summaryrefslogtreecommitdiff
path: root/libtac/lib
AgeCommit message (Collapse)Author
2016-07-23check loop against TAC_PLUS_MAX_ARGCOUNTPaweł Krawczyk
2016-07-23check for max number of arguments passed in replyPaweł Krawczyk
2016-07-23Fix warningsPaweł Krawczyk
Fix various declaration inconsistencies that were throwing compiler warnings
2016-07-22Rewrite the getrandom(2) usagePaweł Krawczyk
The getrandom(2) is experimental (on Linux at least) and the presence of headers doesn't guarantee it's usable. It seems to be available from 3.17 kernels only as syscall.
2016-07-22check for sys/random.h as well for SolarisPaweł Krawczyk
2016-07-22fix format string for long intPaweł Krawczyk
2016-05-27fix variable namesPaweł Krawczyk
2016-05-27wrong var namePaweł Krawczyk
2016-05-27typoPaweł Krawczyk
2016-05-27replace the broken packet_read check with a hard-coded max packet lengthPaweł Krawczyk
2016-05-05Merge branch 'master' of github.com:jeroennijhof/pam_tacplusPaweł Krawczyk
2016-05-05make len_from_* variables unsignedPaweł Krawczyk
2016-05-05make len_from_* variables unsignedPaweł Krawczyk
2016-05-05format string long intPaweł Krawczyk
2016-05-04fix variable referencePaweł Krawczyk
2016-05-03port to OpenSSL MD5Paweł Krawczyk
2016-05-03use OpenSSL for MD5 and random numbersPaweł Krawczyk
2016-05-02retval cannot be negative when fd is positive as it was just copied from fdPaweł Krawczyk
2016-05-02superfluous syslog format stringPaweł Krawczyk
2016-05-02check packet length declared in headerPaweł Krawczyk
2016-05-02ensure iteration over argument number sent in packet do not overflowPaweł Krawczyk
past the actual packet data
2016-03-25Password change support for TACACS+Ben Schumacher
Allow pam_tacplus to do challenge/response authentication for TAC backends that force password change during authentication flow. Also add support for password change via 'passwd' by implementing pam_sm_chauthtok. Amongst other things, this requires explicitly managing the sequence number for compatability with some versions of Cisco ACS.
2015-10-26Merge pull request #37 from gollub/fix/connection_timeout_leakPaweł Krawczyk
Avoid socket leaks on connection timeouts
2015-10-09Avoid socket leaks on connection timeoutsDaniel Gollub
... and other not covered error conditions.
2015-08-06tac_connect_single: individual timeoutDaniel Gollub
Allow to configure an individual timeout per TACACS+ server. Bumped SO-version due to API change.
2015-06-29Fix missing semicolonsDavid Stapleton
2015-06-20tac_login is a static array so it's never NULLPaweł Krawczyk
2015-06-19check open() result including 0 which is a valid return valuePaweł Krawczyk
2015-06-19close socket if any operation failsPaweł Krawczyk
2015-06-19Merge branch 'master' of github.com:jeroennijhof/pam_tacplusPaweł Krawczyk
2015-06-19initialise the seed variable and update commentsPaweł Krawczyk
2015-06-18Make socket creation errno verboseDaniel Gollub
2014-11-26close rfdPawel Krawczyk
2014-11-26rewrite the PRNG logic to use urandom on srand() only and then returnPawel Krawczyk
random() on subsequent calls
2014-11-20Reduce loglevel for non-critical author messagesDaniel Gollub
Messages like "Args cnt %d", "Adding buf/value pair (%s,%s)" should not flood syslog as warning.
2014-10-14Close /dev/urandom to fix open file handler leak.pwdng
2014-10-10Add source addr parameter for tac_connect_singleDaniel Gollub
This allows to specify from which source address/interface the TACACS+ client connection gets initiated. Bump SO-versioning due to API change.
2014-09-18allow authorization without protocol definedSergey Mironov
Protocol is only required for certain subset of services, mainly for ppp. We allow authorization with empty protocol if user wants to use other service names, like 'ssh' From the http://tools.ietf.org/html/draft-grant-tacacs-02 page 30: The protocol attribute is intended for use with PPP. When service equals "ppp" and protocol equals "lcp", the message describes the PPP link layer service. For other values of protocol, this describes a PPP NCP (network layer service). A single PPP session can support multiple NCPs
2013-04-28/dev/urandom improvements, thanks Walter. Fixed active_server checkJeroen Nijhof
2013-03-29abort() on erroneous input parametersWalter de Jong
2013-03-29xstrcpy() belongs in libtacWalter de Jong
2013-03-29removed double xcalloc() function; do not leak memory for these small ↵Walter de Jong
buffers; added safe xstrcpy()
2013-03-28fixes various memory leaks, reallyWalter de Jong
2013-03-28server is a struct { address, key }Walter de Jong
2013-03-28added FIXME remark about leaking memoryWalter de Jong
2013-03-28added FIXME remark for ifdef for existence of /dev/urandomWalter de Jong
2013-03-28magic is always initedWalter de Jong
2013-03-28handle read() errorsWalter de Jong
2013-03-27same thing, but less confusingWalter de Jong
Note that this does not change anything in regards to buffer overflowing
2013-03-27if key is setWalter de Jong
generated by cgit v1.2.3 (git 2.39.1) at 2025-08-25 05:49:09 +0000