forked from Yubico/yubico-pam-dpkg
-
Notifications
You must be signed in to change notification settings - Fork 0
/
ChangeLog
1463 lines (823 loc) · 42.1 KB
/
ChangeLog
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
2013-09-27 Klas Lindfors <klas@yubico.com>
* NEWS: release 2.14
2013-09-27 Simon Josefsson <simon@josefsson.org>
* : Merge pull request #14 from BinetReseau/master No match between user and token detailed pam values
2013-09-23 Klas Lindfors <klas@yubico.com>
* configure.ac: require version 1.8.0 of libykpers since we use yk_challenge_response() introduced in that version.
2013-09-20 Klas Lindfors <klas@yubico.com>
* doc: update doc submodule
2013-09-20 Klas Lindfors <klas@yubico.com>
* drop_privs.c, drop_privs.h, pam_yubico.c: reimplement drop_privs
to implement the pam_modutils interface Original patch from maxime.deroucy@gmail.com.
http://code.google.com/p/yubico-pam/issues/detail?id=49 fixes #19
2013-09-19 Klas Lindfors <klas@yubico.com>
* : Merge pull request #27 from eworm-de/stack use correct size to hex decode salt
2013-09-19 Klas Lindfors <klas@yubico.com>
* Makefile.am: fixup release target for move to github
2013-09-19 Klas Lindfors <klas@yubico.com>
* README: minor formatting fixes
2013-09-19 Klas Lindfors <klas@yubico.com>
* README, ykpamcfg.1: everything moved to github
2013-09-19 Klas Lindfors <klas@yubico.com>
* COPYING, configure.ac, drop_privs.c, pam_yubico.c, util.c,
util.h, ykpamcfg.1, ykpamcfg.c: update copyright years
2013-09-19 Klas Lindfors <klas@yubico.com>
* drop_privs.c: allocate space for the grplist in the privs
structure as we want to save the privs structure longer than the scope of
def_privs we need to allocate the space for grplist.
2013-09-19 Klas Lindfors <klas@yubico.com>
* drop_privs.c: correct debug message
2013-09-18 Klas Lindfors <klas@yubico.com>
* util.c: move around to avoid warning
2013-09-18 Klas Lindfors <klas@yubico.com>
* util.c: always set iterations and rewind before second fscanf()
2013-09-18 Klas Lindfors <klas@yubico.com>
* README, configure.ac: update urls to other projects
2013-09-18 Klas Lindfors <klas@yubico.com>
* util.c: use malloc() instead of alloca() and free after use
2013-04-20 Eugene Crosser <crosser@average.org>
* drop_privs.c, pam_yubico.c, util.c: Stop leaks of memory and of
privileges Fix several memory leaks and mishandling of the privilege status
where a function returned failure indication, and previously
allocated memory was not freed (and the referece was lost), or
previously droped privileges where not restored.
2013-09-18 Klas Lindfors <klas@yubico.com>
* ykpamcfg.1, ykpamcfg.c: add -i switch for setting iterations with
ykpamcfg
2013-09-18 Klas Lindfors <klas@yubico.com>
* .gitignore: ignore signed releases
2013-09-18 Klas Lindfors <klas@yubico.com>
* drop_privs.c: fix warnings
2013-09-18 Klas Lindfors <klas@yubico.com>
* pam_yubico.c: fixup warnings
2013-09-18 Klas Lindfors <klas@yubico.com>
* ykpamcfg.c: fix warnings
2013-09-18 Klas Lindfors <klas@yubico.com>
* pam_yubico.c, util.c, util.h: use pbkdf2 to process the exepected
response this bumps the version on the state file to 2 old files can still be
read but new files will use the new format
2013-09-18 Klas Lindfors <klas@yubico.com>
* pam_yubico.c, util.c, util.h, ykpamcfg.c: refactor to use chalresp
function from ykpers so challenge_response() now calls yk_challenge_response() to do the
yubikey internal stuff.
2013-09-18 Klas Lindfors <klas@yubico.com>
* Makefile.am, configure.ac, m4/manywarnings.m4, m4/warnings.m4: add
the same warnings package as yubico-c
2013-09-18 Simon Josefsson <simon@josefsson.org>
* NEWS: Add.
2013-09-18 Simon Josefsson <simon@josefsson.org>
* Makefile.am, NEWS: Don't install internal header files.
2013-05-13 Christian Hesse <mail@eworm.de>
* pam_yubico.c: print information only if debug is specified The pam module is very informative. I do not want it to print any
information unless debug is specified. An attacker should not get
any information.
