Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Reject passwords as long or longer than PAM_MAX_RESP_SIZE (normally 512 octets), since extremely long passwords can be used for a denial of service attack via the Kerberos string to key function. Thanks to Florian Best for pointing out this issue and suggesting a good fix.
- Loading branch information
Showing
21 changed files
with
262 additions
and
4 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,14 @@ | ||
# Test authentication with an excessively long password. -*- conf -*- | ||
# | ||
# Copyright 2020 Russ Allbery <eagle@eyrie.org> | ||
# | ||
# SPDX-License-Identifier: BSD-3-clause or GPL-1+ | ||
|
||
[run] | ||
authenticate = PAM_AUTH_ERR | ||
|
||
[prompts] | ||
echo_off = Password: |%p | ||
|
||
[output] | ||
NOTICE authentication failure; logname=%u uid=%i euid=%i tty= ruser= rhost= |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,20 @@ | ||
# Test excessively long password handling with debug logging. -*- conf -*- | ||
# | ||
# Copyright 2020 Russ Allbery <eagle@eyrie.org> | ||
# | ||
# SPDX-License-Identifier: BSD-3-clause or GPL-1+ | ||
|
||
[options] | ||
auth = debug | ||
|
||
[run] | ||
authenticate = PAM_AUTH_ERR | ||
|
||
[prompts] | ||
echo_off = Password: |%p | ||
|
||
[output] | ||
DEBUG pam_sm_authenticate: entry | ||
DEBUG /^\(user %u\) rejecting password longer than [0-9]+$/ | ||
NOTICE authentication failure; logname=%u uid=%i euid=%i tty= ruser= rhost= | ||
DEBUG pam_sm_authenticate: exit (failure) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,14 @@ | ||
# Test use_first_pass with an excessively long password. -*- conf -*- | ||
# | ||
# Copyright 2020 Russ Allbery <eagle@eyrie.org> | ||
# | ||
# SPDX-License-Identifier: BSD-3-clause or GPL-1+ | ||
|
||
[options] | ||
auth = use_first_pass | ||
|
||
[run] | ||
authenticate = PAM_AUTH_ERR | ||
|
||
[output] | ||
NOTICE authentication failure; logname=%u uid=%i euid=%i tty= ruser= rhost= |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
# Test use_first_pass with a long password and debug. -*- conf -*- | ||
# | ||
# Copyright 2020 Russ Allbery <eagle@eyrie.org> | ||
# | ||
# SPDX-License-Identifier: BSD-3-clause or GPL-1+ | ||
|
||
[options] | ||
auth = use_first_pass debug | ||
|
||
[run] | ||
authenticate = PAM_AUTH_ERR | ||
|
||
[output] | ||
DEBUG pam_sm_authenticate: entry | ||
DEBUG /^\(user %u\) rejecting password longer than [0-9]+$/ | ||
NOTICE authentication failure; logname=%u uid=%i euid=%i tty= ruser= rhost= | ||
DEBUG pam_sm_authenticate: exit (failure) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
# Test use_authtok with an excessively long password. -*- conf -*- | ||
# | ||
# Copyright 2020 Russ Allbery <eagle@eyrie.org> | ||
# | ||
# SPDX-License-Identifier: BSD-3-clause or GPL-1+ | ||
|
||
[options] | ||
password = use_authtok | ||
|
||
[run] | ||
chauthtok(PRELIM_CHECK) = PAM_SUCCESS | ||
chauthtok(UPDATE_AUTHTOK) = PAM_AUTHTOK_ERR | ||
|
||
[prompts] | ||
echo_off = Current Kerberos password: |%p | ||
|
||
[output] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,23 @@ | ||
# Test use_authtok with an excessively long password. -*- conf -*- | ||
# | ||
# Copyright 2020 Russ Allbery <eagle@eyrie.org> | ||
# | ||
# SPDX-License-Identifier: BSD-3-clause or GPL-1+ | ||
|
||
[options] | ||
