OpenPAM/OpenPAM
OpenPAM
/
OpenPAM
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
848 Commits 3 Branches 10 Tags 1.9 MiB
Commit Graph

848 Commits

Author SHA1 Message Date
Dag-Erling Smørgrav 10e70f48b8 Ignore test output and logs. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@717 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-08-19 15:45:54 +00:00
Dag-Erling Smørgrav f69d77aaed liboath #include nits 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@716 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-08-19 15:37:29 +00:00
Dag-Erling Smørgrav 1b1f9c46e4 Start generating man pages for liboath. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@715 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-08-19 15:31:12 +00:00
Dag-Erling Smørgrav bcafac75c2 Insert joke about double-dating. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@713 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-08-19 15:11:04 +00:00
Dag-Erling Smørgrav 1f9f093691 Grr, gremlins slipped into gendoc.pl between testing and committing. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@712 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-08-19 15:09:27 +00:00
Dag-Erling Smørgrav 6b2927cfc5 Hardcode utf8 input encoding without messing around with environment 
variables.

Stop pasting a (potentially incorrect) copyright statement and license
into generated files.  Instead, refer to the source, and if possible,
include the source revision number.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@711 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-08-19 15:04:50 +00:00
Dag-Erling Smørgrav fa62c8c348 Shorten hash dereferences wherever possible. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@710 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-08-19 15:01:44 +00:00
Dag-Erling Smørgrav 4264bfb000 Silence spurious warnings from aclocal. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@709 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-08-18 14:47:20 +00:00
Dag-Erling Smørgrav 90715a13d4 Extend the append-svn-revision-to-package-version logic to all 
non-numeric branches, not just trunk.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@708 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-08-18 12:13:21 +00:00
Dag-Erling Smørgrav a03bbedb50 Increase the default synchronization window, and provide options to 
control it.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@707 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-08-16 13:45:55 +00:00
Dag-Erling Smørgrav b9ec47c689 Don't forget to install all the liboath headers. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@706 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-08-16 12:58:05 +00:00
Dag-Erling Smørgrav 0c4d5add5f Implement key saving, and change the outcome of failing to save the 
key from a system error to a service error.

Note that currently, an error saving the key may destroy the original
keyfile.  This needs to be adressed.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@705 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-08-16 12:32:26 +00:00
Dag-Erling Smørgrav d34ad5ab09 liboath needs generic alloc() / free() facilities for key data; 
oath_key_alloc() does the right thing, but oath_key_to_uri() doesn't.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@704 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-08-16 12:18:00 +00:00
Dag-Erling Smørgrav efa93c4a5f Don't log the text we read, it may contain sensitive information (such 
as an OATH OTP key, since liboath uses openpam_readline() to read the
keyfile)


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@703 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-08-16 11:57:54 +00:00
Dag-Erling Smørgrav a02762c066 Update svn:ignore. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@702 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-08-16 10:28:48 +00:00
Dag-Erling Smørgrav b8ec0155ab - If @PACKAGE_VERSION@ is "trunk" and svnversion prints something 
sensible, append the svn revision.
- Implement an ugly workaround for the shlib issue.
- Clean up and add comments.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@701 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-08-16 10:26:24 +00:00
Dag-Erling Smørgrav d3f359e2df Major cleanup. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@700 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-08-15 17:17:15 +00:00
Dag-Erling Smørgrav 929ddb1bc3 Fixed flipped condition. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@699 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-08-15 17:15:35 +00:00
Dag-Erling Smørgrav 0c34187244 Update. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@698 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-08-15 17:14:32 +00:00
Dag-Erling Smørgrav 880bd5c2d4 s/oath_dummy_key/oath_key_dummy/ 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@697 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-08-15 16:24:28 +00:00
Dag-Erling Smørgrav fe081dbbfc Unfortunately, Linux doesn't have MAP_NOCORE. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@696 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-08-15 16:00:41 +00:00
Dag-Erling Smørgrav dfe04a59e4 svn:ignore the mkpkgng script. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@695 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-08-15 15:24:50 +00:00
Dag-Erling Smørgrav 88a91c2d02 Rename oath_dummy_key() to oath_key_dummy() and move it into its own file. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@694 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-08-15 15:23:58 +00:00
Dag-Erling Smørgrav 066e2b91ff Record the last successful use of a TOTP key. Also add commented-out 
logic to prevent reuse of the same code or an earlier code within the
window, and make some minor type adjustments.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@693 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-08-15 15:21:31 +00:00
Dag-Erling Smørgrav b578b6a715 Add a script that creates a FreeBSD pkgng package. It does not currently 
work as intended due to a bug in pkgng's shlib handling.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@692 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-08-15 14:01:04 +00:00
Dag-Erling Smørgrav efe4bec74a Remove --with-modules-dir now that we DTRT by default. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@691 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-08-15 13:59:33 +00:00
Dag-Erling Smørgrav 5847a34802 The --with-modules-dir configure option never quite worked, and became 
even more badly broken when the dynamic loader was rewritten in March.
Reimplement it the way it was always meant to work (but never did):