2013-03-01 Klas Lindfors <klas@yubico.com>
* NEWS, configure.ac: bump version after release
2013-03-01 Klas Lindfors <klas@yubico.com>
* Makefile.am: add more docs
2013-03-01 Klas Lindfors <klas@yubico.com>
* doc: update doc
2013-03-01 Klas Lindfors <klas@yubico.com>
* NEWS: release 2.13
2013-02-14 Dain Nilsson <dainzor@gmail.com>
* : Merge pull request #15 from wwest4/master util.c version check fix
2013-01-26 Pierre-Alain Dupont <pad@melix.net>
* pam_yubico.c: A more precise handling of user-token match errors Signed-off-by: Pierre-Alain Dupont <pad@melix.net>
2013-01-18 Klas Lindfors <klas@yubico.com>
* configure.ac: bump automake version to 1.11
2013-01-18 Clemens Lang <neverpanic@gmail.com>
* configure.ac: configure.ac: call AM_PROG_AR if available
2013-01-17 Klas Lindfors <klas@yubico.com>
* ykpamcfg.1: add path option to man page
2012-11-14 Tommaso Galassi De Orchi <tom@yubico.com>
* ykpamcfg.c: New feature, create directory in the user home.
2012-11-14 Tommaso Galassi De Orchi <tom@yubico.com>
* ykpamcfg.c: Added option to specify a path for ykpamcfg.
2012-11-13 Klas Lindfors <klas@yubico.com>
* README: update ppa location
2012-11-07 Klas Lindfors <klas@yubico.com>
* README, configure.ac: add AM_PROG_AR workaround for automake 1.12.
2012-11-05 Klas Lindfors <klas@yubico.com>
* : commit 37e6a6a80f08cbd4793fee4ff82f58410ab2326e Author: Simon
Josefsson <simon@josefsson.org> Date: Wed Oct 31 17:01:18 2012
+0100
2012-10-30 alexandru totolici <alex@hackd.net>
* README: Distinguish 'characters' from 'digits' in README The Yubikey token ID is 12 characters long, not 12 digits long. This
can make it slightly confusing when first setting a key up, and in
any case it's incorrect language.
2012-10-10 Karl Goetz <kgoetz@squiz.net>
* README: Mention google code hosts downloads too Per request on Issue 45 I've reworded this bit so it mentions google
code hosting the package downloads. I've had to reflow the text
slightly because it pushed it over 72 chars.
2012-10-04 Karl Goetz <kgoetz@squiz.net>
* README, ykpamcfg.1: Finish both files with a blank line Helps to keep all text readable on broken terminals/screens.
2012-10-04 Karl Goetz <kgoetz@squiz.net>
* README: Correct wording for PPA Its 'Personal' not 'Private'
https://help.launchpad.net/Packaging/PPA
2012-10-04 Karl Goetz <kgoetz@squiz.net>
* README: Refer to Github as well as G.Code. This attempts to help explain where to look for various things (eg
bugs, code, doco).
2012-10-03 Klas Lindfors <klas@yubico.com>
* README: break line so we keep document width consistent
2012-10-03 Karl Goetz <kgoetz@squiz.net>
* README: Attempt to clarify format of mapping files I didn't realise from the original version that it was a series of
different token IDs - i thought it was different parts of the OTP.
Hopefully this change clarifys whats really going on here. Part of the patch/doco for Issue 44.
http://code.google.com/p/yubico-pam/issues/detail?id=44
2012-10-03 Karl Goetz <kgoetz@squiz.net>
* README: Explain how to generate an OTP. This wasn't obvious to me and so I suspect others may be confused
too. This commit provides the documentation to close Issue 44, but
is NOT identical to the patch provided on that report. http://code.google.com/p/yubico-pam/issues/detail?id=44
2012-10-03 Karl Goetz <kgoetz@squiz.net>
* README: Explain what an OTP is
2012-10-03 Karl Goetz <kgoetz@squiz.net>
* README: adding a new line for consistancy with spacing on other
headings
2012-10-03 Karl Goetz <kgoetz@squiz.net>
* README: Add information about SELinux to README Because SELinux in enforcing mode will cause yubikey authentication
to fail I'm including some references to discussion around this
problem. The RH bugzilla link also includes a policy snippet which
can be used for this." This commit should resolve Issue #43.
http://code.google.com/p/yubico-pam/issues/detail?id=43
2012-08-06 Vincent Brillault <git@lerya.net>
* pam_yubico.c: Verify the otp_length given by the configuration
Avoid out of bound writing at ligne -920,1 +927,1: strncpy (otp_id,
password + skip_bytes, cfg->token_id_length);
2012-06-15 Klas Lindfors <klas@yubico.com>
* NEWS, configure.ac: bump versions post-release
2012-06-15 Klas Lindfors <klas@yubico.com>
* README: copy changes about dependencies from wiki.
