1
0
mirror of https://github.com/Yubico/yubico-pam.git synced 2024-12-11 09:24:10 +01:00
Commit Graph

413 Commits

Author SHA1 Message Date
Fredrik Thulin
f24f333867 Drop privileges before writing new C-R file. 2011-11-23 13:56:01 +01:00
Fredrik Thulin
94885d2d48 Verify that challenge-response file is a normal file. 2011-11-23 13:55:44 +01:00
Fredrik Thulin
d4acd495f0 improve debug messages 2011-11-23 13:46:26 +01:00
Fredrik Thulin
fcde64a93e Use pam_modutil_drop_priv if it is available.
Utility functions for what was done in drop_priv.c appeared
in PAM 1.1.3. Use them when available.
2011-11-23 13:45:41 +01:00
Fredrik Thulin
b92902fd8f Restore challenge-response functionality.
HAVE_LIBYKPERS_1 did not seem to ever get defined, so use HAVE_CR instead.
2011-11-23 13:26:02 +01:00
Ricky Zhou
a9892dbb44 Drop privileges before opening user files.
This change also ensures that user tokens are regular files.  We may
want to add a similar check for user challenge files.
2011-11-23 10:16:00 +01:00
Fredrik Thulin
f92ee12aa9 Remove unused variable and extra undef. 2011-11-22 11:17:29 +01:00
Fredrik Thulin
47d883b600 pam_sm_authenticate: check strdup return value 2011-11-22 11:08:53 +01:00
Fredrik Thulin
57cf6ed5d6 authorize_user_token_ldap: check malloc return value 2011-11-22 11:08:28 +01:00
Fredrik Thulin
8930cca53e parse_args: getopt() return value is int. 2011-11-22 11:03:51 +01:00
Fredrik Thulin
47e59ae8c0 Fix release date of 2.9. 2011-11-17 20:52:29 +01:00
Fredrik Thulin
22648cfcb5 Link pam_yubico.la directly with -lpam. 2011-11-17 20:50:39 +01:00
Fredrik Thulin
2ab6c26f27 updates 2011-11-08 22:21:20 +01:00
Fredrik Thulin
b8d806fd63 Prepare for version 2.9. 2011-11-08 22:05:53 +01:00
dr8
6dc10799b6 Bug fix: pam_yubico doesn't check server signature
Squashed commit of the following:

commit 9e7746bc53
Author: dr8 <github@dominicrutherford.co.uk>
Date:   Mon Oct 31 14:27:47 2011 +0000

    Bug fix: pam_yubico doesn't check server signature

commit 2f3d5e721c
Author: dr8 <github@dominicrutherford.co.uk>
Date:   Sat Oct 29 16:59:08 2011 +0100

    Bug fix: pam_yubico does not validate server signature

commit 58a1e6820a
Author: dr8 <github@dominicrutherford.co.uk>
Date:   Fri Oct 28 22:09:49 2011 +0100

    only validate server signature when key is specified

commit d705f429bc
Author: dr8 <github@dominicrutherford.co.uk>
Date:   Tue Oct 25 22:45:22 2011 +0100

    fix failure to validate server signature
2011-11-08 21:57:28 +01:00
Fredrik Thulin
788f826ddc Prepare for version 2.8. 2011-08-26 13:58:42 +02:00
Nanakos Chrysostomos
4712da70ca Fix big security hole: Authentication succeeded when no password
was given, unless use_first_pass was being used.
This is fatal if pam_yubico is considered 'sufficient' in the PAM
configuration.

