rooty/yubico-pam
1
0
Fork 0
mirror of https://github.com/Yubico/yubico-pam.git synced 2024-11-29 09:24:22 +01:00
Code Issues Projects Releases Wiki Activity
567 Commits 19 Branches 44 Tags 1.2 MiB
0eb2f8cec3
Commit Graph

156 Commits

Author SHA1 Message Date
Klas Lindfors
0eb2f8cec3 mark unused parameter with __attribute__((unused)) 2015-09-14 10:27:14 +02:00
Klas Lindfors
bc93b62489 use mkstemp() to get the tempfile instead 
unfortunately means we have to fchmod() it afterwards to be sure
 2015-09-14 10:24:05 +02:00
madRat
3d22ed0c15 do_chalendge needs drop privs twice at reading and writing 2015-09-11 16:50:51 +03:00
Klas Lindfors
1036873b95 in the challenge-response case only drop privileges for user dir 
This allows the module to work in a case where the directory is only
writable to root.

fixes #77
 2015-09-11 13:56:14 +02:00
Klas Lindfors
70f27b98a2 include pwd.h in util.h 2015-09-09 08:24:57 +02:00
Klas Lindfors
237ed18b9f use pam_modutil_getpwnam() if it's available 
also refactor to pass in a passwd struct to the util functions
 2015-09-08 09:15:07 +02:00
Klas Lindfors
50ce40bbb1 free message at end of function 
it was possible message was never freed if the sprintf() call failed
 2015-07-08 16:11:42 +02:00
Klas Lindfors
9a132bcd07 add cainfo option to allow usage of a cabundle instead of path 
path submitted by github user @Mrten
reportedly this is needed if curl is linked with gnutls
fixes #6
 2015-06-15 10:25:56 +02:00
Klas Lindfors
11326d023d add debug print for last url used 2015-04-27 11:03:34 +02:00
Clemens Lang
ac5bb65013 Use unsigned, fix printf conversion spec warnings 
Some of the printf conversion specifications were wrong when used on
size_t, causing

> pam_yubico.c:957:57: warning: format specifies type 'int' but the argument has type 'size_t' (aka 'unsigned long') [-Wformat]
>       DBG (("OTP too short to be considered : %i < %i", password_len, (cfg->token_id_length + TOKEN_OTP_LEN)));
>                                               ~~        ^~~~~~~~~~~~
>                                               %zu
> pam_yubico.c:132:36: note: expanded from macro 'DBG'
> #define DBG(x) if (cfg->debug) { D(x); }
>                                    ^
> ./util.h:47:12: note: expanded from macro 'D'
>     printf x;                                                           \
>            ^

and

> pam_yubico.c:967:14: warning: format specifies type 'int' but the argument has type 'size_t' (aka 'unsigned long') [-Wformat]
>         skip_bytes, password_len, cfg->token_id_length, TOKEN_OTP_LEN));
>                     ^~~~~~~~~~~~
> pam_yubico.c:132:36: note: expanded from macro 'DBG'
> #define DBG(x) if (cfg->debug) { D(x); }
>                                    ^
> ./util.h:47:12: note: expanded from macro 'D'
>     printf x;                                                           \
>            ^

Fix these by using the appropriate %zu conversions for size_t. While
looking through the code, there are a couple more places where format
string specifiers could be improved, e.g. using %zu instead of casting
the result of sizeof(x) or strlen(x) to unsigned long.

In addition, convert TOKEN_OTP_LEN, MAX_TOKEN_ID_LEN and
DEFAULT_TOKEN_ID_LEN to unsigned numbers, because negative values would
not make any sense for those.
 2015-03-30 13:54:37 +02:00
Clemens Lang
c1f61bae0f Fix warning if pam_message.msg isn't constant 
On OS X and FreeBSD, struct pam_message does not declare its msg member
as constant. This causes a warning when assigning a constant string to
it:

pam_yubico.c:403:14: warning: assigning to 'char *' from 'const char *' discards qualifiers [-Wincompatible-pointer-types-discards-qualifiers]
  msg[0].msg = message;
             ^ ~~~~~~~
 2015-03-30 13:54:36 +02:00
Klas Lindfors
252f582712 change datatypes to unsigned 
avoiding warnings about sign conversion
 2015-03-04 14:52:28 +01:00
Klas Lindfors
8241cd0423 Merge branch 'feature/ldap_refactor' 
Conflicts:
	pam_yubico.c
 2015-03-04 14:40:57 +01:00
Klas Lindfors
71339bb8a1 allow ldap search with no base 2015-03-04 11:12:53 +01:00
Klas Lindfors
c75a3f0496 move debug print (and dereference of resp) inside null check 2015-03-04 10:20:40 +01:00
Klas Lindfors
77c152df6f move protocol inside HAVE_LIBLDAP 
to avoid warning of unused variable
 2015-03-04 09:57:22 +01:00
Klas Lindfors
336351188b drop password parameter for authorized_user_token_ldap() 2015-03-04 09:27:21 +01:00
Klas Lindfors
5709a4479a drop the ldap_bind_no_anonymous feature 
Sending the users password out in another direction is scary and
requires more thought. Ideally this should be solved by using ldap
GSSAPI or similar instead of sending a cleartext password over the
network.
 2015-03-04 09:14:53 +01:00
Klas Lindfors
0d3a4f4f75 consider all success as valid session 2015-03-04 09:14:14 +01:00
Klas Lindfors
f6e1ec9483 don't throw const away in cast 2015-03-04 09:11:09 +01:00
Klas Lindfors
311958093d client_id is supposed to be unsigned 2015-03-04 08:59:55 +01:00
Klas Lindfors
6c121c8da3 make sure rc is initialized before using 2015-03-04 08:50:08 +01:00
Klas Lindfors
663fa9a8a4 don't use c++ style comments 2015-03-04 08:47:11 +01:00
Klas Lindfors
3819b40430 don't use c++ style comments 2015-03-04 08:46:52 +01:00
Klas Lindfors
4faddc54f4 conform to other code 2015-03-04 08:45:03 +01:00
Klas Lindfors
878c62dd56 drop extra options for bind dn and password 2015-02-16 10:10:53 +01:00
Klas Lindfors
f579f256c0 Merge commit 'aa87979eb84adb3adef170dac6ff2285ba43cd26' into features/ldap 
Conflicts:
	README
 2015-02-16 09:03:45 +01:00
Klas Lindfors
3b3a96efc2 add ykclient_global_init() and ykclient_global_done() calls 2015-02-16 08:19:59 +01:00
Klas Lindfors
ebb024f340 add debug print with version 2015-02-13 12:33:43 +01:00
Klas Lindfors
b02ab9902a free more unfreed memory in the pam_response structure 2015-01-21 09:57:02 +01:00
Klas Lindfors
057c3743c9 fixup a memory leak 
the caller is responsible for freeing the pam_response from
conversations
 2015-01-16 10:14:22 +01:00
Meno Abels
aa87979eb8 integrate https://github.com/Yubico/yubico-pam/pull/39/files 2014-11-20 23:59:36 +01:00
Meno Abels
37553c41ce enable that openvpn can now run without any local user 2014-11-20 23:22:59 +01:00
Meno Abels
dae9380ac7 added a better ldap handling, and to allow query active directory 2014-11-20 23:15:39 +01:00
Klas Lindfors
d9780eacd9 move check_user_token() to util 
for testability..
 2014-08-27 10:45:42 +02:00
Klas Lindfors
83a9b93d5b re-add libyubikey, needed. 2014-08-27 10:25:01 +02:00
Klas Lindfors
6dbcb903a5 move includes around in an attempt to include less 2014-08-27 09:44:49 +02:00
Klas Lindfors
79612b5b29 break out util.c into it's own temporary library 
to make testing easier
 2014-08-27 09:37:38 +02:00
Klas Lindfors
376bf33f9a correctly mark strings in cfg struct as const 2014-07-29 09:25:39 +02:00
Klas Lindfors
54989c3f3f fixup so urllist data is kept within it's own memory before strtok 
fixes #41
 2014-07-29 09:23:10 +02:00
Alex Fisher
d35d5bfb30 Fix segfault whilst freeing urls 2014-06-02 11:32:08 +01:00
Simon Josefsson
43cd3b4621 Update copyright years. 2014-04-30 13:16:09 +02:00
Klas Lindfors
431e96033d fixup strtok of url templates 2014-03-26 11:00:39 +01:00
Klas Lindfors
8f6717b13e fixup urllist feature (hopefully) 2014-03-26 10:53:40 +01:00
Klas Lindfors
602905c51d spelling 2014-03-26 09:40:01 +01:00
Klas Lindfors
3be440ec80 add urllist feature 
allowing up to 10 urls to be specified in config
 2014-03-12 15:00:22 +01:00
Simon Josefsson
387db3eba0 Merge pull request #14 from BinetReseau/master 
No match between user and token detailed pam values
 2013-09-27 02:11:20 -07:00
Klas Lindfors
7fa8cbbd46 a PAM_MODUTIL_DEV_PRIVS structure can't be reused 
so we have to allocate a second one and point to
that for the second time we want to drop privs.
relates to #28
 2013-09-23 08:56:49 +02:00
Klas Lindfors
1b2a8fdf30 reimplement drop_privs to implement the pam_modutils interface 
Original patch from maxime.deroucy@gmail.com.
http://code.google.com/p/yubico-pam/issues/detail?id=49
fixes #19
 2013-09-20 10:54:13 +02:00
Klas Lindfors
eb1ba8a52a update copyright years 2013-09-19 08:35:15 +02:00