2012-06-15 Klas Lindfors <klas@yubico.com>
* NEWS: NEWS for 2.12
2012-06-15 Klas Lindfors <klas@yubico.com>
* README, configure.ac: remove -Wno-extra-portability, it breaks on
automake before 1.11.2
2012-06-14 Klas Lindfors <klas@yubico.com>
* pam_yubico.c: use errstr to communicate with the user
2012-06-14 Klas Lindfors <klas@yubico.com>
* NEWS, configure.ac: bump versions as 2.11 is released
2012-06-08 Klas Lindfors <klas@yubico.com>
* pam_yubico.c: check for same response in pam module, output debug
for the user
2012-06-08 Klas Lindfors <klas@yubico.com>
* ykpamcfg.c: add check that two challenges get different responses
2012-06-08 Klas Lindfors <klas@yubico.com>
* pam_yubico.c: replace fopen with open+fdopen to set more
restrictive bits
2012-06-05 Clemens Lang <neverpanic@gmail.com>
* configure.ac: Silence warning: missing AM_PROG_AR on non-POSIX Automake 1.12 complains: "linking libraries using a non-POSIX
archiver requires 'AM_PROG_AR' in 'configure.ac'". This patch
silences this warning, allowing automake 1.12 to process
configure.ac with -Werror
2012-03-27 James Dingwall <james@dingwall.me.uk>
* configure.ac: Modify the PAM headers test in configure.ac to
#include <sys/types.h>. This is required to compile conftest.c for
pam_modutil.h on Gentoo with sys-libs/pam-1.1.5 sys-libs/glibc-2.13-r4 sys-devel/gcc-4.5.3-r2
2012-03-05 Fredrik Thulin <fredrik@yubico.com>
* README: Correct libyubikey requirement
2012-03-05 Fredrik Thulin <fredrik@yubico.com>
* configure.ac: libyubikey is really only required --with-cr
2012-02-13 Fredrik Thulin <fredrik@yubico.com>
* pam_yubico.c, util.c, util.h: load_chalresp_state: Debug message
was always shown.
2012-02-10 Fredrik Thulin <fredrik@yubico.com>
* NEWS: Prepare version 2.11
2012-02-10 Fredrik Thulin <fredrik@yubico.com>
* pam_yubico.c: do_challenge_response: Clear errno when done.
2012-02-10 Fredrik Thulin <fredrik@yubico.com>
* ykpamcfg.1: Fix project name.
2012-02-10 Fredrik Thulin <fredrik@yubico.com>
* util.c: Avoid warnings for fscanf() by passing pointer to first
element of array.
2012-02-10 Fredrik Thulin <fredrik@yubico.com>
* drop_privs.c: include stdlib, for malloc()
2012-02-10 Fredrik Thulin <fredrik@yubico.com>
* pam_yubico.c: DBG format fix
2012-02-08 Fredrik Thulin <fredrik@yubico.com>
* pam_yubico.c, ykpamcfg.c: Fix clang indicated printf format
warnings.
2012-02-06 Fredrik Thulin <fredrik@yubico.com>
* pam_yubico.c: Fix debug-logging of chalresp_path. Oddity reported
by clang.
2012-02-06 Fredrik Thulin <fredrik@yubico.com>
* pam_yubico.c: snprintf returns an int, not a size_t. reported by
clang.
2012-02-02 Fredrik Thulin <fredrik@yubico.com>
* NEWS: Describe recent changes.
2012-02-02 Fredrik Thulin <fredrik@yubico.com>
* README: Remove redundant explanation of 'capath'.
2012-02-02 Fredrik Thulin <fredrik@yubico.com>
* : commit bf8ececae38a27c09c695ecc934119d3dd2fe1a7 Author: Remi
Mollon <remi.mollon@cern.ch> Date: Wed Feb 1 09:29:27 2012 +0100
2012-02-01 Remi Mollon <remi.mollon@cern.ch>
* pam_yubico.c: renaming yubi_prefix to yubi_Attr_prefix and
changing debug
2012-01-28 Clemens Lang <neverpanic@gmail.com>
* util.h: Make yubico-pam compile without -DDEBUG_PAM
2012-01-28 Clemens Lang <neverpanic@gmail.com>
* pam_yubico.c, util.c: Add missing headers fcntl.h in pam_yubico.c is needed on OS X with clang for the build
to succeed, while unistd.h in util.c is required so clang doesn't
complain about implicit declarations of ftruncate and fsync.