Signed-off-by: Nanakos Chrysostomos <nanakos@wired-net.gr>
2011-08-26 14:32:03 +03:00
Simon Josefsson
2bf1a9b645 Fix date. 2011-06-07 00:43:48 +02:00
Simon Josefsson
6a1727bb38 Fix release target. 2011-06-07 00:43:14 +02:00
Simon Josefsson
5b96efa7d9 Ignore more. 2011-06-07 00:41:55 +02:00
Simon Josefsson
6eae809ccc Update doc/. 2011-06-07 00:37:46 +02:00
Simon Josefsson
d75cb69439 Version 2.7. 2011-06-07 00:37:12 +02:00
Simon Josefsson
e469b630d5 Make dependency on libykpers optional.
Use --without-cr to force it.  Reported by Jussi Sallinen <jussi@jus.si>.
2011-06-07 00:35:22 +02:00
Fredrik Thulin
eb438e782c parse_cfg: Use memset to clear cfg struct.
The code will be easier to maintain if one does not have to remember
explicitly initializing all new members of the config struct.
2011-04-15 16:30:06 +02:00
Fredrik Thulin
804b537acf Fix some D's that should've been DBG. 2011-04-15 16:28:00 +02:00
Fredrik Thulin
dfebd4173f Make DBG macro unified.
Refactor authorize_user_token and authorize_user_token_ldap to take
a cfg argument instead of a number of elements from cfg.
2011-04-15 15:24:50 +02:00
Romain Riviere
1ec6d2df92 Debug: adding a dbg flag and macro so as to disable unwanted debug messages 2011-04-15 14:17:23 +02:00
Fredrik Thulin
9fd4b0295f Add mentioning of recursive dependency on libyubikey. 2011-04-13 23:17:27 +02:00
Fredrik Thulin
60824becdc Tag releases consistent with previous ones (no 'v'). 2011-04-13 22:39:08 +02:00
Fredrik Thulin
53ca3786b8 sync 2011-04-13 15:47:36 +02:00
Fredrik Thulin
1b6bb56e86 sync 2011-04-11 15:53:02 +02:00
Fredrik Thulin
1ebaf8773f Explicitly link with libyubikey. 2011-04-11 15:51:21 +02:00
Fredrik Thulin
70fcd66e59 Version 2.6. 2011-04-11 15:44:55 +02:00
Fredrik Thulin
1d62f8d48b whitespace 2011-04-11 14:49:02 +02:00
Tollef Fog Heen
7923496375 Tell the user if something goes wrong after authenticating
If we successfully authenticate, but something then goes wrong, such
as failure to generate a new challenge, failure to update the
challenge and so on, tell the user.
2011-03-18 23:05:26 +01:00
Tollef Fog Heen
63957aad70 Merge remote branch 'fredrikt/master'
Conflicts:
	util.c
2011-03-18 23:02:32 +01:00
Tollef Fog Heen
72d1f4bba9 Move code around slightly to make merging with Fredrik easier 2011-03-18 23:01:46 +01:00
Fredrik Thulin
839b33a0a1 Add ykpamcfg - C/R setup command line utility. 2011-03-18 22:57:46 +01:00
Fredrik Thulin
b20c0ed678 Make get_user_challenge_file() also include YubiKey serial number,
and move it to util.c.
2011-03-18 22:57:22 +01:00
Fredrik Thulin
568e8abf68 Version-tag challenge-response state file contents.
Helps in case we ever want to change the file format.
2011-03-18 22:57:00 +01:00
Fredrik Thulin
69ec1bf8a0 Further cleanups to challenge response code, and move more code to util.c. 2011-03-18 22:56:41 +01:00
Fredrik Thulin
cb16817047 Revert "Wait with declaring PAM_SUCCESS on challenge-response until new"
Tollef has argued that the login should not fail if, for example, the
disk is full. I'd rather fail on the cautious side and make sure we
don't end up always sending the same challenge to the YubiKey, but I'll
leave it up to Tollef to decide for now.

This reverts commit 14e917ffae.

Conflicts:

	pam_yubico.c
2011-03-18 22:50:23 +01:00
Fredrik Thulin
721866df0b Move more challenge-response code to util.c. 2011-03-18 21:52:07 +01:00
Fredrik Thulin
c557249503 Move soon-to-be commonly used code to util.c 2011-03-18 21:49:23 +01:00
Tollef Fog Heen
1130d47bb2 Use a temporary file to ensure we always have a challenge
If we use ftruncate we might end up in the situation that we do not
have a challenge on disk, leading to the user being unable to log in.
By using a temporary file, fsync and rename we avoid this problem.
2011-03-17 21:51:35 +01:00
Fredrik Thulin
e2968a1bf8 Add ykpamcfg - C/R setup command line utility. 2011-03-17 18:23:40 +01:00
Fredrik Thulin
c1f8ba8804 Make get_user_challenge_file() also include YubiKey serial number,
and move it to util.c.
2011-03-17 17:55:04 +01:00
Fredrik Thulin
fe12e98e38 Version-tag challenge-response state file contents.
Helps in case we ever want to change the file format.
2011-03-17 16:12:19 +01:00
Fredrik Thulin
ab47c06c20 Further cleanups to challenge response code, and move more code
to util.c.
2011-03-17 16:10:42 +01:00
Fredrik Thulin
319fee4e08 Revert "Wait with declaring PAM_SUCCESS on challenge-response until new"
Tollef has argued that the login should not fail if, for example, the
disk is full. I'd rather fail on the cautious side and make sure we
don't end up always sending the same challenge to the YubiKey, but I'll
leave it up to Tollef to decide for now.

This reverts commit 14e917ffae.

Conflicts:

	pam_yubico.c
2011-03-17 15:08:23 +01:00