OpenPAM/OpenPAM
OpenPAM
/
OpenPAM
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
664 Commits 3 Branches 10 Tags 1.9 MiB
Commit Graph

664 Commits

Author SHA1 Message Date
Dag-Erling Smørgrav ac7a182787 Tag OpenPAM Ourouparia 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/tags/openpam-20140912@816 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2014-09-12 07:50:22 +00:00
Dag-Erling Smørgrav 18ca38b81c merge r813: credit Gavin Atkinson 
merge r814: autotools nits


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/branches/nooath@815 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2014-09-12 07:47:27 +00:00
Dag-Erling Smørgrav 590fc39338 merge r811: push back release date 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/branches/nooath@812 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2014-09-12 07:24:23 +00:00
Dag-Erling Smørgrav 9f736ec8f4 merge r809: typo 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/branches/nooath@810 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2014-09-09 11:02:16 +00:00
Dag-Erling Smørgrav ed0929dcc0 merge r766, r767: fix svn:ignore 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/branches/nooath@808 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2014-09-09 09:43:48 +00:00
Dag-Erling Smørgrav 89f5473b9d merge r802: require at least one service function to have succeeded. 
merge r803: introduce strlset() and use it to clear authentication tokens
merge r804: remove keywords from text files
merge r805: include CVE numbers in change log
merge r806: prepare to release Ourouparia


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/branches/nooath@807 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2014-09-09 09:41:32 +00:00
Dag-Erling Smørgrav bdb75a6c92 merge r800: belatedly document support for module search paths 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/branches/nooath@801 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2014-09-08 12:43:20 +00:00
Dag-Erling Smørgrav 79670fe2fb merge r797: add a missing cast 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/branches/nooath@798 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2014-06-10 21:28:14 +00:00
Dag-Erling Smørgrav 4685f783f4 merge r795: fix error handling for nonexistent modules (CVE-2014-3879) 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/branches/nooath@796 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2014-06-03 21:30:08 +00:00
Dag-Erling Smørgrav c87d7f0ff0 merge r759: add is_xdigit() predicate 
merge r760: add tests for ctype macros
merge r761: fix bug in is_upper()
merge r762: update credits


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/branches/nooath@763 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2014-02-26 16:29:16 +00:00
Dag-Erling Smørgrav efb78b5569 merge r748: typo in pam_conv(3) man page 
merge r749: update mkpkgng for pkg 1.2
merge r750: credit bapt@freebsd.org


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/branches/nooath@751 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2014-01-13 21:34:29 +00:00
Dag-Erling Smørgrav 00df607198 merge r746: typos in man pages 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/branches/nooath@747 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-12-10 14:03:16 +00:00
Dag-Erling Smørgrav c3cacd763a merge r742: caught_signal should be static. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/branches/nooath@743 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-09-07 19:26:36 +00:00
Dag-Erling Smørgrav 05d3310d7e sort the manifest 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/branches/nooath@740 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-09-07 13:03:20 +00:00
Dag-Erling Smørgrav e2fcd142ce s/trunk/nooath/ 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/branches/nooath@738 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-09-07 12:56:31 +00:00
Dag-Erling Smørgrav 60d3d1dae7 Prepare for OpenPAM Nummularia. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/branches/nooath@737 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-09-07 12:53:55 +00:00
Dag-Erling Smørgrav 83162901d4 Catch up with trunk 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/branches/nooath@736 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-09-07 12:52:42 +00:00
Dag-Erling Smørgrav fd3a018fbf merge 717: svn:ignore test output and logs 
merge 718, 719: improved man page dependency handling


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/branches/nooath@720 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-08-19 16:02:10 +00:00
Dag-Erling Smørgrav efcf4a9ec6 Create a nooath branch as a copy of trunk@713 with the OATH code removed. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/branches/nooath@714 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-08-19 15:30:21 +00:00
Dag-Erling Smørgrav bcafac75c2 Insert joke about double-dating. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@713 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-08-19 15:11:04 +00:00
Dag-Erling Smørgrav 1f9f093691 Grr, gremlins slipped into gendoc.pl between testing and committing. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@712 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-08-19 15:09:27 +00:00
Dag-Erling Smørgrav 6b2927cfc5 Hardcode utf8 input encoding without messing around with environment 
variables.

Stop pasting a (potentially incorrect) copyright statement and license
into generated files.  Instead, refer to the source, and if possible,
include the source revision number.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@711 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-08-19 15:04:50 +00:00
Dag-Erling Smørgrav fa62c8c348 Shorten hash dereferences wherever possible. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@710 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-08-19 15:01:44 +00:00
Dag-Erling Smørgrav 4264bfb000 Silence spurious warnings from aclocal. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@709 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-08-18 14:47:20 +00:00
Dag-Erling Smørgrav 90715a13d4 Extend the append-svn-revision-to-package-version logic to all 
non-numeric branches, not just trunk.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@708 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-08-18 12:13:21 +00:00
Dag-Erling Smørgrav a03bbedb50 Increase the default synchronization window, and provide options to 
control it.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@707 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-08-16 13:45:55 +00:00
Dag-Erling Smørgrav b9ec47c689 Don't forget to install all the liboath headers. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@706 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-08-16 12:58:05 +00:00
Dag-Erling Smørgrav 0c4d5add5f Implement key saving, and change the outcome of failing to save the 
key from a system error to a service error.

Note that currently, an error saving the key may destroy the original
keyfile.  This needs to be adressed.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@705 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-08-16 12:32:26 +00:00
Dag-Erling Smørgrav d34ad5ab09 liboath needs generic alloc() / free() facilities for key data; 
oath_key_alloc() does the right thing, but oath_key_to_uri() doesn't.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@704 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-08-16 12:18:00 +00:00
Dag-Erling Smørgrav efa93c4a5f Don't log the text we read, it may contain sensitive information (such 
as an OATH OTP key, since liboath uses openpam_readline() to read the
keyfile)


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@703 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-08-16 11:57:54 +00:00
Dag-Erling Smørgrav a02762c066 Update svn:ignore. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@702 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-08-16 10:28:48 +00:00
Dag-Erling Smørgrav b8ec0155ab - If @PACKAGE_VERSION@ is "trunk" and svnversion prints something 
sensible, append the svn revision.
- Implement an ugly workaround for the shlib issue.
- Clean up and add comments.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@701 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-08-16 10:26:24 +00:00
Dag-Erling Smørgrav d3f359e2df Major cleanup. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@700 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-08-15 17:17:15 +00:00
Dag-Erling Smørgrav 929ddb1bc3 Fixed flipped condition. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@699 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-08-15 17:15:35 +00:00
Dag-Erling Smørgrav 0c34187244 Update. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@698 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-08-15 17:14:32 +00:00
Dag-Erling Smørgrav 880bd5c2d4 s/oath_dummy_key/oath_key_dummy/ 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@697 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-08-15 16:24:28 +00:00
Dag-Erling Smørgrav fe081dbbfc Unfortunately, Linux doesn't have MAP_NOCORE. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@696 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-08-15 16:00:41 +00:00
Dag-Erling Smørgrav dfe04a59e4 svn:ignore the mkpkgng script. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@695 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-08-15 15:24:50 +00:00
Dag-Erling Smørgrav 88a91c2d02 Rename oath_dummy_key() to oath_key_dummy() and move it into its own file. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@694 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-08-15 15:23:58 +00:00
Dag-Erling Smørgrav 066e2b91ff Record the last successful use of a TOTP key. Also add commented-out 
logic to prevent reuse of the same code or an earlier code within the
window, and make some minor type adjustments.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@693 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-08-15 15:21:31 +00:00
Dag-Erling Smørgrav b578b6a715 Add a script that creates a FreeBSD pkgng package. It does not currently 
work as intended due to a bug in pkgng's shlib handling.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@692 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-08-15 14:01:04 +00:00
Dag-Erling Smørgrav efe4bec74a Remove --with-modules-dir now that we DTRT by default. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@691 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-08-15 13:59:33 +00:00
Dag-Erling Smørgrav 5847a34802 The --with-modules-dir configure option never quite worked, and became 
even more badly broken when the dynamic loader was rewritten in March.
Reimplement it the way it was always meant to work (but never did):

If --with-modules-dir was specified, modules will be installed in that
directory and the dynamic loader will look for them there.  If it was
not specified, modules will be installed in libdir and the dynamic
loader will use the standard search path (/usr/lib:/usr/local/lib).  In
both cases, a policy file can still name a module by its full path.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@690 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-08-15 13:22:51 +00:00
Dag-Erling Smørgrav c9387115d9 Factor out oath_key_{alloc,free}() and implement wiring / locking. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@689 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-07-12 10:47:14 +00:00
Dag-Erling Smørgrav c05b6dd046 INFTIM is a BSDism; use -1 instead. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@688 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-07-11 16:40:08 +00:00
Dag-Erling Smørgrav 93d104bfd6 Reimplement, hopefully with marginally fewer bugs. There is an 
unfortunate amount of code duplication between the tty and non-tty
paths, but the alternative is greatly increased complexity.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@687 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-07-11 16:37:25 +00:00
Dag-Erling Smørgrav 3a53d5117b Document that openpam_log(3) saves and restores errno(2). 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@686 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-07-11 16:36:02 +00:00
Dag-Erling Smørgrav 6950b99458 Add a command-line option that controls openpam_ttyconv_timeout. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@685 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-07-11 16:33:34 +00:00
Dag-Erling Smørgrav 3ab09a4f26 OPENPAM_DEBUG (--enable-debug) has a double action: it enables the 
debugging macros, and sets the initial value of openpam_debug to 1.
This effectively gives the user a choice between no debugging at all,
or drowning in debugging messages from every part of the system.

Assuming that the primary use case for debugging is to allow admins to
troubleshoot their policies by adding the debug option to selected
pam.conf entries, remove the initialization of openpam_debug to 1.
This allows integrators to ship OpenPAM with OPENPAM_DEBUG defined
without spamming /var/log.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@684 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-04-14 15:44:32 +00:00
Dag-Erling Smørgrav a43b9256fc Log an error if open() failed for any other reason than ENOENT. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@683 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-04-14 14:49:59 +00:00