Bug Summary

File:pam_oath/pam_oath.c
Location:line 328, column 7
Description:Branch condition evaluates to a garbage value

Annotated Source Code

1/*
2 * pam_oath.c - a PAM module for OATH one-time passwords
3 * Copyright (C) 2009-2016 Simon Josefsson
4 *
5 * This program is free software: you can redistribute it and/or
6 * modify it under the terms of the GNU General Public License as
7 * published by the Free Software Foundation, either version 3 of the
8 * License, or (at your option) any later version.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 * General Public License for more details.
14 *
15 * You should have received a copy of the GNU General Public License
16 * along with this program. If not, see
17 * <http://www.gnu.org/licenses/>.
18 *
19 */
20
21#include <config.h>
22
23#include "oath.h"
24
25#include <stdio.h>
26#include <stdlib.h>
27#include <stdarg.h>
28#include <ctype.h>
29
30/* Libtool defines PIC for shared objects */
31#ifndef PIC1
32#define PAM_STATIC
33#endif
34
35/* These #defines must be present according to PAM documentation. */
36#define PAM_SM_AUTH
37#define PAM_SM_ACCOUNT
38#define PAM_SM_SESSION
39#define PAM_SM_PASSWORD
40
41#ifdef HAVE_SECURITY_PAM_APPL_H1
42#include <security/pam_appl.h>
43#endif
44#ifdef HAVE_SECURITY_PAM_MODULES_H1
45#include <security/pam_modules.h>
46#endif
47
48#define D(x)do { printf ("[%s:%s(%d)] ", "pam_oath.c", __FUNCTION__, 48);
printf x; printf ("\n"); } while (0)
do { \
49 printf ("[%s:%s(%d)] ", __FILE__"pam_oath.c", __FUNCTION__, __LINE__49); \
50 printf x; \
51 printf ("\n"); \
52 } while (0)
53#define DBG(x)if (cfg.debug) { do { printf ("[%s:%s(%d)] ", "pam_oath.c", __FUNCTION__
, 53); printf x; printf ("\n"); } while (0); }
if (cfg.debug) { D(x)do { printf ("[%s:%s(%d)] ", "pam_oath.c", __FUNCTION__, 53);
printf x; printf ("\n"); } while (0)
; }
54
55#ifndef PAM_EXTERNextern
56#ifdef PAM_STATIC
57#define PAM_EXTERNextern static
58#else
59#define PAM_EXTERNextern extern
60#endif
61#endif
62
63#define MIN_OTP_LEN6 6
64#define MAX_OTP_LEN8 8
65
66struct cfg
67{
68 int debug;
69 int alwaysok;
70 int try_first_pass;
71 int use_first_pass;
72 char *usersfile;
73 unsigned digits;
74 unsigned window;
75};
76
77static void
78parse_cfg (int flags, int argc, const char **argv, struct cfg *cfg)
79{
80 int i;
81
82 cfg->debug = 0;
83 cfg->alwaysok = 0;
84 cfg->try_first_pass = 0;
85 cfg->use_first_pass = 0;
86 cfg->usersfile = NULL((void*)0);
87 cfg->digits = -1;
88 cfg->window = 5;
89
90 for (i = 0; i < argc; i++)
91 {
92 if (strcmp (argv[i], "debug")__extension__ ({ size_t __s1_len, __s2_len; (__builtin_constant_p
(argv[i]) && __builtin_constant_p ("debug") &&
(__s1_len = __builtin_strlen (argv[i]), __s2_len = __builtin_strlen
("debug"), (!((size_t)(const void *)((argv[i]) + 1) - (size_t
)(const void *)(argv[i]) == 1) || __s1_len >= 4) &&
(!((size_t)(const void *)(("debug") + 1) - (size_t)(const void
*)("debug") == 1) || __s2_len >= 4)) ? __builtin_strcmp (
argv[i], "debug") : (__builtin_constant_p (argv[i]) &&
((size_t)(const void *)((argv[i]) + 1) - (size_t)(const void
*)(argv[i]) == 1) && (__s1_len = __builtin_strlen (argv
[i]), __s1_len < 4) ? (__builtin_constant_p ("debug") &&
((size_t)(const void *)(("debug") + 1) - (size_t)(const void
*)("debug") == 1) ? __builtin_strcmp (argv[i], "debug") : (__extension__
({ const unsigned char *__s2 = (const unsigned char *) (const
char *) ("debug"); int __result = (((const unsigned char *) (
const char *) (argv[i]))[0] - __s2[0]); if (__s1_len > 0 &&
__result == 0) { __result = (((const unsigned char *) (const
char *) (argv[i]))[1] - __s2[1]); if (__s1_len > 1 &&
__result == 0) { __result = (((const unsigned char *) (const
char *) (argv[i]))[2] - __s2[2]); if (__s1_len > 2 &&
__result == 0) __result = (((const unsigned char *) (const char
*) (argv[i]))[3] - __s2[3]); } } __result; }))) : (__builtin_constant_p
("debug") && ((size_t)(const void *)(("debug") + 1) -
(size_t)(const void *)("debug") == 1) && (__s2_len =
__builtin_strlen ("debug"), __s2_len < 4) ? (__builtin_constant_p
(argv[i]) && ((size_t)(const void *)((argv[i]) + 1) -
