1
0
mirror of https://github.com/Yubico/yubico-pam.git synced 2024-12-13 15:08:49 +01:00
Commit Graph

354 Commits

Author SHA1 Message Date
Fredrik Thulin
2d9a704a87 Remove hard coded values for challenge/responses.
Also do some input validation on what we read from the C/R file.
2011-03-14 15:27:19 +01:00
Fredrik Thulin
0142f265e5 generate_challenge() only generated half as many bytes as it should.
Changed generate_challenge() to generating bytes instead of a hex
encoded string, to not have to decode what we just encoded - instead
just generate plain bytes of randomness and then encode them once.
2011-03-14 14:31:22 +01:00
Fredrik Thulin
14e917ffae Wait with declaring PAM_SUCCESS on challenge-response until new
challenge-response has been stored properly on disk.
2011-03-14 13:50:30 +01:00
Fredrik Thulin
feb63ee472 fsync() wants file descriptor
Also, truncate file before writing if the challenge length has
changed (became shorter) or garbage has otherwise been appended.
2011-03-14 13:48:10 +01:00
Fredrik Thulin
71d68484f9 Don't generate new challenge on bad response. 2011-03-14 12:44:57 +01:00
Fredrik Thulin
68cdb39132 Support challenge-response files outside user's home directory.
Having the challege-response data inside the home directory won't
work very well if the YubiKey is to unlock an ecryptfs encrypted
home directory.
2011-03-14 10:17:12 +01:00
Fredrik Thulin
98e5e17bdc Merge remote branch 'remim/master' 2011-03-14 09:07:45 +01:00
Tollef Fog Heen
d9ee08b97f Add challenge-response authentication 2011-03-12 15:57:07 +01:00
Tollef Fog Heen
ed1ce7e6e7 Undef USERFILE when we don't need it any more 2011-03-12 15:57:02 +01:00
Tollef Fog Heen
e143afb050 Look for libykpers-1, which we will need for challenge-response 2011-03-12 15:56:51 +01:00
Tollef Fog Heen
49c923a99d Get rid of unimplemented PAM functions 2011-03-12 15:56:48 +01:00
Fredrik Thulin
e338807cc8 Merge branch 'fix/various_ldap_fixes' 2011-03-10 20:50:48 +01:00
Fredrik Thulin
27346d9be9 sync 2011-03-10 10:48:20 +01:00
Fredrik Thulin
a59c6c4d71 Ignore errors from pam_get_data(). 2011-03-04 15:52:02 +01:00
Fredrik Thulin
f91a7dc99a Correct debug log message for too short OTPs. 2011-03-03 15:45:00 +01:00
Fredrik Thulin
a5594fa09c Merge branch 'devel/avoid_logging_passwords' 2011-03-03 15:07:53 +01:00
Fredrik Thulin
952668811d Merge branch 'feature/non_static_id_length' 2011-03-03 15:06:22 +01:00
Fredrik Thulin
702ac98b21 Bugfix getting option token_id_length. 2011-03-03 15:06:15 +01:00
Fredrik Thulin
ac76947e8a Avoid logging passwords when debug is enabled.
Problem reported in
http://code.google.com/p/yubico-pam/issues/detail?id=28
2011-03-03 15:00:05 +01:00
Fredrik Thulin
60d9e6063b Merge branch 'feature/non_static_id_length' 2011-03-03 14:45:52 +01:00
Fredrik Thulin
abb0b7e4e4 authorize_user_token_ldap: Only fetch the attribute we're interested in.
Previous version fetched ALL attributes of the identified object,
and treated them all equal when looking for the YubiKey token identifier.
2011-03-03 14:18:00 +01:00
Fredrik Thulin
a9ef97ea4c authorize_user_token_ldap: Don't leak memory on failures. 2011-03-03 12:48:43 +01:00
Fredrik Thulin
0bb1630abf authorize_user_token_ldap: sr was under-allocated by one byte.
Also change strcat's to sprintf to make code easier to maintain.
2011-03-03 12:38:34 +01:00
Fredrik Thulin
bfd8efd682 Don't segfault on unset LDAP parameters.
When ldapserver / ldap_uri was specified, but not for example
user_attr, authorize_user_token_ldap() used to cause a segmentation
fault.
2011-03-03 10:58:34 +01:00
Fredrik Thulin
01897ebb9e Use LDAPv3 instead of LDAPv2.
LDAPv2 was declared historical in 2003, and is now not supported by
for example Mac OS X Server's Open Directory.
Patch by maxsanna81@gmail.com.
2011-03-03 10:31:30 +01:00
Fredrik Thulin
90a7fd0f0a Avoid LDAP warnings about deprecated functions.
Patch by judas.iscariote.
2011-03-03 10:19:55 +01:00
Fredrik Thulin
6a0c8fc82b authorize_user_token_ldap: Use correct LDAP free function.
Patch by judas.iscariote.
2011-03-03 10:11:16 +01:00
Fredrik Thulin
336f794b42 Make length of public ID part of tokens configurable.
Now that we support setting URL, not all public ID's can be expected
to be six bytes (the length used in the YubiCloud validation service).

