Meno Abels
37553c41ce
enable that openvpn can now run without any local user
2014-11-20 23:22:59 +01:00
Meno Abels
dae9380ac7
added a better ldap handling, and to allow query active directory
2014-11-20 23:15:39 +01:00
Klas Lindfors
d9780eacd9
move check_user_token() to util
...
for testability..
2014-08-27 10:45:42 +02:00
Klas Lindfors
83a9b93d5b
re-add libyubikey, needed.
2014-08-27 10:25:01 +02:00
Klas Lindfors
6dbcb903a5
move includes around in an attempt to include less
2014-08-27 09:44:49 +02:00
Klas Lindfors
79612b5b29
break out util.c into it's own temporary library
...
to make testing easier
2014-08-27 09:37:38 +02:00
Klas Lindfors
376bf33f9a
correctly mark strings in cfg struct as const
2014-07-29 09:25:39 +02:00
Klas Lindfors
54989c3f3f
fixup so urllist data is kept within it's own memory before strtok
...
fixes #41
2014-07-29 09:23:10 +02:00
Alex Fisher
d35d5bfb30
Fix segfault whilst freeing urls
2014-06-02 11:32:08 +01:00
Simon Josefsson
43cd3b4621
Update copyright years.
2014-04-30 13:16:09 +02:00
Klas Lindfors
431e96033d
fixup strtok of url templates
2014-03-26 11:00:39 +01:00
Klas Lindfors
8f6717b13e
fixup urllist feature (hopefully)
2014-03-26 10:53:40 +01:00
Klas Lindfors
602905c51d
spelling
2014-03-26 09:40:01 +01:00
Klas Lindfors
3be440ec80
add urllist feature
...
allowing up to 10 urls to be specified in config
2014-03-12 15:00:22 +01:00
Simon Josefsson
387db3eba0
Merge pull request #14 from BinetReseau/master
...
No match between user and token detailed pam values
2013-09-27 02:11:20 -07:00
Klas Lindfors
7fa8cbbd46
a PAM_MODUTIL_DEV_PRIVS structure can't be reused
...
so we have to allocate a second one and point to
that for the second time we want to drop privs.
relates to #28
2013-09-23 08:56:49 +02:00
Klas Lindfors
1b2a8fdf30
reimplement drop_privs to implement the pam_modutils interface
...
Original patch from maxime.deroucy@gmail.com .
http://code.google.com/p/yubico-pam/issues/detail?id=49
fixes #19
2013-09-20 10:54:13 +02:00
Klas Lindfors
eb1ba8a52a
update copyright years
2013-09-19 08:35:15 +02:00
Eugene Crosser
2aaf0fdc23
Stop leaks of memory and of privileges
...
Fix several memory leaks and mishandling of the privilege status
where a function returned failure indication, and previously
allocated memory was not freed (and the referece was lost), or
previously droped privileges where not restored.
2013-09-18 14:22:41 +02:00
Klas Lindfors
f617829f10
fixup warnings
2013-09-18 14:10:35 +02:00
Klas Lindfors
fb6b0911fd
use pbkdf2 to process the exepected response
...
this bumps the version on the state file to 2
old files can still be read but new files will use the new format
2013-09-18 14:10:35 +02:00
Klas Lindfors
eb78d4882b
refactor to use chalresp function from ykpers
...
so challenge_response() now calls yk_challenge_response() to
do the yubikey internal stuff.
2013-09-18 14:10:35 +02:00
Christian Hesse
7dc5c6a155
print information only if debug is specified
...
The pam module is very informative. I do not want it to print any
information unless debug is specified. An attacker should not get any
information.
2013-05-13 15:47:59 +02:00
Pierre-Alain Dupont
21c4dd3fa3
A more precise handling of user-token match errors
...
Signed-off-by: Pierre-Alain Dupont <pad@melix.net>
2013-01-26 15:59:23 +00:00
Vincent Brillault
96252b6f2b
Verify the otp_length given by the configuration
...