(size_t)(const void *)(argv[i]) == 1) ? __builtin_strcmp (argv
[i], "debug") : (- (__extension__ ({ const unsigned char *__s2
= (const unsigned char *) (const char *) (argv[i]); int __result
= (((const unsigned char *) (const char *) ("debug"))[0] - __s2
[0]); if (__s2_len > 0 && __result == 0) { __result
= (((const unsigned char *) (const char *) ("debug"))[1] - __s2
[1]); if (__s2_len > 1 && __result == 0) { __result
= (((const unsigned char *) (const char *) ("debug"))[2] - __s2
[2]); if (__s2_len > 2 && __result == 0) __result =
(((const unsigned char *) (const char *) ("debug"))[3] - __s2
[3]); } } __result; })))) : __builtin_strcmp (argv[i], "debug"
)))); })
== 0)
93 cfg->debug = 1;
94 if (strcmp (argv[i], "alwaysok")__extension__ ({ size_t __s1_len, __s2_len; (__builtin_constant_p
(argv[i]) && __builtin_constant_p ("alwaysok") &&
(__s1_len = __builtin_strlen (argv[i]), __s2_len = __builtin_strlen
("alwaysok"), (!((size_t)(const void *)((argv[i]) + 1) - (size_t
)(const void *)(argv[i]) == 1) || __s1_len >= 4) &&
(!((size_t)(const void *)(("alwaysok") + 1) - (size_t)(const
void *)("alwaysok") == 1) || __s2_len >= 4)) ? __builtin_strcmp
(argv[i], "alwaysok") : (__builtin_constant_p (argv[i]) &&
((size_t)(const void *)((argv[i]) + 1) - (size_t)(const void
*)(argv[i]) == 1) && (__s1_len = __builtin_strlen (argv
[i]), __s1_len < 4) ? (__builtin_constant_p ("alwaysok") &&
((size_t)(const void *)(("alwaysok") + 1) - (size_t)(const void
*)("alwaysok") == 1) ? __builtin_strcmp (argv[i], "alwaysok"
) : (__extension__ ({ const unsigned char *__s2 = (const unsigned
char *) (const char *) ("alwaysok"); int __result = (((const
unsigned char *) (const char *) (argv[i]))[0] - __s2[0]); if
(__s1_len > 0 && __result == 0) { __result = (((const
unsigned char *) (const char *) (argv[i]))[1] - __s2[1]); if
(__s1_len > 1 && __result == 0) { __result = (((const
unsigned char *) (const char *) (argv[i]))[2] - __s2[2]); if
(__s1_len > 2 && __result == 0) __result = (((const
unsigned char *) (const char *) (argv[i]))[3] - __s2[3]); } }
__result; }))) : (__builtin_constant_p ("alwaysok") &&
((size_t)(const void *)(("alwaysok") + 1) - (size_t)(const void
*)("alwaysok") == 1) && (__s2_len = __builtin_strlen
("alwaysok"), __s2_len < 4) ? (__builtin_constant_p (argv
[i]) && ((size_t)(const void *)((argv[i]) + 1) - (size_t
)(const void *)(argv[i]) == 1) ? __builtin_strcmp (argv[i], "alwaysok"
) : (- (__extension__ ({ const unsigned char *__s2 = (const unsigned
char *) (const char *) (argv[i]); int __result = (((const unsigned
char *) (const char *) ("alwaysok"))[0] - __s2[0]); if (__s2_len
> 0 && __result == 0) { __result = (((const unsigned
char *) (const char *) ("alwaysok"))[1] - __s2[1]); if (__s2_len
> 1 && __result == 0) { __result = (((const unsigned
char *) (const char *) ("alwaysok"))[2] - __s2[2]); if (__s2_len
> 2 && __result == 0) __result = (((const unsigned
char *) (const char *) ("alwaysok"))[3] - __s2[3]); } } __result
; })))) : __builtin_strcmp (argv[i], "alwaysok")))); })
== 0)
95 cfg->alwaysok = 1;
96 if (strcmp (argv[i], "try_first_pass")__extension__ ({ size_t __s1_len, __s2_len; (__builtin_constant_p
(argv[i]) && __builtin_constant_p ("try_first_pass")
&& (__s1_len = __builtin_strlen (argv[i]), __s2_len =
__builtin_strlen ("try_first_pass"), (!((size_t)(const void *
)((argv[i]) + 1) - (size_t)(const void *)(argv[i]) == 1) || __s1_len
>= 4) && (!((size_t)(const void *)(("try_first_pass"
) + 1) - (size_t)(const void *)("try_first_pass") == 1) || __s2_len
>= 4)) ? __builtin_strcmp (argv[i], "try_first_pass") : (
__builtin_constant_p (argv[i]) && ((size_t)(const void
*)((argv[i]) + 1) - (size_t)(const void *)(argv[i]) == 1) &&
(__s1_len = __builtin_strlen (argv[i]), __s1_len < 4) ? (
__builtin_constant_p ("try_first_pass") && ((size_t)(
const void *)(("try_first_pass") + 1) - (size_t)(const void *
)("try_first_pass") == 1) ? __builtin_strcmp (argv[i], "try_first_pass"
) : (__extension__ ({ const unsigned char *__s2 = (const unsigned
char *) (const char *) ("try_first_pass"); int __result = ((
(const unsigned char *) (const char *) (argv[i]))[0] - __s2[0