2012-01-28 Clemens Lang <neverpanic@gmail.com>
* util.c: Fix memset() with wrong size as reported by clang
2012-01-27 Fredrik Thulin <fredrik@yubico.com>
* pam_yubico.c: Avoid double fclose() in some error cases. Problem reported (and patched) by Lingzhu Xiang
<xianglingzhu@gmail.com> in
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=657524
2012-01-24 Remi Mollon <remi.mollon@cern.ch>
* pam_yubico.c: add comment
2012-01-23 Simon Josefsson <simon@josefsson.org>
* doc: Update doc/.
2012-01-23 Simon Josefsson <simon@josefsson.org>
* configure.ac: Fix automake warning.
2012-01-23 Simon Josefsson <simon@josefsson.org>
* COPYING, Makefile.am, NEWS, README, configure.ac, drop_privs.c,
drop_privs.h, pam_yubico.c, test.c, util.c, util.h, ykpamcfg.1,
ykpamcfg.c: Bump version. Use silent rules. Bump copyright years.
2012-01-18 Remi Mollon <remi.mollon@cern.ch>
* pam_yubico.c: adding yubi_prefix parameter, when looking for
token_id in ldap
2011-12-14 Fredrik Thulin <fredrik@yubico.com>
* : commit 6c23f476458961c202758375d0ce2d11888dda32 Author: Fredrik
Thulin <fredrik@yubico.com> Date: Wed Dec 14 13:11:12 2011 +0100
2011-12-14 Fredrik Thulin <fredrik@yubico.com>
* Makefile.am: check-doc-dist: restore submodule doc branch master
2011-12-14 Fredrik Thulin <fredrik@yubico.com>
* NEWS: New date for 2.10 release (today).
2011-12-13 Simon Josefsson <simon@josefsson.org>
* README, configure.ac: Shift blame.
2011-12-13 Fredrik Thulin <fredrik@yubico.com>
* pam_yubico.c: authorize_user_token: Don't drop privs for
system-wide file.
2011-12-13 Fredrik Thulin <fredrik@yubico.com>
* drop_privs.c: Bug fix dropping privileges using
pam_modutil_drop_priv.
2011-12-13 Fredrik Thulin <fredrik@yubico.com>
* NEWS: prepare 2.10
2011-12-13 Fredrik Thulin <fredrik@yubico.com>
* configure.ac, test.c: update copyright for files changed 2011
2011-12-12 Fredrik Thulin <fredrik@yubico.com>
* README: Document arguments token_id_length and mode.
2011-12-12 Fredrik Thulin <fredrik@yubico.com>
* AUTHORS: Compile list of authors from ChangeLog.
2011-12-12 Fredrik Thulin <fredrik@yubico.com>
* COPYING: update
2011-12-06 Fredrik Thulin <fredrik@yubico.com>
* configure.ac: Prepare version 2.10.
2011-12-06 Fredrik Thulin <fredrik@yubico.com>
* test.c: Pedantically removing warnings.
2011-12-06 Fredrik Thulin <fredrik@yubico.com>
* test.c: Fix implicit declaration warning.
2011-12-06 Fredrik Thulin <fredrik@yubico.com>
* util.c: challenge_response: reject bad slot
2011-12-06 Fredrik Thulin <fredrik@yubico.com>
* util.c, util.h, ykpamcfg.c: Further pointer signedness fixes.
2011-12-06 Fredrik Thulin <fredrik@yubico.com>
* pam_yubico.c: do_challenge_response: Remove 2 unused variables.
2011-12-06 Fredrik Thulin <fredrik@yubico.com>
* ykpamcfg.1: Hyphen-fix.
2011-12-06 Fredrik Thulin <fredrik@yubico.com>
* pam_yubico.c, util.c: Fix implicit yubikey_* declarations.
2011-12-06 Fredrik Thulin <fredrik@yubico.com>
* util.c: Avoid asprintf. To improve portability, we do malloc() + snprintf() instead.
2011-12-06 Fredrik Thulin <fredrik@yubico.com>
* pam_yubico.c, util.c, ykpamcfg.c: Fix pointer signedness warnings.
2011-12-06 Fredrik Thulin <fredrik@yubico.com>
* util.c: generate_random: Remove unused variable 'i'.
2011-12-01 Fredrik Thulin <fredrik@yubico.com>
* ykpamcfg.1: fix lintian errors
2011-11-23 Fredrik Thulin <fredrik@yubico.com>
* NEWS: Update with new things in 2.10.
2011-11-23 Fredrik Thulin <fredrik@yubico.com>
* pam_yubico.c: Drop privileges before writing new C-R file.
2011-11-23 Fredrik Thulin <fredrik@yubico.com>
* pam_yubico.c: Verify that challenge-response file is a normal
file.