Avoid out of bound writing at ligne -920,1 +927,1:
strncpy (otp_id, password + skip_bytes, cfg->token_id_length);
2012-08-07 19:18:43 +02:00
Klas Lindfors
2ffd54a24c
use errstr to communicate with the user
2012-06-14 09:25:38 +02:00
Klas Lindfors
a5f2e9e333
check for same response in pam module, output debug for the user
2012-06-08 13:20:07 +02:00
Klas Lindfors
41c576e0cf
replace fopen with open+fdopen to set more restrictive bits
2012-06-08 10:45:59 +02:00
Fredrik Thulin
da246e240c
load_chalresp_state: Debug message was always shown.
2012-02-13 14:24:31 +01:00
Fredrik Thulin
82296f4632
do_challenge_response: Clear errno when done.
2012-02-10 15:13:42 +01:00
Fredrik Thulin
2c077fba4e
DBG format fix
2012-02-10 14:13:24 +01:00
Fredrik Thulin
fb6281fa3f
Fix clang indicated printf format warnings.
2012-02-08 15:53:18 +01:00
Fredrik Thulin
3275b38d59
Fix debug-logging of chalresp_path. Oddity reported by clang.
2012-02-06 11:37:42 +01:00
Fredrik Thulin
dc9146ffcb
snprintf returns an int, not a size_t. reported by clang.
2012-02-06 11:31:23 +01:00
Fredrik Thulin
bfbcda54ad
Merge branch 'master' of https://github.com/remim/yubico-pam
2012-02-02 13:16:05 +01:00
Remi Mollon
3e1f5f6925
renaming yubi_prefix to yubi_Attr_prefix and changing debug
2012-02-01 09:29:05 +01:00
Clemens Lang
d2c14efdd4
Add missing headers
...
fcntl.h in pam_yubico.c is needed on OS X with clang for the build to
succeed, while unistd.h in util.c is required so clang doesn't complain
about implicit declarations of ftruncate and fsync.
2012-01-28 00:30:34 +01:00
Fredrik Thulin
73369beba9
Avoid double fclose() in some error cases.
...
Problem reported (and patched) by Lingzhu Xiang <xianglingzhu@gmail.com>
in http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=657524
2012-01-27 12:33:53 +01:00
Remi Mollon
fd465d1261
add comment
2012-01-24 17:42:49 +01:00
Simon Josefsson
3828953374
Bump version. Use silent rules. Bump copyright years.
2012-01-23 20:25:06 +01:00
Remi Mollon
b42307d169
adding yubi_prefix parameter, when looking for token_id in ldap
2012-01-18 17:04:58 +01:00
Fredrik Thulin
263012f725
authorize_user_token: Don't drop privs for system-wide file.
2011-12-13 16:56:04 +01:00
Fredrik Thulin
43134038a5
do_challenge_response: Remove 2 unused variables.
2011-12-06 13:45:58 +01:00
Fredrik Thulin
b27599957c
Fix implicit yubikey_* declarations.
2011-12-06 13:31:25 +01:00
Fredrik Thulin
fa8a9ff074
Fix pointer signedness warnings.
2011-12-06 11:56:52 +01:00
Fredrik Thulin
f24f333867
Drop privileges before writing new C-R file.
2011-11-23 13:56:01 +01:00
Fredrik Thulin
94885d2d48
Verify that challenge-response file is a normal file.
2011-11-23 13:55:44 +01:00
Fredrik Thulin
d4acd495f0
improve debug messages
2011-11-23 13:46:26 +01:00
Fredrik Thulin
fcde64a93e
Use pam_modutil_drop_priv if it is available.
...
Utility functions for what was done in drop_priv.c appeared
in PAM 1.1.3. Use them when available.
2011-11-23 13:45:41 +01:00
Fredrik Thulin
b92902fd8f
Restore challenge-response functionality.
...
HAVE_LIBYKPERS_1 did not seem to ever get defined, so use HAVE_CR instead.
2011-11-23 13:26:02 +01:00