forked from Yubico/yubico-pam-dpkg
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathChangeLog
1463 lines (823 loc) · 42.1 KB
/
ChangeLog
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
2013-09-27 Klas Lindfors <[email protected]>
* NEWS: release 2.14
2013-09-27 Simon Josefsson <[email protected]>
* : Merge pull request #14 from BinetReseau/master No match between user and token detailed pam values
2013-09-23 Klas Lindfors <[email protected]>
* configure.ac: require version 1.8.0 of libykpers since we use yk_challenge_response() introduced in that version.
2013-09-20 Klas Lindfors <[email protected]>
* doc: update doc submodule
2013-09-20 Klas Lindfors <[email protected]>
* drop_privs.c, drop_privs.h, pam_yubico.c: reimplement drop_privs
to implement the pam_modutils interface Original patch from [email protected].
http://code.google.com/p/yubico-pam/issues/detail?id=49 fixes #19
2013-09-19 Klas Lindfors <[email protected]>
* : Merge pull request #27 from eworm-de/stack use correct size to hex decode salt
2013-09-19 Klas Lindfors <[email protected]>
* Makefile.am: fixup release target for move to github
2013-09-19 Klas Lindfors <[email protected]>
* README: minor formatting fixes
2013-09-19 Klas Lindfors <[email protected]>
* README, ykpamcfg.1: everything moved to github
2013-09-19 Klas Lindfors <[email protected]>
* COPYING, configure.ac, drop_privs.c, pam_yubico.c, util.c,
util.h, ykpamcfg.1, ykpamcfg.c: update copyright years
2013-09-19 Klas Lindfors <[email protected]>
* drop_privs.c: allocate space for the grplist in the privs
structure as we want to save the privs structure longer than the scope of
def_privs we need to allocate the space for grplist.
2013-09-19 Klas Lindfors <[email protected]>
* drop_privs.c: correct debug message
2013-09-18 Klas Lindfors <[email protected]>
* util.c: move around to avoid warning
2013-09-18 Klas Lindfors <[email protected]>
* util.c: always set iterations and rewind before second fscanf()
2013-09-18 Klas Lindfors <[email protected]>
* README, configure.ac: update urls to other projects
2013-09-18 Klas Lindfors <[email protected]>
* util.c: use malloc() instead of alloca() and free after use
2013-04-20 Eugene Crosser <[email protected]>
* drop_privs.c, pam_yubico.c, util.c: Stop leaks of memory and of
privileges Fix several memory leaks and mishandling of the privilege status
where a function returned failure indication, and previously
allocated memory was not freed (and the referece was lost), or
previously droped privileges where not restored.
2013-09-18 Klas Lindfors <[email protected]>
* ykpamcfg.1, ykpamcfg.c: add -i switch for setting iterations with
ykpamcfg
2013-09-18 Klas Lindfors <[email protected]>
* .gitignore: ignore signed releases
2013-09-18 Klas Lindfors <[email protected]>
* drop_privs.c: fix warnings
2013-09-18 Klas Lindfors <[email protected]>
* pam_yubico.c: fixup warnings
2013-09-18 Klas Lindfors <[email protected]>
* ykpamcfg.c: fix warnings
2013-09-18 Klas Lindfors <[email protected]>
* pam_yubico.c, util.c, util.h: use pbkdf2 to process the exepected
response this bumps the version on the state file to 2 old files can still be
read but new files will use the new format
2013-09-18 Klas Lindfors <[email protected]>
* pam_yubico.c, util.c, util.h, ykpamcfg.c: refactor to use chalresp
function from ykpers so challenge_response() now calls yk_challenge_response() to do the
yubikey internal stuff.
2013-09-18 Klas Lindfors <[email protected]>
* Makefile.am, configure.ac, m4/manywarnings.m4, m4/warnings.m4: add
the same warnings package as yubico-c
2013-09-18 Simon Josefsson <[email protected]>
* NEWS: Add.
2013-09-18 Simon Josefsson <[email protected]>
* Makefile.am, NEWS: Don't install internal header files.
2013-05-13 Christian Hesse <[email protected]>
* pam_yubico.c: print information only if debug is specified The pam module is very informative. I do not want it to print any
information unless debug is specified. An attacker should not get
any information.
