Merge branch 'main' into issue-302-log-key-handle

Yubico · Mar 27, 2024 · f0fd709 · f0fd709
2 parents 67f93cb + f6f73bf
commit f0fd709
Show file tree

Hide file tree

Showing 12 changed files with 21 additions and 19 deletions.
diff --git a/.github/workflows/alpine_builds.yml b/.github/workflows/alpine_builds.yml
@@ -17,7 +17,7 @@ jobs:
         apk add autoconf automake bash build-base clang clang-analyzer git \
           libfido2-dev libtool linux-pam-dev openssl-dev pkgconfig
     - name: checkout pam-u2f
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
     - name: mark workspace as safe
       run: git config --global --add safe.directory "${GITHUB_WORKSPACE}"
     - name: build

diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
@@ -16,7 +16,7 @@ jobs:
 
     steps:
     - name: Checkout repository
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL

diff --git a/.github/workflows/format.yml b/.github/workflows/format.yml
@@ -8,7 +8,7 @@ jobs:
     env:
       CLANG_FORMAT_VERSION: -15
     steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
       with:
         fetch-depth: 0
     - name: Dependencies

diff --git a/.github/workflows/linux_builds.yml b/.github/workflows/linux_builds.yml
@@ -14,7 +14,7 @@ jobs:
           - { os: ubuntu-20.04, cc: gcc-10 }
           - { os: ubuntu-20.04, cc: clang-11 }
     steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
     - name: dependencies
       env:
         CC: ${{ matrix.cc }}

diff --git a/.github/workflows/linux_fuzz.yml b/.github/workflows/linux_fuzz.yml
@@ -12,7 +12,7 @@ jobs:
         cc: [clang-15]
         sanitizer: [asan]
     steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
     - name: Dependencies
       env:
         CC: ${{ matrix.cc }}

diff --git a/.github/workflows/macos_builds.yml b/.github/workflows/macos_builds.yml
@@ -11,7 +11,7 @@ jobs:
         os: [ macos-11, macos-12, macos-13 ]
         cc: [ clang ]
     steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
     - name: dependencies
       run: brew install check cmake help2man libfido2 mandoc pkg-config automake
     - name: build

diff --git a/build-aux/ci/build-osx.sh b/build-aux/ci/build-osx.sh
@@ -2,7 +2,7 @@
 set -ex
 
 # Link to the same OpenSSL version as libfido2.
-OPENSSL="$(brew deps --installed libfido2 | grep openssl)"
+OPENSSL="$(brew deps libfido2 | grep openssl)"
 LIBFIDO2_PKGCONF="$(brew --prefix libfido2)/lib/pkgconfig"
 OPENSSL_PKGCONF="$(brew --prefix "${OPENSSL}")/lib/pkgconfig"
 export PKG_CONFIG_PATH="${LIBFIDO2_PKGCONF}:${OPENSSL_PKGCONF}"

diff --git a/build-aux/ci/fuzz-linux-asan.sh b/build-aux/ci/fuzz-linux-asan.sh
@@ -7,7 +7,7 @@ LIBCBOR_URL="https://github.com/pjk/libcbor"
 LIBCBOR_TAG="v0.10.2"
 LIBCBOR_CFLAGS="-fsanitize=address,alignment,bounds"
 LIBFIDO2_URL="https://github.com/Yubico/libfido2"
-LIBFIDO2_TAG="1.13.0"
+LIBFIDO2_TAG="1.14.0"
 LIBFIDO2_CFLAGS="-fsanitize=address,alignment,bounds"
 
 COMMON_CFLAGS="-g2 -fno-omit-frame-pointer"

diff --git a/pam-u2f.c b/pam-u2f.c
@@ -212,7 +212,7 @@ int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc,
   }
 
   if (!cfg->appid) {
-    debug_dbg(cfg, "Appid not specified, using the same value of origin (%s)",
+    debug_dbg(cfg, "Appid not specified, using the value of origin (%s)",
               cfg->origin);
     cfg->appid = strdup(cfg->origin);
     if (!cfg->appid) {
@@ -224,7 +224,7 @@ int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc,
   }
 