2011-11-23 Fredrik Thulin <fredrik@yubico.com>
* pam_yubico.c: improve debug messages
2011-11-23 Fredrik Thulin <fredrik@yubico.com>
* Makefile.am, configure.ac, drop_privs.c, drop_privs.h,
pam_yubico.c: Use pam_modutil_drop_priv if it is available. Utility functions for what was done in drop_priv.c appeared in PAM
1.1.3. Use them when available.
2011-11-23 Fredrik Thulin <fredrik@yubico.com>
* pam_yubico.c: Restore challenge-response functionality. HAVE_LIBYKPERS_1 did not seem to ever get defined, so use HAVE_CR
instead.
2011-11-23 Ricky Zhou <ricky@fedoraproject.org>
* drop_privs.c, drop_privs.h, pam_yubico.c: Drop privileges before
opening user files. This change also ensures that user tokens are regular files. We may
want to add a similar check for user challenge files.
2011-11-22 Fredrik Thulin <fredrik@yubico.com>
* pam_yubico.c: Remove unused variable and extra undef.
2011-11-22 Fredrik Thulin <fredrik@yubico.com>
* pam_yubico.c: pam_sm_authenticate: check strdup return value
2011-11-22 Fredrik Thulin <fredrik@yubico.com>
* pam_yubico.c: authorize_user_token_ldap: check malloc return value
2011-11-22 Fredrik Thulin <fredrik@yubico.com>
* ykpamcfg.c: parse_args: getopt() return value is int.
2011-11-17 Fredrik Thulin <fredrik@yubico.com>
* NEWS: Fix release date of 2.9.
2011-11-17 Fredrik Thulin <fredrik@yubico.com>
* Makefile.am: Link pam_yubico.la directly with -lpam.
2011-11-08 Fredrik Thulin <fredrik@yubico.com>
* README, doc: updates
2011-11-08 Fredrik Thulin <fredrik@yubico.com>
* NEWS, configure.ac: Prepare for version 2.9.
2011-11-08 dr8 <github@dominicrutherford.co.uk>
* pam_yubico.c: Bug fix: pam_yubico doesn't check server signature Squashed commit of the following: commit 9e7746bc53957f2a1e68784c0c26d082049180a7 Author: dr8
<github@dominicrutherford.co.uk> Date: Mon Oct 31 14:27:47 2011
+0000 Bug fix: pam_yubico doesn't check server signature commit 2f3d5e721cbfc905582da6208495c1da6dd2f79c Author: dr8
<github@dominicrutherford.co.uk> Date: Sat Oct 29 16:59:08 2011
+0100 Bug fix: pam_yubico does not validate server signature commit 58a1e6820a88f6aa365ef006e9cca4c62af7c7cf Author: dr8
<github@dominicrutherford.co.uk> Date: Fri Oct 28 22:09:49 2011
+0100 only validate server signature when key is specified commit d705f429bc972f85a50f0b2f96703cbdc28b744f Author: dr8
<github@dominicrutherford.co.uk> Date: Tue Oct 25 22:45:22 2011
+0100 fix failure to validate server signature
2011-08-26 Fredrik Thulin <fredrik@yubico.com>
* NEWS, configure.ac: Prepare for version 2.8.
2011-08-26 Nanakos Chrysostomos <nanakos@wired-net.gr>
* pam_yubico.c: Fix big security hole: Authentication succeeded when
no password was given, unless use_first_pass was being used. This
is fatal if pam_yubico is considered 'sufficient' in the PAM
configuration. Signed-off-by: Nanakos Chrysostomos <nanakos@wired-net.gr>
2011-06-07 Simon Josefsson <simon@josefsson.org>
* NEWS: Fix date.
2011-06-07 Simon Josefsson <simon@josefsson.org>
* Makefile.am: Fix release target.
2011-06-07 Simon Josefsson <simon@josefsson.org>
* .gitignore: Ignore more.
2011-06-07 Simon Josefsson <simon@josefsson.org>
* doc: Update doc/.
2011-06-07 Simon Josefsson <simon@josefsson.org>
* NEWS: Version 2.7.
2011-06-07 Simon Josefsson <simon@josefsson.org>
* .gitignore, Makefile.am, NEWS, configure.ac, pam_yubico.c,
util.c, util.h: Make dependency on libykpers optional. Use --without-cr to force it. Reported by Jussi Sallinen
<jussi@jus.si>.
2011-04-15 Fredrik Thulin <fredrik@yubico.com>
* pam_yubico.c: parse_cfg: Use memset to clear cfg struct. The code will be easier to maintain if one does not have to remember
explicitly initializing all new members of the config struct.