2013-03-01 Klas Lindfors <[email protected]>
* NEWS, configure.ac: bump version after release
2013-03-01 Klas Lindfors <[email protected]>
* Makefile.am: add more docs
2013-03-01 Klas Lindfors <[email protected]>
* doc: update doc
2013-03-01 Klas Lindfors <[email protected]>
* NEWS: release 2.13
2013-02-14 Dain Nilsson <[email protected]>
* : Merge pull request #15 from wwest4/master util.c version check fix
2013-01-26 Pierre-Alain Dupont <[email protected]>
* pam_yubico.c: A more precise handling of user-token match errors Signed-off-by: Pierre-Alain Dupont <[email protected]>
2013-01-18 Klas Lindfors <[email protected]>
* configure.ac: bump automake version to 1.11
2013-01-18 Clemens Lang <[email protected]>
* configure.ac: configure.ac: call AM_PROG_AR if available
2013-01-17 Klas Lindfors <[email protected]>
* ykpamcfg.1: add path option to man page
2012-11-14 Tommaso Galassi De Orchi <[email protected]>
* ykpamcfg.c: New feature, create directory in the user home.
2012-11-14 Tommaso Galassi De Orchi <[email protected]>
* ykpamcfg.c: Added option to specify a path for ykpamcfg.
2012-11-13 Klas Lindfors <[email protected]>
* README: update ppa location
2012-11-07 Klas Lindfors <[email protected]>
* README, configure.ac: add AM_PROG_AR workaround for automake 1.12.
2012-11-05 Klas Lindfors <[email protected]>
* : commit 37e6a6a80f08cbd4793fee4ff82f58410ab2326e Author: Simon
Josefsson <[email protected]> Date: Wed Oct 31 17:01:18 2012
+0100
2012-10-30 alexandru totolici <[email protected]>
* README: Distinguish 'characters' from 'digits' in README The Yubikey token ID is 12 characters long, not 12 digits long. This
can make it slightly confusing when first setting a key up, and in
any case it's incorrect language.
2012-10-10 Karl Goetz <[email protected]>
* README: Mention google code hosts downloads too Per request on Issue 45 I've reworded this bit so it mentions google
code hosting the package downloads. I've had to reflow the text
slightly because it pushed it over 72 chars.
2012-10-04 Karl Goetz <[email protected]>
* README, ykpamcfg.1: Finish both files with a blank line Helps to keep all text readable on broken terminals/screens.
2012-10-04 Karl Goetz <[email protected]>
* README: Correct wording for PPA Its 'Personal' not 'Private'
https://help.launchpad.net/Packaging/PPA
2012-10-04 Karl Goetz <[email protected]>
* README: Refer to Github as well as G.Code. This attempts to help explain where to look for various things (eg
bugs, code, doco).
2012-10-03 Klas Lindfors <[email protected]>
* README: break line so we keep document width consistent
2012-10-03 Karl Goetz <[email protected]>
* README: Attempt to clarify format of mapping files I didn't realise from the original version that it was a series of
different token IDs - i thought it was different parts of the OTP.
Hopefully this change clarifys whats really going on here. Part of the patch/doco for Issue 44.
http://code.google.com/p/yubico-pam/issues/detail?id=44
2012-10-03 Karl Goetz <[email protected]>
* README: Explain how to generate an OTP. This wasn't obvious to me and so I suspect others may be confused
too. This commit provides the documentation to close Issue 44, but
is NOT identical to the patch provided on that report. http://code.google.com/p/yubico-pam/issues/detail?id=44
2012-10-03 Karl Goetz <[email protected]>
* README: Explain what an OTP is
2012-10-03 Karl Goetz <[email protected]>
* README: adding a new line for consistancy with spacing on other
headings
2012-10-03 Karl Goetz <[email protected]>
* README: Add information about SELinux to README Because SELinux in enforcing mode will cause yubikey authentication
to fail I'm including some references to discussion around this
problem. The RH bugzilla link also includes a policy snippet which
can be used for this." This commit should resolve Issue #43.
http://code.google.com/p/yubico-pam/issues/detail?id=43
2012-08-06 Vincent Brillault <[email protected]>
* pam_yubico.c: Verify the otp_length given by the configuration
Avoid out of bound writing at ligne -920,1 +927,1: strncpy (otp_id,
password + skip_bytes, cfg->token_id_length);
2012-06-15 Klas Lindfors <[email protected]>
* NEWS, configure.ac: bump versions post-release
2012-06-15 Klas Lindfors <[email protected]>
* README: copy changes about dependencies from wiki.
