rooty/yubico-pam
1
0
Fork 0
mirror of https://github.com/Yubico/yubico-pam.git synced 2025-02-26 21:54:15 +01:00
Code Issues Projects Releases Wiki Activity

Fix a couple of typos and spell phrases more consistently

Browse Source 
Certain phrases (Challenge-response) were not spelled consistently
throughout the project. This commit adjusts for that and fixes a
couple of typos along the way and uses the base form of verbs in
case of error messages.
This commit is contained in:
Karol Babioch 2018-04-25 15:02:23 +02:00
parent 03099cdef2
commit bb3e2030eb
4 changed files with 31 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
pam_yubico.8.txt
View File

@ -96,7 +96,7 @@ An ldap filter to use for attempting to find the correct object in LDAP. In this
Ca certfile for the LDAP connection. Ca certfile for the LDAP connection.
*chalresp_path*=_path_:: *chalresp_path*=_path_::
Path of a system wide directory where challenge response files can be found for users. Default location is $HOME/.yubico/ Path of a system wide directory where challenge-response files can be found for users. Default location is $HOME/.yubico/
== EXAMPLES == EXAMPLES

42
pam_yubico.c
View File

@ -181,7 +181,7 @@ authorize_user_token (struct cfg *cfg,
..... i.e. ~/.yubico/authorized_yubikeys ..... i.e. ~/.yubico/authorized_yubikeys
*/ */
if (! get_user_cfgfile_path (NULL, "authorized_yubikeys", p, &userfile)) { if (! get_user_cfgfile_path (NULL, "authorized_yubikeys", p, &userfile)) {
DBG ("Failed figuring out per-user cfgfile"); DBG ("Failed to figure out per-user cfgfile");
return AUTH_ERROR; return AUTH_ERROR;
} }
@ -292,7 +292,7 @@ authorize_user_token_ldap (struct cfg *cfg,
DBG ("try bind with: %s:[%s]", cfg->ldap_bind_user, cfg->ldap_bind_password); DBG ("try bind with: %s:[%s]", cfg->ldap_bind_user, cfg->ldap_bind_password);
rc = ldap_simple_bind_s (ld, cfg->ldap_bind_user, cfg->ldap_bind_password); rc = ldap_simple_bind_s (ld, cfg->ldap_bind_user, cfg->ldap_bind_password);
} else { } else {
DBG ("try bind anonymous"); DBG ("try anonymous bind");
rc = ldap_simple_bind_s (ld, NULL, NULL); rc = ldap_simple_bind_s (ld, NULL, NULL);
} }
if (rc != LDAP_SUCCESS) if (rc != LDAP_SUCCESS)
@ -378,7 +378,7 @@ authorize_user_token_ldap (struct cfg *cfg,
} }
if(token_id && !strncmp (token_id, vals[i]->bv_val + yubi_attr_prefix_len, strlen (vals[i]->bv_val + yubi_attr_prefix_len))) if(token_id && !strncmp (token_id, vals[i]->bv_val + yubi_attr_prefix_len, strlen (vals[i]->bv_val + yubi_attr_prefix_len)))
{ {
DBG ("Token Found :: %s", vals[i]->bv_val); DBG ("Token found :: %s", vals[i]->bv_val);
retval = AUTH_FOUND; retval = AUTH_FOUND;
} }
} }
@ -512,7 +512,7 @@ do_challenge_response(pam_handle_t *pamh, struct cfg *cfg, const char *username)
} }
if (! init_yubikey(&yk)) { if (! init_yubikey(&yk)) {
DBG("Failed initializing YubiKey"); DBG("Failed to initialize YubiKey");
goto out; goto out;
} }
@ -522,7 +522,7 @@ do_challenge_response(pam_handle_t *pamh, struct cfg *cfg, const char *username)
} }
if (! get_user_challenge_file (yk, cfg->chalresp_path, p, &userfile, cfg->debug_file)) { if (! get_user_challenge_file (yk, cfg->chalresp_path, p, &userfile, cfg->debug_file)) {
