summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2018-01-23Merge branch 'master' of github.com:jeroennijhof/pam_tacplus into v1.5.xv1.5.0-beta.2Philip Prindeville
2018-01-04Merge pull request #107 from pprindeville/fix-logwtmpPhilip Prindeville
Retire logwtmp() in favor of POSIX pututxline()
2018-01-04Favor pututxline() over logwtmp()Philip Prindeville
2018-01-03Check for overflowing tac_loginPhilip Prindeville
2018-01-03Merge pull request #106 from pprindeville/alt-fix-for-unusedPhilip Prindeville
Fix 'unused' warnings when building with clang/llvm
2017-12-31Fix 'unused' warnings when building with clang/llvmPhilip Prindeville
2017-12-29Merge pull request #104 from pprindeville/add-selinux-notePhilip Prindeville
Add SElinux tips
2017-12-29Merge pull request #105 from pprindeville/deprecate-RAND_pseudo_bytesPhilip Prindeville
RAND_pseudo_bytes() has been deprecated in OpenSSL 1.1.0
2017-12-29RAND_pseudo_bytes() has been deprecated in OpenSSL 1.1.0. They tell usMartin Belanger
to use RAND_bytes() instead. Modified by Philip Prindeville <philipp@redfish-solutions.com>
2017-12-29Merge pull request #103 from pprindeville/fix-warningsPhilip Prindeville
Fix compile-time warnings
2017-12-29linux/random.h doesn't actually declare getrandom()Philip Prindeville
2017-12-29Fix compile-time warningsPhilip Prindeville
2017-12-29Add SElinux tipsPhilip Prindeville
2017-11-14Merge pull request #100 from martin-belanger/simplified_vsaPhilip Prindeville
A few improvements
2017-11-13changed memcpy to bcopyMartin Belanger
2017-11-13simplified copying vendor attrs (less buffers and mem copies) to PAM ↵Martin Belanger
environment and allow optional attrs (i.e. those specified with a * instead of =) to be added to the environment
2017-07-18Merge pull request #96 from pprindeville/travis-switch-trustyPhilip Prindeville
Set Travis to build against Trusty Tahr
2017-07-18Merge pull request #97 from pprindeville/travis-switch-trustyPhilip Prindeville
Set Travis to build against Trusty Tahr
2017-07-18Set Travis to build against Trusty TahrPhilip Prindeville
2017-07-18Merge pull request #95 from netravnen/patch-1v1.5.0-beta.1Philip Prindeville
Fix URL of 'All Contributors' in AUTHORS
2017-07-17Update AUTHORSChristoffer
- Fix: Change url of 'All Contributors' to the original repository and not a forked one
2017-06-14Merge pull request #94 from kyeongy/masterPhilip Prindeville
Do not set password for ASCII login
2017-06-15Do not set password for ASCII loginKyeong Yoo
For ASCII login, data field is not used ([1] Section 9.0.2 Inbound ASCII Login). So do not add the user password for the login authentication with type ASCII. [1] https://tools.ietf.org/html/draft-grant-tacacs-02
2016-12-20Merge pull request #80 from pprindeville/reorg-magicPhilip Prindeville
Reorg magic
2016-12-20Merge pull request #85 from pprindeville/add-runtime-debuggingPhilip Prindeville
Add runtime debugging
2016-12-20Merge pull request #84 from pprindeville/fix-tacdebug-damagePhilip Prindeville
Fix damage from PR #71
2016-12-12Allow building with run-time debugging enabled (via configure)Philip Prindeville
Add --enable-runtime-debugging option to ./configure. Add example logmsg() to tacc.c so it can be built with debugging. Fix logmsg() prototype (it's supposed to match the prototype of syslog() which returns void). Export build-time value of --enable-runtime-debugging into libtac.pc.