2011-04-15 Fredrik Thulin <fredrik@yubico.com>
* pam_yubico.c: Fix some D's that should've been DBG.
2011-04-15 Fredrik Thulin <fredrik@yubico.com>
* pam_yubico.c: Make DBG macro unified. Refactor authorize_user_token and authorize_user_token_ldap to take
a cfg argument instead of a number of elements from cfg.
2011-04-15 Romain Riviere <lecoyote@lecoyote.org>
* pam_yubico.c: Debug: adding a dbg flag and macro so as to disable
unwanted debug messages
2011-04-13 Fredrik Thulin <fredrik@yubico.com>
* README: Add mentioning of recursive dependency on libyubikey.
2011-04-13 Fredrik Thulin <fredrik@yubico.com>
* Makefile.am: Tag releases consistent with previous ones (no 'v').
2011-04-13 Fredrik Thulin <fredrik@yubico.com>
* README: sync
2011-04-11 Fredrik Thulin <fredrik@yubico.com>
* README: sync
2011-03-23 Fredrik Thulin <fredrik@yubico.com>
* Makefile.am, configure.ac: Explicitly link with libyubikey.
2011-04-11 Fredrik Thulin <fredrik@yubico.com>
* NEWS: Version 2.6.
2011-04-11 Fredrik Thulin <fredrik@yubico.com>
* util.c, ykpamcfg.c: whitespace
2011-03-18 Tollef Fog Heen <tfheen@err.no>
* pam_yubico.c: Tell the user if something goes wrong after
authenticating If we successfully authenticate, but something then goes wrong, such
as failure to generate a new challenge, failure to update the
challenge and so on, tell the user.
2011-03-18 Tollef Fog Heen <tfheen@err.no>
* : Merge remote branch 'fredrikt/master' Conflicts: util.c
2011-03-17 Fredrik Thulin <fredrik@yubico.com>
* Makefile.am, ykpamcfg.1, ykpamcfg.c: Add ykpamcfg - C/R setup
command line utility.
2011-03-17 Fredrik Thulin <fredrik@yubico.com>
* pam_yubico.c, util.c, util.h: Make get_user_challenge_file() also
include YubiKey serial number, and move it to util.c.
2011-03-17 Fredrik Thulin <fredrik@yubico.com>
* util.c: Version-tag challenge-response state file contents. Helps in case we ever want to change the file format.
2011-03-17 Fredrik Thulin <fredrik@yubico.com>
* pam_yubico.c, util.c, util.h: Further cleanups to challenge
response code, and move more code to util.c.
2011-03-17 Fredrik Thulin <fredrik@yubico.com>
* pam_yubico.c: Revert "Wait with declaring PAM_SUCCESS on
challenge-response until new" Tollef has argued that the login should not fail if, for example,
the disk is full. I'd rather fail on the cautious side and make sure
we don't end up always sending the same challenge to the YubiKey,
but I'll leave it up to Tollef to decide for now. This reverts commit 14e917ffae52e05121a69a192d03f98090e8ae41. Conflicts: pam_yubico.c
2011-03-17 Fredrik Thulin <fredrik@yubico.com>
* pam_yubico.c, util.c, util.h: Move more challenge-response code to
util.c.
2011-03-17 Fredrik Thulin <fredrik@yubico.com>
* Makefile.am, pam_yubico.c, util.c, util.h: Move soon-to-be
commonly used code to util.c
2011-03-16 Tollef Fog Heen <tfheen@err.no>
* pam_yubico.c: Use a temporary file to ensure we always have a
challenge If we use ftruncate we might end up in the situation that we do not
have a challenge on disk, leading to the user being unable to log
in. By using a temporary file, fsync and rename we avoid this
problem.
2011-03-17 Fredrik Thulin <fredrik@yubico.com>
* Makefile.am, ykpamcfg.1, ykpamcfg.c: Add ykpamcfg - C/R setup
command line utility.
2011-03-17 Fredrik Thulin <fredrik@yubico.com>
* pam_yubico.c, util.c, util.h: Make get_user_challenge_file() also
include YubiKey serial number, and move it to util.c.
2011-03-17 Fredrik Thulin <fredrik@yubico.com>
* util.c: Version-tag challenge-response state file contents. Helps in case we ever want to change the file format.
2011-03-17 Fredrik Thulin <fredrik@yubico.com>
* pam_yubico.c, util.c, util.h: Further cleanups to challenge
response code, and move more code to util.c.
