| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2017-12-29 | RAND_pseudo_bytes() has been deprecated in OpenSSL 1.1.0. They tell us | Martin Belanger | |
| to use RAND_bytes() instead. Modified by Philip Prindeville <philipp@redfish-solutions.com> | |||
| 2017-11-13 | changed memcpy to bcopy | Martin Belanger | |
| 2017-11-13 | simplified copying vendor attrs (less buffers and mem copies) to PAM ↵ | Martin Belanger | |
| environment and allow optional attrs (i.e. those specified with a * instead of =) to be added to the environment | |||
| 2016-10-13 | Update pam_tacplus.c | Stan Xiang | |
| Replacing strncpy() with strncpy() | |||
| 2016-10-13 | Update pam_tacplus.c | Stan Xiang | |
| 2016-10-11 | Add files via upload | stanAtAtl | |
| 2016-09-29 | Turn on stricter compiler warnings | Philip Prindeville | |
| And fix subsequent warnings caused by: - shadowed variables (i.e. variables existing in nested scopes); - signed vs. unsigned comparisons - string pointers and buffers being unsigned which don't need to be; - unnecessary casts; - unused variables (or only used when debugging is enabled); | |||
| 2016-07-23 | source formatting | Paweł Krawczyk | |
| 2016-06-29 | fix #56 | Paweł Krawczyk | |
| 2016-06-29 | fix #54 | Paweł Krawczyk | |
| 2016-06-29 | fix #56 | Paweł Krawczyk | |
| 2016-05-05 | zero the arep structure (Coverity #115822) | Paweł Krawczyk | |
| 2016-05-02 | fix two possible memory leaks | Paweł Krawczyk | |
| 2016-05-02 | cannot close() on negative tac_fd | Paweł Krawczyk | |
| 2016-05-02 | tac_protocol is a static character array so it will be never NULL | Paweł Krawczyk | |
| 2016-03-28 | Remove silly comment, fix compilation error | Ben Schumacher | |
| Thx @joakim-tjernlund | |||
| 2016-03-25 | Password change support for TACACS+ | Ben Schumacher | |
| Allow pam_tacplus to do challenge/response authentication for TAC backends that force password change during authentication flow. Also add support for password change via 'passwd' by implementing pam_sm_chauthtok. Amongst other things, this requires explicitly managing the sequence number for compatability with some versions of Cisco ACS. | |||
| 2015-08-06 | tac_connect_single: individual timeout | Daniel Gollub | |
| Allow to configure an individual timeout per TACACS+ server. Bumped SO-version due to API change. | |||
| 2015-06-20 | tac_service is a static array so it's never NULL | Paweł Krawczyk | |
| 2015-06-19 | remove obsolete comment about PAM_DISALLOW_NULL_AUTHTOK | Paweł Krawczyk | |
| 2014-10-10 | Add source addr parameter for tac_connect_single | Daniel Gollub | |
| This allows to specify from which source address/interface the TACACS+ client connection gets initiated. Bump SO-versioning due to API change. | |||
| 2014-09-18 | allow authorization without protocol defined | Sergey Mironov | |
| Protocol is only required for certain subset of services, mainly for ppp. We allow authorization with empty protocol if user wants to use other service names, like 'ssh' From the http://tools.ietf.org/html/draft-grant-tacacs-02 page 30: The protocol attribute is intended for use with PPP. When service equals "ppp" and protocol equals "lcp", the message describes the PPP link layer service. For other values of protocol, this describes a PPP NCP (network layer service). A single PPP session can support multiple NCPs | |||
| 2014-02-19 | cleanup redundant code | Walter de Jong | |
| 2014-02-19 | bugfix: do not try other server when AUTHEN_STATUS_FAIL | Walter de Jong | |
| The loop would continue to try other servers even when a server has indicated that the authentication failed (wrong password!!) Also, try talk the protocol as much as possible. The PAM status is AUTHINFO_UNAVAIL unless a tacacs server has responded with PASS (-> PAM status SUCCESS) or FAIL (-> PAM status ERR) | |||
| 2014-02-19 | delete extraneous whitespace | Walter de Jong | |
| 2013-04-28 | active_server can not be a pointer, data lost after authentication. | Jeroen Nijhof | |
| 2013-04-28 | /dev/urandom improvements, thanks Walter. Fixed active_server check | Jeroen Nijhof | |
| 2013-03-29 | removed double xcalloc() function; do not leak memory for these small ↵ | Walter de Jong | |
| buffers; added safe xstrcpy() | |||
| 2013-03-28 | fixes various memory leaks, really | Walter de Jong | |
| 2013-03-28 | server is a struct { address, key } | Walter de Jong | |
| 2013-03-28 | more stuff belongs in headers | Walter de Jong | |
| 2013-03-28 | stuff belongs in an include file | Walter de Jong | |
| 2013-03-28 | remove unnecessary ifdef __platform__ constructions | Walter de Jong | |
| 2013-03-27 | #defines are not short integers | Walter de Jong | |
| 2012-09-16 | Rearrange header file include for libtac | Jeroen Nijhof | |
| 2012-09-08 | Bumped version to 1.3.8 and renamed rem_addr to r_addr | Jeroen Nijhof | |
| 2012-07-25 | Fixed connection handling in _pam_account, thanks James Allwright | Jeroen Nijhof | |
| 2012-07-25 | tac_encryption fully handled by libtac | Jeroen Nijhof | |
| 2012-06-08 | Moved debug message after active_server validation | Jeroen Nijhof | |
| 2012-03-18 | Changed e-mail and improved accounting | Jeroen Nijhof | |
| 2011-08-20 | Added _pam_get_rhost() and _pam_get_user() | Jeroen | |
| 2011-08-19 | Finally got rid of all goto illness! | Jeroen | |
| 2011-08-19 | Major contribution by Darren Besler | Jeroen | |
| 2011-04-25 | Removed encrypt option just check if there is a secret (key). | Jeroen | |
| Removed first_hit option because you can get the same behaviour by using only one server. Added multiple secret support, you can now specify different secrets (keys) for different servers. connect.c: improved connection error handling by using getpeername() to check if connection is still valid. This was needed since we are using non-blocking sockets. Properly handle multiple servers when authenticating, patch from Gregg Nemas, thanks! | |||
| 2010-12-22 | Initial commit | Jeroen Nijhof | |
 |
index : pam_tacplus.git | |
| (mirror of https://github.com/vyos/pam_tacplus.git) |
| summaryrefslogtreecommitdiff |
path: root/pam_tacplus.c