]); if (__s1_len > 0 && __result == 0) { __result =
(((const unsigned char *) (const char *) (argv[i]))[1] - __s2
[1]); if (__s1_len > 1 && __result == 0) { __result
= (((const unsigned char *) (const char *) (argv[i]))[2] - __s2
[2]); if (__s1_len > 2 && __result == 0) __result =
(((const unsigned char *) (const char *) (argv[i]))[3] - __s2
[3]); } } __result; }))) : (__builtin_constant_p ("try_first_pass"
) && ((size_t)(const void *)(("try_first_pass") + 1) -
(size_t)(const void *)("try_first_pass") == 1) && (__s2_len
= __builtin_strlen ("try_first_pass"), __s2_len < 4) ? (__builtin_constant_p
(argv[i]) && ((size_t)(const void *)((argv[i]) + 1) -
(size_t)(const void *)(argv[i]) == 1) ? __builtin_strcmp (argv
[i], "try_first_pass") : (- (__extension__ ({ const unsigned char
*__s2 = (const unsigned char *) (const char *) (argv[i]); int
__result = (((const unsigned char *) (const char *) ("try_first_pass"
))[0] - __s2[0]); if (__s2_len > 0 && __result == 0
) { __result = (((const unsigned char *) (const char *) ("try_first_pass"
))[1] - __s2[1]); if (__s2_len > 1 && __result == 0
) { __result = (((const unsigned char *) (const char *) ("try_first_pass"
))[2] - __s2[2]); if (__s2_len > 2 && __result == 0
) __result = (((const unsigned char *) (const char *) ("try_first_pass"
))[3] - __s2[3]); } } __result; })))) : __builtin_strcmp (argv
[i], "try_first_pass")))); })
== 0)
97 cfg->try_first_pass = 1;
98 if (strcmp (argv[i], "use_first_pass")__extension__ ({ size_t __s1_len, __s2_len; (__builtin_constant_p
(argv[i]) && __builtin_constant_p ("use_first_pass")
&& (__s1_len = __builtin_strlen (argv[i]), __s2_len =
__builtin_strlen ("use_first_pass"), (!((size_t)(const void *
)((argv[i]) + 1) - (size_t)(const void *)(argv[i]) == 1) || __s1_len
>= 4) && (!((size_t)(const void *)(("use_first_pass"
) + 1) - (size_t)(const void *)("use_first_pass") == 1) || __s2_len
>= 4)) ? __builtin_strcmp (argv[i], "use_first_pass") : (
__builtin_constant_p (argv[i]) && ((size_t)(const void
*)((argv[i]) + 1) - (size_t)(const void *)(argv[i]) == 1) &&
(__s1_len = __builtin_strlen (argv[i]), __s1_len < 4) ? (
__builtin_constant_p ("use_first_pass") && ((size_t)(
const void *)(("use_first_pass") + 1) - (size_t)(const void *
)("use_first_pass") == 1) ? __builtin_strcmp (argv[i], "use_first_pass"
) : (__extension__ ({ const unsigned char *__s2 = (const unsigned
char *) (const char *) ("use_first_pass"); int __result = ((
(const unsigned char *) (const char *) (argv[i]))[0] - __s2[0
]); if (__s1_len > 0 && __result == 0) { __result =
(((const unsigned char *) (const char *) (argv[i]))[1] - __s2
[1]); if (__s1_len > 1 && __result == 0) { __result
= (((const unsigned char *) (const char *) (argv[i]))[2] - __s2
[2]); if (__s1_len > 2 && __result == 0) __result =
(((const unsigned char *) (const char *) (argv[i]))[3] - __s2
[3]); } } __result; }))) : (__builtin_constant_p ("use_first_pass"
) && ((size_t)(const void *)(("use_first_pass") + 1) -
(size_t)(const void *)("use_first_pass") == 1) && (__s2_len
= __builtin_strlen ("use_first_pass"), __s2_len < 4) ? (__builtin_constant_p
(argv[i]) && ((size_t)(const void *)((argv[i]) + 1) -
(size_t)(const void *)(argv[i]) == 1) ? __builtin_strcmp (argv
[i], "use_first_pass") : (- (__extension__ ({ const unsigned char
*__s2 = (const unsigned char *) (const char *) (argv[i]); int
__result = (((const unsigned char *) (const char *) ("use_first_pass"
))[0] - __s2[0]); if (__s2_len > 0 && __result == 0
) { __result = (((const unsigned char *) (const char *) ("use_first_pass"
))[1] - __s2[1]); if (__s2_len > 1 && __result == 0
) { __result = (((const unsigned char *) (const char *) ("use_first_pass"
))[2] - __s2[2]); if (__s2_len > 2 && __result == 0
) __result = (((const unsigned char *) (const char *) ("use_first_pass"
))[3] - __s2[3]); } } __result; })))) : __builtin_strcmp (argv
[i], "use_first_pass")))); })
== 0)
99 cfg->use_first_pass = 1;
100 if (strncmp (argv[i], "usersfile=", 10)(__extension__ (__builtin_constant_p (10) && ((__builtin_constant_p
(argv[i]) && strlen (argv[i]) < ((size_t) (10))) ||
(__builtin_constant_p ("usersfile=") && strlen ("usersfile="