If --with-modules-dir was specified, modules will be installed in that
directory and the dynamic loader will look for them there.  If it was
not specified, modules will be installed in libdir and the dynamic
loader will use the standard search path (/usr/lib:/usr/local/lib).  In
both cases, a policy file can still name a module by its full path.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@690 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-08-15 13:22:51 +00:00
Dag-Erling Smørgrav c9387115d9 Factor out oath_key_{alloc,free}() and implement wiring / locking. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@689 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-07-12 10:47:14 +00:00
Dag-Erling Smørgrav c05b6dd046 INFTIM is a BSDism; use -1 instead. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@688 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-07-11 16:40:08 +00:00
Dag-Erling Smørgrav 93d104bfd6 Reimplement, hopefully with marginally fewer bugs. There is an 
unfortunate amount of code duplication between the tty and non-tty
paths, but the alternative is greatly increased complexity.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@687 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-07-11 16:37:25 +00:00
Dag-Erling Smørgrav 3a53d5117b Document that openpam_log(3) saves and restores errno(2). 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@686 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-07-11 16:36:02 +00:00
Dag-Erling Smørgrav 6950b99458 Add a command-line option that controls openpam_ttyconv_timeout. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@685 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-07-11 16:33:34 +00:00
Dag-Erling Smørgrav 3ab09a4f26 OPENPAM_DEBUG (--enable-debug) has a double action: it enables the 
debugging macros, and sets the initial value of openpam_debug to 1.
This effectively gives the user a choice between no debugging at all,
or drowning in debugging messages from every part of the system.

Assuming that the primary use case for debugging is to allow admins to
troubleshoot their policies by adding the debug option to selected
pam.conf entries, remove the initialization of openpam_debug to 1.
This allows integrators to ship OpenPAM with OPENPAM_DEBUG defined
without spamming /var/log.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@684 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-04-14 15:44:32 +00:00
Dag-Erling Smørgrav a43b9256fc Log an error if open() failed for any other reason than ENOENT. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@683 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-04-14 14:49:59 +00:00
Dag-Erling Smørgrav 70d5d18643 Initialize has_ver and has_so to false, not true. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@682 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-04-14 14:48:29 +00:00
Dag-Erling Smørgrav 2fc7038ca4 Always restore errno before returning from openpam_log(). 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@681 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-04-14 14:36:05 +00:00
Dag-Erling Smørgrav 9f0aba7d25 Note need for loop detection 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@680 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-03-29 21:38:21 +00:00
Dag-Erling Smørgrav 9f6bdd74f4 Clean up and simplify dummy key handling. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@679 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-03-18 21:38:58 +00:00
Dag-Erling Smørgrav 7da9af6602 Set a reasonable, hard limit on label length. This removes the need for 
a variable-length key structure (to accommodate a variable-length label)
and vastly simplifies key parsing.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@678 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-03-18 21:34:29 +00:00
Dag-Erling Smørgrav f3f8ccc9c3 An 80-byte key makes no sense, since HMAC hashes keys longer than 64 
bytes.  Google Authenticator uses 20-byte keys.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@677 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-03-18 21:19:41 +00:00
Dag-Erling Smørgrav 496bd4632b - Add module options for specifying what to do if the user has no key 
or if the key was unreadable or invalid.

- Fix inverted success / failure logic.

The module is now in a (barely) usable state.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@676 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-03-18 19:20:54 +00:00
Dag-Erling Smørgrav 2be62b5732 Document the changes to the module loading code. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@675 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-03-17 20:06:01 +00:00
Dag-Erling Smørgrav c1df418c6f comment nit 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@674 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-03-17 20:04:24 +00:00
Dag-Erling Smørgrav 422a3ccd39 - Mention quoting and add a cross-reference to openpam_readword(3), 
which has a detailed explanation of how the file is parsed.

- Document the module search path.

- Warn against include loops.

- Briefly describe module options which affect libpam itself.

- Minor markup and formatting improvements.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@673 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-03-17 20:04:06 +00:00
Dag-Erling Smørgrav 794601a544 Make the .so suffix optional, so these three lines are now equivalent: 
auth	required	pam_unix.so.2	try_first_pass
auth	required	pam_unix.so	try_first_pass
auth	required	pam_unix	try_first_pass


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@672 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-03-17 19:42:33 +00:00
Dag-Erling Smørgrav 4f9b0f6342 ...and there's more to come. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@671 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-03-17 19:37:00 +00:00
Dag-Erling Smørgrav d4ab77b35c Document the effect of module options (echo_pass, *_prompt etc) 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@670 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-03-17 19:26:07 +00:00
Dag-Erling Smørgrav 30f65f8a44 Add a "maintained by" footer to ThinkSec-authored pages, like we do 
for pam(3), openpam(3) and pam.conf(5).


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@669 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-03-17 19:21:55 +00:00
Dag-Erling Smørgrav bcebdf0ea8 Support tagged lists of module options. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@668 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-03-17 14:48:43 +00:00
Dag-Erling Smørgrav 32d5e093bd Remove unneeded #include 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@667 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-03-17 14:24:00 +00:00