rooty/yubico-pam
1
0
Fork 0
mirror of https://github.com/Yubico/yubico-pam.git synced 2024-11-29 09:24:22 +01:00
Code Issues Projects Releases Wiki Activity
505 Commits 19 Branches 44 Tags 1.2 MiB
77c152df6f
Commit Graph

130 Commits

Author SHA1 Message Date
Klas Lindfors
77c152df6f move protocol inside HAVE_LIBLDAP 
to avoid warning of unused variable
 2015-03-04 09:57:22 +01:00
Klas Lindfors
311958093d client_id is supposed to be unsigned 2015-03-04 08:59:55 +01:00
Klas Lindfors
6c121c8da3 make sure rc is initialized before using 2015-03-04 08:50:08 +01:00
Klas Lindfors
663fa9a8a4 don't use c++ style comments 2015-03-04 08:47:11 +01:00
Klas Lindfors
3b3a96efc2 add ykclient_global_init() and ykclient_global_done() calls 2015-02-16 08:19:59 +01:00
Klas Lindfors
ebb024f340 add debug print with version 2015-02-13 12:33:43 +01:00
Klas Lindfors
b02ab9902a free more unfreed memory in the pam_response structure 2015-01-21 09:57:02 +01:00
Klas Lindfors
057c3743c9 fixup a memory leak 
the caller is responsible for freeing the pam_response from
conversations
 2015-01-16 10:14:22 +01:00
Klas Lindfors
d9780eacd9 move check_user_token() to util 
for testability..
 2014-08-27 10:45:42 +02:00
Klas Lindfors
83a9b93d5b re-add libyubikey, needed. 2014-08-27 10:25:01 +02:00
Klas Lindfors
6dbcb903a5 move includes around in an attempt to include less 2014-08-27 09:44:49 +02:00
Klas Lindfors
79612b5b29 break out util.c into it's own temporary library 
to make testing easier
 2014-08-27 09:37:38 +02:00
Klas Lindfors
376bf33f9a correctly mark strings in cfg struct as const 2014-07-29 09:25:39 +02:00
Klas Lindfors
54989c3f3f fixup so urllist data is kept within it's own memory before strtok 
fixes #41
 2014-07-29 09:23:10 +02:00
Alex Fisher
d35d5bfb30 Fix segfault whilst freeing urls 2014-06-02 11:32:08 +01:00
Simon Josefsson
43cd3b4621 Update copyright years. 2014-04-30 13:16:09 +02:00
Klas Lindfors
431e96033d fixup strtok of url templates 2014-03-26 11:00:39 +01:00
Klas Lindfors
8f6717b13e fixup urllist feature (hopefully) 2014-03-26 10:53:40 +01:00
Klas Lindfors
602905c51d spelling 2014-03-26 09:40:01 +01:00
Klas Lindfors
3be440ec80 add urllist feature 
allowing up to 10 urls to be specified in config
 2014-03-12 15:00:22 +01:00
Simon Josefsson
387db3eba0 Merge pull request #14 from BinetReseau/master 
No match between user and token detailed pam values
 2013-09-27 02:11:20 -07:00
Klas Lindfors
7fa8cbbd46 a PAM_MODUTIL_DEV_PRIVS structure can't be reused 
so we have to allocate a second one and point to
that for the second time we want to drop privs.
relates to #28
 2013-09-23 08:56:49 +02:00
Klas Lindfors
1b2a8fdf30 reimplement drop_privs to implement the pam_modutils interface 
Original patch from maxime.deroucy@gmail.com.
http://code.google.com/p/yubico-pam/issues/detail?id=49
fixes #19
 2013-09-20 10:54:13 +02:00
Klas Lindfors
eb1ba8a52a update copyright years 2013-09-19 08:35:15 +02:00
Eugene Crosser
2aaf0fdc23 Stop leaks of memory and of privileges 
Fix several memory leaks and mishandling of the privilege status
where a function returned failure indication, and previously
allocated memory was not freed (and the referece was lost), or
previously droped privileges where not restored.