) < ((size_t) (10)))) ? __extension__ ({ size_t __s1_len, __s2_len
; (__builtin_constant_p (argv[i]) && __builtin_constant_p
("usersfile=") && (__s1_len = __builtin_strlen (argv
[i]), __s2_len = __builtin_strlen ("usersfile="), (!((size_t)
(const void *)((argv[i]) + 1) - (size_t)(const void *)(argv[i
]) == 1) || __s1_len >= 4) && (!((size_t)(const void
*)(("usersfile=") + 1) - (size_t)(const void *)("usersfile="
) == 1) || __s2_len >= 4)) ? __builtin_strcmp (argv[i], "usersfile="
) : (__builtin_constant_p (argv[i]) && ((size_t)(const
void *)((argv[i]) + 1) - (size_t)(const void *)(argv[i]) == 1
) && (__s1_len = __builtin_strlen (argv[i]), __s1_len
< 4) ? (__builtin_constant_p ("usersfile=") && ((
size_t)(const void *)(("usersfile=") + 1) - (size_t)(const void
*)("usersfile=") == 1) ? __builtin_strcmp (argv[i], "usersfile="
) : (__extension__ ({ const unsigned char *__s2 = (const unsigned
char *) (const char *) ("usersfile="); int __result = (((const
unsigned char *) (const char *) (argv[i]))[0] - __s2[0]); if
(__s1_len > 0 && __result == 0) { __result = (((const
unsigned char *) (const char *) (argv[i]))[1] - __s2[1]); if
(__s1_len > 1 && __result == 0) { __result = (((const
unsigned char *) (const char *) (argv[i]))[2] - __s2[2]); if
(__s1_len > 2 && __result == 0) __result = (((const
unsigned char *) (const char *) (argv[i]))[3] - __s2[3]); } }
__result; }))) : (__builtin_constant_p ("usersfile=") &&
((size_t)(const void *)(("usersfile=") + 1) - (size_t)(const
void *)("usersfile=") == 1) && (__s2_len = __builtin_strlen
("usersfile="), __s2_len < 4) ? (__builtin_constant_p (argv
[i]) && ((size_t)(const void *)((argv[i]) + 1) - (size_t
)(const void *)(argv[i]) == 1) ? __builtin_strcmp (argv[i], "usersfile="
) : (- (__extension__ ({ const unsigned char *__s2 = (const unsigned
char *) (const char *) (argv[i]); int __result = (((const unsigned
char *) (const char *) ("usersfile="))[0] - __s2[0]); if (__s2_len
> 0 && __result == 0) { __result = (((const unsigned
char *) (const char *) ("usersfile="))[1] - __s2[1]); if (__s2_len
> 1 && __result == 0) { __result = (((const unsigned
char *) (const char *) ("usersfile="))[2] - __s2[2]); if (__s2_len
> 2 && __result == 0) __result = (((const unsigned
char *) (const char *) ("usersfile="))[3] - __s2[3]); } } __result
; })))) : __builtin_strcmp (argv[i], "usersfile=")))); }) : strncmp
(argv[i], "usersfile=", 10)))
== 0)
101 cfg->usersfile = (char *) argv[i] + 10;
102 if (strncmp (argv[i], "digits=", 7)(__extension__ (__builtin_constant_p (7) && ((__builtin_constant_p
(argv[i]) && strlen (argv[i]) < ((size_t) (7))) ||
(__builtin_constant_p ("digits=") && strlen ("digits="
) < ((size_t) (7)))) ? __extension__ ({ size_t __s1_len, __s2_len
; (__builtin_constant_p (argv[i]) && __builtin_constant_p
("digits=") && (__s1_len = __builtin_strlen (argv[i]
), __s2_len = __builtin_strlen ("digits="), (!((size_t)(const
void *)((argv[i]) + 1) - (size_t)(const void *)(argv[i]) == 1
) || __s1_len >= 4) && (!((size_t)(const void *)((
"digits=") + 1) - (size_t)(const void *)("digits=") == 1) || __s2_len
>= 4)) ? __builtin_strcmp (argv[i], "digits=") : (__builtin_constant_p
(argv[i]) && ((size_t)(const void *)((argv[i]) + 1) -
(size_t)(const void *)(argv[i]) == 1) && (__s1_len =
__builtin_strlen (argv[i]), __s1_len < 4) ? (__builtin_constant_p
("digits=") && ((size_t)(const void *)(("digits=") +
1) - (size_t)(const void *)("digits=") == 1) ? __builtin_strcmp
(argv[i], "digits=") : (__extension__ ({ const unsigned char
*__s2 = (const unsigned char *) (const char *) ("digits="); int
__result = (((const unsigned char *) (const char *) (argv[i]
))[0] - __s2[0]); if (__s1_len > 0 && __result == 0
) { __result = (((const unsigned char *) (const char *) (argv
[i]))[1] - __s2[1]); if (__s1_len > 1 && __result ==
0) { __result = (((const unsigned char *) (const char *) (argv
[i]))[2] - __s2[2]); if (__s1_len > 2 && __result ==
0) __result = (((const unsigned char *) (const char *) (argv
[i]))[3] - __s2[3]); } } __result; }))) : (__builtin_constant_p
("digits=") && ((size_t)(const void *)(("digits=") +
1) - (size_t)(const void *)("digits=") == 1) && (__s2_len
