rooty/yubico-pam
1
0
Fork 0
mirror of https://github.com/Yubico/yubico-pam.git synced 2024-11-29 09:24:22 +01:00
Code Issues Projects Releases Wiki Activity
752 Commits 19 Branches 44 Tags 1.2 MiB
43d5c39880
Commit Graph

212 Commits

Author SHA1 Message Date
Klas Lindfors
0bd785cf3a use correct modifier for size_t print 2015-10-08 10:29:08 +02:00
Klas Lindfors
83cccf3e12 reset yk_errno when we're happy with the result 2015-09-14 13:14:51 +02:00
Klas Lindfors
056dac4794 correct fchmod() return check 2015-09-14 13:14:30 +02:00
Klas Lindfors
dd96aa71dc switch i to size_t to match usage 2015-09-14 10:34:06 +02:00
Klas Lindfors
344d1b4384 fix initialization of msg to not warn 
apparently this is gcc bug 53119
 2015-09-14 10:30:01 +02:00
Klas Lindfors
ec84a78453 make yubi_attr_prefix_len a size_t 2015-09-14 10:29:49 +02:00
Klas Lindfors
0eb2f8cec3 mark unused parameter with __attribute__((unused)) 2015-09-14 10:27:14 +02:00
Klas Lindfors
bc93b62489 use mkstemp() to get the tempfile instead 
unfortunately means we have to fchmod() it afterwards to be sure
 2015-09-14 10:24:05 +02:00
madRat
3d22ed0c15 do_chalendge needs drop privs twice at reading and writing 2015-09-11 16:50:51 +03:00
Klas Lindfors
1036873b95 in the challenge-response case only drop privileges for user dir 
This allows the module to work in a case where the directory is only
writable to root.

fixes #77
 2015-09-11 13:56:14 +02:00
Klas Lindfors
70f27b98a2 include pwd.h in util.h 2015-09-09 08:24:57 +02:00
Klas Lindfors
237ed18b9f use pam_modutil_getpwnam() if it's available 
also refactor to pass in a passwd struct to the util functions
 2015-09-08 09:15:07 +02:00
Klas Lindfors
50ce40bbb1 free message at end of function 
it was possible message was never freed if the sprintf() call failed
 2015-07-08 16:11:42 +02:00
Klas Lindfors
9a132bcd07 add cainfo option to allow usage of a cabundle instead of path 
path submitted by github user @Mrten
reportedly this is needed if curl is linked with gnutls
fixes #6
 2015-06-15 10:25:56 +02:00
Klas Lindfors
11326d023d add debug print for last url used 2015-04-27 11:03:34 +02:00
Clemens Lang
ac5bb65013 Use unsigned, fix printf conversion spec warnings 
Some of the printf conversion specifications were wrong when used on
size_t, causing

> pam_yubico.c:957:57: warning: format specifies type 'int' but the argument has type 'size_t' (aka 'unsigned long') [-Wformat]
>       DBG (("OTP too short to be considered : %i < %i", password_len, (cfg->token_id_length + TOKEN_OTP_LEN)));
>                                               ~~        ^~~~~~~~~~~~
>                                               %zu
> pam_yubico.c:132:36: note: expanded from macro 'DBG'
> #define DBG(x) if (cfg->debug) { D(x); }
>                                    ^
> ./util.h:47:12: note: expanded from macro 'D'
>     printf x;                                                           \
>            ^

and

> pam_yubico.c:967:14: warning: format specifies type 'int' but the argument has type 'size_t' (aka 'unsigned long') [-Wformat]
>         skip_bytes, password_len, cfg->token_id_length, TOKEN_OTP_LEN));
>                     ^~~~~~~~~~~~
> pam_yubico.c:132:36: note: expanded from macro 'DBG'
> #define DBG(x) if (cfg->debug) { D(x); }
>                                    ^
> ./util.h:47:12: note: expanded from macro 'D'
>     printf x;                                                           \
>            ^

Fix these by using the appropriate %zu conversions for size_t. While
looking through the code, there are a couple more places where format
string specifiers could be improved, e.g. using %zu instead of casting
the result of sizeof(x) or strlen(x) to unsigned long.