DBG("Failed getting user challenge file for user %s", username); DBG("Failed to get user challenge file for user %s", username);
goto out; goto out;
} }
@ -531,7 +531,7 @@ do_challenge_response(pam_handle_t *pamh, struct cfg *cfg, const char *username)
/* Drop privileges before opening user file (if we're not using system-wide dir). */ /* Drop privileges before opening user file (if we're not using system-wide dir). */
if (!cfg->chalresp_path) { if (!cfg->chalresp_path) {
if (pam_modutil_drop_priv(pamh, &privs, p)) { if (pam_modutil_drop_priv(pamh, &privs, p)) {
DBG ("could not drop privileges"); DBG ("Could not drop privileges");
goto out; goto out;
} }
} }
@ -572,7 +572,7 @@ do_challenge_response(pam_handle_t *pamh, struct cfg *cfg, const char *username)
if (!cfg->chalresp_path) { if (!cfg->chalresp_path) {
if (pam_modutil_regain_priv(pamh, &privs)) { if (pam_modutil_regain_priv(pamh, &privs)) {
DBG ("could not restore privileges"); DBG ("Could not restore privileges");
goto out; goto out;
} }
} }
@ -580,7 +580,7 @@ do_challenge_response(pam_handle_t *pamh, struct cfg *cfg, const char *username)
if (! challenge_response(yk, state.slot, state.challenge, state.challenge_len, if (! challenge_response(yk, state.slot, state.challenge, state.challenge_len,
true, true, false, true, true, false,
buf, sizeof(buf), &response_len)) { buf, sizeof(buf), &response_len)) {
DBG("Challenge-response FAILED"); DBG("Challenge-response failed");
goto out; goto out;
} }
@ -598,7 +598,7 @@ do_challenge_response(pam_handle_t *pamh, struct cfg *cfg, const char *username)
if (memcmp(buf, state.response, state.response_len) == 0) { if (memcmp(buf, state.response, state.response_len) == 0) {
ret = PAM_SUCCESS; ret = PAM_SUCCESS;
} else { } else {
DBG("Unexpected C/R response : %s", response_hex); DBG("Unexpected response: %s", response_hex);
goto out; goto out;
} }
@ -606,7 +606,7 @@ do_challenge_response(pam_handle_t *pamh, struct cfg *cfg, const char *username)
errstr = "Error generating new challenge, please check syslog or contact your system administrator"; errstr = "Error generating new challenge, please check syslog or contact your system administrator";
if (generate_random(state.challenge, sizeof(state.challenge))) { if (generate_random(state.challenge, sizeof(state.challenge))) {
DBG("Failed generating new challenge!"); DBG("Failed to generate new challenge!");
goto out; goto out;
} }
@ -614,7 +614,7 @@ do_challenge_response(pam_handle_t *pamh, struct cfg *cfg, const char *username)
if (! challenge_response(yk, state.slot, state.challenge, CR_CHALLENGE_SIZE, if (! challenge_response(yk, state.slot, state.challenge, CR_CHALLENGE_SIZE,
true, true, false, true, true, false,
buf, sizeof(buf), &response_len)) { buf, sizeof(buf), &response_len)) {
DBG("Second challenge-response FAILED"); DBG("Second challenge-response failed");
goto out; goto out;
} }
@ -643,7 +643,7 @@ do_challenge_response(pam_handle_t *pamh, struct cfg *cfg, const char *username)
/* Drop privileges before creating new challenge file. */ /* Drop privileges before creating new challenge file. */
if (!cfg->chalresp_path) { if (!cfg->chalresp_path) {
if (pam_modutil_drop_priv(pamh, &privs, p)) { if (pam_modutil_drop_priv(pamh, &privs, p)) {
