rooty/yubico-pam
1
0
Fork 0
mirror of https://github.com/Yubico/yubico-pam.git synced 2025-01-19 16:52:17 +01:00
Code Issues Projects Releases Wiki Activity
539 Commits 19 Branches 44 Tags
Commit Graph

145 Commits

Author SHA1 Message Date
Klas Lindfors
252f582712 change datatypes to unsigned 
avoiding warnings about sign conversion
 2015-03-04 14:52:28 +01:00
Klas Lindfors
8241cd0423 Merge branch 'feature/ldap_refactor' 
Conflicts:
	pam_yubico.c
 2015-03-04 14:40:57 +01:00
Klas Lindfors
71339bb8a1 allow ldap search with no base 2015-03-04 11:12:53 +01:00
Klas Lindfors
c75a3f0496 move debug print (and dereference of resp) inside null check 2015-03-04 10:20:40 +01:00
Klas Lindfors
77c152df6f move protocol inside HAVE_LIBLDAP 
to avoid warning of unused variable
 2015-03-04 09:57:22 +01:00
Klas Lindfors
336351188b drop password parameter for authorized_user_token_ldap() 2015-03-04 09:27:21 +01:00
Klas Lindfors
5709a4479a drop the ldap_bind_no_anonymous feature 
Sending the users password out in another direction is scary and
requires more thought. Ideally this should be solved by using ldap
GSSAPI or similar instead of sending a cleartext password over the
network.
 2015-03-04 09:14:53 +01:00
Klas Lindfors
0d3a4f4f75 consider all success as valid session 2015-03-04 09:14:14 +01:00
Klas Lindfors
f6e1ec9483 don't throw const away in cast 2015-03-04 09:11:09 +01:00
Klas Lindfors
311958093d client_id is supposed to be unsigned 2015-03-04 08:59:55 +01:00
Klas Lindfors
6c121c8da3 make sure rc is initialized before using 2015-03-04 08:50:08 +01:00
Klas Lindfors
663fa9a8a4 don't use c++ style comments 2015-03-04 08:47:11 +01:00
Klas Lindfors
3819b40430 don't use c++ style comments 2015-03-04 08:46:52 +01:00
Klas Lindfors
4faddc54f4 conform to other code 2015-03-04 08:45:03 +01:00
Klas Lindfors
878c62dd56 drop extra options for bind dn and password 2015-02-16 10:10:53 +01:00
Klas Lindfors
f579f256c0 Merge commit 'aa87979eb84adb3adef170dac6ff2285ba43cd26' into features/ldap 
Conflicts:
	README
 2015-02-16 09:03:45 +01:00
Klas Lindfors
3b3a96efc2 add ykclient_global_init() and ykclient_global_done() calls 2015-02-16 08:19:59 +01:00
Klas Lindfors
ebb024f340 add debug print with version 2015-02-13 12:33:43 +01:00
Klas Lindfors
b02ab9902a free more unfreed memory in the pam_response structure 2015-01-21 09:57:02 +01:00
Klas Lindfors
057c3743c9 fixup a memory leak 
the caller is responsible for freeing the pam_response from
conversations
 2015-01-16 10:14:22 +01:00
Meno Abels
aa87979eb8 integrate https://github.com/Yubico/yubico-pam/pull/39/files 2014-11-20 23:59:36 +01:00
Meno Abels
37553c41ce enable that openvpn can now run without any local user 2014-11-20 23:22:59 +01:00
Meno Abels
dae9380ac7 added a better ldap handling, and to allow query active directory 2014-11-20 23:15:39 +01:00
Klas Lindfors
d9780eacd9 move check_user_token() to util 
for testability..
