rooty/yubico-pam
1
0
Fork 0
mirror of https://github.com/Yubico/yubico-pam.git synced 2024-11-29 09:24:22 +01:00
Code Issues Projects Releases Wiki Activity
188 Commits 19 Branches 44 Tags 1.2 MiB
dfebd4173f
Commit Graph

188 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Fredrik Thulin
dfebd4173f Make DBG macro unified. 
Refactor authorize_user_token and authorize_user_token_ldap to take
a cfg argument instead of a number of elements from cfg.
 2011-04-15 15:24:50 +02:00
Romain Riviere
1ec6d2df92 Debug: adding a dbg flag and macro so as to disable unwanted debug messages 2011-04-15 14:17:23 +02:00
Fredrik Thulin
9fd4b0295f Add mentioning of recursive dependency on libyubikey. 2011-04-13 23:17:27 +02:00
Fredrik Thulin
60824becdc Tag releases consistent with previous ones (no 'v'). 2011-04-13 22:39:08 +02:00
Fredrik Thulin
53ca3786b8 sync 2011-04-13 15:47:36 +02:00
Fredrik Thulin
1b6bb56e86 sync 2011-04-11 15:53:02 +02:00
Fredrik Thulin
1ebaf8773f Explicitly link with libyubikey. 2011-04-11 15:51:21 +02:00
Fredrik Thulin
70fcd66e59 Version 2.6. 2011-04-11 15:44:55 +02:00
Fredrik Thulin
1d62f8d48b whitespace 2011-04-11 14:49:02 +02:00
Tollef Fog Heen
7923496375 Tell the user if something goes wrong after authenticating 
If we successfully authenticate, but something then goes wrong, such
as failure to generate a new challenge, failure to update the
challenge and so on, tell the user.
 2011-03-18 23:05:26 +01:00
Tollef Fog Heen
63957aad70 Merge remote branch 'fredrikt/master' 
Conflicts:
	util.c
 2011-03-18 23:02:32 +01:00
Tollef Fog Heen
72d1f4bba9 Move code around slightly to make merging with Fredrik easier 2011-03-18 23:01:46 +01:00
Fredrik Thulin
839b33a0a1 Add ykpamcfg - C/R setup command line utility. 2011-03-18 22:57:46 +01:00
Fredrik Thulin
b20c0ed678 Make get_user_challenge_file() also include YubiKey serial number, 
and move it to util.c.
 2011-03-18 22:57:22 +01:00
Fredrik Thulin
568e8abf68 Version-tag challenge-response state file contents. 
Helps in case we ever want to change the file format.
 2011-03-18 22:57:00 +01:00
Fredrik Thulin
69ec1bf8a0 Further cleanups to challenge response code, and move more code to util.c. 2011-03-18 22:56:41 +01:00
Fredrik Thulin
cb16817047 Revert "Wait with declaring PAM_SUCCESS on challenge-response until new" 
Tollef has argued that the login should not fail if, for example, the
disk is full. I'd rather fail on the cautious side and make sure we
don't end up always sending the same challenge to the YubiKey, but I'll
leave it up to Tollef to decide for now.

This reverts commit 14e917ffae.

Conflicts:

	pam_yubico.c
 2011-03-18 22:50:23 +01:00
Fredrik Thulin
721866df0b Move more challenge-response code to util.c. 2011-03-18 21:52:07 +01:00
Fredrik Thulin
c557249503 Move soon-to-be commonly used code to util.c 2011-03-18 21:49:23 +01:00
Tollef Fog Heen
1130d47bb2 Use a temporary file to ensure we always have a challenge 
If we use ftruncate we might end up in the situation that we do not
have a challenge on disk, leading to the user being unable to log in.
By using a temporary file, fsync and rename we avoid this problem.
 2011-03-17 21:51:35 +01:00
Fredrik Thulin
e2968a1bf8 Add ykpamcfg - C/R setup command line utility. 2011-03-17 18:23:40 +01:00
Fredrik Thulin
c1f8ba8804 Make get_user_challenge_file() also include YubiKey serial number, 
and move it to util.c.
 2011-03-17 17:55:04 +01:00
Fredrik Thulin
fe12e98e38 Version-tag challenge-response state file contents. 
Helps in case we ever want to change the file format.
 2011-03-17 16:12:19 +01:00
Fredrik Thulin
ab47c06c20 Further cleanups to challenge response code, and move more code 
to util.c.
 2011-03-17 16:10:42 +01:00
Fredrik Thulin
319fee4e08 Revert "Wait with declaring PAM_SUCCESS on challenge-response until new" 
Tollef has argued that the login should not fail if, for example, the
disk is full. I'd rather fail on the cautious side and make sure we
don't end up always sending the same challenge to the YubiKey, but I'll
leave it up to Tollef to decide for now.

This reverts commit 14e917ffae.

Conflicts:

	pam_yubico.c
 2011-03-17 15:08:23 +01:00
Fredrik Thulin
0cf57429a8 Move more challenge-response code to util.c. 2011-03-17 15:04:29 +01:00
Fredrik Thulin
42ebcb3b86 Move soon-to-be commonly used code to util.c 2011-03-17 15:04:08 +01:00
Fredrik Thulin
3abc5b2d81 Remove hard coded values for challenge/responses. 
Also do some input validation on what we read from the C/R file.
 2011-03-16 22:52:36 +01:00
Fredrik Thulin
d73618f271 generate_challenge() only generated half as many bytes as it should. 
Changed generate_challenge() to generating bytes instead of a hex
encoded string, to not have to decode what we just encoded - instead
just generate plain bytes of randomness and then encode them once.
 2011-03-16 22:49:57 +01:00
Tollef Fog Heen
1364b39db7 Use a temporary file to ensure we always have a challenge 
If we use ftruncate we might end up in the situation that we do not
have a challenge on disk, leading to the user being unable to log in.
By using a temporary file, fsync and rename we avoid this problem.
 2011-03-16 22:49:51 +01:00
Fredrik Thulin
dc6cd95a98 fsync() wants file descriptor 
Also, truncate file before writing if the challenge length has
changed (became shorter) or garbage has otherwise been appended.
 2011-03-16 22:28:33 +01:00
Fredrik Thulin
ee2e8b42da Don't generate new challenge on bad response. 2011-03-16 22:28:02 +01:00
Fredrik Thulin
7360223a14 Support challenge-response files outside user's home directory. 
Having the challege-response data inside the home directory won't
work very well if the YubiKey is to unlock an ecryptfs encrypted
home directory.
 2011-03-16 22:27:02 +01:00
Tollef Fog Heen
927735f54f Merge remote branch 'origin/master' 2011-03-16 22:25:17 +01:00
Fredrik Thulin
2d9a704a87 Remove hard coded values for challenge/responses. 
Also do some input validation on what we read from the C/R file.
 2011-03-14 15:27:19 +01:00
Fredrik Thulin
0142f265e5 generate_challenge() only generated half as many bytes as it should. 
Changed generate_challenge() to generating bytes instead of a hex
encoded string, to not have to decode what we just encoded - instead
just generate plain bytes of randomness and then encode them once.
 2011-03-14 14:31:22 +01:00
Fredrik Thulin
14e917ffae Wait with declaring PAM_SUCCESS on challenge-response until new 
challenge-response has been stored properly on disk.
 2011-03-14 13:50:30 +01:00
Fredrik Thulin
feb63ee472 fsync() wants file descriptor 
Also, truncate file before writing if the challenge length has
changed (became shorter) or garbage has otherwise been appended.
 2011-03-14 13:48:10 +01:00
Fredrik Thulin
71d68484f9 Don't generate new challenge on bad response. 2011-03-14 12:44:57 +01:00
Fredrik Thulin
68cdb39132 Support challenge-response files outside user's home directory. 
Having the challege-response data inside the home directory won't
work very well if the YubiKey is to unlock an ecryptfs encrypted
home directory.
 2011-03-14 10:17:12 +01:00
Fredrik Thulin
98e5e17bdc Merge remote branch 'remim/master' 2011-03-14 09:07:45 +01:00
Tollef Fog Heen
d9ee08b97f Add challenge-response authentication 2011-03-12 15:57:07 +01:00
Tollef Fog Heen
ed1ce7e6e7 Undef USERFILE when we don't need it any more 2011-03-12 15:57:02 +01:00
Tollef Fog Heen
e143afb050 Look for libykpers-1, which we will need for challenge-response 2011-03-12 15:56:51 +01:00
Tollef Fog Heen
49c923a99d Get rid of unimplemented PAM functions 2011-03-12 15:56:48 +01:00
Fredrik Thulin
e338807cc8 Merge branch 'fix/various_ldap_fixes' 2011-03-10 20:50:48 +01:00
Fredrik Thulin
27346d9be9 sync 2011-03-10 10:48:20 +01:00
Fredrik Thulin
a59c6c4d71 Ignore errors from pam_get_data(). 2011-03-04 15:52:02 +01:00
Fredrik Thulin
f91a7dc99a Correct debug log message for too short OTPs. 2011-03-03 15:45:00 +01:00
Fredrik Thulin
a5594fa09c Merge branch 'devel/avoid_logging_passwords' 2011-03-03 15:07:53 +01:00