Add support of Mysql/Mariadb for the yubikey_mapping
Mise à jour sql complete, manque la documentation
Final
clean
Add packages dependency
actions: apt update
Fix bool variable cause error build travis
Fix job #2
Fix job #3Fix#4
fix &null
fix &null
fix &null
Fix line 257 %s
test Apple integration
test Apple integration
Timeout Travis extend
Timeout travis extend
Fix klali comment
Fix warning
fix configure.ac
fix configure.ac
Update configure.ac
Update util.c
Update util.h
Update util.c
Update util.c
Update util.c
Update util.c
Fix white space
fix left column
Might be new scanner versions or scanners added. This will
make sure new better (?) scanners will be run on repos that
might not have that much activity
and return AUTH_NO_TOKENS if file doesn't exist. This fixes issues in
the nullok case where this user should just be skipped over, handle
other issues with user file as an AUTH_ERROR.
fixes#194
This also unifies the code between pam-u2f and yubico-pam which means
removing the O_CREAT flag here. This is however in line with the README
and the behaviour of pam-u2f. Also, the previous code did lstat on the
path before and if it did not exist it would not have moved on to the
open() anyways.
The previous code was using a trick of saving the actual retval value
as the "pointer". The problem with that was when pam_get_data copied
it out it treated it as a void* which is 8 byte on 64 bit operating
system which meant it copied 8 byte to a 4 byte location and overwrote
the stack with 4 bytes.
The fix is using a heap pointer instead, influenced by the official
code in https://github.com/linux-pam/linux-pam/blob/master/modules/pam_unix/pam_unix_auth.c
With feedback from pedro martelletto, thanks.
If the PAM module cannot update the challenge response file (due to permissions errors, usually), the incorrect error message is displayed "Error communicating with YubiKey...".
This patch makes it so the correct error message is sent to the PAM client, which makes resolving this issue a lot easier.
As raised in #174, ldap_bind_as_user cannot be used if this module is
set to get YubiKey+OTP because the initial ldap lookup fails (since the
password is not set yet). `always_prompt` will stil the initial lookup,
meaning that the user will be given the chance to enter their password.
This adds support for using a client cert/key to authenticate to an LDAP
server. It is separate from binding with a username and password and
can either be used alongside it or with an anonymous bind to the server.
This allows using the authenticating user's username and password to
bind to the LDAP server. This is desirable because it allows for
looking up the yubikey attributes without needing to create a service
account.