2012-06-15 Klas Lindfors <[email protected]>
* NEWS: NEWS for 2.12
2012-06-15 Klas Lindfors <[email protected]>
* README, configure.ac: remove -Wno-extra-portability, it breaks on
automake before 1.11.2
2012-06-14 Klas Lindfors <[email protected]>
* pam_yubico.c: use errstr to communicate with the user
2012-06-14 Klas Lindfors <[email protected]>
* NEWS, configure.ac: bump versions as 2.11 is released
2012-06-08 Klas Lindfors <[email protected]>
* pam_yubico.c: check for same response in pam module, output debug
for the user
2012-06-08 Klas Lindfors <[email protected]>
* ykpamcfg.c: add check that two challenges get different responses
2012-06-08 Klas Lindfors <[email protected]>
* pam_yubico.c: replace fopen with open+fdopen to set more
restrictive bits
2012-06-05 Clemens Lang <[email protected]>
* configure.ac: Silence warning: missing AM_PROG_AR on non-POSIX Automake 1.12 complains: "linking libraries using a non-POSIX
archiver requires 'AM_PROG_AR' in 'configure.ac'". This patch
silences this warning, allowing automake 1.12 to process
configure.ac with -Werror
2012-03-27 James Dingwall <[email protected]>
* configure.ac: Modify the PAM headers test in configure.ac to
#include <sys/types.h>. This is required to compile conftest.c for
pam_modutil.h on Gentoo with sys-libs/pam-1.1.5 sys-libs/glibc-2.13-r4 sys-devel/gcc-4.5.3-r2
2012-03-05 Fredrik Thulin <[email protected]>
* README: Correct libyubikey requirement
2012-03-05 Fredrik Thulin <[email protected]>
* configure.ac: libyubikey is really only required --with-cr
2012-02-13 Fredrik Thulin <[email protected]>
* pam_yubico.c, util.c, util.h: load_chalresp_state: Debug message
was always shown.
2012-02-10 Fredrik Thulin <[email protected]>
* NEWS: Prepare version 2.11
2012-02-10 Fredrik Thulin <[email protected]>
* pam_yubico.c: do_challenge_response: Clear errno when done.
2012-02-10 Fredrik Thulin <[email protected]>
* ykpamcfg.1: Fix project name.
2012-02-10 Fredrik Thulin <[email protected]>
* util.c: Avoid warnings for fscanf() by passing pointer to first
element of array.
2012-02-10 Fredrik Thulin <[email protected]>
* drop_privs.c: include stdlib, for malloc()
2012-02-10 Fredrik Thulin <[email protected]>
* pam_yubico.c: DBG format fix
2012-02-08 Fredrik Thulin <[email protected]>
* pam_yubico.c, ykpamcfg.c: Fix clang indicated printf format
warnings.
2012-02-06 Fredrik Thulin <[email protected]>
* pam_yubico.c: Fix debug-logging of chalresp_path. Oddity reported
by clang.
2012-02-06 Fredrik Thulin <[email protected]>
* pam_yubico.c: snprintf returns an int, not a size_t. reported by
clang.
2012-02-02 Fredrik Thulin <[email protected]>
* NEWS: Describe recent changes.
2012-02-02 Fredrik Thulin <[email protected]>
* README: Remove redundant explanation of 'capath'.
2012-02-02 Fredrik Thulin <[email protected]>
* : commit bf8ececae38a27c09c695ecc934119d3dd2fe1a7 Author: Remi
Mollon <[email protected]> Date: Wed Feb 1 09:29:27 2012 +0100
2012-02-01 Remi Mollon <[email protected]>
* pam_yubico.c: renaming yubi_prefix to yubi_Attr_prefix and
changing debug
2012-01-28 Clemens Lang <[email protected]>
* util.h: Make yubico-pam compile without -DDEBUG_PAM
2012-01-28 Clemens Lang <[email protected]>
* pam_yubico.c, util.c: Add missing headers fcntl.h in pam_yubico.c is needed on OS X with clang for the build
to succeed, while unistd.h in util.c is required so clang doesn't
complain about implicit declarations of ftruncate and fsync.