 2013-09-18 14:22:41 +02:00
Klas Lindfors
f617829f10 fixup warnings 2013-09-18 14:10:35 +02:00
Klas Lindfors
fb6b0911fd use pbkdf2 to process the exepected response 
this bumps the version on the state file to 2
old files can still be read but new files will use the new format
 2013-09-18 14:10:35 +02:00
Klas Lindfors
eb78d4882b refactor to use chalresp function from ykpers 
so challenge_response() now calls yk_challenge_response() to
do the yubikey internal stuff.
 2013-09-18 14:10:35 +02:00
Christian Hesse
7dc5c6a155 print information only if debug is specified 
The pam module is very informative. I do not want it to print any
information unless debug is specified. An attacker should not get any
information.
 2013-05-13 15:47:59 +02:00
Pierre-Alain Dupont
21c4dd3fa3 A more precise handling of user-token match errors 
Signed-off-by: Pierre-Alain Dupont <pad@melix.net>
 2013-01-26 15:59:23 +00:00
Vincent Brillault
96252b6f2b Verify the otp_length given by the configuration 
Avoid out of bound writing at ligne -920,1 +927,1:
strncpy (otp_id, password + skip_bytes, cfg->token_id_length);
 2012-08-07 19:18:43 +02:00
Klas Lindfors
2ffd54a24c use errstr to communicate with the user 2012-06-14 09:25:38 +02:00
Klas Lindfors
a5f2e9e333 check for same response in pam module, output debug for the user 2012-06-08 13:20:07 +02:00
Klas Lindfors
41c576e0cf replace fopen with open+fdopen to set more restrictive bits 2012-06-08 10:45:59 +02:00
Fredrik Thulin
da246e240c load_chalresp_state: Debug message was always shown. 2012-02-13 14:24:31 +01:00
Fredrik Thulin
82296f4632 do_challenge_response: Clear errno when done. 2012-02-10 15:13:42 +01:00
Fredrik Thulin
2c077fba4e DBG format fix 2012-02-10 14:13:24 +01:00
Fredrik Thulin
fb6281fa3f Fix clang indicated printf format warnings. 2012-02-08 15:53:18 +01:00
Fredrik Thulin
3275b38d59 Fix debug-logging of chalresp_path. Oddity reported by clang. 2012-02-06 11:37:42 +01:00
Fredrik Thulin
dc9146ffcb snprintf returns an int, not a size_t. reported by clang. 2012-02-06 11:31:23 +01:00
Fredrik Thulin
bfbcda54ad Merge branch 'master' of https://github.com/remim/yubico-pam 2012-02-02 13:16:05 +01:00
Remi Mollon
3e1f5f6925 renaming yubi_prefix to yubi_Attr_prefix and changing debug 2012-02-01 09:29:05 +01:00
Clemens Lang
d2c14efdd4 Add missing headers 
fcntl.h in pam_yubico.c is needed on OS X with clang for the build to
succeed, while unistd.h in util.c is required so clang doesn't complain
about implicit declarations of ftruncate and fsync.
 2012-01-28 00:30:34 +01:00
Fredrik Thulin
73369beba9 Avoid double fclose() in some error cases. 
Problem reported (and patched) by Lingzhu Xiang <xianglingzhu@gmail.com>
in http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=657524
 2012-01-27 12:33:53 +01:00
Remi Mollon
fd465d1261 add comment 2012-01-24 17:42:49 +01:00
Simon Josefsson
3828953374 Bump version. Use silent rules. Bump copyright years. 2012-01-23 20:25:06 +01:00
Remi Mollon
b42307d169 adding yubi_prefix parameter, when looking for token_id in ldap 2012-01-18 17:04:58 +01:00
Fredrik Thulin
263012f725 authorize_user_token: Don't drop privs for system-wide file. 2011-12-13 16:56:04 +01:00
Fredrik Thulin
43134038a5 do_challenge_response: Remove 2 unused variables. 2011-12-06 13:45:58 +01:00
Fredrik Thulin
b27599957c Fix implicit yubikey_* declarations. 2011-12-06 13:31:25 +01:00