1
0
mirror of https://github.com/Yubico/yubico-pam.git synced 2025-01-19 16:52:17 +01:00

574 Commits

Author SHA1 Message Date
Klas Lindfors
9b09b8d576 NEWS for 2.20 2.20 2015-09-22 08:14:06 +02:00
Klas Lindfors
0b0be7e5c1 add information about files used
thanks to @madrat- for original suggestions
fixes #78
2015-09-15 15:01:40 +02:00
Klas Lindfors
83cccf3e12 reset yk_errno when we're happy with the result 2015-09-14 13:14:51 +02:00
Klas Lindfors
056dac4794 correct fchmod() return check 2015-09-14 13:14:30 +02:00
Klas Lindfors
dd96aa71dc switch i to size_t to match usage 2015-09-14 10:34:06 +02:00
Klas Lindfors
344d1b4384 fix initialization of msg to not warn
apparently this is gcc bug 53119
2015-09-14 10:30:01 +02:00
Klas Lindfors
ec84a78453 make yubi_attr_prefix_len a size_t 2015-09-14 10:29:49 +02:00
Klas Lindfors
0eb2f8cec3 mark unused parameter with __attribute__((unused)) 2015-09-14 10:27:14 +02:00
Klas Lindfors
bc93b62489 use mkstemp() to get the tempfile instead
unfortunately means we have to fchmod() it afterwards to be sure
2015-09-14 10:24:05 +02:00
Klas Lindfors
ecafc6af84 Merge pull request #79 from madrat-/master
do_challenge_response change privileges twice at reading and writing
2015-09-14 09:17:10 +02:00
madRat
3d22ed0c15 do_chalendge needs drop privs twice at reading and writing 2015-09-11 16:50:51 +03:00
Klas Lindfors
1036873b95 in the challenge-response case only drop privileges for user dir
This allows the module to work in a case where the directory is only
writable to root.

fixes #77
2015-09-11 13:56:14 +02:00
Klas Lindfors
6f6a7b20fc don't warn about to long strings 2015-09-11 13:56:03 +02:00
Klas Lindfors
70f27b98a2 include pwd.h in util.h 2015-09-09 08:24:57 +02:00
Klas Lindfors
37f8788073 disable xmllint for a2x since it seems to cause problems 2015-09-08 09:25:58 +02:00
Klas Lindfors
237ed18b9f use pam_modutil_getpwnam() if it's available
also refactor to pass in a passwd struct to the util functions
2015-09-08 09:15:07 +02:00
Klas Lindfors
15cab00173 add a test for a user showing up twice in the file 2015-08-18 14:22:00 +02:00
Klas Lindfors
ab25973d1e add documentation for chalresp_path parameter 2015-08-11 08:25:57 +02:00
Klas Lindfors
4e13a474ff Merge pull request #71 from afeinberg/comments
Support comments in authfile
2015-08-11 08:22:53 +02:00
Alex Feinberg
362ca9cb92 Support comments in authfile
Adds support for comments (indicated by lines starting with '#') in
authfiles.
2015-08-10 14:37:02 -07:00
Klas Lindfors
50ce40bbb1 free message at end of function
it was possible message was never freed if the sprintf() call failed
2015-07-08 16:11:42 +02:00
Klas Lindfors
9a132bcd07 add cainfo option to allow usage of a cabundle instead of path
path submitted by github user @Mrten
reportedly this is needed if curl is linked with gnutls
fixes #6
2015-06-15 10:25:56 +02:00
Klas Lindfors
11326d023d add debug print for last url used 2015-04-27 11:03:34 +02:00
Klas Lindfors
e66ed787d1 export LDAPNOINIT=1 for tests so we don't run with systems ldap config
fixes #61
2015-04-07 16:33:52 +02:00
Klas Lindfors
8f61e253d3 more debugging on mocks 2015-04-07 09:21:00 +02:00
Klas Lindfors
0e77cffb67 add some debug logging to ldap and ykval mocks 2015-04-07 08:55:39 +02:00
Klas Lindfors
fe8eb203d9 change int to size_t 2015-03-30 15:25:16 +02:00
Klas Lindfors
c2a6b9c948 fixup warnings with sign 2015-03-30 15:25:15 +02:00
Klas Lindfors
9c913fd97e fixup warnings related to constness of filename 2015-03-30 15:25:15 +02:00
Klas Lindfors
076a8d2f3f Merge pull request #60 from neverpanic/master
Fix warnings on OS X with clang
2015-03-30 13:57:29 +02:00
Clemens Lang
ac5bb65013 Use unsigned, fix printf conversion spec warnings
Some of the printf conversion specifications were wrong when used on
size_t, causing