DBG ("could not drop privileges"); DBG ("Could not drop privileges");
goto out; goto out;
} }
} }
@ -662,11 +662,11 @@ do_challenge_response(pam_handle_t *pamh, struct cfg *cfg, const char *username)
} }
if (fchmod (fd, st.st_mode) != 0) { if (fchmod (fd, st.st_mode) != 0) {
DBG ("could not set correct file permissions"); DBG ("Could not set correct file permissions");
goto restpriv_out; goto restpriv_out;
} }
if (fchown (fd, st.st_uid, st.st_gid) != 0) { if (fchown (fd, st.st_uid, st.st_gid) != 0) {
DBG ("could not set correct file ownership"); DBG ("Could not set correct file ownership");
goto restpriv_out; goto restpriv_out;
} }
@ -696,7 +696,7 @@ do_challenge_response(pam_handle_t *pamh, struct cfg *cfg, const char *username)
restpriv_out: restpriv_out:
if (!cfg->chalresp_path) { if (!cfg->chalresp_path) {
if (pam_modutil_regain_priv(pamh, &privs)) { if (pam_modutil_regain_priv(pamh, &privs)) {
DBG (("could not restore privileges")); DBG (("Could not restore privileges"));
} }
} }
@ -715,8 +715,8 @@ restpriv_out:
display_error(pamh, errstr, cfg); display_error(pamh, errstr, cfg);
if (errno) { if (errno) {
syslog(LOG_ERR, "Challenge response failed: %s", strerror(errno)); syslog(LOG_ERR, "Challenge-response failed: %s", strerror(errno));
DBG("Challenge response failed: %s", strerror(errno)); DBG("Challenge-response failed: %s", strerror(errno));
} }
if (yk) if (yk)
@ -901,7 +901,7 @@ pam_sm_authenticate (pam_handle_t * pamh,
if (cfg->token_id_length > MAX_TOKEN_ID_LEN) if (cfg->token_id_length > MAX_TOKEN_ID_LEN)
{ {
DBG ("configuration error: token_id_length too long. Maximum acceptable value : %u", MAX_TOKEN_ID_LEN); DBG ("Configuration error: token_id_length too long. Maximum acceptable value : %u", MAX_TOKEN_ID_LEN);
retval = PAM_AUTHINFO_UNAVAIL; retval = PAM_AUTHINFO_UNAVAIL;
goto done; goto done;
} }
@ -919,7 +919,7 @@ pam_sm_authenticate (pam_handle_t * pamh,
DBG ("libykpers version: %s", ykpers_check_version(NULL)); DBG ("libykpers version: %s", ykpers_check_version(NULL));
retval = do_challenge_response(pamh, cfg, user); retval = do_challenge_response(pamh, cfg, user);
#else #else
DBG ("no support for challenge/response"); DBG ("no support for challenge-response");
retval = PAM_AUTH_ERR; retval = PAM_AUTH_ERR;
#endif #endif
goto done; goto done;
@ -946,7 +946,7 @@ pam_sm_authenticate (pam_handle_t * pamh,
if(ykclient_global_init() != YKCLIENT_OK) if(ykclient_global_init() != YKCLIENT_OK)
{ {
DBG ("Failed initializing ykclient library"); DBG ("Failed to initlaize ykclient library");
retval = PAM_AUTHINFO_UNAVAIL; retval = PAM_AUTHINFO_UNAVAIL;
goto done; goto done;
} }
@ -1156,7 +1156,7 @@ pam_sm_authenticate (pam_handle_t * pamh,
DBG ("Token is associated to the user. Validating the OTP..."); DBG ("Token is associated to the user. Validating the OTP...");
rc = ykclient_request (ykc, otp); rc = ykclient_request (ykc, otp);
DBG ("ykclient return value (%d): %s", rc, ykclient_strerror (rc)); DBG ("ykclient return value (%d): %s", rc, ykclient_strerror (rc));
DBG ("ykclient url used: %s", ykclient_get_last_url(ykc)); DBG ("ykclient URL used: %s", ykclient_get_last_url(ykc));
switch (rc) switch (rc)
{ {

