Klas Lindfors
ec84a78453
make yubi_attr_prefix_len a size_t
2015-09-14 10:29:49 +02:00
Klas Lindfors
0eb2f8cec3
mark unused parameter with __attribute__((unused))
2015-09-14 10:27:14 +02:00
Klas Lindfors
bc93b62489
use mkstemp() to get the tempfile instead
...
unfortunately means we have to fchmod() it afterwards to be sure
2015-09-14 10:24:05 +02:00
madRat
3d22ed0c15
do_chalendge needs drop privs twice at reading and writing
2015-09-11 16:50:51 +03:00
Klas Lindfors
1036873b95
in the challenge-response case only drop privileges for user dir
...
This allows the module to work in a case where the directory is only
writable to root.
fixes #77
2015-09-11 13:56:14 +02:00
Klas Lindfors
70f27b98a2
include pwd.h in util.h
2015-09-09 08:24:57 +02:00
Klas Lindfors
237ed18b9f
use pam_modutil_getpwnam() if it's available
...
also refactor to pass in a passwd struct to the util functions
2015-09-08 09:15:07 +02:00
Klas Lindfors
50ce40bbb1
free message at end of function
...
it was possible message was never freed if the sprintf() call failed
2015-07-08 16:11:42 +02:00
Klas Lindfors
9a132bcd07
add cainfo option to allow usage of a cabundle instead of path
...
path submitted by github user @Mrten
reportedly this is needed if curl is linked with gnutls
fixes #6
2015-06-15 10:25:56 +02:00
Klas Lindfors
11326d023d
add debug print for last url used
2015-04-27 11:03:34 +02:00
Clemens Lang
ac5bb65013
Use unsigned, fix printf conversion spec warnings
...
Some of the printf conversion specifications were wrong when used on
size_t, causing
> pam_yubico.c:957:57: warning: format specifies type 'int' but the argument has type 'size_t' (aka 'unsigned long') [-Wformat]
> DBG (("OTP too short to be considered : %i < %i", password_len, (cfg->token_id_length + TOKEN_OTP_LEN)));
> ~~ ^~~~~~~~~~~~
> %zu
> pam_yubico.c:132:36: note: expanded from macro 'DBG'
> #define DBG(x) if (cfg->debug) { D(x); }
> ^
> ./util.h:47:12: note: expanded from macro 'D'
> printf x; \
> ^
and
> pam_yubico.c:967:14: warning: format specifies type 'int' but the argument has type 'size_t' (aka 'unsigned long') [-Wformat]
> skip_bytes, password_len, cfg->token_id_length, TOKEN_OTP_LEN));
> ^~~~~~~~~~~~
> pam_yubico.c:132:36: note: expanded from macro 'DBG'
> #define DBG(x) if (cfg->debug) { D(x); }
> ^
> ./util.h:47:12: note: expanded from macro 'D'
> printf x; \
> ^
Fix these by using the appropriate %zu conversions for size_t. While
looking through the code, there are a couple more places where format
string specifiers could be improved, e.g. using %zu instead of casting
the result of sizeof(x) or strlen(x) to unsigned long.
In addition, convert TOKEN_OTP_LEN, MAX_TOKEN_ID_LEN and
DEFAULT_TOKEN_ID_LEN to unsigned numbers, because negative values would
not make any sense for those.
2015-03-30 13:54:37 +02:00
Clemens Lang
c1f61bae0f
Fix warning if pam_message.msg isn't constant
...
On OS X and FreeBSD, struct pam_message does not declare its msg member
as constant. This causes a warning when assigning a constant string to
it:
pam_yubico.c:403:14: warning: assigning to 'char *' from 'const char *' discards qualifiers [-Wincompatible-pointer-types-discards-qualifiers]
msg[0].msg = message;
^ ~~~~~~~
2015-03-30 13:54:36 +02:00
Klas Lindfors
252f582712
change datatypes to unsigned
...
avoiding warnings about sign conversion
2015-03-04 14:52:28 +01:00
Klas Lindfors
8241cd0423
Merge branch 'feature/ldap_refactor'
...
Conflicts:
pam_yubico.c
2015-03-04 14:40:57 +01:00
Klas Lindfors
71339bb8a1
allow ldap search with no base
2015-03-04 11:12:53 +01:00
Klas Lindfors
c75a3f0496
move debug print (and dereference of resp) inside null check
2015-03-04 10:20:40 +01:00
Klas Lindfors
77c152df6f
move protocol inside HAVE_LIBLDAP
...
to avoid warning of unused variable
2015-03-04 09:57:22 +01:00
Klas Lindfors
336351188b
drop password parameter for authorized_user_token_ldap()
2015-03-04 09:27:21 +01:00
Klas Lindfors
5709a4479a
drop the ldap_bind_no_anonymous feature
...
Sending the users password out in another direction is scary and
requires more thought. Ideally this should be solved by using ldap
GSSAPI or similar instead of sending a cleartext password over the
network.
2015-03-04 09:14:53 +01:00
Klas Lindfors
0d3a4f4f75
consider all success as valid session
2015-03-04 09:14:14 +01:00
Klas Lindfors
f6e1ec9483
don't throw const away in cast
2015-03-04 09:11:09 +01:00
Klas Lindfors
311958093d
client_id is supposed to be unsigned
2015-03-04 08:59:55 +01:00
Klas Lindfors
6c121c8da3
make sure rc is initialized before using
2015-03-04 08:50:08 +01:00
Klas Lindfors
663fa9a8a4
don't use c++ style comments
2015-03-04 08:47:11 +01:00
Klas Lindfors
3819b40430
don't use c++ style comments
2015-03-04 08:46:52 +01:00
Klas Lindfors
4faddc54f4
conform to other code
2015-03-04 08:45:03 +01:00
Klas Lindfors
878c62dd56
drop extra options for bind dn and password
2015-02-16 10:10:53 +01:00
Klas Lindfors
f579f256c0
Merge commit 'aa87979eb84adb3adef170dac6ff2285ba43cd26' into features/ldap
...
Conflicts:
README
2015-02-16 09:03:45 +01:00
Klas Lindfors
3b3a96efc2
add ykclient_global_init() and ykclient_global_done() calls
2015-02-16 08:19:59 +01:00
Klas Lindfors
ebb024f340
add debug print with version
2015-02-13 12:33:43 +01:00
Klas Lindfors
b02ab9902a
free more unfreed memory in the pam_response structure
2015-01-21 09:57:02 +01:00
Klas Lindfors
057c3743c9
fixup a memory leak
...
the caller is responsible for freeing the pam_response from
conversations
2015-01-16 10:14:22 +01:00
Meno Abels
aa87979eb8
integrate https://github.com/Yubico/yubico-pam/pull/39/files
2014-11-20 23:59:36 +01:00
Meno Abels
37553c41ce
enable that openvpn can now run without any local user
2014-11-20 23:22:59 +01:00
Meno Abels
dae9380ac7
added a better ldap handling, and to allow query active directory
2014-11-20 23:15:39 +01:00
Klas Lindfors
d9780eacd9
move check_user_token() to util
...
for testability..
2014-08-27 10:45:42 +02:00
Klas Lindfors
83a9b93d5b
re-add libyubikey, needed.
2014-08-27 10:25:01 +02:00
Klas Lindfors
6dbcb903a5
move includes around in an attempt to include less
2014-08-27 09:44:49 +02:00
Klas Lindfors
79612b5b29
break out util.c into it's own temporary library
...
to make testing easier
2014-08-27 09:37:38 +02:00
Klas Lindfors
376bf33f9a
correctly mark strings in cfg struct as const
2014-07-29 09:25:39 +02:00
Klas Lindfors
54989c3f3f
fixup so urllist data is kept within it's own memory before strtok
...
fixes #41
2014-07-29 09:23:10 +02:00
Alex Fisher
d35d5bfb30
Fix segfault whilst freeing urls
2014-06-02 11:32:08 +01:00
Simon Josefsson
43cd3b4621
Update copyright years.
2014-04-30 13:16:09 +02:00
Klas Lindfors
431e96033d
fixup strtok of url templates
2014-03-26 11:00:39 +01:00
Klas Lindfors
8f6717b13e
fixup urllist feature (hopefully)
2014-03-26 10:53:40 +01:00
Klas Lindfors
602905c51d
spelling
2014-03-26 09:40:01 +01:00
Klas Lindfors
3be440ec80
add urllist feature
...
allowing up to 10 urls to be specified in config
2014-03-12 15:00:22 +01:00
Simon Josefsson
387db3eba0
Merge pull request #14 from BinetReseau/master
...
No match between user and token detailed pam values
2013-09-27 02:11:20 -07:00
Klas Lindfors
7fa8cbbd46
a PAM_MODUTIL_DEV_PRIVS structure can't be reused
...
so we have to allocate a second one and point to
that for the second time we want to drop privs.
relates to #28
2013-09-23 08:56:49 +02:00
Klas Lindfors
1b2a8fdf30
reimplement drop_privs to implement the pam_modutils interface
...
Original patch from maxime.deroucy@gmail.com .
http://code.google.com/p/yubico-pam/issues/detail?id=49
fixes #19
2013-09-20 10:54:13 +02:00