2012-01-28 Clemens Lang <[email protected]>
* util.c: Fix memset() with wrong size as reported by clang
2012-01-27 Fredrik Thulin <[email protected]>
* pam_yubico.c: Avoid double fclose() in some error cases. Problem reported (and patched) by Lingzhu Xiang
<[email protected]> in
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=657524
2012-01-24 Remi Mollon <[email protected]>
* pam_yubico.c: add comment
2012-01-23 Simon Josefsson <[email protected]>
* doc: Update doc/.
2012-01-23 Simon Josefsson <[email protected]>
* configure.ac: Fix automake warning.
2012-01-23 Simon Josefsson <[email protected]>
* COPYING, Makefile.am, NEWS, README, configure.ac, drop_privs.c,
drop_privs.h, pam_yubico.c, test.c, util.c, util.h, ykpamcfg.1,
ykpamcfg.c: Bump version. Use silent rules. Bump copyright years.
2012-01-18 Remi Mollon <[email protected]>
* pam_yubico.c: adding yubi_prefix parameter, when looking for
token_id in ldap
2011-12-14 Fredrik Thulin <[email protected]>
* : commit 6c23f476458961c202758375d0ce2d11888dda32 Author: Fredrik
Thulin <[email protected]> Date: Wed Dec 14 13:11:12 2011 +0100
2011-12-14 Fredrik Thulin <[email protected]>
* Makefile.am: check-doc-dist: restore submodule doc branch master
2011-12-14 Fredrik Thulin <[email protected]>
* NEWS: New date for 2.10 release (today).
2011-12-13 Simon Josefsson <[email protected]>
* README, configure.ac: Shift blame.
2011-12-13 Fredrik Thulin <[email protected]>
* pam_yubico.c: authorize_user_token: Don't drop privs for
system-wide file.
2011-12-13 Fredrik Thulin <[email protected]>
* drop_privs.c: Bug fix dropping privileges using
pam_modutil_drop_priv.
2011-12-13 Fredrik Thulin <[email protected]>
* NEWS: prepare 2.10
2011-12-13 Fredrik Thulin <[email protected]>
* configure.ac, test.c: update copyright for files changed 2011
2011-12-12 Fredrik Thulin <[email protected]>
* README: Document arguments token_id_length and mode.
2011-12-12 Fredrik Thulin <[email protected]>
* AUTHORS: Compile list of authors from ChangeLog.
2011-12-12 Fredrik Thulin <[email protected]>
* COPYING: update
2011-12-06 Fredrik Thulin <[email protected]>
* configure.ac: Prepare version 2.10.
2011-12-06 Fredrik Thulin <[email protected]>
* test.c: Pedantically removing warnings.
2011-12-06 Fredrik Thulin <[email protected]>
* test.c: Fix implicit declaration warning.
2011-12-06 Fredrik Thulin <[email protected]>
* util.c: challenge_response: reject bad slot
2011-12-06 Fredrik Thulin <[email protected]>
* util.c, util.h, ykpamcfg.c: Further pointer signedness fixes.
2011-12-06 Fredrik Thulin <[email protected]>
* pam_yubico.c: do_challenge_response: Remove 2 unused variables.
2011-12-06 Fredrik Thulin <[email protected]>
* ykpamcfg.1: Hyphen-fix.
2011-12-06 Fredrik Thulin <[email protected]>
* pam_yubico.c, util.c: Fix implicit yubikey_* declarations.
2011-12-06 Fredrik Thulin <[email protected]>
* util.c: Avoid asprintf. To improve portability, we do malloc() + snprintf() instead.
2011-12-06 Fredrik Thulin <[email protected]>
* pam_yubico.c, util.c, ykpamcfg.c: Fix pointer signedness warnings.
2011-12-06 Fredrik Thulin <[email protected]>
* util.c: generate_random: Remove unused variable 'i'.
2011-12-01 Fredrik Thulin <[email protected]>
* ykpamcfg.1: fix lintian errors
2011-11-23 Fredrik Thulin <[email protected]>
* NEWS: Update with new things in 2.10.
2011-11-23 Fredrik Thulin <[email protected]>
* pam_yubico.c: Drop privileges before writing new C-R file.
2011-11-23 Fredrik Thulin <[email protected]>
* pam_yubico.c: Verify that challenge-response file is a normal
file.
