:15 -0000 1.1.1.1.6.2 +++ src/contrib/libpam/libpam_misc/misc_conv.c 6 Dec 2002 14:21:03 -0000 @@ -181,7 +181,9 @@ return NULL; } memcpy(&term_tmp, &term_before, sizeof(term_tmp)); - if (!echo) { + if (echo) { + term_tmp.c_lflag |= ECHO; + } else { term_tmp.c_lflag &= ~(ECHO); } have_term = 1; Index: src/lib/libpam/modules/pam_opie/pam_opie.c =================================================================== RCS file: /home/ncvs/src/lib/libpam/modules/pam_opie/pam_opie.c,v retrieving revision 1.1.2.1 diff -u -r1.1.2.1 pam_opie.c --- src/lib/libpam/modules/pam_opie/pam_opie.c 3 Jul 2002 21:41:30 -0000 1.1.2.1 +++ src/lib/libpam/modules/pam_opie/pam_opie.c 6 Dec 2002 14:19:44 -0000 @@ -69,7 +69,7 @@ struct opie opie; struct options options; struct passwd *pwd; - int retval, i; + int retval, i, echo; const char *(promptstr[]) = { "%s\nPassword: ", "%s\nPassword [echo on]: "}; char challenge[OPIE_CHALLENGE_MAX]; char prompt[OPIE_CHALLENGE_MAX+22]; @@ -118,10 +118,14 @@ */ pam_set_item(pamh, PAM_AUTHTOK, NULL); + echo = pam_test_option(&options, PAM_OPT_ECHO_PASS, NULL); + for (i = 0; i < 2; i++) { snprintf(prompt, sizeof prompt, promptstr[i], challenge); retval = pam_get_pass(pamh, &response, prompt, &options); if (retval != PAM_SUCCESS) { + if (!echo) + pam_clear_option(&options, PAM_OPT_ECHO_PASS); opieunlock(); return (retval); } @@ -134,6 +138,9 @@ /* Second time round, echo the password */ pam_set_option(&options, PAM_OPT_ECHO_PASS); } + + if (!echo) + pam_clear_option(&options, PAM_OPT_ECHO_PASS); /* We have to copy the response, because opieverify mucks with it. */ strlcpy(resp, response, sizeof (resp)); Index: src/lib/libpam/modules/pam_skey/pam_skey.c =================================================================== RCS file: /home/ncvs/src/lib/libpam/modules/pam_skey/Attic/pam_skey.c,v retrieving revision 1.2.6.1 diff -u -r1.2.6.1 pam_skey.c --- src/lib/libpam/modules/pam_skey/pam_skey.c 3 Jul 2002 21:41:30 -0000 1.2.6.1 +++ src/lib/libpam/modules/pam_skey/pam_skey.c 6 Dec 2002 14:18:58 -0000 @@ -83,8 +83,9 @@ pam_set_option(&options, PAM_OPT_ECHO_PASS); snprintf(prompt, sizeof prompt, "%s\nPassword [echo on]: ", challenge); - if ((retval = pam_get_pass(pamh, &response, prompt, - &options)) != PAM_SUCCESS) + retval = pam_get_pass(pamh, &response, prompt, &options); + pam_clear_option(&options, PAM_OPT_ECHO_PASS); + if (retval != PAM_SUCCESS) return retval; } /* >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message