Unfortunately we can't support OTPs of different lengths at once,
because there is code supporting users entering their (other)
password followed by the OTP from the YubiKey.

Patch by fraser.scott@gmail.com in
http://code.google.com/p/yubico-pam/issues/detail?id=19
2011-03-02 22:08:58 +01:00
Fredrik Thulin
ff14ae114c Check for ykclient-2.4+, since we use new ca_path function. 2011-03-02 21:51:38 +01:00
Fredrik Thulin
bdfa3891e2 Add debug output of url and capath. 2011-02-28 15:42:56 +01:00
Fredrik Thulin
9d9228bd46 Merge branch 'master' of github.com:Yubico/yubico-pam 2011-02-22 15:31:35 +01:00
Fredrik Thulin
e3440786bf init 2011-02-16 22:22:23 +01:00
Fredrik Thulin
64d641f544 sync 2011-02-16 22:21:59 +01:00
Fredrik Thulin
6825604968 Change to make releases from Github. 2011-02-16 22:21:41 +01:00
Fredrik Thulin
4b7fe7e880 Convert to asciidoc (used by Github wiki). 2011-02-16 22:20:38 +01:00
Fredrik Thulin
bbfde5cc17 Add submodule doc. 2011-02-16 22:17:00 +01:00
Remi Mollon
98dd410386 Add capath parameter to PAM module 2011-02-14 22:24:57 +08:00
Remi Mollon
d122f27825 Add capath parameter to PAM module 2011-02-14 17:20:48 +08:00
Simon Josefsson
bc96ebf148 Bump versions. 2010-09-10 11:08:52 +00:00
Simon Josefsson
9bad57f93f Fix. 2010-09-10 08:42:41 +00:00
Simon Josefsson
d4d83de923 Add. 2010-09-10 08:22:30 +00:00
Simon Josefsson
7f5dbaeaf1 Include wiki pages in distribution. 2010-09-10 08:21:35 +00:00
Simon Josefsson
d2d1b511d3 Fix release target. 2010-09-10 07:39:07 +00:00
Simon Josefsson
1fb5b8241a Bump versions. 2010-09-09 23:17:30 +00:00
Simon Josefsson
5a3fc2b658 Version 2.4. 2010-09-09 23:12:45 +00:00
Simon Josefsson
4e178389cb Add. 2010-09-09 21:42:00 +00:00
Simon Josefsson
2fee6c1fcf Fix segmentation fault on 64-bit systems.
Reported by multiple people in Issue #11
<http://code.google.com/p/yubico-pam/issues/detail?id=11>.
2010-09-09 21:40:38 +00:00
Simon Josefsson
c6e3b5bf16 Improve verbose_otp documentation. 2010-09-09 20:31:44 +00:00
Simon Josefsson
075cb5663f Handle ^D at su prompt. 2010-09-09 20:28:20 +00:00
Simon Josefsson
e6bed0bfcd Make deprecated "ldapserver" work again.
Reported by giovannibajo in Issue #27:
<http://code.google.com/p/yubico-pam/issues/detail?id=27>.
2010-07-13 16:53:24 +00:00