2011-11-23 Fredrik Thulin <[email protected]>
* pam_yubico.c: improve debug messages
2011-11-23 Fredrik Thulin <[email protected]>
* Makefile.am, configure.ac, drop_privs.c, drop_privs.h,
pam_yubico.c: Use pam_modutil_drop_priv if it is available. Utility functions for what was done in drop_priv.c appeared in PAM
1.1.3. Use them when available.
2011-11-23 Fredrik Thulin <[email protected]>
* pam_yubico.c: Restore challenge-response functionality. HAVE_LIBYKPERS_1 did not seem to ever get defined, so use HAVE_CR
instead.
2011-11-23 Ricky Zhou <[email protected]>
* drop_privs.c, drop_privs.h, pam_yubico.c: Drop privileges before
opening user files. This change also ensures that user tokens are regular files. We may
want to add a similar check for user challenge files.
2011-11-22 Fredrik Thulin <[email protected]>
* pam_yubico.c: Remove unused variable and extra undef.
2011-11-22 Fredrik Thulin <[email protected]>
* pam_yubico.c: pam_sm_authenticate: check strdup return value
2011-11-22 Fredrik Thulin <[email protected]>
* pam_yubico.c: authorize_user_token_ldap: check malloc return value
2011-11-22 Fredrik Thulin <[email protected]>
* ykpamcfg.c: parse_args: getopt() return value is int.
2011-11-17 Fredrik Thulin <[email protected]>
* NEWS: Fix release date of 2.9.
2011-11-17 Fredrik Thulin <[email protected]>
* Makefile.am: Link pam_yubico.la directly with -lpam.
2011-11-08 Fredrik Thulin <[email protected]>
* README, doc: updates
2011-11-08 Fredrik Thulin <[email protected]>
* NEWS, configure.ac: Prepare for version 2.9.
2011-11-08 dr8 <[email protected]>
* pam_yubico.c: Bug fix: pam_yubico doesn't check server signature Squashed commit of the following: commit 9e7746bc53957f2a1e68784c0c26d082049180a7 Author: dr8
<[email protected]> Date: Mon Oct 31 14:27:47 2011
+0000 Bug fix: pam_yubico doesn't check server signature commit 2f3d5e721cbfc905582da6208495c1da6dd2f79c Author: dr8
<[email protected]> Date: Sat Oct 29 16:59:08 2011
+0100 Bug fix: pam_yubico does not validate server signature commit 58a1e6820a88f6aa365ef006e9cca4c62af7c7cf Author: dr8
<[email protected]> Date: Fri Oct 28 22:09:49 2011
+0100 only validate server signature when key is specified commit d705f429bc972f85a50f0b2f96703cbdc28b744f Author: dr8
<[email protected]> Date: Tue Oct 25 22:45:22 2011
+0100 fix failure to validate server signature
2011-08-26 Fredrik Thulin <[email protected]>
* NEWS, configure.ac: Prepare for version 2.8.
2011-08-26 Nanakos Chrysostomos <[email protected]>
* pam_yubico.c: Fix big security hole: Authentication succeeded when
no password was given, unless use_first_pass was being used. This
is fatal if pam_yubico is considered 'sufficient' in the PAM
configuration. Signed-off-by: Nanakos Chrysostomos <[email protected]>
2011-06-07 Simon Josefsson <[email protected]>
* NEWS: Fix date.
2011-06-07 Simon Josefsson <[email protected]>
* Makefile.am: Fix release target.
2011-06-07 Simon Josefsson <[email protected]>
* .gitignore: Ignore more.
2011-06-07 Simon Josefsson <[email protected]>
* doc: Update doc/.
2011-06-07 Simon Josefsson <[email protected]>
* NEWS: Version 2.7.
2011-06-07 Simon Josefsson <[email protected]>
* .gitignore, Makefile.am, NEWS, configure.ac, pam_yubico.c,
util.c, util.h: Make dependency on libykpers optional. Use --without-cr to force it. Reported by Jussi Sallinen
2011-04-15 Fredrik Thulin <[email protected]>
* pam_yubico.c: parse_cfg: Use memset to clear cfg struct. The code will be easier to maintain if one does not have to remember
explicitly initializing all new members of the config struct.
2011-04-15 Fredrik Thulin <[email protected]>
* pam_yubico.c: Fix some D's that should've been DBG.