> pam_yubico.c:957:57: warning: format specifies type 'int' but the argument has type 'size_t' (aka 'unsigned long') [-Wformat]
>       DBG (("OTP too short to be considered : %i < %i", password_len, (cfg->token_id_length + TOKEN_OTP_LEN)));
>                                               ~~        ^~~~~~~~~~~~
>                                               %zu
> pam_yubico.c:132:36: note: expanded from macro 'DBG'
> #define DBG(x) if (cfg->debug) { D(x); }
>                                    ^
> ./util.h:47:12: note: expanded from macro 'D'
>     printf x;                                                           \
>            ^

and

> pam_yubico.c:967:14: warning: format specifies type 'int' but the argument has type 'size_t' (aka 'unsigned long') [-Wformat]
>         skip_bytes, password_len, cfg->token_id_length, TOKEN_OTP_LEN));
>                     ^~~~~~~~~~~~
> pam_yubico.c:132:36: note: expanded from macro 'DBG'
> #define DBG(x) if (cfg->debug) { D(x); }
>                                    ^
> ./util.h:47:12: note: expanded from macro 'D'
>     printf x;                                                           \
>            ^

Fix these by using the appropriate %zu conversions for size_t. While
looking through the code, there are a couple more places where format
string specifiers could be improved, e.g. using %zu instead of casting
the result of sizeof(x) or strlen(x) to unsigned long.

In addition, convert TOKEN_OTP_LEN, MAX_TOKEN_ID_LEN and
DEFAULT_TOKEN_ID_LEN to unsigned numbers, because negative values would
not make any sense for those.
2015-03-30 13:54:37 +02:00
Clemens Lang
c1f61bae0f Fix warning if pam_message.msg isn't constant
On OS X and FreeBSD, struct pam_message does not declare its msg member
as constant. This causes a warning when assigning a constant string to
it:

pam_yubico.c:403:14: warning: assigning to 'char *' from 'const char *' discards qualifiers [-Wincompatible-pointer-types-discards-qualifiers]
  msg[0].msg = message;
             ^ ~~~~~~~
2015-03-30 13:54:36 +02:00
Klas Lindfors
d4136a365f drop save-mans 2015-03-23 09:55:16 +01:00
Klas Lindfors
effac5f849 bump versions 2015-03-23 09:55:06 +01:00
Klas Lindfors
d130bec213 release 2.19 2.19 2015-03-23 09:53:56 +01:00
Klas Lindfors
8d93297619 fix typo 2015-03-17 09:32:50 +01:00
Klas Lindfors
2708fc90b5 fix the git url again
fixes #54
2015-03-13 21:20:28 +01:00
Henrik Stråth
7db3e2cbf0 Fixed broken link 2015-03-10 16:03:27 +01:00
Henrik Stråth
7f89cdf9cb removed broken link 2015-03-10 15:57:12 +01:00
Klas Lindfors
989d2f51f9 Merge pull request #56 from shanx/master
Clarified the notion of id when using the pam_yubico module
2015-03-10 08:15:35 +01:00
Klas Lindfors
1aba59cde0 skip the repo token for coveralls 2015-03-10 08:01:03 +01:00
Remco Wendt
d7d1bbfb1a fixed typo 2015-03-06 20:07:19 +01:00
Remco Wendt
70540bd02d Clarified the notion of id when using the pam_yubico module 2015-03-06 20:05:52 +01:00
Klas Lindfors
6065655593 fix formatting of NEWS 2015-03-04 15:31:09 +01:00
Klas Lindfors
ca72be3b9d prepare news for 2.19 2015-03-04 15:29:02 +01:00
Klas Lindfors
252f582712 change datatypes to unsigned
avoiding warnings about sign conversion
2015-03-04 14:52:28 +01:00
Klas Lindfors
8241cd0423 Merge branch 'feature/ldap_refactor'
Conflicts:
	pam_yubico.c
2015-03-04 14:40:57 +01:00
Klas Lindfors
77067004e8 update documentation with new ldap parameters 2015-03-04 13:52:31 +01:00
Klas Lindfors
951d02252d use ldap_bind_user and ldap_bind_password in example 2015-03-04 13:08:30 +01:00
Klas Lindfors
35c8acce6e simple ldap filter test 2015-03-04 11:12:53 +01:00