1
0
mirror of https://github.com/Yubico/yubico-pam.git synced 2025-01-21 22:52:17 +01:00

555 Commits

Author SHA1 Message Date
Alex Feinberg
362ca9cb92 Support comments in authfile
Adds support for comments (indicated by lines starting with '#') in
authfiles.
2015-08-10 14:37:02 -07:00
Klas Lindfors
50ce40bbb1 free message at end of function
it was possible message was never freed if the sprintf() call failed
2015-07-08 16:11:42 +02:00
Klas Lindfors
9a132bcd07 add cainfo option to allow usage of a cabundle instead of path
path submitted by github user @Mrten
reportedly this is needed if curl is linked with gnutls
fixes #6
2015-06-15 10:25:56 +02:00
Klas Lindfors
11326d023d add debug print for last url used 2015-04-27 11:03:34 +02:00
Klas Lindfors
e66ed787d1 export LDAPNOINIT=1 for tests so we don't run with systems ldap config
fixes #61
2015-04-07 16:33:52 +02:00
Klas Lindfors
8f61e253d3 more debugging on mocks 2015-04-07 09:21:00 +02:00
Klas Lindfors
0e77cffb67 add some debug logging to ldap and ykval mocks 2015-04-07 08:55:39 +02:00
Klas Lindfors
fe8eb203d9 change int to size_t 2015-03-30 15:25:16 +02:00
Klas Lindfors
c2a6b9c948 fixup warnings with sign 2015-03-30 15:25:15 +02:00
Klas Lindfors
9c913fd97e fixup warnings related to constness of filename 2015-03-30 15:25:15 +02:00
Klas Lindfors
076a8d2f3f Merge pull request #60 from neverpanic/master
Fix warnings on OS X with clang
2015-03-30 13:57:29 +02:00
Clemens Lang
ac5bb65013 Use unsigned, fix printf conversion spec warnings
Some of the printf conversion specifications were wrong when used on
size_t, causing

> pam_yubico.c:957:57: warning: format specifies type 'int' but the argument has type 'size_t' (aka 'unsigned long') [-Wformat]
>       DBG (("OTP too short to be considered : %i < %i", password_len, (cfg->token_id_length + TOKEN_OTP_LEN)));
>                                               ~~        ^~~~~~~~~~~~
>                                               %zu
> pam_yubico.c:132:36: note: expanded from macro 'DBG'
> #define DBG(x) if (cfg->debug) { D(x); }
>                                    ^
> ./util.h:47:12: note: expanded from macro 'D'
>     printf x;                                                           \
>            ^

and

> pam_yubico.c:967:14: warning: format specifies type 'int' but the argument has type 'size_t' (aka 'unsigned long') [-Wformat]
>         skip_bytes, password_len, cfg->token_id_length, TOKEN_OTP_LEN));
>                     ^~~~~~~~~~~~
> pam_yubico.c:132:36: note: expanded from macro 'DBG'
> #define DBG(x) if (cfg->debug) { D(x); }
>                                    ^
> ./util.h:47:12: note: expanded from macro 'D'
>     printf x;                                                           \
>            ^

Fix these by using the appropriate %zu conversions for size_t. While
looking through the code, there are a couple more places where format
string specifiers could be improved, e.g. using %zu instead of casting
the result of sizeof(x) or strlen(x) to unsigned long.

In addition, convert TOKEN_OTP_LEN, MAX_TOKEN_ID_LEN and
DEFAULT_TOKEN_ID_LEN to unsigned numbers, because negative values would
not make any sense for those.
2015-03-30 13:54:37 +02:00
Clemens Lang
c1f61bae0f Fix warning if pam_message.msg isn't constant
On OS X and FreeBSD, struct pam_message does not declare its msg member
as constant. This causes a warning when assigning a constant string to
it:

pam_yubico.c:403:14: warning: assigning to 'char *' from 'const char *' discards qualifiers [-Wincompatible-pointer-types-discards-qualifiers]
  msg[0].msg = message;
             ^ ~~~~~~~
2015-03-30 13:54:36 +02:00
Klas Lindfors
d4136a365f drop save-mans 2015-03-23 09:55:16 +01:00
Klas Lindfors
effac5f849 bump versions 2015-03-23 09:55:06 +01:00
Klas Lindfors
d130bec213 release 2.19 2.19 2015-03-23 09:53:56 +01:00
Klas Lindfors
8d93297619 fix typo 2015-03-17 09:32:50 +01:00
Klas Lindfors
2708fc90b5 fix the git url again
fixes #54
2015-03-13 21:20:28 +01:00
Henrik Stråth
7db3e2cbf0 Fixed broken link 2015-03-10 16:03:27 +01:00
Henrik Stråth
7f89cdf9cb removed broken link 2015-03-10 15:57:12 +01:00
Klas Lindfors
989d2f51f9 Merge pull request #56 from shanx/master
Clarified the notion of id when using the pam_yubico module
2015-03-10 08:15:35 +01:00
Klas Lindfors
1aba59cde0 skip the repo token for coveralls 2015-03-10 08:01:03 +01:00
Remco Wendt
d7d1bbfb1a fixed typo 2015-03-06 20:07:19 +01:00
Remco Wendt
70540bd02d Clarified the notion of id when using the pam_yubico module 2015-03-06 20:05:52 +01:00
Klas Lindfors
6065655593 fix formatting of NEWS 2015-03-04 15:31:09 +01:00
Klas Lindfors
ca72be3b9d prepare news for 2.19 2015-03-04 15:29:02 +01:00
Klas Lindfors
252f582712 change datatypes to unsigned
avoiding warnings about sign conversion
2015-03-04 14:52:28 +01:00
Klas Lindfors
8241cd0423 Merge branch 'feature/ldap_refactor'
Conflicts:
	pam_yubico.c
2015-03-04 14:40:57 +01:00
Klas Lindfors
77067004e8 update documentation with new ldap parameters 2015-03-04 13:52:31 +01:00
Klas Lindfors
951d02252d use ldap_bind_user and ldap_bind_password in example 2015-03-04 13:08:30 +01:00
Klas Lindfors
35c8acce6e simple ldap filter test 2015-03-04 11:12:53 +01:00
Klas Lindfors
71339bb8a1 allow ldap search with no base 2015-03-04 11:12:53 +01:00
Klas Lindfors
58382bf7fc make sure filter is null terminated and return length including null 2015-03-04 11:12:53 +01:00
Klas Lindfors
686a47accf drop authfile for ldap_cfg 2015-03-04 10:24:46 +01:00
Klas Lindfors
c75a3f0496 move debug print (and dereference of resp) inside null check 2015-03-04 10:20:40 +01:00
Klas Lindfors
c264ae14c1 add DEFS to cppcheck 2015-03-04 10:19:05 +01:00
Klas Lindfors
52a2dddac5 try to survive and continue for failure in apt-get update 2015-03-04 10:12:49 +01:00
Klas Lindfors
77c152df6f move protocol inside HAVE_LIBLDAP
to avoid warning of unused variable
2015-03-04 09:57:22 +01:00
Klas Lindfors
26cc397ba5 no need for a temp pointer when writing output of filter_result_len() 2015-03-04 09:51:55 +01:00
Klas Lindfors
336351188b drop password parameter for authorized_user_token_ldap() 2015-03-04 09:27:21 +01:00
Klas Lindfors
5709a4479a drop the ldap_bind_no_anonymous feature
Sending the users password out in another direction is scary and
requires more thought. Ideally this should be solved by using ldap
GSSAPI or similar instead of sending a cleartext password over the
network.
2015-03-04 09:14:53 +01:00
Klas Lindfors
0d3a4f4f75 consider all success as valid session 2015-03-04 09:14:14 +01:00
Klas Lindfors
f6e1ec9483 don't throw const away in cast 2015-03-04 09:11:09 +01:00
Klas Lindfors
311958093d client_id is supposed to be unsigned 2015-03-04 08:59:55 +01:00
Klas Lindfors
6c121c8da3 make sure rc is initialized before using 2015-03-04 08:50:08 +01:00
Klas Lindfors
663fa9a8a4 don't use c++ style comments 2015-03-04 08:47:11 +01:00
Klas Lindfors
3819b40430 don't use c++ style comments 2015-03-04 08:46:52 +01:00
Klas Lindfors
4faddc54f4 conform to other code 2015-03-04 08:45:03 +01:00
Klas Lindfors
8dc05e338e reference github with https, not git@
fixes #54
2015-02-20 22:34:53 +01:00
Klas Lindfors
6cd0f0c1b3 simplify filter_result_len()
and fixup warnings
2015-02-16 14:29:21 +01:00