1
0
mirror of https://github.com/Yubico/yubico-pam.git synced 2024-12-01 15:24:12 +01:00
Commit Graph

67 Commits

Author SHA1 Message Date
Klas Lindfors
3b3d341a06
mysql: is_null and error should be my_bool not bool 2021-01-12 08:50:57 +01:00
Benjamin AIMARD
b708e6dcf1 Add support of Mysql/Mariadb for the yubikey_mapping
Add support of Mysql/Mariadb for the yubikey_mapping

Mise à jour sql complete, manque la documentation

Final

clean

Add packages dependency

actions: apt update

Fix bool variable cause error build travis

Fix job #2

Fix job #3

Fix #4

fix &null

fix &null

fix &null

 Fix line 257 %s

test Apple integration

test Apple integration

Timeout Travis extend

Timeout travis extend

Fix klali comment

Fix warning

fix configure.ac

fix configure.ac

Update configure.ac

Update util.c

Update util.h

Update util.c

Update util.c

Update util.c

Update util.c

Fix white space

fix left column
2020-12-18 23:23:30 +01:00
Gabriel Kihlman
5498bcf53f
Fix two minor memory leaks in error paths
Found by cppcheck
2019-03-19 14:49:45 +01:00
Björn Wiedenmann
bef666a899 Fix buffer overflow in write_chalresp_state()
Buffer was defined as CR_SALT_SIZE = 32 but number of random bytes
was CR_CHALLENGE_SIZE = 63.
2018-08-15 19:59:38 +02:00
Karol Babioch
6be87e75af Close file descriptors in case fdopen() fails
This makes sure that file descriptors will be closed, even if the
fdopen() call failes, which was overlooked in some cases beforehand.
Should be not an issue in the real world, but let's be as clean as
possible.
2018-05-22 17:27:21 +02:00
Klas Lindfors
b240534c46
Merge branch 'pr-163' 2018-05-18 12:26:50 +02:00
Karol Babioch
a68d3be1bc Make code C90 compliant
This moves variable declrations to the beginning of a block to be C90-compliant.
2018-05-18 12:22:07 +02:00
Karol Babioch
f77893a11c util.c: Check for return codes of snprintf() 2018-05-17 16:28:22 +02:00
Karol Babioch
0972986164 util.c: Check whether generate_random() was invoked successfully
This evaluates the return code from generate_random() within
write_chalresp_state() and returns immediately in case of an error.

This fixes #161.
2018-05-17 16:09:40 +02:00
Karol Babioch
41e6554c66 Spell system-wide consistently throughout the project 2018-05-02 14:53:14 +02:00
Klas Lindfors
03099cdef2
debug: drop extra \n at end of debug output 2018-04-24 08:43:33 +02:00
Karol Babioch
e5bd2ef844 Open file handlers manually using open() and fdopen() instead of using fopen()
A previous commit (d51124e) added the `e` flag to the `fopen()` calls. However
this flag is not supported on all platforms (MacOS) and will be silently
dropped (see #145). This patch works around those issues by manually opening
the file descriptor using `open()` with the `O_CLOEXEC` flag, and invoking
`fd_open()` on the resulting file descriptor to open an appropriate `FILE`
stream.

This makes sure that all files used by pam_yubico will be opened with the
`O_CLOEXEC` flag on all supported platforms to mitigate issues with missing
`fclose()` invocation (see #136).
2018-04-11 14:15:53 +02:00
Karol Babioch
d51124e884 Add "e" flag to fopen() calls
This adds the `e` flag to fopen() calls, making sure the `O_CLOEXEC` flag is
used. This makes sure that the file descriptor is being closed and not leaked
into child processes. This was an issues previously due to a missing fclose()
(#136).
2018-04-10 11:28:03 +02:00
Karol Babioch
079b975469 Open file descriptors with O_CLOEXEC
This opens any file descriptors with the O_CLOEXEC flag, which will make sure
that file descriptors won't be leaked into any child process. This was
previously an issue due to a forgotten fclose() (#136).
2018-04-10 11:27:56 +02:00
Karol Babioch
1aacb11538 Fix several format string specifiers
This fixes several specifiers to better represent the data type, which fixes
multiple compiler warnings.
2018-04-09 17:18:36 +02:00
Klas Lindfors
0f6ceabab0
util: make sure to close the authfile before returning success
fixes #136
2018-04-03 09:19:53 +02:00
Larhard
d3f50c43ac clear check_user_challenge_file 2017-06-23 20:10:53 +00:00
Larhard
ff87bf0ac4 code cleanup 2017-04-09 17:13:19 +02:00
Larhard
1d62bec277 add nullok support to challenge-response mode 2017-04-09 03:36:40 +02:00
Mickaël Thomas
7b6aad719a Return early if the user has no authorized tokens
Currently, if a user has no associated tokens, we still prompt for an
OTP challenge and attempt to verify it.