2016-12-11Fix damage from PR #71Philip Prindeville
2016-12-05Provide magic function when compiling against opensslPhilip Prindeville
2016-12-05Simplify initialization of magic functionPhilip Prindeville
The pseudo-random number function magic() needs to be primed via magic_init() before being invoked. The standard (but klunky) way of handling this is with a static bool inside the function which indicates whether initialization has happened, and if not, handles initialization and then sets the flag. Sometimes it's more desireable to have initialization happen in a known order before program execution starts (this helps with reproducibility). We can do this by indicating to the compiler/ linker that particular functions need to be executed after __start() but before main().
2016-12-05Fix sense of test for header and libraryPhilip Prindeville
2016-12-03Merge pull request #77 from pprindeville/fix-tacc-ttyjeroennijhof
Add option to specify modem port, etc.
2016-12-03Merge pull request #73 from stanAtAtl/masterjeroennijhof
Fix memory leakage related to tac_svr
2016-12-03Merge pull request #75 from pprindeville/fix-tacc-authenticatejeroennijhof
Fix ASCII logins where 2 transactions are required
2016-11-11Fix ASCII logins where 2 transactions are requiredPhilip Prindeville
authenticate() doesn't handle the case of an ASCII login which results in a continue request being required to complete the transaction.
2016-11-10Merge pull request #76 from pprindeville/fix-crypt-regressionjeroennijhof
Fix regression introduced when doing incremental encryption
2016-10-17Fix regression introduced when doing incremental encryptionPhilip Prindeville
Wrong subscript (subscript of digest should always be modulo digest size [16 bytes]).
2016-10-17Add option to specify modem port, etc.Philip Prindeville
Extracting the tty name or port name from the controlling terminal of a Unix process is a questionable assumption. Further, for automated testing, you might want the reproducibility of being able to explicitly set the terminal name. To get the same functionality as before, one can pass in "tacc ... -y `tty`" as an extra argument.
2016-10-13Update support.cStan Xiang
Replacing strncpy() with strncpy()
2016-10-13Update pam_tacplus.cStan Xiang
Replacing strncpy() with strncpy()
2016-10-13Update support.cStan Xiang
2016-10-13Update pam_tacplus.cStan Xiang
2016-10-11Add files via uploadstanAtAtl
2016-10-05Merge pull request #65 from pprindeville/simplify-md5-operationsPaweł Krawczyk
Various cryptography improvements
2016-10-05Merge pull request #71 from pprindeville/make-tacdebug-varargsPaweł Krawczyk
Make TACDEBUG and TACSYSLOG into varargs macros
2016-10-04Make TACDEBUG and TACSYSLOG into varargs macrosPhilip Prindeville
Also, correct the -DTACDEBUG_AT_RUNTIME scenario so that TACDEBUG() binds correct when used in an if-body with an else following it, e.g.: if (test) TACDEBUG(LOG_DEBUG, "test is true"); else return; would previously have ended up as expanding to: if (test) if (tac_debug_enable) logmsg(LOG_DEBUG, "test is true"); else return; with the indent redone to reflect the nesting correctly. This now expands (correctly) to: if (test) do { if (tac_debug_enable) logmsg(LOG_DEBUG, "test is true"); } while (0); else return;
2016-10-04Modularize computing CHAP digestPhilip Prindeville
It's easier to read, debug, and maintain that way. Also, avoid unnecessary marshalling while we're at it, since MD5Update() can be called iteratively, which obviates having to gather the data to be digested into a contiguous buffer.
2016-10-04Don't compute pad all at once when we can compute it incrementallyPhilip Prindeville
This saves us having to marshall data and allocate a buffer for the entire pad (bitstream cipher). We only need it in blocks of 16 bytes (the size of the MD5 digest), so let's compute it piecemeal as we need it. This has the added benefit of avoiding any calls to malloc() which might be result in system calls (i.e. sbrk() to extend the heap).
2016-10-04No need to pass in payload length when the header already includes itPhilip Prindeville
Why make copies of the payload length to pass as parameters when it's already present in the header?
2016-10-04Avoid unnecessary marshalling when computing Tacacs padPhilip Prindeville
MD5Update supports incremental digesting, so we can invoke it multiple times to collect data rather than having to marshall it into a contiguous buffer.
generated by cgit v1.2.3 (git 2.39.1) at 2025-08-25 10:13:20 +0000