= __builtin_strlen ("digits="), __s2_len < 4) ? (__builtin_constant_p
(argv[i]) && ((size_t)(const void *)((argv[i]) + 1) -
(size_t)(const void *)(argv[i]) == 1) ? __builtin_strcmp (argv
[i], "digits=") : (- (__extension__ ({ const unsigned char *__s2
= (const unsigned char *) (const char *) (argv[i]); int __result
= (((const unsigned char *) (const char *) ("digits="))[0] -
__s2[0]); if (__s2_len > 0 && __result == 0) { __result
= (((const unsigned char *) (const char *) ("digits="))[1] -
__s2[1]); if (__s2_len > 1 && __result == 0) { __result
= (((const unsigned char *) (const char *) ("digits="))[2] -
__s2[2]); if (__s2_len > 2 && __result == 0) __result
= (((const unsigned char *) (const char *) ("digits="))[3] -
__s2[3]); } } __result; })))) : __builtin_strcmp (argv[i], "digits="
)))); }) : strncmp (argv[i], "digits=", 7)))
== 0)
103 cfg->digits = atoi (argv[i] + 7);
104 if (strncmp (argv[i], "window=", 7)(__extension__ (__builtin_constant_p (7) && ((__builtin_constant_p
(argv[i]) && strlen (argv[i]) < ((size_t) (7))) ||
(__builtin_constant_p ("window=") && strlen ("window="
) < ((size_t) (7)))) ? __extension__ ({ size_t __s1_len, __s2_len
; (__builtin_constant_p (argv[i]) && __builtin_constant_p
("window=") && (__s1_len = __builtin_strlen (argv[i]
), __s2_len = __builtin_strlen ("window="), (!((size_t)(const
void *)((argv[i]) + 1) - (size_t)(const void *)(argv[i]) == 1
) || __s1_len >= 4) && (!((size_t)(const void *)((
"window=") + 1) - (size_t)(const void *)("window=") == 1) || __s2_len
>= 4)) ? __builtin_strcmp (argv[i], "window=") : (__builtin_constant_p
(argv[i]) && ((size_t)(const void *)((argv[i]) + 1) -
(size_t)(const void *)(argv[i]) == 1) && (__s1_len =
__builtin_strlen (argv[i]), __s1_len < 4) ? (__builtin_constant_p
("window=") && ((size_t)(const void *)(("window=") +
1) - (size_t)(const void *)("window=") == 1) ? __builtin_strcmp
(argv[i], "window=") : (__extension__ ({ const unsigned char
*__s2 = (const unsigned char *) (const char *) ("window="); int
__result = (((const unsigned char *) (const char *) (argv[i]
))[0] - __s2[0]); if (__s1_len > 0 && __result == 0
) { __result = (((const unsigned char *) (const char *) (argv
[i]))[1] - __s2[1]); if (__s1_len > 1 && __result ==
0) { __result = (((const unsigned char *) (const char *) (argv
[i]))[2] - __s2[2]); if (__s1_len > 2 && __result ==
0) __result = (((const unsigned char *) (const char *) (argv
[i]))[3] - __s2[3]); } } __result; }))) : (__builtin_constant_p
("window=") && ((size_t)(const void *)(("window=") +
1) - (size_t)(const void *)("window=") == 1) && (__s2_len
= __builtin_strlen ("window="), __s2_len < 4) ? (__builtin_constant_p
(argv[i]) && ((size_t)(const void *)((argv[i]) + 1) -
(size_t)(const void *)(argv[i]) == 1) ? __builtin_strcmp (argv
[i], "window=") : (- (__extension__ ({ const unsigned char *__s2
= (const unsigned char *) (const char *) (argv[i]); int __result
= (((const unsigned char *) (const char *) ("window="))[0] -
__s2[0]); if (__s2_len > 0 && __result == 0) { __result
= (((const unsigned char *) (const char *) ("window="))[1] -
__s2[1]); if (__s2_len > 1 && __result == 0) { __result
= (((const unsigned char *) (const char *) ("window="))[2] -
__s2[2]); if (__s2_len > 2 && __result == 0) __result
= (((const unsigned char *) (const char *) ("window="))[3] -
__s2[3]); } } __result; })))) : __builtin_strcmp (argv[i], "window="
)))); }) : strncmp (argv[i], "window=", 7)))
== 0)
105 cfg->window = atoi (argv[i] + 7);
106 }
107
108 if (cfg->digits != 6 && cfg->digits != 7 && cfg->digits != 8)
109 {
110 if (cfg->digits != -1)
111 D (("only 6, 7, and 8 OTP lengths are supported: invalid value %d",do { printf ("[%s:%s(%d)] ", "pam_oath.c", __FUNCTION__, 112)
; printf ("only 6, 7, and 8 OTP lengths are supported: invalid value %d"
, cfg->digits); printf ("\n"); } while (0)
112 cfg->digits))do { printf ("[%s:%s(%d)] ", "pam_oath.c", __FUNCTION__, 112)
; printf ("only 6, 7, and 8 OTP lengths are supported: invalid value %d"
, cfg->digits); printf ("\n"); } while (0)
;
113 cfg->digits = 0;
114 }
115
116 if (cfg->debug)
117 {