   if (cfg->max_devs == 0) {
-    debug_dbg(cfg, "Maximum devices number not set. Using default (%d)",
+    debug_dbg(cfg, "Maximum number of devices not set. Using default (%d)",
               MAX_DEVS);
     cfg->max_devs = MAX_DEVS;
   }
@@ -242,7 +242,7 @@ int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc,
 
   pgu_ret = pam_get_user(pamh, &user, NULL);
   if (pgu_ret != PAM_SUCCESS || user == NULL) {
-    debug_dbg(cfg, "Unable to access user %s", user);
+    debug_dbg(cfg, "Unable to get username from PAM");
     retval = PAM_CONV_ERR;
     goto done;
   }

diff --git a/pamu2fcfg/pamu2fcfg.c b/pamu2fcfg/pamu2fcfg.c
@@ -467,13 +467,13 @@ int main(int argc, char *argv[]) {
   parse_args(argc, argv, &args);
   fido_init(args.debug ? FIDO_DEBUG : 0);
 
-  devlist = fido_dev_info_new(64);
+  devlist = fido_dev_info_new(DEVLIST_LEN);
   if (!devlist) {
     fprintf(stderr, "error: fido_dev_info_new failed\n");
     goto err;
   }
 
-  r = fido_dev_info_manifest(devlist, 64, &ndevs);
+  r = fido_dev_info_manifest(devlist, DEVLIST_LEN, &ndevs);
   if (r != FIDO_OK) {
     fprintf(stderr, "Unable to discover device(s), %s (%d)\n", fido_strerr(r),
             r);
@@ -489,7 +489,7 @@ int main(int argc, char *argv[]) {
       fflush(stderr);
       sleep(FREQUENCY);
 
-      r = fido_dev_info_manifest(devlist, 64, &ndevs);
+      r = fido_dev_info_manifest(devlist, DEVLIST_LEN, &ndevs);
       if (r != FIDO_OK) {
         fprintf(stderr, "\nUnable to discover device(s), %s (%d)",
                 fido_strerr(r), r);

diff --git a/util.c b/util.c
@@ -1157,13 +1157,13 @@ int do_authentication(const cfg_t *cfg, const device_t *devices,
 #endif
   memset(&pk, 0, sizeof(pk));
 
-  devlist = fido_dev_info_new(64);
+  devlist = fido_dev_info_new(DEVLIST_LEN);
   if (!devlist) {
     debug_dbg(cfg, "Unable to allocate devlist");
     goto out;
   }
 
-  r = fido_dev_info_manifest(devlist, 64, &ndevs);
+  r = fido_dev_info_manifest(devlist, DEVLIST_LEN, &ndevs);
   if (r != FIDO_OK) {
     debug_dbg(cfg, "Unable to discover device(s), %s (%d)", fido_strerr(r), r);
     goto out;
@@ -1173,7 +1173,7 @@ int do_authentication(const cfg_t *cfg, const device_t *devices,
 
   debug_dbg(cfg, "Device max index is %zu", ndevs);
 
-  authlist = calloc(64 + 1, sizeof(fido_dev_t *));
+  authlist = calloc(DEVLIST_LEN + 1, sizeof(fido_dev_t *));
   if (!authlist) {
     debug_dbg(cfg, "Unable to allocate authenticator list");
     goto out;
@@ -1272,13 +1272,13 @@ int do_authentication(const cfg_t *cfg, const device_t *devices,
 
     fido_dev_info_free(&devlist, ndevs);
 
-    devlist = fido_dev_info_new(64);
+    devlist = fido_dev_info_new(DEVLIST_LEN);
     if (!devlist) {
       debug_dbg(cfg, "Unable to allocate devlist");
       goto out;
     }
 
-    r = fido_dev_info_manifest(devlist, 64, &ndevs);
+    r = fido_dev_info_manifest(devlist, DEVLIST_LEN, &ndevs);
     if (r != FIDO_OK) {
       debug_dbg(cfg, "Unable to discover device(s), %s (%d)", fido_strerr(r),
                 r);

diff --git a/util.h b/util.h
@@ -21,6 +21,8 @@
 #define DEFAULT_ORIGIN_PREFIX "pam://"
 #define SSH_ORIGIN "ssh:"
 
+#define DEVLIST_LEN 64
+
 typedef struct {
   unsigned max_devs;
   int manual;