2011-04-15 Fredrik Thulin <[email protected]>
* pam_yubico.c: Make DBG macro unified. Refactor authorize_user_token and authorize_user_token_ldap to take
a cfg argument instead of a number of elements from cfg.
2011-04-15 Romain Riviere <[email protected]>
* pam_yubico.c: Debug: adding a dbg flag and macro so as to disable
unwanted debug messages
2011-04-13 Fredrik Thulin <[email protected]>
* README: Add mentioning of recursive dependency on libyubikey.
2011-04-13 Fredrik Thulin <[email protected]>
* Makefile.am: Tag releases consistent with previous ones (no 'v').
2011-04-13 Fredrik Thulin <[email protected]>
* README: sync
2011-04-11 Fredrik Thulin <[email protected]>
* README: sync
2011-03-23 Fredrik Thulin <[email protected]>
* Makefile.am, configure.ac: Explicitly link with libyubikey.
2011-04-11 Fredrik Thulin <[email protected]>
* NEWS: Version 2.6.
2011-04-11 Fredrik Thulin <[email protected]>
* util.c, ykpamcfg.c: whitespace
2011-03-18 Tollef Fog Heen <[email protected]>
* pam_yubico.c: Tell the user if something goes wrong after
authenticating If we successfully authenticate, but something then goes wrong, such
as failure to generate a new challenge, failure to update the
challenge and so on, tell the user.
2011-03-18 Tollef Fog Heen <[email protected]>
* : Merge remote branch 'fredrikt/master' Conflicts: util.c
2011-03-17 Fredrik Thulin <[email protected]>
* Makefile.am, ykpamcfg.1, ykpamcfg.c: Add ykpamcfg - C/R setup
command line utility.
2011-03-17 Fredrik Thulin <[email protected]>
* pam_yubico.c, util.c, util.h: Make get_user_challenge_file() also
include YubiKey serial number, and move it to util.c.
2011-03-17 Fredrik Thulin <[email protected]>
* util.c: Version-tag challenge-response state file contents. Helps in case we ever want to change the file format.
2011-03-17 Fredrik Thulin <[email protected]>
* pam_yubico.c, util.c, util.h: Further cleanups to challenge
response code, and move more code to util.c.
2011-03-17 Fredrik Thulin <[email protected]>
* pam_yubico.c: Revert "Wait with declaring PAM_SUCCESS on
challenge-response until new" Tollef has argued that the login should not fail if, for example,
the disk is full. I'd rather fail on the cautious side and make sure
we don't end up always sending the same challenge to the YubiKey,
but I'll leave it up to Tollef to decide for now. This reverts commit 14e917ffae52e05121a69a192d03f98090e8ae41. Conflicts: pam_yubico.c
2011-03-17 Fredrik Thulin <[email protected]>
* pam_yubico.c, util.c, util.h: Move more challenge-response code to
util.c.
2011-03-17 Fredrik Thulin <[email protected]>
* Makefile.am, pam_yubico.c, util.c, util.h: Move soon-to-be
commonly used code to util.c
2011-03-16 Tollef Fog Heen <[email protected]>
* pam_yubico.c: Use a temporary file to ensure we always have a
challenge If we use ftruncate we might end up in the situation that we do not
have a challenge on disk, leading to the user being unable to log
in. By using a temporary file, fsync and rename we avoid this
problem.
2011-03-17 Fredrik Thulin <[email protected]>
* Makefile.am, ykpamcfg.1, ykpamcfg.c: Add ykpamcfg - C/R setup
command line utility.
2011-03-17 Fredrik Thulin <[email protected]>
* pam_yubico.c, util.c, util.h: Make get_user_challenge_file() also
include YubiKey serial number, and move it to util.c.
2011-03-17 Fredrik Thulin <[email protected]>
* util.c: Version-tag challenge-response state file contents. Helps in case we ever want to change the file format.
2011-03-17 Fredrik Thulin <[email protected]>
* pam_yubico.c, util.c, util.h: Further cleanups to challenge
response code, and move more code to util.c.