 2014-08-27 10:45:42 +02:00
Klas Lindfors
83a9b93d5b re-add libyubikey, needed. 2014-08-27 10:25:01 +02:00
Klas Lindfors
6dbcb903a5 move includes around in an attempt to include less 2014-08-27 09:44:49 +02:00
Klas Lindfors
79612b5b29 break out util.c into it's own temporary library 
to make testing easier
 2014-08-27 09:37:38 +02:00
Klas Lindfors
376bf33f9a correctly mark strings in cfg struct as const 2014-07-29 09:25:39 +02:00
Klas Lindfors
54989c3f3f fixup so urllist data is kept within it's own memory before strtok 
fixes #41
 2014-07-29 09:23:10 +02:00
Alex Fisher
d35d5bfb30 Fix segfault whilst freeing urls 2014-06-02 11:32:08 +01:00
Simon Josefsson
43cd3b4621 Update copyright years. 2014-04-30 13:16:09 +02:00
Klas Lindfors
431e96033d fixup strtok of url templates 2014-03-26 11:00:39 +01:00
Klas Lindfors
8f6717b13e fixup urllist feature (hopefully) 2014-03-26 10:53:40 +01:00
Klas Lindfors
602905c51d spelling 2014-03-26 09:40:01 +01:00
Klas Lindfors
3be440ec80 add urllist feature 
allowing up to 10 urls to be specified in config
 2014-03-12 15:00:22 +01:00
Simon Josefsson
387db3eba0 Merge pull request #14 from BinetReseau/master 
No match between user and token detailed pam values
 2013-09-27 02:11:20 -07:00
Klas Lindfors
7fa8cbbd46 a PAM_MODUTIL_DEV_PRIVS structure can't be reused 
so we have to allocate a second one and point to
that for the second time we want to drop privs.
relates to #28
 2013-09-23 08:56:49 +02:00
Klas Lindfors
1b2a8fdf30 reimplement drop_privs to implement the pam_modutils interface 
Original patch from maxime.deroucy@gmail.com.
http://code.google.com/p/yubico-pam/issues/detail?id=49
fixes #19
 2013-09-20 10:54:13 +02:00
Klas Lindfors
eb1ba8a52a update copyright years 2013-09-19 08:35:15 +02:00
Eugene Crosser
2aaf0fdc23 Stop leaks of memory and of privileges 
Fix several memory leaks and mishandling of the privilege status
where a function returned failure indication, and previously
allocated memory was not freed (and the referece was lost), or
previously droped privileges where not restored.
 2013-09-18 14:22:41 +02:00
Klas Lindfors
f617829f10 fixup warnings 2013-09-18 14:10:35 +02:00
Klas Lindfors
fb6b0911fd use pbkdf2 to process the exepected response 
this bumps the version on the state file to 2
old files can still be read but new files will use the new format
 2013-09-18 14:10:35 +02:00
Klas Lindfors
eb78d4882b refactor to use chalresp function from ykpers 
so challenge_response() now calls yk_challenge_response() to
do the yubikey internal stuff.
 2013-09-18 14:10:35 +02:00
Christian Hesse
7dc5c6a155 print information only if debug is specified 
The pam module is very informative. I do not want it to print any
information unless debug is specified. An attacker should not get any
information.
 2013-05-13 15:47:59 +02:00
Pierre-Alain Dupont
21c4dd3fa3 A more precise handling of user-token match errors 
Signed-off-by: Pierre-Alain Dupont <pad@melix.net>
 2013-01-26 15:59:23 +00:00
Vincent Brillault
96252b6f2b Verify the otp_length given by the configuration 
Avoid out of bound writing at ligne -920,1 +927,1:
strncpy (otp_id, password + skip_bytes, cfg->token_id_length);
 2012-08-07 19:18:43 +02:00
Klas Lindfors
2ffd54a24c use errstr to communicate with the user 2012-06-14 09:25:38 +02:00
Klas Lindfors
a5f2e9e333 check for same response in pam module, output debug for the user 2012-06-08 13:20:07 +02:00
Klas Lindfors
41c576e0cf replace fopen with open+fdopen to set more restrictive bits 2012-06-08 10:45:59 +02:00
Fredrik Thulin
da246e240c load_chalresp_state: Debug message was always shown. 2012-02-13 14:24:31 +01:00