In addition, convert TOKEN_OTP_LEN, MAX_TOKEN_ID_LEN and
DEFAULT_TOKEN_ID_LEN to unsigned numbers, because negative values would
not make any sense for those.
 2015-03-30 13:54:37 +02:00
Clemens Lang
c1f61bae0f Fix warning if pam_message.msg isn't constant 
On OS X and FreeBSD, struct pam_message does not declare its msg member
as constant. This causes a warning when assigning a constant string to
it:

pam_yubico.c:403:14: warning: assigning to 'char *' from 'const char *' discards qualifiers [-Wincompatible-pointer-types-discards-qualifiers]
  msg[0].msg = message;
             ^ ~~~~~~~
 2015-03-30 13:54:36 +02:00
Klas Lindfors
252f582712 change datatypes to unsigned 
avoiding warnings about sign conversion
 2015-03-04 14:52:28 +01:00
Klas Lindfors
8241cd0423 Merge branch 'feature/ldap_refactor' 
Conflicts:
	pam_yubico.c
 2015-03-04 14:40:57 +01:00
Klas Lindfors
71339bb8a1 allow ldap search with no base 2015-03-04 11:12:53 +01:00
Klas Lindfors
c75a3f0496 move debug print (and dereference of resp) inside null check 2015-03-04 10:20:40 +01:00
Klas Lindfors
77c152df6f move protocol inside HAVE_LIBLDAP 
to avoid warning of unused variable
 2015-03-04 09:57:22 +01:00
Klas Lindfors
336351188b drop password parameter for authorized_user_token_ldap() 2015-03-04 09:27:21 +01:00
Klas Lindfors
5709a4479a drop the ldap_bind_no_anonymous feature 
Sending the users password out in another direction is scary and
requires more thought. Ideally this should be solved by using ldap
GSSAPI or similar instead of sending a cleartext password over the
network.
 2015-03-04 09:14:53 +01:00
Klas Lindfors
0d3a4f4f75 consider all success as valid session 2015-03-04 09:14:14 +01:00
Klas Lindfors
f6e1ec9483 don't throw const away in cast 2015-03-04 09:11:09 +01:00
Klas Lindfors
311958093d client_id is supposed to be unsigned 2015-03-04 08:59:55 +01:00
Klas Lindfors
6c121c8da3 make sure rc is initialized before using 2015-03-04 08:50:08 +01:00
Klas Lindfors
663fa9a8a4 don't use c++ style comments 2015-03-04 08:47:11 +01:00
Klas Lindfors
3819b40430 don't use c++ style comments 2015-03-04 08:46:52 +01:00
Klas Lindfors
4faddc54f4 conform to other code 2015-03-04 08:45:03 +01:00
Klas Lindfors
878c62dd56 drop extra options for bind dn and password 2015-02-16 10:10:53 +01:00
Klas Lindfors
f579f256c0 Merge commit 'aa87979eb84adb3adef170dac6ff2285ba43cd26' into features/ldap 
Conflicts:
	README
 2015-02-16 09:03:45 +01:00
Klas Lindfors
3b3a96efc2 add ykclient_global_init() and ykclient_global_done() calls 2015-02-16 08:19:59 +01:00
Klas Lindfors
ebb024f340 add debug print with version 2015-02-13 12:33:43 +01:00
Klas Lindfors
b02ab9902a free more unfreed memory in the pam_response structure 2015-01-21 09:57:02 +01:00
Klas Lindfors
057c3743c9 fixup a memory leak 
the caller is responsible for freeing the pam_response from
conversations
 2015-01-16 10:14:22 +01:00
Meno Abels
aa87979eb8 integrate https://github.com/Yubico/yubico-pam/pull/39/files 2014-11-20 23:59:36 +01:00
Meno Abels
37553c41ce enable that openvpn can now run without any local user 2014-11-20 23:22:59 +01:00
Meno Abels
dae9380ac7 added a better ldap handling, and to allow query active directory 2014-11-20 23:15:39 +01:00
Klas Lindfors
d9780eacd9 move check_user_token() to util 
for testability..
 2014-08-27 10:45:42 +02:00
Klas Lindfors
83a9b93d5b re-add libyubikey, needed. 2014-08-27 10:25:01 +02:00
Klas Lindfors
6dbcb903a5 move includes around in an attempt to include less 2014-08-27 09:44:49 +02:00
Klas Lindfors
79612b5b29 break out util.c into it's own temporary library 
to make testing easier
 2014-08-27 09:37:38 +02:00
Klas Lindfors
376bf33f9a correctly mark strings in cfg struct as const 2014-07-29 09:25:39 +02:00
Klas Lindfors
54989c3f3f fixup so urllist data is kept within it's own memory before strtok 
fixes #41
 2014-07-29 09:23:10 +02:00
Alex Fisher
d35d5bfb30 Fix segfault whilst freeing urls 2014-06-02 11:32:08 +01:00
Simon Josefsson
43cd3b4621 Update copyright years. 2014-04-30 13:16:09 +02:00
Klas Lindfors
431e96033d fixup strtok of url templates 2014-03-26 11:00:39 +01:00
Klas Lindfors
8f6717b13e fixup urllist feature (hopefully) 2014-03-26 10:53:40 +01:00
Klas Lindfors
602905c51d spelling 2014-03-26 09:40:01 +01:00
Klas Lindfors
3be440ec80 add urllist feature 
allowing up to 10 urls to be specified in config
 2014-03-12 15:00:22 +01:00
Simon Josefsson
387db3eba0 Merge pull request #14 from BinetReseau/master 
No match between user and token detailed pam values
 2013-09-27 02:11:20 -07:00
Klas Lindfors
7fa8cbbd46 a PAM_MODUTIL_DEV_PRIVS structure can't be reused 
so we have to allocate a second one and point to
that for the second time we want to drop privs.
relates to #28
 2013-09-23 08:56:49 +02:00
Klas Lindfors
1b2a8fdf30 reimplement drop_privs to implement the pam_modutils interface 
Original patch from maxime.deroucy@gmail.com.
http://code.google.com/p/yubico-pam/issues/detail?id=49
fixes #19
 2013-09-20 10:54:13 +02:00
Klas Lindfors
eb1ba8a52a update copyright years 2013-09-19 08:35:15 +02:00