118 D (("called."))do { printf ("[%s:%s(%d)] ", "pam_oath.c", __FUNCTION__, 118)
; printf ("called."); printf ("\n"); } while (0)
;
119 D (("flags %d argc %d", flags, argc))do { printf ("[%s:%s(%d)] ", "pam_oath.c", __FUNCTION__, 119)
; printf ("flags %d argc %d", flags, argc); printf ("\n"); } while
(0)
;
120 for (i = 0; i < argc; i++)
121 D (("argv[%d]=%s", i, argv[i]))do { printf ("[%s:%s(%d)] ", "pam_oath.c", __FUNCTION__, 121)
; printf ("argv[%d]=%s", i, argv[i]); printf ("\n"); } while (
0)
;
122 D (("debug=%d", cfg->debug))do { printf ("[%s:%s(%d)] ", "pam_oath.c", __FUNCTION__, 122)
; printf ("debug=%d", cfg->debug); printf ("\n"); } while (
0)
;
123 D (("alwaysok=%d", cfg->alwaysok))do { printf ("[%s:%s(%d)] ", "pam_oath.c", __FUNCTION__, 123)
; printf ("alwaysok=%d", cfg->alwaysok); printf ("\n"); } while
(0)
;
124 D (("try_first_pass=%d", cfg->try_first_pass))do { printf ("[%s:%s(%d)] ", "pam_oath.c", __FUNCTION__, 124)
; printf ("try_first_pass=%d", cfg->try_first_pass); printf
("\n"); } while (0)
;
125 D (("use_first_pass=%d", cfg->use_first_pass))do { printf ("[%s:%s(%d)] ", "pam_oath.c", __FUNCTION__, 125)
; printf ("use_first_pass=%d", cfg->use_first_pass); printf
("\n"); } while (0)
;
126 D (("usersfile=%s", cfg->usersfile ? cfg->usersfile : "(null)"))do { printf ("[%s:%s(%d)] ", "pam_oath.c", __FUNCTION__, 126)
; printf ("usersfile=%s", cfg->usersfile ? cfg->usersfile
: "(null)"); printf ("\n"); } while (0)
;
127 D (("digits=%d", cfg->digits))do { printf ("[%s:%s(%d)] ", "pam_oath.c", __FUNCTION__, 127)
; printf ("digits=%d", cfg->digits); printf ("\n"); } while
(0)
;
128 D (("window=%d", cfg->window))do { printf ("[%s:%s(%d)] ", "pam_oath.c", __FUNCTION__, 128)
; printf ("window=%d", cfg->window); printf ("\n"); } while
(0)
;
129 }
130}
131
132PAM_EXTERNextern int
133pam_sm_authenticate (pam_handle_t * pamh,
134 int flags, int argc, const char **argv)
135{
136 int retval, rc;
137 const char *user = NULL((void*)0);
138 const char *password = NULL((void*)0);
139 char otp[MAX_OTP_LEN8 + 1];
140 int password_len = 0;
141 struct pam_conv *conv;
142 struct pam_message *pmsg[1], msg[1];
143 struct pam_response *resp;
144 int nargs = 1;
145 struct cfg cfg;
146 char *query_prompt = NULL((void*)0);
147 char *onlypasswd = strdup ("")(__extension__ (__builtin_constant_p ("") && ((size_t
)(const void *)(("") + 1) - (size_t)(const void *)("") == 1) ?
(((const char *) (""))[0] == '\0' ? (char *) calloc ((size_t
) 1, (size_t) 1) : ({ size_t __len = strlen ("") + 1; char *__retval
= (char *) malloc (__len); if (__retval != ((void*)0)) __retval
= (char *) memcpy (__retval, "", __len); __retval; })) : __strdup
("")))
; /* empty passwords never match */
148
149 if (!onlypasswd)
1
Assuming 'onlypasswd' is null
2
Taking true branch
150 {
151 retval = PAM_BUF_ERR5;
152 goto done;
3
Control jumps to line 325
153 }
154
155 parse_cfg (flags, argc, argv, &cfg);
156
157 retval = pam_get_user (pamh, &user, NULL((void*)0));
158 if (retval != PAM_SUCCESS0)
159 {
160 DBG (("get user returned error: %s", pam_strerror (pamh, retval)))if (cfg.debug) { do { printf ("[%s:%s(%d)] ", "pam_oath.c", __FUNCTION__
, 160); printf ("get user returned error: %s", pam_strerror (
pamh, retval)); printf ("\n"); } while (0); }
;
161 goto done;
162 }
163 DBG (("get user returned: %s", user))if (cfg.debug) { do { printf ("[%s:%s(%d)] ", "pam_oath.c", __FUNCTION__
, 163); printf ("get user returned: %s", user); printf ("\n")
; } while (0); }
;
164
165 if (cfg.try_first_pass || cfg.use_first_pass)
166 {
167 retval = pam_get_item (pamh, PAM_AUTHTOK6, (const void **) &password);
168 if (retval != PAM_SUCCESS0)
169 {
170 DBG (("get password returned error: %s",if (cfg.debug) { do { printf ("[%s:%s(%d)] ", "pam_oath.c", __FUNCTION__
, 171); printf ("get password returned error: %s", pam_strerror
(pamh, retval)); printf ("\n"); } while (0); }
171 pam_strerror (pamh, retval)))if (cfg.debug) { do { printf ("[%s:%s(%d)] ", "pam_oath.c", __FUNCTION__
, 171); printf ("get password returned error: %s", pam_strerror
(pamh, retval)); printf ("\n"); } while (0); }
;
172 goto done;
173 }