2011-03-17 Fredrik Thulin <[email protected]>
* pam_yubico.c: Revert "Wait with declaring PAM_SUCCESS on
challenge-response until new" Tollef has argued that the login should not fail if, for example,
the disk is full. I'd rather fail on the cautious side and make sure
we don't end up always sending the same challenge to the YubiKey,
but I'll leave it up to Tollef to decide for now. This reverts commit 14e917ffae52e05121a69a192d03f98090e8ae41. Conflicts: pam_yubico.c
2011-03-17 Fredrik Thulin <[email protected]>
* pam_yubico.c, util.c, util.h: Move more challenge-response code to
util.c.
2011-03-17 Fredrik Thulin <[email protected]>
* Makefile.am, pam_yubico.c, util.c, util.h: Move soon-to-be
commonly used code to util.c
2011-03-14 Fredrik Thulin <[email protected]>
* pam_yubico.c: Remove hard coded values for challenge/responses. Also do some input validation on what we read from the C/R file.
2011-03-14 Fredrik Thulin <[email protected]>
* pam_yubico.c: generate_challenge() only generated half as many
bytes as it should. Changed generate_challenge() to generating bytes instead of a hex
encoded string, to not have to decode what we just encoded - instead
just generate plain bytes of randomness and then encode them once.
2011-03-16 Tollef Fog Heen <[email protected]>
* pam_yubico.c: Use a temporary file to ensure we always have a
challenge If we use ftruncate we might end up in the situation that we do not
have a challenge on disk, leading to the user being unable to log
in. By using a temporary file, fsync and rename we avoid this
problem.
2011-03-14 Fredrik Thulin <[email protected]>
* pam_yubico.c: fsync() wants file descriptor Also, truncate file before writing if the challenge length has
changed (became shorter) or garbage has otherwise been appended.
2011-03-14 Fredrik Thulin <[email protected]>
* pam_yubico.c: Don't generate new challenge on bad response.
2011-03-14 Fredrik Thulin <[email protected]>
* pam_yubico.c: Support challenge-response files outside user's home
directory. Having the challege-response data inside the home directory won't
work very well if the YubiKey is to unlock an ecryptfs encrypted
home directory.
2011-03-16 Tollef Fog Heen <[email protected]>
* : Merge remote branch 'origin/master'
2011-03-14 Fredrik Thulin <[email protected]>
* pam_yubico.c: generate_challenge() only generated half as many
bytes as it should. Changed generate_challenge() to generating bytes instead of a hex
encoded string, to not have to decode what we just encoded - instead
just generate plain bytes of randomness and then encode them once.
2011-03-14 Fredrik Thulin <[email protected]>
* pam_yubico.c: Wait with declaring PAM_SUCCESS on
challenge-response until new challenge-response has been stored
properly on disk.
2011-03-14 Fredrik Thulin <[email protected]>
* pam_yubico.c: fsync() wants file descriptor Also, truncate file before writing if the challenge length has
changed (became shorter) or garbage has otherwise been appended.
2011-03-14 Fredrik Thulin <[email protected]>
* pam_yubico.c: Don't generate new challenge on bad response.
2011-03-14 Fredrik Thulin <[email protected]>
* pam_yubico.c: Support challenge-response files outside user's home
directory. Having the challege-response data inside the home directory won't
work very well if the YubiKey is to unlock an ecryptfs encrypted
home directory.
2011-03-14 Fredrik Thulin <[email protected]>
* : Merge remote branch 'remim/master'
2011-03-12 Tollef Fog Heen <[email protected]>
* pam_yubico.c: Undef USERFILE when we don't need it any more
2011-03-12 Tollef Fog Heen <[email protected]>
* Makefile.am, configure.ac: Look for libykpers-1, which we will
need for challenge-response
2011-03-12 Tollef Fog Heen <[email protected]>
* pam_yubico.c: Get rid of unimplemented PAM functions
2011-03-10 Fredrik Thulin <[email protected]>
* : commit 27346d9be9739954dadf24c460c74b8ea4043488 Author: Fredrik
Thulin <[email protected]> Date: Thu Mar 10 10:48:20 2011 +0100
2011-03-04 Fredrik Thulin <[email protected]>
* pam_yubico.c: Ignore errors from pam_get_data().
2011-03-03 Fredrik Thulin <[email protected]>
* pam_yubico.c: Correct debug log message for too short OTPs.
2011-03-03 Fredrik Thulin <[email protected]>
* : commit 952668811dd212d7444d4903feacaa40d30f4ea8 Merge: 60d9e60
702ac98 Author: Fredrik Thulin <[email protected]> Date: Thu Mar
3 15:06:22 2011 +0100
2011-03-03 Fredrik Thulin <[email protected]>
* pam_yubico.c: Bugfix getting option token_id_length.
2011-03-03 Fredrik Thulin <[email protected]>
* pam_yubico.c: Avoid logging passwords when debug is enabled. Problem reported in
http://code.google.com/p/yubico-pam/issues/detail?id=28
2011-03-03 Fredrik Thulin <[email protected]>
* : commit abb0b7e4e4d9ed0e09778815328126c6813b0d78 Author: Fredrik
Thulin <[email protected]> Date: Thu Mar 3 14:14:54 2011 +0100
2011-03-03 Fredrik Thulin <[email protected]>
* pam_yubico.c: authorize_user_token_ldap: Don't leak memory on
failures.
2011-03-03 Fredrik Thulin <[email protected]>
* pam_yubico.c: authorize_user_token_ldap: sr was under-allocated by
one byte. Also change strcat's to sprintf to make code easier to maintain.
2011-03-03 Fredrik Thulin <[email protected]>
* pam_yubico.c: Don't segfault on unset LDAP parameters. When ldapserver / ldap_uri was specified, but not for example
user_attr, authorize_user_token_ldap() used to cause a segmentation
fault.
2011-03-03 Fredrik Thulin <[email protected]>
* pam_yubico.c: Use LDAPv3 instead of LDAPv2. LDAPv2 was declared historical in 2003, and is now not supported by
for example Mac OS X Server's Open Directory. Patch by
2011-03-03 Fredrik Thulin <[email protected]>
* pam_yubico.c: Avoid LDAP warnings about deprecated functions. Patch by judas.iscariote.
2011-03-03 Fredrik Thulin <[email protected]>
* pam_yubico.c: authorize_user_token_ldap: Use correct LDAP free
function. Patch by judas.iscariote.
2011-02-28 Fredrik Thulin <[email protected]>
* pam_yubico.c: Make length of public ID part of tokens
configurable. Now that we support setting URL, not all public ID's can be expected
to be six bytes (the length used in the YubiCloud validation
service). Unfortunately we can't support OTPs of different lengths at once,
because there is code supporting users entering their (other)
password followed by the OTP from the YubiKey. Patch by [email protected] in
http://code.google.com/p/yubico-pam/issues/detail?id=19
2011-03-02 Fredrik Thulin <[email protected]>
* configure.ac: Check for ykclient-2.4+, since we use new ca_path
function.
2011-02-28 Fredrik Thulin <[email protected]>
* pam_yubico.c: Add debug output of url and capath.
2011-02-22 Fredrik Thulin <[email protected]>
* : commit e3440786bfa3c3475721b5933b8ab6c8074d1e64 Author: Fredrik
Thulin <[email protected]> Date: Wed Feb 16 22:22:23 2011 +0100
2011-02-16 Fredrik Thulin <[email protected]>
* doc: sync
2011-02-16 Fredrik Thulin <[email protected]>
* Makefile.am: Change to make releases from Github.
2011-02-16 Fredrik Thulin <[email protected]>
* README: Convert to asciidoc (used by Github wiki).
2011-02-16 Fredrik Thulin <[email protected]>
* .gitmodules: Add submodule doc.
2011-02-11 Remi Mollon <[email protected]>
* pam_yubico.c: Add capath parameter to PAM module
2011-02-11 Remi Mollon <[email protected]>
* pam_yubico.c: Add capath parameter to PAM module
2010-09-10 Simon Josefsson <[email protected]>
* NEWS, configure.ac: Bump versions.
2010-09-10 Simon Josefsson <[email protected]>
* Makefile.am: Fix.
2010-09-10 Simon Josefsson <[email protected]>
* NEWS: Add.
2010-09-10 Simon Josefsson <[email protected]>
* Makefile.am: Include wiki pages in distribution.
2010-09-10 Simon Josefsson <[email protected]>
* Makefile.am: Fix release target.
2010-09-09 Simon Josefsson <[email protected]>
* NEWS, configure.ac: Bump versions.
2010-09-09 Simon Josefsson <[email protected]>
* NEWS: Version 2.4.
2010-09-09 Simon Josefsson <[email protected]>
* NEWS: Add.
2010-09-09 Simon Josefsson <[email protected]>