Eugene Crosser
2aaf0fdc23 Stop leaks of memory and of privileges 
Fix several memory leaks and mishandling of the privilege status
where a function returned failure indication, and previously
allocated memory was not freed (and the referece was lost), or
previously droped privileges where not restored.
 2013-09-18 14:22:41 +02:00
Klas Lindfors
f617829f10 fixup warnings 2013-09-18 14:10:35 +02:00
Klas Lindfors
fb6b0911fd use pbkdf2 to process the exepected response 
this bumps the version on the state file to 2
old files can still be read but new files will use the new format
 2013-09-18 14:10:35 +02:00
Klas Lindfors
eb78d4882b refactor to use chalresp function from ykpers 
so challenge_response() now calls yk_challenge_response() to
do the yubikey internal stuff.
 2013-09-18 14:10:35 +02:00
Christian Hesse
7dc5c6a155 print information only if debug is specified 
The pam module is very informative. I do not want it to print any
information unless debug is specified. An attacker should not get any
information.
 2013-05-13 15:47:59 +02:00
Pierre-Alain Dupont
21c4dd3fa3 A more precise handling of user-token match errors 
Signed-off-by: Pierre-Alain Dupont <pad@melix.net>
 2013-01-26 15:59:23 +00:00
Vincent Brillault
96252b6f2b Verify the otp_length given by the configuration 
Avoid out of bound writing at ligne -920,1 +927,1:
strncpy (otp_id, password + skip_bytes, cfg->token_id_length);
 2012-08-07 19:18:43 +02:00
Klas Lindfors
2ffd54a24c use errstr to communicate with the user 2012-06-14 09:25:38 +02:00
Klas Lindfors
a5f2e9e333 check for same response in pam module, output debug for the user 2012-06-08 13:20:07 +02:00
Klas Lindfors
41c576e0cf replace fopen with open+fdopen to set more restrictive bits 2012-06-08 10:45:59 +02:00
Fredrik Thulin
da246e240c load_chalresp_state: Debug message was always shown. 2012-02-13 14:24:31 +01:00
Fredrik Thulin
82296f4632 do_challenge_response: Clear errno when done. 2012-02-10 15:13:42 +01:00
Fredrik Thulin
2c077fba4e DBG format fix 2012-02-10 14:13:24 +01:00
Fredrik Thulin
fb6281fa3f Fix clang indicated printf format warnings. 2012-02-08 15:53:18 +01:00
Fredrik Thulin
3275b38d59 Fix debug-logging of chalresp_path. Oddity reported by clang. 2012-02-06 11:37:42 +01:00
Fredrik Thulin
dc9146ffcb snprintf returns an int, not a size_t. reported by clang. 2012-02-06 11:31:23 +01:00
Fredrik Thulin
bfbcda54ad Merge branch 'master' of https://github.com/remim/yubico-pam 2012-02-02 13:16:05 +01:00
Remi Mollon
3e1f5f6925 renaming yubi_prefix to yubi_Attr_prefix and changing debug 2012-02-01 09:29:05 +01:00
Clemens Lang
d2c14efdd4 Add missing headers 
fcntl.h in pam_yubico.c is needed on OS X with clang for the build to
succeed, while unistd.h in util.c is required so clang doesn't complain
about implicit declarations of ftruncate and fsync.
 2012-01-28 00:30:34 +01:00
Fredrik Thulin
73369beba9 Avoid double fclose() in some error cases. 
Problem reported (and patched) by Lingzhu Xiang <xianglingzhu@gmail.com>
in http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=657524
 2012-01-27 12:33:53 +01:00
Remi Mollon
fd465d1261 add comment 2012-01-24 17:42:49 +01:00
Simon Josefsson
3828953374 Bump version. Use silent rules. Bump copyright years. 2012-01-23 20:25:06 +01:00
Remi Mollon
b42307d169 adding yubi_prefix parameter, when looking for token_id in ldap 2012-01-18 17:04:58 +01:00
Fredrik Thulin
263012f725 authorize_user_token: Don't drop privs for system-wide file. 2011-12-13 16:56:04 +01:00
Fredrik Thulin
43134038a5 do_challenge_response: Remove 2 unused variables. 2011-12-06 13:45:58 +01:00
Fredrik Thulin
b27599957c Fix implicit yubikey_* declarations. 2011-12-06 13:31:25 +01:00
Fredrik Thulin
fa8a9ff074 Fix pointer signedness warnings. 2011-12-06 11:56:52 +01:00
Fredrik Thulin
f24f333867 Drop privileges before writing new C-R file. 2011-11-23 13:56:01 +01:00
Fredrik Thulin
94885d2d48 Verify that challenge-response file is a normal file. 2011-11-23 13:55:44 +01:00
Fredrik Thulin
d4acd495f0 improve debug messages 2011-11-23 13:46:26 +01:00
Fredrik Thulin
fcde64a93e Use pam_modutil_drop_priv if it is available. 
Utility functions for what was done in drop_priv.c appeared
in PAM 1.1.3. Use them when available.
 2011-11-23 13:45:41 +01:00
Fredrik Thulin
b92902fd8f Restore challenge-response functionality. 
HAVE_LIBYKPERS_1 did not seem to ever get defined, so use HAVE_CR instead.
 2011-11-23 13:26:02 +01:00
Ricky Zhou
a9892dbb44 Drop privileges before opening user files. 
This change also ensures that user tokens are regular files.  We may
want to add a similar check for user challenge files.
 2011-11-23 10:16:00 +01:00
Fredrik Thulin
f92ee12aa9 Remove unused variable and extra undef. 2011-11-22 11:17:29 +01:00
Fredrik Thulin
47d883b600 pam_sm_authenticate: check strdup return value 2011-11-22 11:08:53 +01:00
Fredrik Thulin
57cf6ed5d6 authorize_user_token_ldap: check malloc return value 2011-11-22 11:08:28 +01:00
dr8
6dc10799b6 Bug fix: pam_yubico doesn't check server signature 
Squashed commit of the following:

commit 9e7746bc53
Author: dr8 <github@dominicrutherford.co.uk>
Date:   Mon Oct 31 14:27:47 2011 +0000

    Bug fix: pam_yubico doesn't check server signature

commit 2f3d5e721c
Author: dr8 <github@dominicrutherford.co.uk>
Date:   Sat Oct 29 16:59:08 2011 +0100

    Bug fix: pam_yubico does not validate server signature

commit 58a1e6820a
Author: dr8 <github@dominicrutherford.co.uk>
Date:   Fri Oct 28 22:09:49 2011 +0100

    only validate server signature when key is specified

commit d705f429bc
Author: dr8 <github@dominicrutherford.co.uk>
Date:   Tue Oct 25 22:45:22 2011 +0100

    fix failure to validate server signature
 2011-11-08 21:57:28 +01:00
Nanakos Chrysostomos
4712da70ca Fix big security hole: Authentication succeeded when no password 
was given, unless use_first_pass was being used.
This is fatal if pam_yubico is considered 'sufficient' in the PAM
configuration.

Signed-off-by: Nanakos Chrysostomos <nanakos@wired-net.gr>
 2011-08-26 14:32:03 +03:00
Simon Josefsson
e469b630d5 Make dependency on libykpers optional. 
Use --without-cr to force it.  Reported by Jussi Sallinen <jussi@jus.si>.
 2011-06-07 00:35:22 +02:00
Fredrik Thulin
eb438e782c parse_cfg: Use memset to clear cfg struct. 
The code will be easier to maintain if one does not have to remember
explicitly initializing all new members of the config struct.
 2011-04-15 16:30:06 +02:00
Fredrik Thulin
804b537acf Fix some D's that should've been DBG. 2011-04-15 16:28:00 +02:00
Fredrik Thulin
dfebd4173f Make DBG macro unified. 
Refactor authorize_user_token and authorize_user_token_ldap to take
a cfg argument instead of a number of elements from cfg.
 2011-04-15 15:24:50 +02:00
Romain Riviere
1ec6d2df92 Debug: adding a dbg flag and macro so as to disable unwanted debug messages 2011-04-15 14:17:23 +02:00
Tollef Fog Heen
7923496375 Tell the user if something goes wrong after authenticating 
If we successfully authenticate, but something then goes wrong, such
as failure to generate a new challenge, failure to update the
challenge and so on, tell the user.
 2011-03-18 23:05:26 +01:00