174 DBG (("get password returned: %s", password))if (cfg.debug) { do { printf ("[%s:%s(%d)] ", "pam_oath.c", __FUNCTION__
, 174); printf ("get password returned: %s", password); printf
("\n"); } while (0); }
;
175 }
176
177 if (cfg.use_first_pass && password == NULL((void*)0))
178 {
179 DBG (("use_first_pass set and no password, giving up"))if (cfg.debug) { do { printf ("[%s:%s(%d)] ", "pam_oath.c", __FUNCTION__
, 179); printf ("use_first_pass set and no password, giving up"
); printf ("\n"); } while (0); }
;
180 retval = PAM_AUTH_ERR7;
181 goto done;
182 }
183
184 rc = oath_init ();
185 if (rc != OATH_OK)
186 {
187 DBG (("oath_init() failed (%d)", rc))if (cfg.debug) { do { printf ("[%s:%s(%d)] ", "pam_oath.c", __FUNCTION__
, 187); printf ("oath_init() failed (%d)", rc); printf ("\n")
; } while (0); }
;
188 retval = PAM_AUTHINFO_UNAVAIL9;
189 goto done;
190 }
191
192 if (password == NULL((void*)0))
193 {
194 retval = pam_get_item (pamh, PAM_CONV5, (const void **) &conv);
195 if (retval != PAM_SUCCESS0)
196 {
197 DBG (("get conv returned error: %s", pam_strerror (pamh, retval)))if (cfg.debug) { do { printf ("[%s:%s(%d)] ", "pam_oath.c", __FUNCTION__
, 197); printf ("get conv returned error: %s", pam_strerror (
pamh, retval)); printf ("\n"); } while (0); }
;
198 goto done;
199 }
200
201 pmsg[0] = &msg[0];
202 {
203 const char *query_template = "One-time password (OATH) for `%s': ";
204 size_t len = strlen (query_template) + strlen (user);
205 size_t wrote;
206
207 query_prompt = malloc (len);
208 if (!query_prompt)
209 {
210 retval = PAM_BUF_ERR5;
211 goto done;
212 }
213
214 wrote = snprintf (query_prompt, len, query_template, user);
215 if (wrote < 0 || wrote >= len)
216 {
217 retval = PAM_BUF_ERR5;
218 goto done;
219 }
220
221 msg[0].msg = query_prompt;
222 }
223 msg[0].msg_style = PAM_PROMPT_ECHO_OFF1;
224 resp = NULL((void*)0);
225
226 retval = conv->conv (nargs, (const struct pam_message **) pmsg,
227 &resp, conv->appdata_ptr);
228
229 free (query_prompt);
230 query_prompt = NULL((void*)0);
231
232 if (retval != PAM_SUCCESS0)
233 {
234 DBG (("conv returned error: %s", pam_strerror (pamh, retval)))if (cfg.debug) { do { printf ("[%s:%s(%d)] ", "pam_oath.c", __FUNCTION__
, 234); printf ("conv returned error: %s", pam_strerror (pamh
, retval)); printf ("\n"); } while (0); }
;
235 goto done;
236 }
237
238 DBG (("conv returned: %s", resp->resp))if (cfg.debug) { do { printf ("[%s:%s(%d)] ", "pam_oath.c", __FUNCTION__
, 238); printf ("conv returned: %s", resp->resp); printf (
"\n"); } while (0); }
;
239
240 password = resp->resp;
241 }
242
243 if (password)
244 password_len = strlen (password);
245 else
246 {
247 DBG (("Could not read password"))if (cfg.debug) { do { printf ("[%s:%s(%d)] ", "pam_oath.c", __FUNCTION__
, 247); printf ("Could not read password"); printf ("\n"); } while
(0); }
;
248 retval = PAM_AUTH_ERR7;
249 goto done;
250 }
251
252 if (password_len < MIN_OTP_LEN6)
253 {
254 DBG (("OTP too short: %s", password))if (cfg.debug) { do { printf ("[%s:%s(%d)] ", "pam_oath.c", __FUNCTION__
, 254); printf ("OTP too short: %s", password); printf ("\n")
; } while (0); }
;
255 retval = PAM_AUTH_ERR7;
256 goto done;
257 }
258 else if (cfg.digits != 0 && password_len < cfg.digits)
259 {
260 DBG (("OTP shorter than digits=%d: %s", cfg.digits, password))if (cfg.debug) { do { printf ("[%s:%s(%d)] ", "pam_oath.c", __FUNCTION__
, 260); printf ("OTP shorter than digits=%d: %s", cfg.digits,
password); printf ("\n"); } while (0); }
;
261 retval = PAM_AUTH_ERR7;
262 goto done;
263 }
264 else if (cfg.digits == 0 && password_len > MAX_OTP_LEN8)
265 {
266 DBG (("OTP too long (and no digits=): %s", password))if (cfg.debug) { do { printf ("[%s:%s(%d)] ", "pam_oath.c", __FUNCTION__
, 266); printf ("OTP too long (and no digits=): %s", password
); printf ("\n"); } while (0); }
;
267 retval = PAM_AUTH_ERR7;
268 goto done;
269 }
270 else if (cfg.digits != 0 && password_len > cfg.digits)
271 {
272 free (onlypasswd);
273 onlypasswd = strdup (password)(__extension__ (__builtin_constant_p (password) && ((
size_t)(const void *)((password) + 1) - (size_t)(const void *
)(password) == 1) ? (((const char *) (password))[0] == '\0' ?