password = use_authtok debug | ||
|
||
[run] | ||
chauthtok(PRELIM_CHECK) = PAM_SUCCESS | ||
chauthtok(UPDATE_AUTHTOK) = PAM_AUTHTOK_ERR | ||
|
||
[prompts] | ||
echo_off = Current Kerberos password: |%p | ||
|
||
[output] | ||
DEBUG pam_sm_chauthtok: entry (prelim) | ||
DEBUG (user %u) attempting authentication as %0 for kadmin/changepw | ||
DEBUG pam_sm_chauthtok: exit (success) | ||
DEBUG pam_sm_chauthtok: entry (update) | ||
DEBUG /^\(user %u\) rejecting password longer than [0-9]+$/ | ||
DEBUG pam_sm_chauthtok: exit (failure) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,15 @@ | ||
# Test password change to an excessively long password. -*- conf -*- | ||
# | ||
# Copyright 2020 Russ Allbery <eagle@eyrie.org> | ||
# | ||
# SPDX-License-Identifier: BSD-3-clause or GPL-1+ | ||
|
||
[run] | ||
chauthtok(PRELIM_CHECK) = PAM_SUCCESS | ||
chauthtok(UPDATE_AUTHTOK) = PAM_AUTHTOK_ERR | ||
|
||
[prompts] | ||
echo_off = Current Kerberos password: |%p | ||
echo_off = Enter new Kerberos password: |%n | ||
|
||
[output] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,24 @@ | ||
# Test password change to an excessively long password. -*- conf -*- | ||
# | ||
# Copyright 2020 Russ Allbery <eagle@eyrie.org> | ||
# | ||
# SPDX-License-Identifier: BSD-3-clause or GPL-1+ | ||
|
||
[options] | ||
password = debug | ||
|
||
[run] | ||
chauthtok(PRELIM_CHECK) = PAM_SUCCESS | ||
chauthtok(UPDATE_AUTHTOK) = PAM_AUTHTOK_ERR | ||
|
||
[prompts] | ||
echo_off = Current Kerberos password: |%p | ||
echo_off = Enter new Kerberos password: |%n | ||
|
||
[output] | ||
DEBUG pam_sm_chauthtok: entry (prelim) | ||
DEBUG (user %u) attempting authentication as %0 for kadmin/changepw | ||
DEBUG pam_sm_chauthtok: exit (success) | ||
DEBUG pam_sm_chauthtok: entry (update) | ||
DEBUG /^\(user %u\) rejecting password longer than [0-9]+$/ | ||
DEBUG pam_sm_chauthtok: exit (failure) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,46 @@ | ||
/* | ||
* Excessively long password tests for the pam-krb5 module. | ||
* | ||
* This test case includes all tests for excessively long passwords that can | ||
* be done without having Kerberos configured and a username and password | ||
* available. | ||
* | ||
* Copyright 2020 Russ Allbery <eagle@eyrie.org> | ||
* | ||
* SPDX-License-Identifier: BSD-3-clause or GPL-1+ | ||
*/ | ||
|
||
#include <config.h> | ||
#include <portable/system.h> | ||
|
||
#include <tests/fakepam/script.h> | ||
#include <tests/tap/basic.h> | ||
|
||
|
||
int | ||
main(void) | ||
{ | ||
struct script_config config; | ||
char *password; | ||
|
||
plan_lazy(); | ||
|
||
memset(&config, 0, sizeof(config)); | ||
config.user = "test"; | ||
|
||
/* Test a password that is too long. */ | ||
password = bcalloc_type(PAM_MAX_RESP_SIZE + 1, char); | ||
memset(password, 'a', PAM_MAX_RESP_SIZE); | ||
config.password = password; | ||
run_script("data/scripts/long/password", &config); | ||
run_script("data/scripts/long/password-debug", &config); | ||
|
||
/* Test a stored authtok that's too long. */ | ||
config.authtok = password; | ||
config.password = "testing"; | ||
run_script("data/scripts/long/use-first", &config); | ||
run_script("data/scripts/long/use-first-debug", &config); | ||
|
||
free(password); | ||
return 0; | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters