OpenPAM/OpenPAM
OpenPAM/OpenPAM
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
829 commits 3 branches 10 tags 1.9 MiB
Commit graph

829 commits

This branch
This branch
All branches
Author SHA1 Message Date
Dag-Erling Smørgrav
880bd5c2d4 s/oath_dummy_key/oath_key_dummy/ 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@697 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-08-15 16:24:28 +00:00
Dag-Erling Smørgrav
fe081dbbfc Unfortunately, Linux doesn't have MAP_NOCORE. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@696 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-08-15 16:00:41 +00:00
Dag-Erling Smørgrav
dfe04a59e4 svn:ignore the mkpkgng script. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@695 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-08-15 15:24:50 +00:00
Dag-Erling Smørgrav
88a91c2d02 Rename oath_dummy_key() to oath_key_dummy() and move it into its own file. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@694 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-08-15 15:23:58 +00:00
Dag-Erling Smørgrav
066e2b91ff Record the last successful use of a TOTP key. Also add commented-out 
logic to prevent reuse of the same code or an earlier code within the
window, and make some minor type adjustments.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@693 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-08-15 15:21:31 +00:00
Dag-Erling Smørgrav
b578b6a715 Add a script that creates a FreeBSD pkgng package. It does not currently 
work as intended due to a bug in pkgng's shlib handling.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@692 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-08-15 14:01:04 +00:00
Dag-Erling Smørgrav
efe4bec74a Remove --with-modules-dir now that we DTRT by default. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@691 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-08-15 13:59:33 +00:00
Dag-Erling Smørgrav
5847a34802 The --with-modules-dir configure option never quite worked, and became 
even more badly broken when the dynamic loader was rewritten in March.
Reimplement it the way it was always meant to work (but never did):

If --with-modules-dir was specified, modules will be installed in that
directory and the dynamic loader will look for them there.  If it was
not specified, modules will be installed in libdir and the dynamic
loader will use the standard search path (/usr/lib:/usr/local/lib).  In
both cases, a policy file can still name a module by its full path.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@690 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-08-15 13:22:51 +00:00
Dag-Erling Smørgrav
c9387115d9 Factor out oath_key_{alloc,free}() and implement wiring / locking. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@689 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-07-12 10:47:14 +00:00
Dag-Erling Smørgrav
c05b6dd046 INFTIM is a BSDism; use -1 instead. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@688 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-07-11 16:40:08 +00:00
Dag-Erling Smørgrav
93d104bfd6 Reimplement, hopefully with marginally fewer bugs. There is an 
unfortunate amount of code duplication between the tty and non-tty
paths, but the alternative is greatly increased complexity.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@687 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-07-11 16:37:25 +00:00
Dag-Erling Smørgrav
3a53d5117b Document that openpam_log(3) saves and restores errno(2). 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@686 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-07-11 16:36:02 +00:00
Dag-Erling Smørgrav
6950b99458 Add a command-line option that controls openpam_ttyconv_timeout. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@685 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-07-11 16:33:34 +00:00
Dag-Erling Smørgrav
3ab09a4f26 OPENPAM_DEBUG (--enable-debug) has a double action: it enables the 
debugging macros, and sets the initial value of openpam_debug to 1.
This effectively gives the user a choice between no debugging at all,
or drowning in debugging messages from every part of the system.

Assuming that the primary use case for debugging is to allow admins to
troubleshoot their policies by adding the debug option to selected
pam.conf entries, remove the initialization of openpam_debug to 1.
This allows integrators to ship OpenPAM with OPENPAM_DEBUG defined
without spamming /var/log.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@684 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-04-14 15:44:32 +00:00
Dag-Erling Smørgrav
a43b9256fc Log an error if open() failed for any other reason than ENOENT. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@683 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-04-14 14:49:59 +00:00
Dag-Erling Smørgrav
70d5d18643 Initialize has_ver and has_so to false, not true. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@682 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-04-14 14:48:29 +00:00
Dag-Erling Smørgrav
2fc7038ca4 Always restore errno before returning from openpam_log(). 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@681 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-04-14 14:36:05 +00:00
Dag-Erling Smørgrav
9f0aba7d25 Note need for loop detection 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@680 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-03-29 21:38:21 +00:00
Dag-Erling Smørgrav
9f6bdd74f4 Clean up and simplify dummy key handling. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@679 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-03-18 21:38:58 +00:00
Dag-Erling Smørgrav
7da9af6602 Set a reasonable, hard limit on label length. This removes the need for 
a variable-length key structure (to accommodate a variable-length label)
and vastly simplifies key parsing.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@678 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-03-18 21:34:29 +00:00
Dag-Erling Smørgrav
f3f8ccc9c3 An 80-byte key makes no sense, since HMAC hashes keys longer than 64 
bytes.  Google Authenticator uses 20-byte keys.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@677 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-03-18 21:19:41 +00:00
Dag-Erling Smørgrav
496bd4632b - Add module options for specifying what to do if the user has no key 
or if the key was unreadable or invalid.

- Fix inverted success / failure logic.

The module is now in a (barely) usable state.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@676 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-03-18 19:20:54 +00:00
Dag-Erling Smørgrav
2be62b5732 Document the changes to the module loading code. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@675 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-03-17 20:06:01 +00:00
Dag-Erling Smørgrav
c1df418c6f comment nit 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@674 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-03-17 20:04:24 +00:00
Dag-Erling Smørgrav
422a3ccd39 - Mention quoting and add a cross-reference to openpam_readword(3), 
which has a detailed explanation of how the file is parsed.

- Document the module search path.

- Warn against include loops.

- Briefly describe module options which affect libpam itself.

- Minor markup and formatting improvements.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@673 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-03-17 20:04:06 +00:00
Dag-Erling Smørgrav
794601a544 Make the .so suffix optional, so these three lines are now equivalent: 
auth	required	pam_unix.so.2	try_first_pass
auth	required	pam_unix.so	try_first_pass
auth	required	pam_unix	try_first_pass


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@672 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-03-17 19:42:33 +00:00
Dag-Erling Smørgrav
4f9b0f6342 ...and there's more to come. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@671 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-03-17 19:37:00 +00:00
Dag-Erling Smørgrav
d4ab77b35c Document the effect of module options (echo_pass, *_prompt etc) 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@670 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-03-17 19:26:07 +00:00
Dag-Erling Smørgrav
30f65f8a44 Add a "maintained by" footer to ThinkSec-authored pages, like we do 
for pam(3), openpam(3) and pam.conf(5).


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@669 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-03-17 19:21:55 +00:00
Dag-Erling Smørgrav
bcebdf0ea8 Support tagged lists of module options. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@668 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-03-17 14:48:43 +00:00
Dag-Erling Smørgrav
32d5e093bd Remove unneeded #include 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@667 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-03-17 14:24:00 +00:00
Dag-Erling Smørgrav
3353ad06ce Add predicates for letters and digits. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@666 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-03-17 14:22:17 +00:00
Dag-Erling Smørgrav
2dd5f46e84 Add a few more verbose messages 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@665 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-03-17 12:46:51 +00:00
Dag-Erling Smørgrav
0f25be4e42 unbreak static linking 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@664 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-03-17 10:56:15 +00:00
Dag-Erling Smørgrav
b501509854 update 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@663 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-03-11 16:34:01 +00:00
Dag-Erling Smørgrav
567ecaa2af Clean up the dynamic module loading code, and add support for the 
module path which was added in r695.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@662 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-03-11 16:33:27 +00:00
Dag-Erling Smørgrav
2b8f7a6154 nit: the argument is a module name, which may or may not be a path. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@661 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-03-11 15:44:22 +00:00
Dag-Erling Smørgrav
fe2e691204 Use dlfunc() if available; if not, fake it in terms of dlsym(). 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@660 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-03-11 15:08:52 +00:00
Dag-Erling Smørgrav
785bc19867 Move openpam_policy_path into openpam_constants.c, and add a corresponding 
openpam_module_path.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@659 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-03-11 14:10:13 +00:00
Dag-Erling Smørgrav
429089e868 Add missing #include 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@658 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-03-06 22:59:15 +00:00
Dag-Erling Smørgrav
26d543d484 __unused is a FreeBSDism, use OPENPAM_UNUSED(). 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@657 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-03-06 22:59:05 +00:00
Dag-Erling Smørgrav
efe65a2cab Add a macro for marking a variable or function argument as unused. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@656 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-03-06 22:58:45 +00:00
Dag-Erling Smørgrav
7bcd5bb700 Split up the liboath header files. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@655 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-03-06 14:10:09 +00:00
Dag-Erling Smørgrav
93a9982d45 Link with -lcrypto 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@654 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-03-05 19:03:59 +00:00
Dag-Erling Smørgrav
0ba869e872 Test cases for base 32 and 64 encoders 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@653 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-03-05 18:54:22 +00:00
Dag-Erling Smørgrav
a810f26399 OpenSSL_add_all_algorithms() is actually a macro, and therefore 
unsuitable for the purpose of locating libcrypto.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@652 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-03-05 18:40:37 +00:00
Dag-Erling Smørgrav
7ab83ce826 Support tests that require arguments 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@651 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-03-05 18:11:59 +00:00
Dag-Erling Smørgrav
e6ad0c668c Update TODO list 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@650 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-03-05 17:58:43 +00:00
Dag-Erling Smørgrav
0da2f07cfb PAM_LOG_DEBUG -> PAM_LOG_LIBDEBUG 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@649 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-03-05 17:58:33 +00:00
Dag-Erling Smørgrav
f6205baa20 prop sweep 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@648 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-03-05 17:54:27 +00:00