2
ykpamcfg.1.txt
View File

@ -47,7 +47,7 @@ To use the system-wide mode, you currently have to move the generated state file
== EXAMPLES == EXAMPLES
First, program a YubiKey for challenge response on Slot 2 : First, program a YubiKey for challenge-response on Slot 2:
$ ykpersonalize -2 -ochal-resp -ochal-hmac -ohmac-lt64 -oserial-api-visible $ ykpersonalize -2 -ochal-resp -ochal-hmac -ohmac-lt64 -oserial-api-visible
... ...

16
ykpamcfg.c
View File

@ -56,7 +56,7 @@ const char *usage =
"\t-2 Send challenge to slot 2.\n" "\t-2 Send challenge to slot 2.\n"
"\t-A action What to do.\n" "\t-A action What to do.\n"
"\t-p path Specify an output path for the challenge file.\n" "\t-p path Specify an output path for the challenge file.\n"
"\t-i iters Number of iterations to use for pbkdf2 (defaults to 10000)\n" "\t-i iters Number of iterations to use for PBKDF2 (defaults to 10000)\n"
"\n" "\n"
"\t-v Increase verbosity\n" "\t-v Increase verbosity\n"
"\t-V Show version and exit\n" "\t-V Show version and exit\n"
@ -170,7 +170,7 @@ do_add_hmac_chalresp(YK_KEY *yk, uint8_t slot, bool verbose, char *output_dir, u
//check if directory exists //check if directory exists
if (stat(fullpath,&st)!=0 ){ if (stat(fullpath,&st)!=0 ){
if(mkdir(fullpath, S_IRWXU)==-1){ if(mkdir(fullpath, S_IRWXU)==-1){
fprintf(stderr, "Failed creating directory '%s' :%s\n", fprintf(stderr, "Failed to create directory '%s': %s\n",
fullpath, strerror(errno)); fullpath, strerror(errno));
} }
if(verbose){ if(verbose){
@ -179,7 +179,7 @@ do_add_hmac_chalresp(YK_KEY *yk, uint8_t slot, bool verbose, char *output_dir, u
} }
else{ else{
if(!S_ISDIR(st.st_mode)){ if(!S_ISDIR(st.st_mode)){
fprintf(stderr, "Destination %s already exist and is not a directory.\n", fprintf(stderr, "Destination %s already exists and is not a directory.\n",
fullpath); fullpath);
goto out; goto out;
} }
@ -187,7 +187,7 @@ do_add_hmac_chalresp(YK_KEY *yk, uint8_t slot, bool verbose, char *output_dir, u
} }
if (! get_user_challenge_file(yk, output_dir, p, &fn, stdout)) { if (! get_user_challenge_file(yk, output_dir, p, &fn, stdout)) {
fprintf (stderr, "Failed getting chalresp state filename\n"); fprintf (stderr, "Failed to get chalresp state filename\n");
goto out; goto out;
} }
@ -197,7 +197,7 @@ do_add_hmac_chalresp(YK_KEY *yk, uint8_t slot, bool verbose, char *output_dir, u
} }
if (generate_random(state.challenge, CR_CHALLENGE_SIZE)) { if (generate_random(state.challenge, CR_CHALLENGE_SIZE)) {
fprintf (stderr, "FAILED getting %i bytes of random data\n", CR_CHALLENGE_SIZE); fprintf (stderr, "Failed to get %i bytes of random data\n", CR_CHALLENGE_SIZE);
goto out; goto out;
} }
state.challenge_len = CR_CHALLENGE_SIZE; state.challenge_len = CR_CHALLENGE_SIZE;
@ -215,7 +215,7 @@ do_add_hmac_chalresp(YK_KEY *yk, uint8_t slot, bool verbose, char *output_dir, u
char challenge[CR_CHALLENGE_SIZE]; char challenge[CR_CHALLENGE_SIZE];
if (generate_random(challenge, CR_CHALLENGE_SIZE)) { if (generate_random(challenge, CR_CHALLENGE_SIZE)) {
fprintf (stderr, "FAILED getting %i bytes of random data\n", CR_CHALLENGE_SIZE); fprintf (stderr, "Failed to get %i bytes of random data\n", CR_CHALLENGE_SIZE);
goto out; goto out;
} }
if (! challenge_response(yk, state.slot, challenge, CR_CHALLENGE_SIZE, if (! challenge_response(yk, state.slot, challenge, CR_CHALLENGE_SIZE,
@ -224,7 +224,7 @@ do_add_hmac_chalresp(YK_KEY *yk, uint8_t slot, bool verbose, char *output_dir, u
goto out; goto out;
if (memcmp(buf, buf2, response_len) == 0) { if (memcmp(buf, buf2, response_len) == 0) {
fprintf (stderr, "FAILED YubiKey is outputting the same response for different challenges." fprintf (stderr, "Failed: YubiKey is outputting the same response for different challenges."
"Make sure you configure the key with the option HMAC_LT64.\n"); "Make sure you configure the key with the option HMAC_LT64.\n");
goto out; goto out;
} }
@ -241,7 +241,7 @@ do_add_hmac_chalresp(YK_KEY *yk, uint8_t slot, bool verbose, char *output_dir, u
fd = open (fn, O_WRONLY | O_CREAT | O_TRUNC | O_CLOEXEC, S_IRUSR | S_IWUSR); fd = open (fn, O_WRONLY | O_CREAT | O_TRUNC | O_CLOEXEC, S_IRUSR | S_IWUSR);
if (fd < 0) { if (fd < 0) {
fprintf (stderr, "Failed opening '%s' for writing : %s\n", fn, strerror (errno)); fprintf (stderr, "Failed to open '%s' for writing: %s\n", fn, strerror (errno));
goto out; goto out;
} }
f = fdopen (fd, "w"); f = fdopen (fd, "w");