2011-03-17 Fredrik Thulin <fredrik@yubico.com>
* pam_yubico.c: Revert "Wait with declaring PAM_SUCCESS on
challenge-response until new" Tollef has argued that the login should not fail if, for example,
the disk is full. I'd rather fail on the cautious side and make sure
we don't end up always sending the same challenge to the YubiKey,
but I'll leave it up to Tollef to decide for now. This reverts commit 14e917ffae52e05121a69a192d03f98090e8ae41. Conflicts: pam_yubico.c
2011-03-17 Fredrik Thulin <fredrik@yubico.com>
* pam_yubico.c, util.c, util.h: Move more challenge-response code to
util.c.
2011-03-17 Fredrik Thulin <fredrik@yubico.com>
* Makefile.am, pam_yubico.c, util.c, util.h: Move soon-to-be
commonly used code to util.c
2011-03-14 Fredrik Thulin <fredrik@yubico.com>
* pam_yubico.c: Remove hard coded values for challenge/responses. Also do some input validation on what we read from the C/R file.
2011-03-14 Fredrik Thulin <fredrik@yubico.com>
* pam_yubico.c: generate_challenge() only generated half as many
bytes as it should. Changed generate_challenge() to generating bytes instead of a hex
encoded string, to not have to decode what we just encoded - instead
just generate plain bytes of randomness and then encode them once.
2011-03-16 Tollef Fog Heen <tfheen@err.no>
* pam_yubico.c: Use a temporary file to ensure we always have a
challenge If we use ftruncate we might end up in the situation that we do not
have a challenge on disk, leading to the user being unable to log
in. By using a temporary file, fsync and rename we avoid this
problem.
2011-03-14 Fredrik Thulin <fredrik@yubico.com>
* pam_yubico.c: fsync() wants file descriptor Also, truncate file before writing if the challenge length has
changed (became shorter) or garbage has otherwise been appended.
2011-03-14 Fredrik Thulin <fredrik@yubico.com>
* pam_yubico.c: Don't generate new challenge on bad response.
2011-03-14 Fredrik Thulin <fredrik@yubico.com>
* pam_yubico.c: Support challenge-response files outside user's home
directory. Having the challege-response data inside the home directory won't
work very well if the YubiKey is to unlock an ecryptfs encrypted
home directory.
2011-03-16 Tollef Fog Heen <tfheen@err.no>
* : Merge remote branch 'origin/master'
2011-03-14 Fredrik Thulin <fredrik@yubico.com>
* pam_yubico.c: generate_challenge() only generated half as many
bytes as it should. Changed generate_challenge() to generating bytes instead of a hex
encoded string, to not have to decode what we just encoded - instead
just generate plain bytes of randomness and then encode them once.
2011-03-14 Fredrik Thulin <fredrik@yubico.com>
* pam_yubico.c: Wait with declaring PAM_SUCCESS on
challenge-response until new challenge-response has been stored
properly on disk.
2011-03-14 Fredrik Thulin <fredrik@yubico.com>
* pam_yubico.c: fsync() wants file descriptor Also, truncate file before writing if the challenge length has
changed (became shorter) or garbage has otherwise been appended.
2011-03-14 Fredrik Thulin <fredrik@yubico.com>
* pam_yubico.c: Don't generate new challenge on bad response.
2011-03-14 Fredrik Thulin <fredrik@yubico.com>
* pam_yubico.c: Support challenge-response files outside user's home
directory. Having the challege-response data inside the home directory won't
work very well if the YubiKey is to unlock an ecryptfs encrypted
home directory.
2011-03-14 Fredrik Thulin <fredrik@yubico.com>
* : Merge remote branch 'remim/master'
2011-03-12 Tollef Fog Heen <tfheen@err.no>
* pam_yubico.c: Undef USERFILE when we don't need it any more
2011-03-12 Tollef Fog Heen <tfheen@err.no>
* Makefile.am, configure.ac: Look for libykpers-1, which we will
need for challenge-response
2011-03-12 Tollef Fog Heen <tfheen@err.no>
* pam_yubico.c: Get rid of unimplemented PAM functions
2011-03-10 Fredrik Thulin <fredrik@yubico.com>
* : commit 27346d9be9739954dadf24c460c74b8ea4043488 Author: Fredrik
Thulin <fredrik@yubico.com> Date: Thu Mar 10 10:48:20 2011 +0100
2011-03-04 Fredrik Thulin <fredrik@yubico.com>
* pam_yubico.c: Ignore errors from pam_get_data().
2011-03-03 Fredrik Thulin <fredrik@yubico.com>
* pam_yubico.c: Correct debug log message for too short OTPs.
2011-03-03 Fredrik Thulin <fredrik@yubico.com>
* : commit 952668811dd212d7444d4903feacaa40d30f4ea8 Merge: 60d9e60
702ac98 Author: Fredrik Thulin <fredrik@yubico.com> Date: Thu Mar
3 15:06:22 2011 +0100
2011-03-03 Fredrik Thulin <fredrik@yubico.com>
* pam_yubico.c: Bugfix getting option token_id_length.