(char *) calloc ((size_t) 1, (size_t) 1) : ({ size_t __len =
strlen (password) + 1; char *__retval = (char *) malloc (__len
); if (__retval != ((void*)0)) __retval = (char *) memcpy (__retval
, password, __len); __retval; })) : __strdup (password)))
;
274 if (!onlypasswd)
275 {
276 retval = PAM_BUF_ERR5;
277 goto done;
278 }
279
280 /* user entered their system password followed by generated OTP? */
281
282 onlypasswd[password_len - cfg.digits] = '\0';
283
284 DBG (("Password: %s ", onlypasswd))if (cfg.debug) { do { printf ("[%s:%s(%d)] ", "pam_oath.c", __FUNCTION__
, 284); printf ("Password: %s ", onlypasswd); printf ("\n"); }
while (0); }
;
285
286 memcpy (otp, password + password_len - cfg.digits, cfg.digits);
287 otp[cfg.digits] = '\0';
288
289 retval = pam_set_item (pamh, PAM_AUTHTOK6, onlypasswd);
290 if (retval != PAM_SUCCESS0)
291 {
292 DBG (("set_item returned error: %s", pam_strerror (pamh, retval)))if (cfg.debug) { do { printf ("[%s:%s(%d)] ", "pam_oath.c", __FUNCTION__
, 292); printf ("set_item returned error: %s", pam_strerror (
pamh, retval)); printf ("\n"); } while (0); }
;
293 goto done;
294 }
295 }
296 else
297 {
298 strcpy (otp, password);
299 password = NULL((void*)0);
300 }
301
302 DBG (("OTP: %s", otp ? otp : "(null)"))if (cfg.debug) { do { printf ("[%s:%s(%d)] ", "pam_oath.c", __FUNCTION__
, 302); printf ("OTP: %s", otp ? otp : "(null)"); printf ("\n"
); } while (0); }
;
303
304 {
305 time_t last_otp;
306
307 rc = oath_authenticate_usersfile (cfg.usersfile,
308 user,
309 otp, cfg.window, onlypasswd, &last_otp);
310 DBG (("authenticate rc %d (%s: %s) last otp %s", rc,if (cfg.debug) { do { printf ("[%s:%s(%d)] ", "pam_oath.c", __FUNCTION__
, 312); printf ("authenticate rc %d (%s: %s) last otp %s", rc
, oath_strerror_name (rc) ? oath_strerror_name (rc) : "UNKNOWN"
, oath_strerror (rc), ctime (&last_otp)); printf ("\n"); }
while (0); }
311 oath_strerror_name (rc) ? oath_strerror_name (rc) : "UNKNOWN",if (cfg.debug) { do { printf ("[%s:%s(%d)] ", "pam_oath.c", __FUNCTION__
, 312); printf ("authenticate rc %d (%s: %s) last otp %s", rc
, oath_strerror_name (rc) ? oath_strerror_name (rc) : "UNKNOWN"
, oath_strerror (rc), ctime (&last_otp)); printf ("\n"); }
while (0); }
312 oath_strerror (rc), ctime (&last_otp)))if (cfg.debug) { do { printf ("[%s:%s(%d)] ", "pam_oath.c", __FUNCTION__
, 312); printf ("authenticate rc %d (%s: %s) last otp %s", rc
, oath_strerror_name (rc) ? oath_strerror_name (rc) : "UNKNOWN"
, oath_strerror (rc), ctime (&last_otp)); printf ("\n"); }
while (0); }
;
313 }
314
315 if (rc != OATH_OK)
316 {
317 DBG (("One-time password not authorized to login as user '%s'", user))if (cfg.debug) { do { printf ("[%s:%s(%d)] ", "pam_oath.c", __FUNCTION__
, 317); printf ("One-time password not authorized to login as user '%s'"
, user); printf ("\n"); } while (0); }
;
318 retval = PAM_AUTH_ERR7;
319 goto done;
320 }
321
322 retval = PAM_SUCCESS0;
323
324done:
325 oath_done ();
326 free (query_prompt);
327 free (onlypasswd);
328 if (cfg.alwaysok && retval != PAM_SUCCESS0)
4
Branch condition evaluates to a garbage value
329 {
330 DBG (("alwaysok needed (otherwise return with %d)", retval))if (cfg.debug) { do { printf ("[%s:%s(%d)] ", "pam_oath.c", __FUNCTION__
, 330); printf ("alwaysok needed (otherwise return with %d)",
retval); printf ("\n"); } while (0); }
;
331 retval = PAM_SUCCESS0;
332 }
333 DBG (("done. [%s]", pam_strerror (pamh, retval)))if (cfg.debug) { do { printf ("[%s:%s(%d)] ", "pam_oath.c", __FUNCTION__
, 333); printf ("done. [%s]", pam_strerror (pamh, retval)); printf
("\n"); } while (0); }
;
334
335 return retval;
336}
337
338PAM_EXTERNextern int
339pam_sm_setcred (pam_handle_t * pamh, int flags, int argc, const char **argv)
340{
341 return PAM_SUCCESS0;
342}
343
344#ifdef PAM_STATIC
345
346struct pam_module _pam_oath_modstruct = {
347 "pam_oath",
348 pam_sm_authenticate,
349 pam_sm_setcred,
350 NULL((void*)0),
351 NULL((void*)0),
352 NULL((void*)0),
353 NULL((void*)0)
354};
355
356#endif