This adds a check earlier to avoid the useless prompt in that case.

The `nullok` option is also added. It changes the return value from
PAM_USER_UNKNOWN to PAM_IGNORE. (fixes #97)

Finally, some constants have been turned to symbolic form for clarity
and debugging output is improved.
2017-02-27 00:21:07 +01:00
Klas Lindfors
fc9a4255f0 refactor the debug mode
add a debug_file option for where to write debug info (default to stdout)
stop compiling with DEBUG_PAM and PAM_DEBUG
make debugging behave the same way on linux-pam and openpam
2016-06-16 09:02:49 +02:00
Klas Lindfors
a6ea0e7053 pass cfg->debug to check_firmware_version() and let it use D macro 2016-02-19 11:03:52 +01:00
Klas Lindfors
70f27b98a2 include pwd.h in util.h 2015-09-09 08:24:57 +02:00
Klas Lindfors
237ed18b9f use pam_modutil_getpwnam() if it's available
also refactor to pass in a passwd struct to the util functions
2015-09-08 09:15:07 +02:00
Alex Feinberg
362ca9cb92 Support comments in authfile
Adds support for comments (indicated by lines starting with '#') in
authfiles.
2015-08-10 14:37:02 -07:00
Klas Lindfors
fe8eb203d9 change int to size_t 2015-03-30 15:25:16 +02:00
Klas Lindfors
c2a6b9c948 fixup warnings with sign 2015-03-30 15:25:15 +02:00
Klas Lindfors
9c913fd97e fixup warnings related to constness of filename 2015-03-30 15:25:15 +02:00
Klas Lindfors
58382bf7fc make sure filter is null terminated and return length including null 2015-03-04 11:12:53 +01:00
Klas Lindfors
26cc397ba5 no need for a temp pointer when writing output of filter_result_len() 2015-03-04 09:51:55 +01:00
Klas Lindfors
6cd0f0c1b3 simplify filter_result_len()
and fixup warnings
2015-02-16 14:29:21 +01:00
Klas Lindfors
f579f256c0 Merge commit 'aa87979eb84adb3adef170dac6ff2285ba43cd26' into features/ldap
Conflicts:
	README
2015-02-16 09:03:45 +01:00
Klas Lindfors
7075afcae9 fix format specifiers 2015-01-29 12:54:43 +01:00
Klas Lindfors
1b3a41250e change strtok usage to strtok_r 2014-11-27 15:43:16 +01:00
Meno Abels
37553c41ce enable that openvpn can now run without any local user 2014-11-20 23:22:59 +01:00
Meno Abels
dae9380ac7 added a better ldap handling, and to allow query active directory 2014-11-20 23:15:39 +01:00
Klas Lindfors
d9780eacd9 move check_user_token() to util
for testability..
2014-08-27 10:45:42 +02:00
Klas Lindfors
6dbcb903a5 move includes around in an attempt to include less 2014-08-27 09:44:49 +02:00
Simon Josefsson
43cd3b4621 Update copyright years. 2014-04-30 13:16:09 +02:00
Klas Lindfors
9e00b0cadc free() filename before throwing the pointer away
avoids a memory-leak pointed out by @crosser
2013-11-21 14:38:32 +01:00
Christian Hesse
c41995c5f3 use correct size to hex decode salt
This fixes "stack smashing detected" (Issue #26)
2013-09-19 14:39:44 +02:00
Klas Lindfors
eb1ba8a52a update copyright years 2013-09-19 08:35:15 +02:00
Klas Lindfors
2f69fb99e5 move around to avoid warning 2013-09-18 15:37:24 +02:00
Klas Lindfors
16a4dc768b always set iterations and rewind before second fscanf() 2013-09-18 15:34:45 +02:00
Klas Lindfors
d2cda4b115 use malloc() instead of alloca() and free after use 2013-09-18 14:33:54 +02:00
Eugene Crosser
2aaf0fdc23 Stop leaks of memory and of privileges
Fix several memory leaks and mishandling of the privilege status
where a function returned failure indication, and previously
allocated memory was not freed (and the referece was lost), or
previously droped privileges where not restored.
2013-09-18 14:22:41 +02:00
Klas Lindfors
fb6b0911fd use pbkdf2 to process the exepected response
this bumps the version on the state file to 2
old files can still be read but new files will use the new format
2013-09-18 14:10:35 +02:00
Klas Lindfors
eb78d4882b refactor to use chalresp function from ykpers
so challenge_response() now calls yk_challenge_response() to
do the yubikey internal stuff.
2013-09-18 14:10:35 +02:00
William West
96c1666248 bug in version check, now works with early model NEO 2013-02-14 01:48:34 -05:00
Fredrik Thulin
da246e240c load_chalresp_state: Debug message was always shown. 2012-02-13 14:24:31 +01:00