2011-03-03 Fredrik Thulin <fredrik@yubico.com>
* pam_yubico.c: Avoid logging passwords when debug is enabled. Problem reported in
http://code.google.com/p/yubico-pam/issues/detail?id=28
2011-03-03 Fredrik Thulin <fredrik@yubico.com>
* : commit abb0b7e4e4d9ed0e09778815328126c6813b0d78 Author: Fredrik
Thulin <fredrik@yubico.com> Date: Thu Mar 3 14:14:54 2011 +0100
2011-03-03 Fredrik Thulin <fredrik@yubico.com>
* pam_yubico.c: authorize_user_token_ldap: Don't leak memory on
failures.
2011-03-03 Fredrik Thulin <fredrik@yubico.com>
* pam_yubico.c: authorize_user_token_ldap: sr was under-allocated by
one byte. Also change strcat's to sprintf to make code easier to maintain.
2011-03-03 Fredrik Thulin <fredrik@yubico.com>
* pam_yubico.c: Don't segfault on unset LDAP parameters. When ldapserver / ldap_uri was specified, but not for example
user_attr, authorize_user_token_ldap() used to cause a segmentation
fault.
2011-03-03 Fredrik Thulin <fredrik@yubico.com>
* pam_yubico.c: Use LDAPv3 instead of LDAPv2. LDAPv2 was declared historical in 2003, and is now not supported by
for example Mac OS X Server's Open Directory. Patch by
maxsanna81@gmail.com.
2011-03-03 Fredrik Thulin <fredrik@yubico.com>
* pam_yubico.c: Avoid LDAP warnings about deprecated functions. Patch by judas.iscariote.
2011-03-03 Fredrik Thulin <fredrik@yubico.com>
* pam_yubico.c: authorize_user_token_ldap: Use correct LDAP free
function. Patch by judas.iscariote.
2011-02-28 Fredrik Thulin <fredrik@yubico.com>
* pam_yubico.c: Make length of public ID part of tokens
configurable. Now that we support setting URL, not all public ID's can be expected
to be six bytes (the length used in the YubiCloud validation
service). Unfortunately we can't support OTPs of different lengths at once,
because there is code supporting users entering their (other)
password followed by the OTP from the YubiKey. Patch by fraser.scott@gmail.com in
http://code.google.com/p/yubico-pam/issues/detail?id=19
2011-03-02 Fredrik Thulin <fredrik@yubico.com>
* configure.ac: Check for ykclient-2.4+, since we use new ca_path
function.
2011-02-28 Fredrik Thulin <fredrik@yubico.com>
* pam_yubico.c: Add debug output of url and capath.
2011-02-22 Fredrik Thulin <fredrik@yubico.com>
* : commit e3440786bfa3c3475721b5933b8ab6c8074d1e64 Author: Fredrik
Thulin <fredrik@yubico.com> Date: Wed Feb 16 22:22:23 2011 +0100
2011-02-16 Fredrik Thulin <fredrik@yubico.com>
* doc: sync
2011-02-16 Fredrik Thulin <fredrik@yubico.com>
* Makefile.am: Change to make releases from Github.
2011-02-16 Fredrik Thulin <fredrik@yubico.com>
* README: Convert to asciidoc (used by Github wiki).
2011-02-16 Fredrik Thulin <fredrik@yubico.com>
* .gitmodules: Add submodule doc.
2011-02-11 Remi Mollon <remi.mollon@cern.ch>
* pam_yubico.c: Add capath parameter to PAM module
2011-02-11 Remi Mollon <remi.mollon@cern.ch>
* pam_yubico.c: Add capath parameter to PAM module
2010-09-10 Simon Josefsson <simon@yubico.com>
* NEWS, configure.ac: Bump versions.
2010-09-10 Simon Josefsson <simon@yubico.com>
* Makefile.am: Fix.
2010-09-10 Simon Josefsson <simon@yubico.com>
* NEWS: Add.
2010-09-10 Simon Josefsson <simon@yubico.com>
* Makefile.am: Include wiki pages in distribution.
2010-09-10 Simon Josefsson <simon@yubico.com>
* Makefile.am: Fix release target.
2010-09-09 Simon Josefsson <simon@yubico.com>
* NEWS, configure.ac: Bump versions.
2010-09-09 Simon Josefsson <simon@yubico.com>
* NEWS: Version 2.4.
2010-09-09 Simon Josefsson <simon@yubico.com>
* NEWS: Add.
2010-09-09 Simon Josefsson <simon@yubico.com>